Category Archives: Cloud computing

cloud brokerage, Cloud computing, cloud governance, Featured, IT Management, JIT, Journey to the Cloud

Is There Such a Thing as Just-In-Time IT?

By Praveen Asthana, Chief Marketing Officer, Gravitant

 

The concept of “Just-in-Time” was pioneered in the manufacturing supply chain as a critical way to reduce costs by minimizing inventory.   Implementing a just-in-time system that can handle unexpected demand is not a trivial undertaking.  It requires the confluence of a number of disciplines such as analytics, statistics, sourcing, procurement, production management, brokerage and economics.

An interesting new idea is to take this concept pioneered in manufacturing and apply it to Information Technology resources.  Doing this can provide an effective way to meet dynamically changing needs while minimizing the inventory of unused IT resources across a set of cloud services platform and providers.

Case Study:  Election Day 2012.

With the growing popularity of e-voting and use of the Internet as an information resource on candidates and issues, the Secretary of State’s office for one of the most populous U.S. states knew that demand for IT resources would go up significantly on election day.  But they didn’t know exactly how much, and they didn’t want to buy extra infrastructure for a temporary surge in demand.  Even if they could come up with a good guess for the demand, deploying the right amount of resources in a timely manner would be challenging.  Given the time it normally took (months) to deploy and provision new servers, the Secretary of State’s office knew they couldn’t use traditional means to procure compute and storage capacity to meet this demand.

As it turned out, demand went up over 1000% to over five million hits on the state voting web site by noon on Election Day.

Praveen

Fortunately the state had deployed a novel capability based on a cloud brokerage and management platform to seamlessly provision IT resources in real time from multiple public cloud sources to meet the variability in demand.  As a result, this demand was fully met without needing to do complicated planning or buy unneeded infrastructure. I’ll actually be speaking on a webinar with Chris Ward, CTO at GreenPages-LogicsOne and Dave Bartoletti, a Senior Analyst at Forrester Research on June 12th to talk about leveraging cloud brokerage and the impact it can have on managing your IT environment.

Minutes, not months—that’s what enterprise users want when it comes to having I.T. resources available to meet changing business needs or develop new applications.

However users find this to be an extraordinary challenge—most IT departments today struggle with rigid processes, a round-robin of tasks and approvals across multiple silos and departments, and manual provisioning steps.  All this adds significant time to the deployment of I.T. resources resulting in users waiting for months before the resources they need become available.

How do users respond to such delays?  By going around their IT departments and directly accessing cloud services.  Often termed ‘rogue IT’ or ‘shadow IT,’ such out of process actions expose the company to financial risk, security risks, and operational risk.

The Solution: Just-in-time IT with Real-Time Governance

Just-in-time IT is not merely about using private or public cloud services.   It is about engineering the end-to-end IT supply chain so it can be agile and respond immediately to dynamic business needs.  To achieve this in practice, you need:

  1. Effective assessment and strategy
  2. Self-service catalog of available IT resources
  3. Collaborative solution design
  4. Rapid approval work flow
  5. Sourcing platform that allows you to select the right supply chain partners for your business need or workload profile.
  6. Single button provisioning of resources
  7. Transparency across the IT supply chain
  8. Sophisticated supply-demand analytics
  9. Elastic source for resources
  10. Governance—dynamic control of resources based on goal based optimization of budget, resource usage and SLAs.

 

The first critical aspect of real time supply chain is identifying, sourcing and procurement of best fit cloud platforms and providers (internal or external) to meet your unique business needs.

The second critical aspect of ensuring just-in-time IT is effective is real-time governance, for this is the mechanism by which you truly manage the elasticity of cloud resources and ensure that IT resource inventory is minimized.   This also has the additional benefit of eliminating shadow or rogue I.T.

As I mentioned above, if you’re interested in learning more on this topic I would highly recommend registering for the upcoming webinar “What’s Missing In Today’s Hybrid Cloud Management – Leveraging Cloud Brokerage” being held on June 12th. This should be a great session and there will be time for Q & A at the end.

About the Author:

Praveen Asthana is Chief Marketing Officer of Gravitant (www.gravitant.com), a cloud services brokerage and management company.  Prior to joining Gravitant, Praveen was Vice President of Marketing and Strategy for Dell’s $13B Enterprise Solutions Division.

Cloud computing, Featured, Journey to the Cloud, Virtualization

Want to Go Cloud? What’s the Use Case?

