Cloud computing

Sidekick data and ‘balloon boy’

I was on vacation when the news hit that customers of T-Mobile’s cloud-serviced Sidekick phones had likely lost their data due to a failure of the storage service provided by a company recently acquired by Microsoft, ironically named Danger. So, rather than following the story in real time, I found myself reading the historical account of the incident on Thursday. My reading of this was interrupted by another calamitous story, also related to clouds– a small boy whisked up 10,000 feet in the air by a helium balloon and carried in horrifying swoops across the Colorado skies. When the balloon landed gently some two hours later, the boy was not there and feared lost. Both stories, as it turns out, were much less horrifying than originally imagined.

“Balloon boy” was hiding in his family’s attic. The Sidekick data was not lost either; it was hiding somewhere as well. Yesterday Microsoft announced that it had recovered most, if not all, of the customer data.

Despite the good news, we’re seeing evidence now of storm clouds when it comes to cloud storage. The Sidekick data failure was attributed to a storage area network (SAN) upgrade gone awry. In this case, there appears to have been a difference of opinion about whether a backup was necessary in order to go forward with the SAN upgrade. According to sources of blogger Daniel Eran Dilger, instead of doing a backup that would have taken six days, Microsoft management is said to have decided to curtail the process two days into it. What then ensued is not yet clear, but the implication is that an Oracle system responded to some abnormality in the SAN upgrade that caused the data’s “disappearance.”

Whatever the cause, this scenario highlights the enormous complexity of cloud storage and the inherent risks involved with such a new data-handling approach. Indeed, another recent cloud mishap, in which a hacker was sending spam through an Amazon email server, elicited another calamitous response: Amazon EC2 subscribers had their email put on a spam blacklist by Spamhaus because of this one bad apple.

It’s not surprising these technology glitches are happening, given the newness and complexity of cloud computing. But I think what all three cases show — from the overblown police and media reaction to the image of an airborne balloon, to the software response to a SAN upgrade gone wrong, to Spamhaus’ Draconian solution to deal with a single hacker, is that we’re inexperienced. We don’t yet have enough understanding to deal with these unusual events in a calibrated — not exaggerated — way. The heart of the matter is that, in each case, there may have been an overreaction to an unexpected, but as it turned out not particularly serious, problem.

With all new things, there is a learning curve. Single hackers will be dealt with in a different way in the future. Microsoft will never do an upgrade without backing up first. As for “balloon boy,” it’s likely some adults will look in the attic before calling out the National Guard. And if the balloon incident was staged, a family conspiracy? Well, there are those who believe the Sidekick data wipeout was insider sabotage.

Gmail outage raises issue of control

While talking to an IT director about Google’s Gmail outage yesterday, I realized that it wasn’t so much the outage itself that bothered him (his organization does not use Gmail), but the sense of not being in control of a cloud computing environment.

Billy Rials, IT director for Rankin County in Mississippi, wants his throat to be the only one that public officials come after when something goes wrong.

He’s responsible for the IT that runs seven cities and knows his data center environments inside and out. He said the environment is no utopia, but he believes they are getting closer every day by adding more and more virtualization technologies for servers and desktops.

“What do I say when an official calls me and ask what’s wrong: ‘I don’t know, something is going on with the cloud provider’?” he said. “It should be my responsibility, and bringing someone in from the outside … I have no control or the authority that I think I should have.”

Then there’s the fear factor of other people you don’t know having access to the infrastructure that runs your stuff. At least in your own data center you know that Joe was the last one to work on server X, so if something goes wrong you ask Joe.

There’s a sense that your environment gets lost in the cloud. At shows I’ve heard people asking how they can find their data, servers, you name it, in a cloud computing environment.

These are people who are trying to keep track of virtual machines in their own environment. The thought of the complexities added by trying to track down what’s going on with an application on a virtual machine in someone else’s environment is a road they don’t want to go down.

There are those fully embracing cloud computing, of course. They consider it to be no different from the risks they faced with outsourcing or colocation. The ROI or cost savings is worth the risk of an occasional outage, and even giving up a little control. And after all, how often do your email servers go down within your own four walls?

Let us know what you think — email me at ctorode@techtarget.com.

