Posts Tagged ‘Gartner’
Brokering Clouds
I recently attended an interesting presentation on cloud computing (I’m a sucker for the topic). It was just another perk for being a member of the Houston SIM (Society of Information Management) chapter. The presenter was Gene Phifer, Managing Vice President at Gartner. It covered a history and other background information as well as an interesting perspective from Gartner. I have included a couple of slides here but, unfortunately, I am not able to provide the entire presentation.
While acknowledging the benefits that we have all come to appreciate, he also included a warning of the existing problems. As I have pointed out in previous posts, there is a lot of excitement on the benefits but not enough attention to the risks (they will all eventually be addressed, but not for a while). In my official role as the cloud computing Grinch I want to be sure to draw your attention to the risks associated with those tantalizing benefits. From the Gartner presentation they are:
-
Data/Process Location & Isolation
- Security, privacy & ownership
- Security, privacy & ownership
-
Regulatory, Compliance & Policies
- Limits, e-discovery, investigations
- Limits, e-discovery, investigations
-
Portability between Providers
- Lack of standards, vendor lock-in
- Lack of standards, vendor lock-in
-
Provider Trust Management
- Transparency to provider operations
- Immature vendors and certifications
-
Uncertain Failure Remediation
- SLA guarantees, redundancy
- SLA guarantees, redundancy
-
Integration and Process Integrity across the cloud
- Technical & Support issues
- Technical & Support issues
-
Bandwidth & Latency
- Accessing or integrating “clouds”
- Accessing or integrating “clouds”
- Licensing Issues
- Uncertain Financial Models
Now that I have fulfilled my “party pooper” responsibilities I can return to my usual optimistic tone. His presentation went on to highlight the aggressive expansion of both Microsoft and Google into more sophisticated cloud offerings. While Google’s preferences are not surprising, seeing all of Microsoft’s offerings shown on one slide was interesting. While I was aware of each of their cloud based products, seeing them listed together was enlightening. Microsoft is making a real push into cloud computing, which is quite a balancing act for them.
Then the presentation moved into its most interesting phase for me. We started covering the development of cloud applications and assembling them into solutions to business problems. There is now a large selection of application development environments available and covering a broad range of sophistication. The Spectrum of Cloud Computing slide above showed up in this section of the presentation. I like it because it captures the various cloud environments that are possible. It’s easy for the definitions of public, private and hybrid cloud environments to blur. This slide captures the spectrum with a little more granularity and 
clarity.
One point that stood out to me was the idea of cloud brokers. While I’ve heard of cloud brokers before, I hadn’t paid much attention to the concept. It’s actually an intriguing concept once you imagine a future where the cloud-based applications and services are more plentiful, complex and available. The slide on the right is handy for visualizing the attributes of brokers.
There were other slides in the presentation that emphasized how complex these ecosystems will become and the need for brokers will grow. I found a handy resource guide for such brokers as of this moment in time. Its link is here. I found another article on selecting a cloud service broker that is consistent with this presentation. Its link is here.
I am now convinced that the notion of cloud service brokers will become very important to our business. Our target markets are mid-size manufacturers, mid-size manufacturing related service business and independent E&P companies with interest in the notion of Digital Energy. Understanding the cloud service broker universe is now a priority for us. It’s moved way up the priority list. I believe that the risks listed above will provide a useful list of metrics against which to evaluate these brokers. As we get into it, the list may vary a little but this list will provide a good starting point.
Since I am unable to provide you with a copy of the presentation, I would like to provide some alternative. I found a complimentary eWeek article and provide the link here. Stay tuned for future posts on cloud service brokers. They should be interesting.
Thanks for stopping by. See you next time…
Cloud Alignment – Part IV(Privacy)
This post is the last of the series on Cloud Computing addressing the business application of cloud based resources, focusing on midsize companies. It will also include the conclusion for the series which was originally was going to be Part V. The previous posts in this series are:
In this post we’ll focus on a recent report from the World Privacy Forum titled “Privacy in the Clouds: Risks to Privacy and Confidentially from Cloud Computing”. You can pick up a full copy of the report at their website. Recently, I also attended a presentation on cloud computing. The speaker is a Managing VP at Gartner. It was an interesting presentation and will be the subject of a future post. His pitch was very consistent with my earlier posts on the subject and has influenced this post. Agreement with my views just proves that Gartner has some visionary people on staff.