By Lawrence Kohan, Senior Consultant, LogicsOne

This is the first of a two-part blog series intended to provide practical, real world examples of when it makes sense to use the cloud and when it does not.

We’re well into an exciting new era in the technology world.  The buzz-words are flying around at light speeds, and talk of “Cloud” and “software-defined-everything” is all the rage.

Advances in virtualization, which allows software processes to be decoupled from underlying hardware is giving way to amazing possibilities for moving around workloads as needed, either between racks in a datacenter, or even between datacenters!  In addition, the concept of “Cloud” is very exciting in the possibilities is offers business to leverage these advances by being able to move workloads offsite for greater availability, redundancy, disaster recovery.

Indeed, the promise of the Cloud as a whole is to provide IT as a service.  It’s a way of offering companies resources on a metered usage basis, so that they can consume as needed, grow or reduce their resources as needed, and only pay on a per use basis for what they consume, as needed.  The hope is to free up a business and their IT staff from worrying about the mundane, daily details and repetitive administrative tasks and burdens of keeping the business functioning and allows them to be more strategic with their time and efforts.  In the Cloud Era, servers and desktops can be provisioned, configured, and deployed in minutes instead of weeks!  The time saved allows the business to focus on all other areas of the business to make it more profitable, such as their marketing and advertising strategies, application/website development, and the betterment of their product and services.

Cloudy Conditions Ahead

All of this sounds like a wonderful dream.  However, before jumping in, it is important to understand what the business goals are.  What is it you intend to get out of the Cloud?  How do you intend to leverage it to your best advantage?  These questions and answers must come first before any decision is made regarding software vendors or Cloud service providers to be used.  The promise of the Cloud is tremendous gains in efficiency, but only when it is adopted and utilized correctly.

 

Register for our upcoming free webinar on June 12th on what’s missing in hybrid cloud management today. Speakers include Chris Ward from GreenPages, Praveen Asthana from Gravitant, and David Bartoletti, a top analyst from Forrester Research.

 

To Host or Not to Host?

For starters, let’s look at a simple use case: Whether or not to host a company’s e-mail in the Cloud.

Pros:

  • Hosting email will be billed on a per-usage basis, either by number of user mailboxes, number of emails sent/received, or storage used.
  • Day-to-day administration, availability, fault tolerance, backups are all handled by the service provider.  Little administration is needed aside from creating user accounts and mailboxes.
  • Offsite-hosted email still has the same look-and-feel as on-premise email, and can be accessed remotely, in the same ways, from anywhere.  Most users don’t even know the difference!

Cons:

  • Company is subject to outages and downtime windows of the service provider.  (In such a case, as long as it is not an unplanned outage or disaster, steps should be taken to ensure continued e-mail delivery, but systems may be unavailable for periods of time, usually on weekends or overnight)
  • Initial migration and large data transfers can be an administrative burden.

There are factors that can either be positives or negatives depending on the business size and need.  For example, a small startup company with only several people needs to be extremely budget conscious.  In their case, it would certainly make more sense financially to outsource their e-mail for a monthly fee instead of looking to install and maintain their own internal email servers, which after hardware and software costs and licensing would cost 5 figures, not to mention needed at least one dedicated person to maintain it.  This is certainly not a cost-effective option for a small, young company trying to get off the ground.

 

Download this free whitepaper to learn more about how organizations can revolutionize the way it manages hybrid cloud environments.

 

At the same time, a very large enterprise with thousands of mailboxes may find the process of migration to be an expensive, time consuming administrative burden.  While offsite email would offer good availability and safeguards against system failure, perhaps even above and beyond what the enterprise currently utilizes, it is also a substantial risk; if the Cloud Provider has an outage that could affect the enterprise’s email access.  The same risk would apply to a small business as well; however, the smaller and more localized the business, the more likely they are to adapt to an e-mail outage and resume intra-office communications via secondary means—a contingency plan that is more difficult to act upon for a larger global enterprise.  And, yes, the enterprise that hosts e-mail internally has the same risk of an outage, however that enterprise can respond to an internal e-mail outage immediately and be able to ascertain how long the outage will be, instead of being at the mercy of the Cloud Provider’s timetable and troubleshooting efforts.

Therefore, in our sample “hosted e-mail” use case, it would make more sense for a smaller business to consider the option of moving e-mail services to the Cloud, and may not provide much value, if any, for the enterprise.

In the second part of this two-part blog series, I will cover when is a good time to utilize cloud for medium to large businesses. In the meantime, would love to hear your thoughts!

