Where can things go wrong?

Greg Ness, Marketing Executive, Infoblox led a panel of four speakers to explore the dark side of cloud computing.

The speakers are:

  • Peter Coffee, Director, Platform Research, salesforce.com
  • Randy Rowland, General Manager, Managed Hosting & Cloud Computing Services, Terremark Worldwide, Inc.
  • Geva Perry, Founder, Thinking Out Cloud
  • Bill McGee, Vice President, Products and Technology, Third Brigade

What types of cloud architectures are there and are they all alike?

Peter Coffee: “It would be a mistake to think that cloud computing is a whole new thing” It’s more useful to look at what they have in common with enterprise deployment.

Geva: Although there are some services such as Hadoop are uniquely tailored to take advantage of cloud architecture. ”

Peter (a bit later on): There are new skill sets, there is experimentation to be done and things to learn. It’s like replacing a horse pulling a horse drawn carriage with a big motor – you need to tailor to the environment you will be running in.

Are all cloud vendors offering the same thing?

A resounding No all round.

Peter: If you want cheap, there is cheap cloud. If you want high quality Anything is being offered at a price of zero, Anything is also being offered at an enterprise class.

Greg: And there are some cloud services that are vaporware.

Geva: I call it “vision lock-in”

What are the critical cloud dependencies.. where could things go wrong?

Geva: Something we’re seeing (ref Hubs Spokes and Islands in the cloud). Some of the cloud offerings are becoming hubs with a rich set of offerings around them – like Amazon for infrastructure or salesforce.com in the CRM space. If I were choosing a cloud provider now, I’d think very careful about who’s becoming a hub – like Windows for operating systems or the iPhone App Store.

Bill: I don’t look forward to opening my Blackberry bill each month. Similarly, variable cost of cloud computing is a big concern, to avoid costs getting out of control. we also need vendors to put in more to protect/prevent access to sensitive data.

Greg: What about multi-tenancy, sharing with 3rd party products with potential vulnerabilities.

Bill: I think the cloud vendors are going to have to strike the right balance between offering a base level security but also offering some flexibility. In terms of multi-tenancy – malicious VMs – this comes down to a problem for the cloud infrastructure vendors to solve and patch quickly. I think that best practices are being used – cloud vendors are being held to a higher standard than standard enterprise providers.

Peter: The brightest light for a CIO is when they realise they can develop separate components in Amazon, Google App Engine, Salesforce.com, they can use each vendor for the part they do best, and tie those together into a web-based solution for customers. It offers real customer advantage.

Also In a VM environment each new VM is a new security risk as it could be unpatched or have exposures – but in a service oriented architecture you move the whole platform to the security level required by the most demanding customer – and all 55,000 other customers get that benefit.

Randy: One of the biggest mistakes people make is assuming that because it’s in the cloud, someone’s looking after my data, someone’s backing it up. You need to be more vigilant about what is and isn’t being offered. Another thing to think about is that unless you’re building a brand new internal app, a big concern is connectivity to the cloud – how do you pass information to and from the cloud.

Peter: Don’t say, the cloud is not secure, you ask “let’s assume this has to be done in the cloud, what steps need to be done to make it secure enough”. This is the interesting part of the conversation. It turns out remedying your perceived defects of the cloud is a very small cost.

Peter: If you’re looking at a major capital commitment, you need to look at doing it in the cloud. Look at the numbers and you may find it’s compellling. $47m a year in the cloud vs $50m a year in house.

Geva: Different vendors provide different levels of lock-in. General platforms have flexibility but you have to do a lot of the plumbing. More specialised services will reduce flexibility but have the advantage that you don’t have to worry about a lot of the backend stuff you normally would. It’s important to keep this in mind. When it comes to security, we are seeing different solutions emerging to address the things that the big cloud providers are not. For example Entrada, user management layer on top of Amazon AWS.

What are the most stark differences between standard IT services and cloud services?

Randy: The slower it takes IT to adopt internal/external cloud computing, business can circumvent the IT department. IT departments need to accept, embrace and integrate

Peter: There are two ways to screw up: You can embrace the cloud without strategy and have a haphazard costly approach, or you faithfully reproduce the old set up at the other end of a wire without thinking differently.

Bill: These cloud environments are all about automation. Not all the APIs for automatic migration out of the enterprise exist yet. This is an important consideration.

Geva: Automation enables self-service. This is a key element that empowers business and developers to get what they need when they need it.