The tone of this report is sober and cautious. It emphasizes the exposure the terms and conditions impose on the customer by their cloud provider(s). I agree with this concern. As I’ve mentioned before, cloud computing is growing faster than it’s maturing. Standards and regulations are catching up but still have far to go. Another valid concern is the physical location of the data. For example, if the data is located on a server in the US it is subject to disclosure to the Federal Government (with a subpoena) under the Patriot Act. Many foreign companies specifically exclude US servers in their cloud contracts for just that reason.
For many midsize companies, the cost benefits are hard to resist. Essentially, a company exchanges the capital costs associated with building a data center for the operating expenses associated with buying computing power as services. That can be intoxicating and result in a smaller company rushing into the arms of immature cloud service providers. Clearly, it is not advisable at this time for companies to put their proprietary intellectual property in the cloud unless it’s a private cloud behind your own firewall. The main concern is the public cloud but that is also the most accessible source of cloud services.
The health care industry has its own issues with HIPAA and is a major issue in this report. The unintended release of health records for any individual to unauthorized use is about as severe a breach of privacy as you can get. There can be some circumstances where the Patriot Act and HIPPA conflict. I’m not a lawyer or politician so I don’t want to even think about that scenario.
One issue that I had not thought about directly is the scenario when a cloud provider goes out of business. There are now thousands of small companies growing up around cloud computing services. As we have seen over and over again in the technology world, a new technology is born, large numbers of companies vie for their piece of the rock, the field gets overcrowded and a “rationalization” occurs where the strongest survive and the weak can go down hard and fast. There may be some contractual language in the service agreements of those weak companies, but trying to determine how the customer’s data was managed during the dying company’s last days may be impossible to determine with confidence.
The WPF website offers these tips for business and government:
- Beware of “ad hoc” cloud computing. Any organization should have standardized rules in place telling employees when and if they may utilize cloud computing and for what data.
- Don’t put anything in the cloud you wouldn’t want a competitor, your government, or another government to see.
- Read the Terms of Service. Then read the Terms of Service again.
- Make sure that you are not violating any law or policy, by putting data in the cloud, and think twice before putting any consumer data in the cloud.
- Consult with your technical, security or corporate governance advisors about the advisability of putting data in the cloud.
These are simple, sensible guidelines to follow in your voyage into cloud computing. Check out their website for more details.
Conclusion
As we’ve seen over this series, cloud computing is here, it’s not going away and it’s going to grow faster than it matures. The promise is compelling and worth exploring, but cautiously. There are public, private and hybrid clouds. Each of which is appropriate for different purposes. Most of us are already using some form of cloud computing (have you every booked a ticket on an airplane, rented a car online or attended a webinar?) It makes sense that we embrace this technology carefully and expend the effort to be informed consumers.
I believe that eventually, most the problems and risks will be addressed to the point where we can sleep at night. That’s going to take a while. Until then, staying on the sidelines is overly cautious. Try out cloud computing on small, low risk projects until you’re comfortable and more knowledgeable. Then use it for where it makes sense.
I hope this series has been of value. Thanks for stopping by.
Herding Consultants 2.0
What kind of title is “Herding Consultants 2.0″? I suppose for search engine optimization reasons I should have used “aligning” instead of “herding” but at some point the whole alignment theme can get boring. I’ll stick with “herding” this time. Having been on both sides of the consulting table leads to some firm convictions about what that means in an era of highly available sources of judgment and advice. In the “old” days (before the late 1990′s) consultants found consultants based on their business offerings, sales campaigns and contacts. A relationship was built based on repeated personal contact. The competitive differentiator was the consultant’s previous work and their skills inventory. That ultimately led to a “resume bake off” when consultants competed for your business. That model is still viable to a large extent.