Webinar June 12th 11am-12pm EST “What’s Missing in Today’s Hybrid Cloud Management – Leveraging Cloud Brokerage” Speakers from Forrester, GreenPages, and Gravitant. Register here!

Adobe, Cloud computing, Miscellaneous IT, software

Adobe’s Out of Box Thinking and Into the Cloud

By Rob O’Shaughnessy, Software Licensing Specialist

 

I attended Adobe’s MAX conference in rainy, LA, California last week and I felt bad, as a local, that a lot of travelers had to witness our once a quarter rainfall, however with all the forest fires ranging around SoCal it was an unexpected relief.  Adobe put some fires out on their own by providing some great insight as to what they are doing to the software community.

It was the first time that partners and Adobe sales team members were invited to this mostly technical event.   The room was divided between the cool hipster “Creatives” and the button-up suit with no tie looking sales people.  It was a 7th grade dance before the first slow song was played, but we were all there for the same purpose; to find out what’s going on with Creative Cloud.

So let’s backup if you haven’t heard of Creative Cloud.  Several months ago Adobe began offering a subscription-based licensing model for their creative products.  The Creative Cloud is essentially everything that’s included in the Creative Suite Master Collection.    It’s a subscription-based licensing model which gives you all the Adobe creative products for a monthly fee.  Like Creative Suite, it’s also an on-premise product so ultimately the big difference between the two boils down to how you want to purchase it – to subscribe to it or own it.

The biggest announcement at MAX was that moving forward Adobe will no longer provide future releases of Creative Suite or other CS products.  Like Rocky, Creative Suite has ended at version 6, so moving forward if you wanted to obtain the latest and greatest technology and features you will need to move to the Creative Cloud.  Also if you like box product, Adobe will no longer be offering shrink-wrap as well.  Customer will now need to purchase a volume license or jump into the Cloud.

In my opinion this is a good thing, because as a Creative it’s important to be up to date with all the latest enhancements that Adobe provides as it will allow access to all the cutting edge technology instantly as it comes out, instead of waiting every 18 months for Adobe to compile a list of enhancements and release an upgrade.  Plus the promo price till August 31st ($39.99 per month) is less than what I spend at the local pub, err I mean coffee shop.

 

If you’re interested in Creative Cloud and want to learn more about subscribing new users and co-terming future users, please fill out this form.

 

 

CIO, cloud brokerage, Cloud computing, Featured, Rogue IT

Cloud Computing and the Changing Role of IT

By John Dixon, Consulting Architect, LogicsOne

On Tuesday April 29th, I participated in another tweetchat hosted by Cloud Commons. As usual, it was an hour of rapid fire conversation and discussion amongst some really smart people. This time, the topic was based around “cloud computing and the changing role of IT,” and there were some great takeaways from the dialogue.  Below are the six questions that were asked during the chat as well as a quick summary of my thoughts and the thoughts of the group as a whole.

  1. How is cloud computing changing the role of IT?
  2. Besides cloud, what other trends are influential in changing the role of IT?
  3. What steps should the IT department take to become a trusted advisor to the business?
  4. How should the IT department engage with the business on cloud purchases?
  5. Should the IT department make reining in rogue cloud services a top priority?
  6. How can the CIO promote innovation in the era of lower IT spending?

 

Question 1: How is cloud computing changing the role of IT?

  • The main point I wanted to get across in question one was that corporate IT is no longer just a provider of technology, but, rather, they are a provider of IT services.
  • IT needs to be relevant to the business. They can do this by developing valuable service products
  • IT now needs to be extremely proactive. No more sitting around waiting for something to go wrong… instead get out in front of demands from the business – understand the business’s specific issues, and proactively evaluate emerging technology that may be of benefit
  • All in all, I’d say most of the group was on the same page for this answer

 

Question 2: Besides cloud, what other trends are influential in changing the role of IT?

  • The most popular answers from participants were: big data, analytics, virtualization, mobility, BYOD, and DevOps. It seemed like every answer had at least one of these included in it.
  • A couple others I threw out were distributed workforce and telecommuters, social media, and the overall increased reliance on IT for everything

 

Question 3: What steps should the IT department take to become a trusted advisor to the business?