Investigating public cloud could inspire overdue housecleaning

There were a lot of messages that came out of the recent Burton Group Catalyst conference in San Diego surrounding the public cloud.

But one resonated more than others: You need to get a grip on your own assets, meaning what data is stored on what servers and what the real costs of building or deploying and maintaining an application are before you can figure out if cloud computing is a more cost-effective route.

Burton analyst Chris Howard compared the state of enterprise IT to that of Rome: Are we just building and building upon an old architecture? When is it time to start getting rid of some of the old stuff? And how do we decide what should stay and what should go?

Bill Peer, chief enterprise architect at InterContinental Hotels Group, who presented at the show, talked about building an internal cloud. In the process he is moving data from two mainframes predating the 1960s to new servers on a private cloud.

This is a multibillion dollar company making the move to get rid of old systems, and there are probably other enterprises out there sick of maintaining mainframes and code created by people who are no longer with their company.

The list of cloud computing benefits and risks is long and varied depending on who you talk to, but one benefit is clear: It could force CIOs to assess what they need and can do without, and, if anything, build more efficient data centers on their own.

There is a test for figuring out what can go and stay if you are not faint of heart. Howard shared a story of how Ken Anderson, former CIO of Novell, used to go into the company’s data centers at night and randomly turn systems off.

If no one noticed in three weeks, the system stayed off.

A disaster recovery plan meets cloud computing

David Shacochis, vice president, research and development at IT provider Savvis Inc., reminded me the other day that there is a big difference between a disaster recovery (DR) plan and business continuity, even though many forget the distinction.

A business continuity plan is your company’s prescription for things that you can expect to go wrong: components will fail, servers will fail, network outages are going to happen, IT professionals make mistakes. Disaster recovery is your plan for the things you can’t anticipate. “If you’re doing this Calvin and Hobbes scenario, where planes are falling from the sky, that is when you’re talking a disaster recovery plan,” Shacochis said.

Savvis, with 29 data centers, likes to boast it is has built the architecture required to give companies business continuity, which in turn gets rolled into its standardized services. “Virtually all our products have a high-availability option that can be added on for pennies on the dollar,” he said. And many customers use those services as their DR site.

But the premise of a DR-in-a-box solution — promised by various providers — is, in his view, untenable.

“We don’t really know what your requirements are, we don’t really know what the nightmare scenario will be, you’re not really implementing anything with us, but trust us, when you pick up the phone we’ll be there, and we’ll get you a data center in a heartbeat,” Shacochis said. “Those sorts of services are not that difficult to sell because there are a lot of people who want to believe that they exist. But they are very difficult to execute on.”

In fact, Savvis has not gone to market with a catchall DR solution yet. “We don’t really believe that the process maturity across so many different customers is there, or the standardization across so many different architectures is there that would allow us to do it,” Shacochis said.

Shacochis, however, believes that there will be a really elegant solution that will ultimately be cheaper than the present multi-tiered DR solutions and better. His idea is that the kind of cloud computing platform that Savvis is building in its labs will enable it — eventually — to offer DR that is standardized, flexible and cost-attractive enough to customers to make it worthwhile. Shacochis envisions a platform that can function as a complete cloud data center.

“All the typical IT resources you get in a physical data center, we’re going to be building in a platform that will allow you to provision not just your compute resources on the network, but to provision actual data center topologies for routing, switching, security, load balancing and failover features, as well as computing, storage and storage lifecycle management resources that are all running in a software-based context that you can control over a portal, and eventually control via a software API,” he said.

The beauty of that model, he says, is that companies could provision their entire cloud application stack, get it up and implemented and then turn it off.

“That really would be a cloud DR model, where the customer is paying a small percentage of what they would ordinarily pay for production, and they would have a highly functional and easy to executive DR plan.”

When will we see this? He thinks it’s a year or two off. Sounds good to me.

Data protection in the cloud: What’s good enough?

CIOs are pretty paranoid when it comes to data protection, and rightly so given they put their job on the line when they recommend a new infrastructure or service approach like cloud computing.

I’ve been told many times now by companies providing cloud computing services that their security measures are good enough if not better than the ones that their customers have in place — end-to-end encryption being the primary pitch.

