Comparing cloud use in the U.S. and Europe

August 5, 2010

Who’s using cloud more — the U.S. or Europe? What are the biggest concerns when it comes to security on both sides of the Atlantic? Should you be developing a cloud strategy now, or should you wait until next year?

These are some of the questions that the Ponemon Institute and CA Technologies posed in a recent survey of IT professionals.

Today we talk with Larry Ponemon, chairman and founder of the Ponemon Institute, and Lena Leverti, vice president of products at CA Technologies, who explain their results for us.

LP: In our experience, there are a whole bunch of interesting security topics, but what seems to rise to the top of the security heap in terms of risk and potential problems is, in fact, the cloud computing environment, which is very quickly becoming the standard for organizations — not just small and medium sized companies — but much, much larger companies, as well.

LL: One of the key things is that, as companies start adopting cloud, they’re basically giving up some of the control that they have. When they technology is within their own organization, they control it directly, so one of the biggest hurdles that’s viewed around cloud adoption is definitely security.

FCB: Who did you survey and why did you pick that group or groups?

LP: Well, the appropriate groups for this study are folks in the IT community and, more specifically, people who know something about information security. When you do a study like this, you quickly find that people wear many hats, and so many of the respondents were IT practitioners, but every respondent at least touched some aspect of information security, including network security systems, and a whole bunch of other related areas of expertise. This study is not just the U.S. only; [it] was also conducted in tandem with a group of practitioners in Europe, as well. I think that actually generated some interesting differences between the two groups.

LL: There were about 600 folks that responded to the survey.

FCB: What were some of the key findings?

LP: Probably one of the most interesting and important findings is that the respondents — these IT practitioners in both the U.S. and Europe — basically don’t have confidence that their organization has the ability to secure data and applications that are presently deployed to the cloud. So, they basically see some very significant security risks that exist today and maybe loom large on the horizon. We also found that IT practitioners in the U.S. and Europe hold relatively similar views on the reasons why cloud computing is so fashionable and so popular and so important, because it’s really about cost savings, and it’s also about speed to deploying new applications. So, even though we may say, ‘gosh, there’s a huge security risk,’ the reality is that cost and speed to deployment are probably much more important to end users.

LL: And one of the biggest challenges that came out in the survey results was that half of the respondents basically said that they’re not aware of all of the computing resources deployed via the cloud in their organization today. So, if you’re not aware of it, you really can’t secure it.

FCB: One of the things that I noticed first and foremost is the fact that you define cloud computing. When you were talking to people in the U.S. and Europe, did you notice that there was maybe a difference in the definition of cloud computing?

LP: We expected that there would be differences, and, in fact, the perception of cloud computing and what a cloud computing environment is was pretty consistent — more consistent than our . . . expectation. But I will say that, in both the U.S. and Europe, there’s confusion about private clouds and what these really mean. Is a private cloud a more secure version of a public cloud? Or, is it just simply on-premise computing where you’re using extensive virtualization? So, if there is any confusion in the marketplace, it’s probably around the private cloud environment. But, public clouds are generally well understood and the definitions are generally agreed upon.

FCB: Speaking of differences across the pond, did you find any differences between who’s using cloud in the U.S. versus who’s using cloud in Europe, especially in terms of government entities?

LL: We did. Some of the [respondents] are, in fact from the public sector and public organizations, and it is clear that public sector organizations are using cloud computing resources, perhaps not to the same extent as commercial organizations, but definitely the trend is that the government is, in fact, a very large — and potentially larger — user of cloud computing resources, because obviously it’s about cost, and governments . . . are trying to control them. One way to do that is to make sure that [they are] using the most efficient technology. But, it does create that security risk. We did see some differences in the rates of deployment between the U.S. and Europe and, in fact, the rates of deployment in the U.S. are higher than Europe, generally speaking. That’s not just for software-as-a-service, but it’s also for platform services and infrastructure services.

FCB: Did you find any causation — why that might be — or did you just look at the numbers in terms of use.

LP: We tried to figure out why there were some differences between U.S. and European companies in terms of their deployment patterns. We think that, in the U.S., probably, cloud computing is just slightly more popular, and some of the providers — especially software-as-a-service — the big providers like Amazon, Google and SalesForce.com — they probably have a larger base of customers in the U.S. But, I think that difference is small and will probably be non-existent within the next 18 to 24 months.

FCB: Let’s talk a little bit more about security, because I noticed that you not only talked about cloud security and public cloud versus private cloud, but the responsibility for security — did you find any differences between who’s responsible for IT security in a U.S. organization versus in Europe? Or, is it kind of the same?