  • The key here is that IT should not try to ALIGN to the business’s demands…IT should PARTNER with the business
  • Another point I brought up was that IT needs to show the business that IT is another provider in a competitive market – corporate IT needs to shows that they deliver more value than alternative providers. After giving this answer, I got a couple questions wondering why IT should compete with 3rd parties rather than leverage them? My point was that cloud opens up competition in the market for IT services and that the business now has a choice of where and how to procure services. At this point it’s a reality, corporate IT is just another competitor in a cloud world.
  • A great answer from Jackie Kahle (@jackiekahle) was to tell the business something they don’t know about their customers by providing data-driven insights. In her opinion, and I agree, this will encourage the business to turn to cororate IT more often.
  • Another good answer from George Hulme (@georgevhulme) was to give users and the business viable alternatives with clear risk/reward/benefits delineated.

 

Question 4: How should the IT department engage with the business on cloud purchases?

  • My first answer was that IT should source their products and services with the “provider of best fit.” I got the following reply: “that implies choosing best of breed vs. integrated. Cloud practically makes best of breed a foregone conclusion.” The point I was trying to make, and the answer I provided, was that there are varying levels of cloud providers out there so IT departments still need to choose wisely.
  • Andi Mann (@AndiMann) suggested departments need to honestly evaluate their own ability to deliver. He stated in-house IT is not always best and that organizations need to proactively look for cloud to do better. Again, a point I agreed with.

 

Question 5: Should the IT department make reining in rogue cloud services a top priority?

  • No! Enable and harness their creativity by asking them to use a cloud portal sponsored by corporate IT!
  • IT should treat the business like a customer.
  • The majority of the group agreed that embracing rogue IT was the correct strategy here…not attempting to rein it in.

 

Question 6: How can the CIO promote innovation in the era of lower IT spending?

  • Ah, the CIO’s favorite saying…”Doing more with less”
  • Provide a means for “safe” Rogue IT (more on that in my summary)
  • Another concept that was echoed by some members of the chat was the idea of adopting a fail-fast culture. Cloud can enable faster deployments, which allows you to try more things quickly, and if you do fail, you can move on. This increases the pace of innovation by enabling the business to take on more “risky” projects – the software development projects that are great ideas but may not have a clear ROI.

 

My summary

Especially during the past year, in tweetchats and various other forums, consensus on the use and benefits of cloud computing is gaining unanimity. The most significant points:

  • Corporate IT should be a provider of whole IT services “products” and not just technology – and cloud computing can enable this
  • Cloud opens up the business to a competitive market for IT services, of which traditional corporate IT is only one option (thus the role of corporate IT evolves from technology center to order-taker to broker of services)
  • Rogue IT is not necessarily a bad thing; some of the best solutions may come out of rogue projects

 

GreenPages has been having internal discussions, and discussions with customers, around the concepts highlighted in this tweetchat for some time now.  Because of where the market is heading (as voiced by the thought leaders who took part in this chat) we have developed our Cloud Management as a Service (CMaaS) offering. The product addresses the top issues that are now coming to light – transforming corporate IT into a provider in a competitive market, allowing for a safe place to innovate without being encumbered by policy and process (addressing rogue IT), and, going a step further, enabling consistent management across cloud environments. The premise behind CMaaS is to turn cloud inside out – to manage your internal environment as if it was already deployed in a cloud environment. Glance at this whitepaper I wrote about the concepts behind cloud management as a service and let me know what you think. I’d be very interested to hear people’s takes on whether or not a product like this can address some of the needs in the marketplace today.

 

If you would like to learn more about CMaaS, fill out this form and someone will be in touch with you shortly.

 

Cloud computing, cloud management

Complicating Cloud- Yes You Can, But No You Shouldn’t

By Ben Sawyer, Consulting Architect, LogicsOne

As a software engineer it is very easy to, well, over-engineer something.  But, just because you *can* do something doesn’t mean you *should* do something.  For example, I can get a tattoo but I shouldn’t.  That being said, I did get a tattoo a while back so don’t judge me.  Okay, back to the point.  In these days, where for almost any project it’s hard to control scope, it’s very easy for an engineer to go above and beyond what is required because often times they will build something because they think it’s cool.  These ideas are often not vetted with the internal team or, even more tragically, the client.  And, while the idea may actually be great, the engineer has unknowingly increased the duration of the project significantly because, now, not only will time be used to implement some feature but more time is needed to test how that feature may affect the many other “known” features of a product or service.

There is no better example of simplicity than Apple.  Steve Jobs was fanatical about keeping its products as simple as possible.  If you think about it, the more features and moving parts a product has can very easily lead to more confusion.  There is a lot of up front work (a lot) that needs to be considered about how a user *should* (there’s that word again) use a product…in other words how to control their experience.  My 3-year old son was able to navigate his way around my iPhone in a matter of days so that speaks volumes to its usability.  My mom still calls me once a week with an iPhone question and that speaks to her age.