A new model has appeared over the last few years based on Internet based tools and virtual presence. Blogs have grown rapidly and any consultant worth his salt has one (me included). We use some tool to subscribe to the blogs that interest us, such as our email clients, browsers or any number of other tools. My preference is a tool called BlogBridge. That keeps the blog posts out of my inbox which reduces clutter and makes them easy to scan. The end result is that I now have subscribed to many blogs. I did that because there are many topics about which I want to stay current or have an interest. That creates a need to assign levels of credibility to each blog. BlogBridge makes the assignment of a ranking very easy. It’s the deciding on a rank that’s hard.
My current technique is to look over my “herd” of consultant blogs to spot trends. Once I do that I decide if I’m in agreement with the consensus. If not, I research the topic more to validate my opinions. I’m not trying to be a technical expert but I am trying to understand the topic well enough that I can offer my own options and judgment in a way that adds value for my target clients (C-level executives in mid-market manufacturing or manufacturing related service businesses who are trying to make decisions on the use and deployment of technology tools). I will then vet my opinions with a few people whose opinion I trust and who have differing backgrounds.
This just reinforces the point I have made before. It’s the personal relationships that matter most. It also reinforces the idea that there is just a huge amount of opinions and “experts” out there. Another way of “herding” all of the consultants you rely on for advice is to let the large consulting companies do it for you. For example, both Gartner and Forrester have become active bloggers. You can also just sign up with either of them and get even more information. Essentially, by relying on their blogs you are letting them do the vetting for you. There are other, smaller consulting groups like ebizQ and TechRepublic, which offer similar capabilities. I watch some consultants from each of these.
In summary, my point is that we need techniques to vet the web-based consultants we have all come to rely on. We each need to decide how much effort to apply to that vetting exercise and how to leverage our own personal networks. I have my approach and I recommend that you develop one that works for you.
Thanks for stopping by. Stay tuned for more…
Cloud Alignment – Part III (Security)
The purpose of this post is to address the issue of the security of cloud based applications from the perspective of the CIO of a midsize company. His focus would be primarily on prudent cost reduction opportunities. I will not attempt to provide an in depth technical discussion here. I will provide some useful links to such discussions. However, I don’t think a midmarket CIO, or CXO, would be well served by loosing himself in the technical details at this point. It’s all evolving too fast.
As I researched this topic I was initially amazed at the amount of information. After I thought about it for awhile I realized that this was a hot and rapidly evolving topic, so this volume of information is to be expected (and I’m contributing to it myself with this blog post). My research has been fairly extensive but not exhaustive. I could have easily made this a white paper taking months. It will also be dated fairly quickly. Like I said, this subject is changing quickly.
The first item of business is a definition of some useful terms. I will standardize on the definitions provided by NIST (National Institute of Standards and Technology). The link to those definitions is here and a link to a cloud computing overview is here. I like the NIST definition: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The other document at this site is a 92 page PowerPoint presentation. I think it is useful but lacks sufficient material in the speaker’s notes.
I am a big fan of Gartner’s Hype Cycle diagrams. Over the years I have found them to be a good way of representing the expectations we have of technology. I have included an overview below. A link to the Gartner site is here.
Every technology category is typically represented by a point on the curve. That point is color coded to indicate how fast it is moving through the cycle. If you want more details on this I encourage you to go to their site and sign up for their free registration. In Figure 1 I overlaid a red line on that section of the curve where I believe cloud computing is today based on Gartner’s predictions as well as other sources. We are clearly at or near a peak of enthusiasm and expectations for a new technology.
Figure 1 – Cloud computing expectations
One concern that I have is that when I have talked to people in midsize or small companies making a decision on how to use cloud computing all I hear about is the opportunity for cost reduction. That opportunity is real but the decision is not just about cost reduction. It’s also about risk exposure and that means security concerns. One document that details those risks is from ENISA (European Network and Information Security Agency). Its link is here. Be warned, this document is not for the faint of heart. It is large and detailed but does offer a comprehensive list of risks. Another less detailed source of cloud security insight is provided in an InfoWorld article on a Gartner report. Its link is here.