LL: With regards to the study results, it’s definitely shared, and the reality is, it has to be shared. Basically, when you look at the responsibilities for this type of an environment, there’s the provider themselves that has some level of responsibility and accountability, [and] the owner of the information is going to be held accountable regardless of any SLA in any type of agreement with the provider. At the end of the day, if a credit card provider puts their data in the hands of a partner, they’re still going to be held accountable, and history shows that’s definitely happened. So, the shared responsibility with IT, with the security folks, as well as the business line owner, which I think was a definite key finding in the study itself. The business owner also has a stake in this — and then, of course, the cloud provider.

FCB: What’s next? Is a report coming coming out of this study? What should we take from all of this data that you’ve put together?

LL: The study that we did was two-fold: it was for the consumers of cloud services, as well as the providers of cloud services. So, the study that we released was the first portion of that — for the consumers. We’ll be releasing the results of the study from the providers’ perspective, and then identifying some of the contrasts and so forth between the two.

FCB: Any wrap-up comments?

LP: We actually do believe that this issue of cloud computing from a security perspective is certainly not going away. The good news is that there are security technologies that are being developed and deployed that do reduce risk pretty substantially, caused by the change from on premises to cloud computing environments. So, it’s not all that bleak. There may be solutions in the future that will make that risk really negligible.

LL: Cloud security is definitely one of the areas that is viewed as high priority and, today, is viewed as a high risk area. I believe that technologies over the next year or so will definitely close the gaps [and] reduce the risks. One of the key things that organizations can do today and agencies can do today is clearly define a cloud security policy, whether it’s part of the security policy, I think it’s very important to just specify, from a cloud perspective, whether this policy applies in full or — here are the additional requirements and mandates for cloud security. That will help close that gap faster and reduce the risk significantly — just by creating awareness.

Advertisements

Friday cloud news round up

July 16, 2010

Today, we bring you your weekly cloud news round up.

  • As Microsoft continued a full-court press to get its partner companies to sell cloud-computing services, some of them were still scratching their heads over whether Microsoft’s advances in cloud computing could end up biting into a chunk of their own businesses. The Seattle Times reports that questions came as Microsoft announced new products and sales-support programs at its Worldwide Partner Conference this week that are aimed at helping partners make the jump. About 13,000 people representing companies that resell, build on and sell services based on Microsoft products are attending the conference at the Washington Convention Center.
  • Analyst firm, Gartner, published a set of guidelines intended to ease relationships between cloud vendors and users. As cloud computing becomes more pervasive, the ecosystem (including vendors and analysts) is seeking ways to align expectations among relevant parties, ZDNet reports. Gartner specified “six rights and one responsibility of service customers that will help providers and consumers establish and maintain successful business relationships:”
  • Navatar Group, a global Salesforce.com partner and Value Added Reseller, has introduced free cloud computing CRM for financial services firms. Officials with Navatar Group said that the company is now providing free CRM for eight months, to help one prepare for the expected rebound in the worldwide financial markets, TMCNet reports. Company officials said that this would help financial firms to get pre-built software-as-a-service for their business up and running within a day or two. They will also get the underlying force.com seats from Salesforce.com (News – Alert) free as part of this promotion.
  • Information technology company IBM on Thursday announced a new IBM Cloud Computing Competence Centre in Ehningen, Germany, TradingMarket.com reports. Located in Ehningen, Germany, home to IBM’s largest data centre in Europe, the new facility will host a range of technology platforms and optimised service delivery processes and, according to the company, will provide a broad range of cloud solutions and services to clients locally and internationally.

HHS using cloud to support Electronic Health Records

July 7, 2010

Fed Cloud Blog has told you about the fact that the Department of Health and Human Services is looking at the cloud.

Federal chief information officer Vivek Kundra recently took a look at what they are doing and wrote up a case study regarding HHS’s implementation of Electronic Health Records (EHR) systems.

The department hopes to build 70 Regional Extension Centers in order to help over 100,000 Primary Care Practitioners.

To do this, HHS is using cloud, and Kundra explains why they chose such a solution:

After reviewing internal and cloud-based solutions, the Office of the National Coordinator (ONC) decided that Salesforce.com offered the best CRM solution for a quick, inexpensive, and rapidly scalable implementation. The review process concluded that it would have taken over a year to implement an internally-based system. Leveraging the cloud solution, ONC was able to stand up the first phase of the Salesforce solution in less than three months after the award. One of the advantages ONC anticipates from deploying a cloud-based CRM system is the ability to update the system as Regional Extension Centers start using it. More implementation phases are already planned to ensure that users’ needs are met. ONC expects to be able to quickly update future phases of the system in substantially less time, while doing it collaboratively with end users.