For anyone who builds a product or delivers a service, it is crucial to not only consider how someone should consume their product but also how they shouldn’t.  In other words, don’t let them shoot themselves in the foot (sorry Plaxico Burress).  In terms of configuring or customizing a piece of software, many have options that are grouped under a “Basic” or “Advanced” group.  The goal is to protect the users from themselves because if my mom ends up in the “Advanced” settings, I will most likely get a phone call in a matter of minutes (unless she’s managed to disable her phone).

So what does usability have to do with the cloud?  Lots.  As companies expand their datacenters, move some resources to the public cloud, and in general add more moving parts, it’s crucial to make sure all those products work together nicely and, if possible, are able to be managed as easily and in as few “places” as possible.  Think of the famous new buzzword, Single Pane of Glass.  That very phrase implies that there is a bunch of stuff going on under the covers which therefore necessitates having an easy place to control, monitor, and use all the moving parts.  Regardless of what products companies use, they need to make certain that it’s not just the guts and plumbing of the product that’s important, it’s how you may manage them. Simplicity is even more important as people move to the public cloud where in many cases a user has little control over the UI (user interface) which must be used to manage those resources.  That’s why it’s key to find a tool which can not only integrate with a company’s existing private infrastructure but also any one of the many public service providers out there.  Any large service provider will provide a public API (a way for your code to call their code) so that you can manipulate the underlying resources without having to use their front-end application.

Wouldn’t it be great if there was a product out there that allowed people to monitor & manage their entire infrastructure from a single place?  Well, it just so happens there is…GreenPages’ Cloud Management as a Service solution, a.k.a., CMaaS.  This product takes all the hard work from thousands of hours of development & presents the abundance of information in a very easy to use interface.  But don’t be fooled by its simplicity; Steve Ballmer said the iPhone would never take off.  Appreciate the amount of work that went into understanding how someone would use it in addition to how someone could use it.  Bottom line…don’t be a Steve Ballmer.

 

To learn more about Cloud Management as a Service and the importance of hybrid cloud management in today’s IT landscape, download this free whitepaper. To contact us for more information on GreenPages CMaaS offering, click here!

Cloud computing, IT Management, Shadow IT

Shadow IT Management – Which Pill Morpheus?

By Geoff Smith, Sr. Solutions Architect

 

The term “Shadow IT” has gotten more and more people thinking about the challenges we all face as we try to reign in our IT management and operations.  Recently, I caught a few minutes of the movie The Matrix…now, that movie is a bit of a visual trip, but once you get past the effects, the underlying dilemma it presents is intriguing.

It seems to me that if you accept the notion that people will gravitate towards the easiest ways to get their jobs done, than you have to wonder if the tools and procedures you have in place are likely to encourage compliance, or force rebellion.  As in the Matrix movies, what appears to be happening under the surface may actually be something completely different once you have peeled back the false construct you assume is reality.

It has long been known that IT people are an innovative and, well, curious lot.  We will try just about anything once, and if we find something that allows us to “better” manage our environments then we may cross over from the fringe into the shadowy world of the truly obscure in search of the truly arcane.  It’s almost a badge of honor to demonstrate how to solve IT challenges without relying on the industry best practices or accepted solutions.

The real question is, is this really a bad thing?  If you think back to The Matrix, the false construct did have its advantages.  Sure, you were effectively enslaved by machines, but at least they gave you a good fantasy to operate within.  You had juicy steak and cool clothes and the slickest cars (BTW that is a 1965 Lincoln Continental with the “suicide doors” in the movie).  And as far as anyone else in that reality was concerned you were as legitimate as they were.  So what’s wrong with that, especially considering everyone else is in the same boat?

Shadow IT, especially as it applied to IT Management, may have its benefits, but it also carries a lot of risk.  For every off-the-grid tool that performs a function within IT, or for every service you rely on that may not be fully vetted, you may have exposed your organization to potential abuses, both internal and external.  Where do these tools come from?  How reputable an organization was it that developed them?  Does their use create security vulnerabilities?  Do they violate standing policies or put at risk compliance?  And is the information you’re getting reliable?  How critical are they to the underlying functionality of your business systems?  Who on your team really understands their purpose and use?