One thing to remember is that using cloud computing usually means virtualized applications made available over the internet. A useful but detailed discussion of virtualization can be found here. There are several types of virtualization risks such as attacks on the hypervisor, attacks on automated provisioning and problems in digital forensics due to mobile locations of virtual machines. Detailing each of these examples generate a significant amount of information and is beyond the scope of this post.
We should also briefly touch on the major players providing cloud based infrastructure and development environments. The three big names in these areas are the Google App Engine, the Amazon Elastic Compute Cloud (EC2) and Microsoft’s new Azure Platform. For these offerings, you rely on either secure data center operation or the security capabilities of their development tools. Cloud computing is new to most developers as well. Their skills in using these tools are still maturing, including security.
It would be easy to discuss various risks almost indefinitely. However, that wouldn’t address the main concern of making an informed decision on what to do with cloud computing now. As you can see from Figure 1, I placed a red line over the region of the curve which represents the earliest time for mainstream adoption. The period between where cloud computing is today and mainstream adoption starts is a time for trying out this technology. I recommend a trial that doesn’t involve sensitive company data but is non-trivial. Such a trial will provide insight into the management of cloud based infrastructure, applications and working with cloud vendors. It will provide an opportunity to gain experience in relative safety.
For example, I am part of the Google Wave beta program. If interested, check out this link or the Google site. In addition to that, I am working with Itensil on a new product which leverages Google Wave with its other existing products for collaborative, wiki-based consulting project work. For me it’s a great opportunity to learn more about using cloud computing to do something relevant for my business. That work could eventually lead to a significant competitive differentiator. For a business IT alignment consultant, it’s putting my money where my mouth is and aligning some cloud IT to my own business.
For a blog post, this one is long. As a discussion of the security of cloud based computing, it just scratches the surface. The recession has accelerated the adoption of cloud computing and the recovery will accelerate its adoption further. Midsize and smaller companies will be most of the early adopters of cloud technology along with a few large corporations. Security concerns will be the throttle that regulates the speed of adoption. As cloud security is resolved I think we are in for some very transformational times.
Thanks for stopping by and stay tuned for more…
Forecasts, Optimism and Questions
First, I apologize for this post being late. I will endeavor to get back on schedule. I will not promise never to be late again. This post will focus on an interesting document Gartner has put out. It’s titled “Gartner Perspective: IT Spending 2010″. For your convenience, a link to it is provided here. I’m not going to discuss the entire document, only the parts that I found most interesting. The survey was based on global data. I am most interested in North America because that is where I buy my groceries and my customers buy theirs.
The most interesting table is Table 6 shown below.
What I find most interesting in this table is to compare the actual amounts, not the percentages. If we compare the 2010 forecast to 2008 data we see that spending actually should grow in 2010 over 2008 in the USA, Latin America, the Middle East/Africa, Japan and Asia Pacific. That is not true for Eastern & Western Europe and Canada. For those of us who rely mainly in the USA for our source of business this is good news. It implies that 2009 will be an exception to otherwise steady growth. Remember, 2008 results were dropping off by the end of the year.
Another interesting table is Table 7, shown below.
Since this table is global, it implies that Europe and Canada are depressing the vertical results. On a global basis all verticals are off about 4.7%. The Gartner report has additional insights.
Finally I want to focus on Table 9.
(Warning: below is a blatant self-serving pitch)
What I like about Table 9 is that it prioritizes the focus areas for all businesses. It ranks business process improvement as first priority and ranks improving enterprise workforce effectiveness as third highest. Both of those areas are the focus of StrAIT Advisors. The idea of business IT alignment delivers on both of those. I am delighted to see this data in this report. Obviously, this means that you should take both of those areas and business IT alignment very seriously. Oh, and think of StrAIT Advisors at the same time.
(End of blatant self-serving pitch)
I want to encourage you to get a copy of this report. It’s free and readily available. I think it provides some very useful insight. I find it to be a source of optimism with a few questions. We all can use a little optimism these days.