MIT’s Kirsch Auditorium was standing room only last night for a forum on cloud computing, part of the university’s Innovation Series for entrepreneurs, investors and patent attorneys. But there was a liberal sprinkling of technology types as well in the audience, including some upper-level IT folks trying to get an early read on what cloud might offer them.
The forum’s avowed purpose was to give a sense of what’s real now in the cloud and so it focused on the Amazon Web Services ecosystem. Several speakers spoke of “hundreds” of providers of value-added layers to the basic Amazon services, much in the form of middleware. When you peel back the layers of the onion, in many cases what you are renting has a high open source content. If enterprises have been slow to widely deploy free or freeish open source software internally, will they be quick to pay for it in the cloud just because someone has done the initial heavy lifting of configuration?
Other vendors have more novel models. Take Allurent, for example. They’ve distilled down many of the more desired features of e-commerce websites into a set of modules that run in the Amazon cloud. They do some design customization, but seemingly a lot of the time-and-money uncertainty inherent in the handoff from graphic design to software design that plagues so many Web projects has already been boiled out of the designs.
There’s also an accompanying content management system that your marketing department can use to manage sales, promotions, etc. The pages are hosted on Amazon but appear as part of your site and integrate with your e-commerce back end. My point isn’t to do a commercial for Allurent, but to point out that the cloud model creates some new ways of doing things that may well be an improvement over current ways.
Next week, VMware will shine a spotlight on the private and private/public hybrid cloud notions. This conference was more about the platform and application services that you will likely find coalescing in the cloud in the near future. If cloud flops, it won’t be for a lack of choices.
Welcome back from the weekend! Start your week off right by reading the latest SearchCIO.com stories on the private cloud at Marian College, how to integrate server virtualization into the private cloud, disaster recovery strategy at MetLife and best practices for managing IT and the recession.
Private cloud replaces antiquated IT infrastructure for $300K per year — For the price of a SAN, Marian College is building a private cloud to create a flexible IT architecture and help transform the liberal arts school into a university.
Disaster recovery strategy shift reduces data loss, recovery time – Under pressure to improve RTO and minimize mainframe data loss, IT veterans at MetLife devised a strategy that put tape out to pasture.
Tips for integrating server virtualization in a private cloud – Integrating server virtualization technology in a private cloud can offer benefits including flexibility, cost savings and consolidation — if implemented and managed correctly.
Best practices for managing IT and the recession – IT and the recession will be inextricably linked for the months ahead. Here’s how to adjust your IT strategy and lead your IT organization while managing budgets, risk and more.
Bonk CISO Larry Whiteside on the head, and like Jason Bourne he will wake up thinking about security in 12 different languages.
“For me, security and risk management is a mind-set. When I go into a restaurant with my wife and kids, I automatically see where the exits are,” says Whiteside. And how the waitress handles the credit card. How far the credit card machine is to another table. The location of the security cameras, the station of the guard.
“I am always thinking about the security scenario, not to take advantage of it, but to be aware,” Whiteside says.
Whiteside is chief information security officer for Visiting Nurse Service of New York (VNSNY), the country’s largest not-for-profit home health care provider. Some 130,000 patient medical records and pieces of credit card data fall under VNSNY’s watch. The organization must comply with the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard and the Sarbanes-Oxley Act (SOX).
Whiteside practices what is called a risk management approach to security compliance. I interviewed him this week for a story I’m doing on the topic. While his organization has many regulatory obligations, “the way I approach compliance is through risk. We do not focus on just ensuring we are compliant,” Whiteside says, stating the first principle of risk-based management to information security.
“When I look at new applications or systems or architectures, I am looking at the risks to our business and the risk to our information. Those are the things that are important, not does it meet a line item associated with HIPAA and SOX,” Whiteside says.
A risk management mind-set is always looking for patterns — not items on a regulatory checklist — that pose a threat to the asset one is responsible for protecting. So when somebody comes to him with a security problem, even if he knows nothing about the particular system or application, he can formulate a set of questions.
Incidentally, most CISOs live in a security mind-set, he says, whether they’re hard-core techies or recruits from the business side. “The methodology they follow by day at work is the methodology they live outside of work,” he says. At conferences, when CISOs unwind afterward with a drink, they invariably play a Where’s Waldo? version of security gaffes, competing to see who can spot the most security lapses. “It’s kind of weird if you are outside the circle.”
