Gartner analysts Daryl Plummer and Thomas Bittman at the Gartner Emerging Technologies conference in Las Vegas, made the predication, “By 2012, 80 percent of Fortune 1000 companies will pay for some cloud computing service, and 30 percent of them will pay for cloud computing infrastructure.” Plummer defines cloud computing as “a style of computing where massively scalable IT-related capabilities are provided ‘as a service’ across the Internet to multiple external customers.”
Forrester analyst James Staten interviewed more than 30 companies and concluded that cloud computing has been “wildly popular” with small businesses but large companies have been skeptical. Forrester has posted the report, “Is Cloud Computing Ready For The Enterprise?” Staten blogged about his report in the post “Are Fabrics Web 3.0?.” Larry Dignan sums up some of the notable benefits in his post, “Cloud computing hasn’t gone Fortune 500 yet, but it’s coming” as:
- Deployment speed. One big hang-up for enterprises is figuring out how to procure and provision infrastructure to support a new application. In other words, you can develop an application in two weeks, but wait six weeks to procure and then install the servers that support it. Toss in capacity planning and the time to market expands more.
- Costs. To acquire those additional servers to support a new app requires budget. Staten notes you can’t just run out and buy a server anymore.
- Businesses want fast prototypes. Corporations can deliver faster prototypes by using cloud computing services. Simply put, it makes sense to use cloud computing as a testbed for projects that don’t have a fully-baked business case. For instance, research and development projects, low priority business applications and collaboration services are all good candidates for the cloud.
Dana Gardner in his post, “Cloud computing for enterprises, work it through your head” discusses a Hiperware white paper” that “goes on to detail several enterprise computing use-case scenarios that show how cloud computing architectures and methodologies, if enterprise developers can exploit them, will rapidly advance cost-benefits.” Gardner goes on to argue that “the new neat trick will be managing how the clouds and SOAs relate and interact. And that spells more integration as a service, and more federated policy management and enforcement as a service. It’s a whole new abstraction for middleware.”
Now everything is for from perfect in the cloud world. A few things holding cloud computing back:
Take Me Back
A few months back I did the post “Provenance and Trust” where I examined how provenance and trust relates to the relatively new IT architectures, such as cloud computing. I was recently asked to provide a few links to help people understand the concept of cloud computing. I thought I would share the information.
Let’s us return back to Larry Dignan, and a few industry leaders, at Web 2.0 Expo doing a great job discussing what they think cloud computing is:
Tim Mather, Chief Security Strategist for RSA Conference, makes the point in relation to IT architecture:
First, computing resources needed for scientific purposes are often huge, and yet infrequently used. What company wants to maintain enormous computing capabilities only to have such used infrequently? That’s simply not cost efficient. So effectively ‘renting’ computing capabilities (e.g., from Amazon’s Elastic Computing Cloud – EC2) can be much more cost efficient. (Of course, this is the same usage model employed by national supercomputer centers for years – timesharing.)
The current economic meltdown coincides with the availability of rapidly maturing cloud-based services that are offered by a wide range of vendors. New mode of acquiring and delivering services promises the valuable benefit of low up-front costs combined with usage-based pricing are now available. These benefits alone will ensure that this new model will be considered as a viable alternative to traditional delivery models and as a result, IDC forecasts that the use of cloud-based services will increase in 2009 despite, and because of, the economic conditions. IDC also predicts rationalization and consolidation among the cloud vendors, with struggling vendors having strong vertical offerings being acquired by larger, more diversified players.
A Rose By Any Other Name
Taking a moment to look over at other service focused technologies, this month Anne Thomas Manes, a Research Director with the Burton Group asserted in her post “SOA is Dead; Long Live Services.” Manes stirred up the SOA marketplace when she wrote, “SOA met its demise on January 1, 2009, when it was wiped out by the catastrophic impact of the economic recession. SOA is survived by its offspring: mashups, BPM, SaaS, Cloud Computing, and all other architectural approaches that depend on “services.” Manes’ real point, to quote her is that “we should not be talking about an architectural concept that has no universally accepted definition and an indefensible value proposition. Instead we should be talking about concrete things (like services) and concrete architectural practices (like application portfolio management) that deliver real value to the business.”
David Linthicum, on his podcast, “Anne Thomas Manes and I talk about the ‘SOA is dead’ thing,” discuss her post. A most entertaining show.
Linthicum also had the very interesting post, “Will SOAs morph into private clouds?” Private clouds address the need some organization shave to keep their resources within the company while moving to a more sharable computing infrastructure. Basically, private clouds work in the same way as public cloud services, but are run by the enterprises. Linthicum makes the statement, “as I look at the emerging patterns of use, I see a lot of crossover from SOA, and that’s not a bad thing.” Linthicum in his post, “It’s all architecture!” makes the point “SOA is an architectural pattern, and cloud computing is an instance of an architecture, private or not. It’s all architecture, nothing really changes other than where and how we deploy services, processes, and information management. Not much of a shift, but we do have new technology to play with, and sometimes that can be distracting.” Anne Thomas Manes identifies common patterns tp private clouds:
- shareable resources
- the ability to reuse storage, database, transactional, and business process management services
- they typically have governance frameworks surrounding them
Growing the Pie
Mikael Ricknäs has posted the article, “Battle brewing over next-generation private clouds,” where he suggests that “Enterprises could make their datacenters more efficient by turning them into private computing clouds — but the biggest winners could be companies like EMC, Cisco Systems, and Sun Microsystems, which stand to gain a larger share of datacenter spending.” Ricknas points that these large companies “will also use this as an opportunity to lock customers into their own solutions, Butler said. The message is that tying yourself to only one vendor will help you achieve the full benefits of a private cloud, according to Butler.”