Army Experience Center tests cloud solutions

June 11, 2010

Today on your Friday cloud news round up:

  • The U.S. Army is looking at cloud computing at its Army Experience Center (AEC), located in Philadelphia, PA. To make the center more user friendly they chose a cloud computing solution from Salesforce.com to manage recruiting efforts. With the new system, the Army is able to track recruits as they participate in multiple simulations at the Army Experience Center. The solution integrates directly with e-mail and Facebook, allowing recruiters to connect with participants more dynamically after they leave the Army Experience Center. By using Salesforce.com’s mobile solution, Army recruiters can access recruit information from anywhere.
  • What does the future hold for cloud computing? The Pew Internet & American Life project recently conducted a survey about whether or not most people will be doing business in the cloud by 2020. The survey results are based on a non-random online sample of 895 internet experts and other internet users. Read the survey here.
  • People in Plano, Texas, know technology. The suburb is located north of Dallas, and is moving into the cloud. Yes, the entire city. Government Technology reports that Plano is transitioning to a cloud-based solution for e-mail, Web conferencing, online collaboration and other communication tools. It’s also switching to a new management tool for virtual environments. The goal is to integrate various systems across the enterprise – and gain significant cost-savings.
  • Cloud computing does still have weaknesses, and security isn’t even one of the top threats. That’s according to a recent post on InformationWeek’s ‘Plug into the Cloud’ blog. Author John Soat says performance and ROI top the list.

Next week – We hear from ScienceLogic about a new survey they did regarding cloud computing!


Friday cloud news round up – SalesForce buys Jigsaw

April 23, 2010

It’s your Friday cloud news round up!

  • SalesForce.com has bought cloud-based business directory Jigsaw.com for $142 million. The website edlconsulting.com reports that Jigsaw will provide Salesforce.com’s customers with a better way to leverage SalesForce’s CRM solution. This deal will be final in the second quarter of next year.
  • Are you ready for the Gov 2.0 Expo? Just in case you haven’t heard, the event is coming to the Washington Convention Center on May 25 – 27. Learn about emerging technologies, security and hear from panels of experts.
  • Is customizing your cloud going to ruin it? Many say ‘yes’, but NetSuite CEO Zach Nelson says ‘not necessarily’. A blog post on ZDNet contains a video of Nelson, who talked about his thinking at the OnDemand conference in Palo Alto, Calif.
  • It seems the general public is nervous about the move to the cloud. A new poll conducted in March shows that a lot of Americans think storing files on remote servers is a bad idea. 247wallstreet.com reports that the Harris poll says that 81 percent of online Americans think cloud is less secure than an in-house model.

Next week, we hear from Frank Baitman, CIO at the Social Security Administration.


Acumen Solutions helps HHS advance health IT

April 8, 2010

Acumen Solutions has been selected to provide a cloud-computing CRM and Project Management solution to the US Department of Health & Human Services – Office of the National Coordinator for Health Information Technology (ONC).

Marty Young is Acumen’s Managing Director of the Public Sector and tells Fed Cloud Blog all about what they’ll be doing for HHS, as well as what they’ve done for other federal agencies.

He starts off by explaining how this project is related to the American Recovery and Reinvestment Act (ARRA).

MY: Part of the ARRA allocated a lot of money for what’s called the High Tech Act, which drives money down into HHS OSC for Health It to improve our country’s aging health IT infrastructure.

There’s two major tracks there: one is to provide grant money to doctors who are willing to upgrade to an electronic health record; the second track is for states and communities to implement what’s called a health information exchange, or an HIE.

So, within the first track . . . HHS is creating a program called the HITRIC program to build regional extension centers, generally one per state, though some states will have [more]. Each of these states will use SalesForce.com, which is the CRM product that Acumen Solutions will be implementing.

We’re going to implement it at a national level for HHS OSC, and we will also implement it down at the regionalized REC level, so that the REC’s can use SalesForce.com as their CRM platform for recruiting doctors to upgrade their systems to electronic health records, and then assist the doctors in accomplishing milestones, such as collecting a product, implementing a product, and accomplishing meaningful use and getting meaningful reimbursement with their grant money.

FCB: Can you give us an example of some other work that you’ve done with other federal agencies?

MY: Sure, I’ll give you a handful.

For example, [the] U.S. Army hired us to implement SalesForce.com to be used as a recruiting system — recruiting platform. They wanted to stand up a sophisticated, CRM-like recruiting platform to track future soldiers and their pursuit to join the Army. So, we used things like algorithmic scoring based on information [such as] — do you have prior family in the military? Height, age, weight, grades — things like that.

We also implemented it at the U.S. Census Bureau for outreach and marketing functions. So, to try and get various partner organizations throughout the entire country to go out and — I use the term, ‘get the vote out’ — but it’s basically to get people to fill out and complete the Census, because it’s hard to reach some of the smaller populations that are less mainstream. They wanted to make sure that everyone is counted.

At the Department of State, we used SalesForce.com as a financial management platform [for the] the Nuclear Disarmament Fund. There’s people in Korea and Iraq that are using iPhones to perform WMD inspections and they record their findings through their iPhones. That ultimately gets loaded into SalesForce as the mechanism to track the financial progress. We also worked with the Obama administration during change.gov.