So if we have accepted the fact that these tools and services exist, and that in all likelihood their use is prevalent in our industry, what do we do about it?  To blunt their use is to shut the door on creative innovation within our teams.  And frankly it’s not that easy to stop. To lower our standards and policies and embrace their use could lead us into situations where our lack of control and enforcement results in bad things happening.

Red pill or blue pill?  Do we accept the risks, and tell ourselves that those bad things are so unlikely to happen that the benefits outweigh the risks (or – hey I might just be the equivalent of a Duracell battery but since I don’t know it I’m happy)?  Or do we drop into a harsh reality where getting things accomplished might be more difficult and frankly less visibly rewarding (or – I’ve traded steak for Tastee Wheat but at least I know what I’m really eating).  What if there were a “purple” pill available?  An alternative to the options of pure fantasy or brutal reality?

There is a purple pill, and it’s not an answer but a question.  That question is why?  Why does my team feel they need to “jack-in” in order to accomplish anything in our environment?  Why can’t they get done what they need to with the approved tools and service already at their disposal?  Why do these policies and restrictions exist in the first place, and are those reasons still legitimate?

It’s about structured enablement and inclusive decision-making.  Gather your teams and work from the inside out.  Start with what they feel needs to be accomplished to meet the organizational needs.  Understand the gaps between how they work and the policies and procedures that are in place today.  Are there areas of consolidation or elimination of steps that can be taken to improve efficiencies and render some of the shadow services useless?

As you re-architect your approaches, also look for ways to improve the working environment for your teams.  Are there tasks they are required to perform that have become so rote and uninteresting that they have fallen into the shadows?  If so, rather than re-populate your teams with these tasks, look to move them into a more tightly controlled environment.  This may be accomplished by automation or even by out-tasking to a provider (under a strictly defined and controlled contract with full auditing and reporting).  And don’t forget that these “basic” functions are the foundation of a well-oiled IT machine.

In all transparency, I have watched The Matrix a number of times, and while my attempt to tie this concept of Shadow IT Management into the movie may have fallen short, I do think it’s not whether you choose the red pill or the blue one, but it’s the fact that you have the ability to make that choice at all.  There is a difference, after all, in knowing the path and walking the path.  Fate, it seems, is not without a sense of irony.

 

Cloud computing, Featured, IT security, two-factor authentication

Cloud Security: From Hacking the Mainframe to Protecting Identity

By Andi Mann, Vice President, Strategic Solutions at CA

Cloud computing, mobility, and the Internet of Things are leading us towards a more technology-driven world. In my last blog, I wrote about how the Internet of Things will change our everyday lives, but with these new technologies comes new risks to the organization.

To understand how recent trends are shifting security, let’s revisit the golden age of hacking movies from the ‘80s and ‘90s. A recent post by Alexis Madrigal of The Atlantic sums up this era of Hollywood hackers by saying that “the mainframe was unhackable unless [the hackers] were in the room, in which case, it was simple.” That’s not far off from how IT security was structured in those years. Enterprises secured data by keeping everything inside a corporate firewall and only granting accessed to employees within the perimeter. Typically, the perimeter extended as far as the walls of the building.

When the cloud emerged on the scene, every IT professional said that it was too risky and introduced too many points of vulnerability. They weren’t wrong, but the advantages of the cloud, such as increased productivity, collaboration, and innovation, weren’t about to be ignored by the business. If the IT department just said no to cloud, the business could go elsewhere for their IT services – after all, the cloud doesn’t care who signs the checks. In fact, a recent survey revealed that in 60% of organizations, the business occasionally “circumvents IT and purchases technology on their own to support a project,” a practice commonly referred to as rogue IT, and another recent study found a direct correlation between rogue IT and data loss. This is obviously something that the IT department can’t ignore.

Identity is the New Perimeter

The proliferation of cloud connected devices and users accessing data from outside the firewall demands a shift in the way we secure data. Security is no longer about locking down the perimeter – it’s about understanding who is accessing the information and the data they’re allowed to access. IT needs to implement an identity-centric approach to secure data, but according to a recent Ponemon study, only 29% of organizations are confident that they can authenticate users in the cloud. At first glance, that appears to be a shockingly low number, but if you think about it, how do you verify identity? Usernames and passwords, while still the norm, are not sufficient to prove identity and sure, you can identify a device connected to the network, but can you verify the identity of the person using the device?

