Security in the cloud

by Mark Swanson

According to many experts, including those from the Technology Marketing Forum, Gartner Group and Information Week, the No. 1 issue holding back the adoption of cloud technologies in the enterprise is the perception of a lack of security. Like many issues, the truth is probably in between. The old paradigm was creating a secure perimeter — a border, so to speak — to protect your corporate information assets. The new paradigm is what Cisco has labeled ‘borderless networks’ — networks where most, if not all, of your corporate resources must be exposed to the outside world. The old security model is dependent on ‘border patrol’ via firewalls, intrusion detection and prevention systems, demilitarized zones (DMZs), and other perimeter protection methods.

In the new, borderless network, the focus shifts to protection of the data itself. Technical capabilities have basically outpaced the old perimeter model as online collaboration with partners, customers, mobile workers and others outside the physical network becomes more and more important to doing business. The workforce is demanding that they be connected to data resources wherever they are (private or public cloud), using an ever-widening variety of devices: smartphones, notebook computers, tablets and so on. This is great in terms of access to resources, but not so great in terms of security.

The proliferation of applications available as a service has created a demand to access them. The challenge for IT departments is: How do you protect those resources? I believe the only way is to embrace this paradigm and leverage vendor capability. There are five major areas where I see cloud vendors doing a better job at protecting a company’s resources:

■ Platform strength: To be competitive, cloud computing vendors must have platforms that are more uniform than those of most corporate computing centers. Also, cloud providers usually meet standards for operational compliance and certification, in areas like health care (i.e., HIPAA) or finance (i.e., PCI DSS).

■ Data is stored in a single location

■ Better staff knowledge: Because they only focus on one thing, cloud providers train their staffs to specialize in security, privacy and other areas of high interest and concern to an organization

■ Government-mandated security requirements: Cloud service providers are under considerable oversight and regulation by the government and other security authorities to ensure data privacy and security. Telovations, for example, must comply with annual government audits to ensure we have the proper procedures in place to protect sensitive information.

■ Better backup and recovery processes

In summary, when you add up the advantages, one could argue that security in the cloud is better than on the premises.


Counting beans in the cloud

by Mark Swanson

There’s no doubt that cloud computing has received a great deal of interest from companies both large and small over the last couple years. Gartner Inc. estimates that cloud services revenue grew 17 percent in 2010 to $68 billion. The promises of ROI, cost savings and lower total cost of ownership are some of the major contributors to this trend.

Despite this fact, there are many companies that still aren’t seeing the cost savings.
The easiest way to think about cloud computing is that your technology infrastructure — the servers and software you purchase, run and maintain — is on the Web. Unlike traditional software, which is deployed onpremise, cloud applications are designed for Web deployment — that is they are multi-tenant and users share processing applications managed by the vendor. From a financial perspective the cloud has three basic attributes: (1) Little or no upfront costs, (2)No hardware or maintenance costs., and (3) Quick implementation process.

After you pick an adequate time horizon, a Net Present Value (NPV) calculation can be quantified pretty easily. But it’s really the intangibles that make or break the calculation. What do you think is an adequate time horizon to evaluate? I suggest analyzing whether to make the switch as a three-year amortization of upfront costs for an on-premise application including servers, software licenses and installation, plus estimated maintenance and support costs, and comparing that to the cost of subscribing to the cloud version of the product for three years. Some might think that three years is too short but according to many studies three to four years makes sense for several reasons. What you have to consider are unplanned events: you get acquired, technology obsolescence, you grow too fast, and the big one, how long apps take to test. Gartner also reports that testing consumes 25 to 50 percent of the average application life cycle. That’s a year right there!

What are the intangibles that sway the calculation? This is where you get into what I call ‘BeanCounteritis.’ Many financial people get wrapped around the axle about the hard cost comparison with premise based systems. The real savings and return lie in the soft costs surrounding cloud based applications, including: (1) Office space, (2) Reduced support costs, (3) Reallocation of resources, (4) Easier and more regular upgrades, (5)Disaster recovery and backup capabilities, (6)and  Credits from SLAs.

Any other symptoms of ‘BeanCounteritis’?  Perhaps the biggest threat of ‘BeanCounteritis’ is not considering risk. Often companies become so gun shy about pulling the trigger on large capital expenses that they let others get a leg up on them. The cloud ultimately is a way you can count your beans and eat them too. The cloud makes it easy to change direction without incurring the capital costs and significantly reduces the cost of failure. That’s the great thing about cloud apps.

Does your IT team have CDD?

by Mark Swanson

No one can argue against the fact that the depth and breadth of business technologies in use today has gotten, well, much deeper and wider in the last decade. Ten years ago, IT teams primarily worried about desktops, servers and network connectivity. The corporate marketing department primarily managed websites as ‘brochureware,’ smart phones did not exist, only one out of 10 computers were portable laptops, and there was a ‘phone guy’ who managed the phone system.