We’re working with GSA. We’re working with the the [SEC] and the TSA. So, there’s a lot of different agencies where cloud computing solutions from SalesForce.com are being implemented.

FCB: Does Accumen use cloud computing itself?

MY: Absolutely. We have standardized all of our infrastructure and internal systems on various cloud platforms, SalesForce.com being the most common one. We have a time and attendance module that we use. We use our own recruiting systems, our own intranet, our pipeline and opportunity management system, time reporting — all of those applications are on various cloud computing platforms that we use internally.

FCB: Is there anything we might have missed — maybe about this new HHS partnership — or other partnerships?

MY: Specific to HHS ONC, it’s an excellent opportunity for the federal government to roll out a large program. It’s a high-dollar program, a highly visible program, and they’re using cloud computing technology, which is at the heart of our nation’s CTO’s philosophy on how technology investment should be made. So, it ends up being a very low-cost way to stand up an enterprise application and roll it out to a large user base.

It’s a good success story for the federal government in terms of making what I consider to be smart technology investments for programs that need to be scalable, that need to be enterprised, that need to be stood up in a very short period of time to be able to fulfill a high user base.


Cloudbook uses social media to gather best practices

February 2, 2010

If you haven’t heard of Cloudbook.net, you might want to check it out.

It’s a place to learn more about what’s going on with cloud computing at a variety of levels.

Vince Vasquez is one of Cloudbook’s founders and sat down with Fed Cloud Blog to talk about what his site does, exactly, and why he started it.

FCB: Tell us a little about Cloudbook for those who might not be familiar with it.

Vince Vasquez: One level is the community site, where leaders in the area of cloud computing can share their knowledge with the broader community.

We have a second level and, from a marketing perspective, Cloudbook is a marketing platform to promote content through social media channels such as Twitter and LinkedIn.

Timothy Chou and I started Cloudbook because we saw there were two needs that we felt needed to be addressed.

One — there was so much confusion around — what is cloud computing? There are so many definitions, such as public and private clouds and infrastructure platforms, software-as-a-service and the like, we thought it would be helpful for the industries moving into cloud computing if there was a single place where leaders could share their insights and knowledge with others.

Secondly, I had done a lot of marketing campaigns . . . [with] many of what I would call traditional elements of a marketing campaign, such as email, webinars and telemarketing. [They] just weren’t as effective and certainly not as cost effective. . . . I saw the rise of social media and the natural question that many of us have been asking came up, which is — how can I leverage social media as part of my marketing campaign?

So, we created Cloudbook.

FCB: What do you think cloud computing is and how are you working to try and get everybody together on the definition?

VV: That’s definitely a widely debated question.

At Cloudbook, we have a simple, six-level taxonomy that we’re applying right now to categorize over 1,000 cloud computing products that we have identified.

The taxonomy starts at the lowest level with what we call network cloud services. After all, you can’t have cloud computing if people can’t connect to it. So, “network” includes access networks and content delivery networks from companies such as AT&T.

The next level includes the data centers, which we simply call “co-location cloud services” [because] the cloud infrastructure has to run somewhere. This would include offers from companies like Push Communications and the like.

The next level includes the actual computers and storage cloud services. After all, an application in the cloud has to run on computers. This is where you have companies like Amazon [and] is one of the areas that gets the most attention in cloud computing.

The next level is what we call “platform cloud services”, [which] is one of the newest and hottest areas. It’s at this level where a lot of the software exists that makes cloud computing work.

At the next level are the actual application cloud services. These are the services that the consumer actually uses. We often call them software-as-a-service. SalesForce.com is one of the best-known companies here.

Finally . . . [we have] the supporting cloud players, such as system integrators, consultants and analysts. These are the companies and people that assist other companies in creating their cloud offerings.

FCB: That’s an incredible amount of information. How did you go about getting all of these different contributions from different people?

VV: We launched Cloudbook at the end of Aprill [2009].

We have over 5,400 people following us on Twitter, and what we did was, if people followed us and we saw them and followed them we would pick up cloud products — and we just kept organizing our own database, which has grown to over 1,000 products — and it keeps growing.

FCB: Have you found that social networking has helped you in terms of getting people together and coming up with that common definition?

VV: It does and it doesn’t.

It helps because social media is really about a conversation — about one person talking to another.

So, in that sense, you know who’s opinion is what.

Now, there are many opinions out there, so [with] social media, you can see many people talk about their different ideas.

What we do with Cloudbook is we try to just aggregate all of that content into one place.

Then we tweet about it and share with the community.

We don’t try to bleed what content is correct or incorrect. We simply try to give a place for people to share and social media is a great place for people to give attention to that content.