In a recent @CloudCommons tweetchat on cloud security, the issue of proving the identity of cloud users kept cropping up:

 Andi Mann

Today’s hackers don’t need to break into your data center to steal your data. They just need an access point and your username and password. That’s why identity and access management is such a critical component of IT security. New technologies are emerging to meet the security challenge, such as strong authentication software that analyzes risk and looks for irregularities when a user tries to access data. If a user tries to access data from a new device, the strong authentication software will recognize that it’s a new device and extra authentication flows kick in that require the user to further verify their identity.

What IT should be doing now to secure identity

To take advantage of cloud computing, mobility, and the Internet of Things in a secure way, the IT department needs to implement these types of new and innovative technologies that focus on verifying identity. In addition to implementing new technologies, the IT department needs to enact a broader cloud and mobile device strategy that puts the right policies and procedures in place and focuses on educating employees to minimize risk. Those in charge of IT security must also establish a trust framework that enforces how you identify, secure and authenticate new employees and devices.

Cloud computing, mobile devices, and the Internet of Things can’t be ignored by IT and the sooner a trust framework and a cloud security strategy is established, the sooner your organization can take advantage of new and innovative technologies, allowing the business to reap the benefits of cloud, mobile, and the Internet of Things, while keeping the data safe and sound. And to me, that sounds like a blockbuster for IT.

 

Andi Mann is vice president of Strategic Solutions at CA Technologies. With over 25 years’ experience across four continents, Andi has deep expertise of enterprise software on cloud, mainframe, midrange, server and desktop systems. Andi has worked within IT for global corporations, with software vendors, and as a leading industry analyst. He has been published in the New York Times, USA Today, Forbes, CIO, Wall Street Journal, and more, and has presented worldwide on virtualization, cloud, automation, and IT management. Andi is a co-author of the popular handbook, ‘Visible Ops – Private Cloud’, and the IT leader’s guide to business innovation, ‘The Innovative CIO’. He blogs at https://pleasediscuss.com/andimann and tweets as @AndiMann.

 

 

 

Cloud computing, cloud management, Featured, hybrid cloud, Rogue IT

Cloud Corner Video- Keys to Hybrid Cloud Management

http://www.youtube.com/watch?v=QIEGDZ30H2Q

 

GreenPages CEO Ron Dupler and LogicsOne Executive Vice President and Managing Director Kevin Hall sit down to talk about the current state of the cloud market, challenges IT decision makers are facing today in regards to hybrid cloud environments, as well as a revolutionary new Cloud Management as a Service Offering.

If you’re looking for more information on hybrid cloud management, download this free whitepaper.

 

Or, if you would like someone to contact you about GreenPages Cloud Management as a Service offering, fill out this form.

Cloud computing, Enterprise Cloud, Featured

Cloudviews Recap: The Enterprise Cloud

By John Dixon, Consulting Architect, LogicsOne

A few weeks ago, I took part in another engaging tweetchat on Cloud Computing. The topic: the enterprise cloud. Transcript here: http://storify.com/CloudCommons/cloudviews-tweetchat-enterprise-cloud

I’ll be recapping the responses to each question posed in the Tweetchat and giving an expanded response from the GreenPages perspective. As usual with tweetchats hosted by CloudCommons, five questions are presented a few days in advance of the event. This time around, the questions were:

  1. How should an enterprise get started with cloud computing?
  2. Is security still the “just because” reason for not migrating to the cloud?
  3. Who is responsible for setting the cloud strategy in the enterprise?
  4. What’s the best way for enterprises to measure cloud ROI?
  5. What are the top 3 factors enterprises should consider before moving to a cloud model?
  6. How should an enterprise measure the success of its cloud implementation?

Before we jump in to each question, let me say that the Cloud Commons Tweetchats are getting better and better. I try to participate in each one, and I find the different perspectives very interesting. The dynamic on Twitter makes these conversations pretty intense, and we always cover a lot of ground in just 60 minutes. Thanks to all of the regulars that participate. And if you haven’t been able to participate yet, I encourage you to have a look.

How should an enterprise get started with cloud computing?