The mind-set can have its limitations, as in “If you are a hammer, the whole world looks like a nail,” adage.
Indeed, when he is taken by surprise, it is typically by something that happens on the business side.
“You can’t believe that business would make that decision. You have that mind-set and forget people don’t think that way,” says Whiteside, who nonetheless never forgets what needs to happen next.
“But the fact is they went down that path, and you have to make it right. CISOs are support personnel. That is the reality. We are on the same side of the business as the help desk, and that is all we are. Until it can be determined how a CISO can make the company money, we will always be there to support.”
Happy Monday! Well, not so happy in Boston – we just learned that the Red Sox season opener has been postponed due to rain! At least there’s a little NCAA men’s basketball game to watch tonight.
Until then, find some time to take a peek at the latest content from SearchCIO.com on IT outsourcing contracts, a forecasted IT spending decline, architecture mistakes in disaster recovery planning and virtualization and the private cloud:
CIOs adjust terms of IT outsourcing contracts to get lower prices – Competition is getting fiercer for your outsourcing buck. As companies with IT outsourcing contracts look to take advantage of price drops, they’re finding renegotiations may include reduced service levels. In this story, Gartner and others weigh in.
Gartner’s revised IT spending forecast: Decline exceeds that of 2001 – (This story came out last Wednesday, and if only it could have been an April Fool’s joke.) Gartner has revised its 2009 IT spending forecast downward, with hardware purchases the hardest hit. What else is on the back burner?
Avoid these architecture mistakes in your disaster recovery planning – In building out a disaster recovery strategy, many IT executives make these common mistakes. Want to save yourself some trouble? Here’s how to work around potential problems.
Virtualization and the private cloud: A guide for enterprise CIOs – Our latest guide looks at the trends, best practices and critical criteria for building a true strategy around virtualization and the private cloud.
While writing my story this week on CIOs looking to renegotiate IT outsourcing contracts to take advantage of cost savings, I found the drop in pricing for application hosting services particularly interesting.
As my story said, analyst firm Gartner Inc. predicts that the cost of outsourcing IT infrastructure will decrease 5% to 20% during the next two years, both domestically and abroad (with particular pressure on Indian outsourcers thanks to, among other factors, the Satyam scandal). The potential average outsourcing price reductions in 2009/2010 broke down as follows:
IT infrastructure outsourcing services and the average outsourcing price reductions:
Data center services – 5% to 15%
Desktop/help desk services – 5% to 10%
Network services – 10% to 15%
Application hosting services – 10% to 20%
Why might application hosting decline more than other areas? Gartner’s Richard Matlus explained:
“We think the reason that percentage is a bit higher is because people are going to be looking at SaaS as a solution,” Matlus said. “We’ll see more of those access-ready services delivered.”
Matlus went on to say that enterprise organizations’ decision to invest more deeply in Software as a Service, as well as virtualization and automation, will drive the price of application hosting lower, as IT outsourcing companies scramble to retain customers — even if it means dropping their prices. This is an area in which we can expect to continue to see big growth in 2009 and 2010.
Are you a CIO or IT executive renegotiating an outsourcing contract? Or seeking change your approach to application hosting? I’d love to hear your story.
Welcome back from the weekend! Here are the latest stories from SearchCIO.com, dealing with the private cloud, identity and access management, and some very newsy security standards for compliance for federal funds.
Beyond server virtualization: The private cloud – Turning server virtualization and the cloud computing concept into a private cloud is more than semantics. Our expert details how it differs from a virtual server farm and more.
The challenges and benefits of a private cloud – A private cloud may leverage server virtualization to drive business flexibility, but many of its management challenges (both people and boxes) are as yet untested.
CIO turns to identity and access management to solve business problem – Growth and turnover made user provisioning a huge task for business owners and the IT organization at Brookdale Senior Living, before the company launched a major effort to classify users and deploy an identity and access management system.
Security standards to help manage compliance for those federal funds – The disbursement of federal funds will open up risks and come with stricter requirements — a CIO group offers a checklist that can help IT executives at any organization stay in compliance.