Dana Gardner in his post, “Services consumers and developers must now mount pressure for cloud computing neutrality” argues that “we should also be concerned about any cloud provider exerting too much influence or setting de facto standards early on that diminish the cloud services market as a whole.” Gardner points out that the cloud computing “pie needs to grow first, and the market leaders can seek domination in some way later when the playing filed is established and perhaps somewhat level.” He suggest “making savvy choices that favor data portability, and recognizing that APIs that carry over from one hosting provider to another make for good market drivers that entice more consumers that can exercise more choice.”
Stephen O’Grady, industry analyst and founder of redmonk, in his post “Cloud Interop: The Wrap Up” discusses how he “collected some of the best and brightest in the cloud computing industry yesterday to look at what I consider to be a crucial question for the future of the industry: how do we protect customers from being locked in to platforms over which they have little or no control?” Their conclusion: you don’t. O’Grady goes on to explain, “As with any technology – cloud or on-prem – a certain degree of lock-in is borderline inevitable. Open source, as was discussed yesterday, can help, but it is no panacea. Protecting your technical investments, both now and in future, is and will remain more aspirational than achievable end.”
Jon Brodkin in the Network World article, “Gartner: Seven cloud-computing security risks,” list the seven security issues Gartner identified that customers should raise with vendors before selecting a cloud vendor:
- Privileged user access
- Regulatory compliance
- Data location
- Data segregation
- Investigative support.
- Long-term viabilit
Thomas Bittman brought up the important matter of privacy in his post, “Virtual Cloud Privacy is Gray.” Bittman points out that variations of isolation in a cloud computing architecture. When it comes to vendors, one has to be very careful about what is
truly “private” and what is truly “shared”
The World Summit of Cloud Computing has posted videos for the two day summit. Craig Balding presentation on cloud computing and security, titled “Cloud Computing: The Need for a Security Conversation.” Balding explains his main point in his post, “IGT2008 World Cloud Computing Summit Videos Now Online” as:
We are venturing into the great unknown with layers of offerings, greater trust transitivity and new (and old) technologies meshed together in ways we frankly don’t understand. We need to progress the dialogue beyond crying out that the ‘Cloud is insecure’ or just saying ‘the biggest Cloud issue is security’ and get into the nitty gritty details. But my argument is we can only do that if the providers engage in that conversation. It’s one of the reasons I encourage Cloud providers to reach out and talk security – most large enterprises have responsibilities that mean they cannot treat the Cloud as a black box.
Jon Greaves, CTO of Carpathia, has made available the first chapter of their book titled “The Datacenter of the Future.” The chapter describes the evolution of security and privacy as we’ve progressed from issues such as the Morris worm of 1988 to today’s “it’s in the cloud” attitude. There are some very good insights in the chapter which explain how the past evolution of technology will influence the types of offerings ISPs and hosting companies will provide in the next decade. Ron Gula, Tenable Network Securities’ Chief Technology Officer, explains that he “answer specific questions on how cloud computing can impact our security posture, what sort of functions should/could be outsourced and how organizations can minimize their operating costs with virtual systems.”
Rich Mogull and Chris Hoff on the Network Security Podcast got into a discussion on cloud security recently. Specifically, their focus was on programming “our web applications to run on top of a cloud infrastructure, not dedicated resources in a colo or a ‘traditional’ virtual server.” A basic overview of their thoughts:
- Secure development (somewhat) breaks
- Static and dynamic analysis tools (mostly) break
- Vulnerability assessment and penetration testing… mostly don’t break
- Web application firewalls really break
- Application and Database Activity Monitoring break
Hoff in his post, “Hoff’s Upcoming VirtSec/CloudSec Presentations in 2009,” discusses how he is working on three major VirtSec/CloudSec presentations for 2009:
- Frogs-Cover The Frogs Who Desired a King
- Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure
- Mozart’s “The Marriage of Figaro”: Complexity & Insecurity Of the Cloud
I mention these presentations to get you interested in visiting Hoff’s site. Hoff regularly posts on cloud computing and security.
There was a panel discussion on “Security and Risk in the Cloud” from the “Computing in the Cloud” workshop put together by the Center for Information Technology Policy at Princeton University:
On January 14, 2009, the State of the Net conference was held in DC. The audio from the session “Policy Issues Facing Cloud Computing” has been released. David Schellhase, Salesforce.com acted as moderator with the superstar panel of Susie Adams, Chief Technical Advisor Microsoft, Alan Davidson, Google, and Jim Dempsey, Center for Democracy and Technology.
In this post, I tried to address a few of the basic concepts behind cloud computing along with a few important issues and finish with some thoughts involving security. Cloud computing will bring with it advantages and disadvantages, especially in the world of security. This post has not even scratched the surface. In a two thousand word post, all I can do is to try and get you interested in the subject and then show you the way to a wealth of additional information. Like Dorthy and the yellow brick road, follow the links. They will take you to the experts that have been working with issues involving the cloud for quite awhile now.