I’m sure you’d agree that there are lots of different perspectives on cloud computing, especially now that adoption is gaining momentum. Consumers are regularly using cloud services. Organizations large and small are using cloud computing in different ways. Out of the gate, these different perspectives came to the surface. Here’s a recap of the first responses (with my take in parentheses). I don’t disagree with any of them; I think they’re all valid:

  1. “Ban new development that doesn’t use cloud … as a means to help development teams begin to learn the new paradigm” (maybe a little harsh, but I can see some policy and governance coming through in that point – after all, many corporate IT shops have a virtualization policy that kind of works this way, don’t they?)
  2. 2.       “Inventory applications, do some analysis, and find cloud candidates” (this is definitely one way to go, and maybe the most risk-averse; this perspective holds “the cloud” as a destination)
  3. 3.       “Use SaaS” (certainly the easiest and quickest way to start using cloud, if that’s a mandate from management)
  4. 4.       “Enterprises are already using cloud, next question” (I definitely agree with this one, enterprises are already using cloud for some things, no doubt about it)
  5. 5.       “Look at rogue IT, then enhance and wrap some governance around the best ideas” (again, I definitely agree with this one as a valid method; in fact, I did a recent blog post on the same concept,
  6. 6.       “Know what you need from a cloud provider and be prepared” (the Boy Scout model, be prepared! I definitely agree with this one as well! In fact, look here.)
  7. 7.       “Partner with the business to determine how cloud fits in the COMPANY strategy, not the IT strategy” (this was from me; and maybe it is obvious by now that cloud has huge business benefits, not just benefits for corporate IT)

 

There was lots of talk about the idea of identifying the “rogue IT” groups and embracing the unique things they have done in the cloud. All in all, these are ALL great ways to get started with cloud. In hindsight, I would add in another method of my own:

  1. Manage your internal infrastructure as if it were already deployed to the cloud. Some tools emerging now have this capability – to manage infrastructure through one interface whether it is deployed in your datacenter, with Rackspace, or even Amazon. This way, if and when you do decide to move some IT services to an external provider, the same tools and processes can be applied.

 

Your organization may have some additional methods to get started with cloud (and I’d love to hear about them!). So, why not use all of these methods in one concerted effort to evaluate cloud computing technology?

 

Is security still the “just because” reason for not migrating to the cloud?

The short recap on this topic: yes, organizations do use security as a convenient way to avoid acting on something. The security justification is more prevalent in large organizations, for obvious reasons. I’d like to point out one of the first responses though:

“…or is security becoming a reason to move to the cloud? Are service providers able to hire better security experts?”

I think this is a fantastic, forward looking response. History has seen that specialization in markets does occur. Call this industrial specialization: eventually…

  • “The price of infrastructure services will be reduced as the market becomes more competitive. Providers will compete in the market by narrowing their focus on providing infrastructure in a secure and reliable way – they specialize or go out of business.” To compete, service providers will find/attract the best people who can help them design, build, and test infrastructure effectively
  • Thus, the best people in IT security (a.k.a., the people most interested in security) will be attracted to the best jobs with service providers

Who is responsible for setting the cloud strategy in the enterprise?

Common answer was C-level, either CIO or even CEO. Cloud computing should enable the strategy of the overall business, not only IT. I think that IT should own the cloud strategy, but that more business-oriented thinkers should be in IT!

 

What’s the best way for enterprises to measure cloud ROI?

Lots of perspectives popped up on these topics. I don’t think the group stood behind a single answer. Here are some of the interesting responses for measuring ROI of cloud:

  • IT staff reduction
  • Business revenue divided by IT operations expense
  • Improving time to market for new applications

Measuring the value of IT services is, excuse the pun, tricky business. I think cloud adoption will undoubtedly accelerate once there is a set of meaningful metrics that is applicable across industries. Measuring ROI of a virtualization effort was fairly easy math – reduction in servers, networking, datacenter floor space, etc. Measuring ROI of cloud is much more difficult, but the prize is up for grabs!

 

What are the top 3 factors enterprises should consider before moving to a cloud model?

This goes back to the Boy Scout model of proper preparation, which I wrote about a few months ago. I saw a few responses that were especially interesting, and yet unsolved:

  • Repatriation, or portability of applications
  • Organizational change (shouldn’t cloud be transparent?)
  • Investments in legacy technology, goes to timing and WHEN to consider cloud
  • Security, location of data, etc.

 

At GreenPages, we think of cloud computing more as a management paradigm, and as a New Supply Chain for IT. Considering that perspective, the points above are less of an issue. GreenPages  Cloud Management as a Service (CMaaS) offering was designed specifically for this – to view cloud computing as the New Supply Chain for IT. In a world of consumers (enterprises) and providers (the likes of Amazon, Rackspace, and Terremark), where competition drives prices down, cloud computing, like other supply chains, can be thought of as the way to take advantage of market forces to benefit the business.

Thanks to Cloud Commons for another great conversation…looking forward to the next one!