The news today from The Wall Street Journal that IBM is expected to cut a large number of U.S. workers in its global services unit and move that work to IBM employees in India reminded me that IBM, in addition to its possible takeover of Sun Microsystems Corp., is also rumored to be a buyer for Satyam Computer Services Ltd., the struggling Indian IT provider undone by the financial fraud perpetrated by former chairman B. Ramalinga Raju.
The WSJ piece said the planned IBM layoffs show that even profitable companies continue to cut costs— “some of them by taking advantage of cheaper Asian labor.”
It can’t be long, with or without a purchase of Satyam, that someone suggests the I in IBM stands for India. But that, it seems, would be selling IBM short.
In a round of layoffs made earlier this year (an estimated 2,800 by some reports), IBM lived up to its International moniker. The company offered laid-off employees in good standing and willing to work under local conditions and terms the opportunity to go work offshore at one of IBM’s centers — not only in India, but also in Nigeria, Russia, Argentina, Brazil, China, the Czech Republic, Hungary, Mexico, Poland, Romania, Slovakia, Slovenia, South Africa, Turkey and United Arab Emirates. Not surprisingly, Project Match sparked a strong rebuke from labor unions slamming the Armonk, N.Y., provider for not only offshoring jobs to low-cost countries but now wanting employees to offshore themselves.
It will be interesting to see if IBM makes the same offer to laid-off employees this time around.
Greetings, bloggers! Take some time away from your NCAA brackets and delve into the latest from SearchCIO.com on risk management, SaaS and SOA, and disaster recovery plans for branch offices:
Balanced Scorecard founder: In recession, think risk management – Risk management is among the key performance indicators to measure for strategic success, says Robert Kaplan, co-developer of the Balanced Scorecard methodology.
SaaS and SOA quiz for enterprise CIOs – How much do you know about Software as a Service (SaaS) and service-oriented architecture (SOA) solutions? Take this quiz and find out.
A disaster recovery plan for branch offices: Five layers of redundancy – This CIO’s disaster recovery plan for branch offices (or hospitals, rather) seems to have it all covered — including the business mission.
I was talking to IQNavigator the other day. They have software that helps companies manage what they spend on contingent workforces, such as IT contractors, and on vendor services, among other things.
Companies also outsource the management of things like invoicing and time cards to them.
What was interesting was how much money people were losing or overspending in these areas and didn’t even realize it.
For example, companies have a set rate for hiring contract laborers, but many hiring managers skirt this rate to get the best person for the job, or don’t track a contract worker once they’re hired, leading to contractors being with the company for five or more years. That opens a whole can of worms regarding whether they are full-time employees who deserve full-time benefits. Or, some vendors bypass the agreed-upon rate for their services by calling up departmental managers instead of the central procurement office.
When it comes to IT vendors and IT contractors, the CIO should take charge and enforce a consistent rate for services instead of letting your departments deal with suppliers on an individual basis. Put out an RFP and be clear on your rates. If you’re a big enough company, you should be able to reduce your number of suppliers and get them to agree to a set price.
If they don’t agree to it, then they shouldn’t be on the list of your providers, whether for labor or technology services, points out Kieran Brady, vice president of business solutions for IQNavigator.
Now while IQNavigator and other vendors offer services procurement software and spend management tools, in tough economic times such a system might not be realistic to install now (although if you really need to get your arms around spending, such an investment could pay for itself). What are your thoughts: Do you know how much you’re spending on IT contractors and services? Would software help you get your arms around it, or can you do it well enough through policy?
This past week, SearchCIO.com homed in on business intelligence strategy, IT transformation, cost reduction tips for your strategic sourcing contracts and IT governance in an economic recession. Read, learn and don’t forget to comment!
Business intelligence strategy success a matter of alignment – It sounds basic, but it isn’t always happening: IT must partner with the business for a successful BI strategy. Here’s where things go wrong.
As recession deepens, IT transformation best tackled in chunks – Transformative IT will enable companies to emerge from the recession ready to compete, gurus say. But big projects, it seems, are best taken in chunks these days.
Cost reduction tips for your strategic sourcing contracts — CIOs should revisit their strategic sourcing contracts and work closely with their suppliers to analyze current spending and achieve maximum cost reductions.
IT governance, corporate governance must align in economic recession – IT governance in an economic recession is more important than ever, as IT organizations must align with the business, justify costs and adapt to market conditions.