Today, the situation is dramatically different. Not only do IT teams have to manage traditional IT services, but they also must corral all the new information technologies that have emerged in the past decade. The expanding list of new technologies is growing faster than the national debt — smart phones, tablet computers, remote desktops, VPNs, VoIP, the cloud, the list goes on and on.

“This has led to a condition among CIOs and IT managers that I refer to as competency deficit disorder (CDD).” I define CDD as the inability to manage the various technologies that you choose to deploy in your business. It happens when IT’s focus moves from delivering strategic value to the business to pursuing an agenda of buying technologies as a response to management’s obsession with cost control. When you choose to purchase based only on cost, you make dumb decisions like buying cheap while at the same time paring down your IT staff and bringing previously outsourced services in house. The result is your remaining staff runs around like chickens with their heads cut off, trying to fix things that break more often and that they have little or no training on. It’s like a never-ending tsunami of problems. These keep you from focusing on the projects that move the business forward.

How does the emergence of cloud technologies impact CDD? The cloud is the solution to CDD. Well, not quite, but the availability of cloud-based IT solutions offers some cures for CDD. One primary benefit is the reduction in wasted software licenses. A 2001 study claimed that 30 percent of software that companies bought was never even deployed — costing businesses an astonishing $130 billion. The primary reason was that IT personnel did not have the time to develop a competency to get the software up and running. The great advantage of Software as a Service (SaaS) is that you can start with one seat, try it out, and if it works, scale from there. If not, turn it off.

Another big cure is the ability to have a support staff that knows the product when you need it. A lot of times when a system breaks, it might not have been touched for months. Your support staff might not even remember the log-in password. You can’t have competency in a system that is barely used and you can’t afford to pay someone to maintain that expertise. I have Cisco Certified Engineers on staff that cost more than $100,000 and use that skill every day. The point is to choose — narrowly — the systems your IT team should focus on and find good cloud-based providers who have that competency for the rest.

The Cloud – Why Now?

by Mark Swanson

Despite the cloud’s popularity, there is still confusion as to how the cloud is different from previous information technology services. A common question is, “What’s the difference between the cloud, an application service provider (ASP) and software as a service (SaaS)?”

The answer in one simple word is: nothing. The cloud is a fairly recent term that encompasses the old ASP or SaaS business models. Many cloud applications, such as e-mail and, have been around for over a decade. So the real question is, “Why has the cloud emerged so quickly and strongly as the latest IT buzzword?”

I actually had a discussion with a colleague at a tradeshow recently about this very topic. We discussed the factors that are fundamentally driving the adoption of cloud technologies today. The one thing that absolutely stood out was the emergence of ‘ubiquitous broadband’ or the ability to access online applications and data anytime, anywhere. Ubiquitous broadband frees you from worrying about being stranded without access to your data and applications. As connectivity is everywhere, you can now retrieve data and use applications on all the various devices you have — a smartphone, notebook computer, iPad, whatever.

It has fundamentally changed the way we interact with each other personally (i.e. replacing face-to-face interaction with online interaction), as well as how we operate as businesses. No longer are we tethered to an office or to our laptop computers. Ubiquitous broadband has led to ubiquitous data and applications, available anytime and anywhere. It has redefined the way we work. Just think about it — for many people, employment used to mean driving to an office. Now it means connecting to a network where you get things done.

What this has meant for me is that I no longer have to take my notebook computer on business trips. I can always tap into e-mail, have access to all my company’s information and retrieve files using my DropBox program, regardless of where I am using either the 3G or WiFi.

The rollout of 4G wireless this year means much higher bandwidth speeds, which will open the door for a plethora of new devices and applications that will enable business users to leverage this new technology. I am thinking about how we can use this new technology to help our customers. You should too!

Leveraging the cloud

by Mark Swanson

The real value of cloud-based offerings isn’t so much in the advanced technology or the cost savings, but in the flexibility that it offers your business. Because cloud-based technologies can be implemented and decommissioned quickly, with little or no capital outlay, managers can try new ideas and execute them without fear of failure. It essentially lowers the cost of failure, helping to change the culture of a business to one that is more willing to try new things. The flexibility of cloud-based offerings allows your business to be much more nimble and aggressive and, ultimately, develop a mindset for success.

Companies that are successful today are the ones that are able to adapt to changing markets. The beauty of using on-demand software or infrastructure in the cloud is that it gives you that flexibility to move in any direction, at any time, without any disruption.

If the cost of failure is low, you are willing to take on more risk. That means you can be more aggressive and attack new market opportunities before your competitors. If it doesn’t pan out, go back to what you were doing, and if it does, it is easy to ramp up.

We all know that in business, nothing ever goes exactly as planned. You know something is going to change, you just don’t know what. Since almost every conceivable business application is now available as-a-service, when something changes, the flexibility of those on-demand offerings makes it easy to quickly establish and implement a Plan B.