But does this satisfy SOX compliance or really prevent someone, say an admin of another customer or internal-to-the-service provider, from finding a way to peek at your data?

These questions are nothing new for CIOs that have gone down the outsourcing path, but the implications of data running on a shared infrastructure do tend to make them squeamish.

Here’s a sampling of some questions Sam Gross, vice president of global IT outsourcing at Unisys, is getting since his company entered the cloud computing fray with the Unisys Secure Cloud and its Stealth data protection technology last week.

1. How can you absolutely, positively assure me that a cloud administrator [employed by you] will not in error grant some type of read or write access to the content, facility or service?

2. How can you assure me that none of your cloud administrators will have any visibility to that data and compromise our SOX controls?

3. How can you assure me that you can’t, will not and don’t have mechanisms to electronically transmit my data in the background to another third party?

Unisys Secure Cloud is backed by 800 consultants and Stealth is a technology Unisys developed for the Department of Defense based on bit-splitting technology made by Security First Corp. The technology splits data across multiple packets, across disks, multiple sectors and physical devices so that snoops can’t construct a single byte or single character of data using any single packet. On top of that, AES 256-bit encryption is used.

In answer to those three questions: No. 1, the assignment of read or write access is handled by the client through the client’s own directory and authentication mechanisms and not by Unisys.

No. 2, Gross uses the analogy of the cloud looking like nothing more than a series of pipes with water running through them when the cloud infrastructure is Stealth enabled. “The pipes have water running through them, but [people with malicious intent] can’t tell where the water came from, they don’t know where each drop of water is going and the water is transparent.” In other words it’s SOX compliant because all that is seen is a stream of ones and zeros.

No. 3, data that is in storage on the SAN is also Stealth protected so that even if you are a member of a client-defined community and transmit data, that transmitted data would be, again, a stream of unintelligible ones and zeros to the person on the receiving end.

“The end result is that if people put sniffers online, use Deep Packet Inspection mechanisms or physically remove a disk from a SAN and try to recover data, it’s impossible to assemble that data,” said Richard Marcello, president, Unisys systems and technology. “They won’t be able to recognize the payload or data construct, so therefore it’s cloaked and unrecognizable to the mechanism people use to steal data.”

Time will tell whether Stealth is truly the answer for a lot users, but you have to admit they have a much better explanation than, “Our security is good enough if not better.”

What security measures do you want to see from cloud companies? Let me know at ctorode@techtarget.com.

Internet traffic overload: What does it mean for cloud computing services?

Michael Jackson’s passing and the outpouring of grief and curiosity made its way full force onto the Internet last week, slowing down webmail, news sites and search engines and grinding Twitter to a halt. It made me wonder if customers of cloud computing services are going to start asking what cloud providers have in place to account for such events.

Or maybe providers of cloud computing services have such a deep reserve of resources that it’s a nonissue.

Still, many companies can’t afford to have their Web-based applications slow down for the day, or longer, so just how deep are those reserves, and does the responsibility to ensure acceptable application delivery times rest on cloud providers’ shoulders or those of the ISP?

Or even the customer, when it comes down to it. Should they have signed up for overdraft protection when it comes to bandwidth in the first place?

Sure, spikes like those of last week are not that common, but it is not unthinkable that such occurrences may become more frequent, given that many people are turning to blogs, Twitter and YouTube in place of their local news station or paper to get up-to-the minute information on something like the Iran protests. And then you have to factor in the spamming that follows close behind a big news event.

And I’m not talking just about Gen X and Y flocking to the Internet when something happens, but people like my 66-year-old father, who stopped reading newspapers several years ago and now sustains himself on a steady Internet news diet instead.

What do you think? Is Internet traffic cause for concern when it comes to cloud computing services, or is it a nonissue? Let me know, ctorode@techtarget.com.

Verizon bets reliability beats price in cloud computing

Verizon unveiled their cloud computing offering this week and introduced a new question into the debate over cloud: Which is more important, price or reliability? Carl Brooks runs down Verizon’s cloud pricing scheme in detail, and it’s a very different flavor than Amazon Web Services. Verizon: pay $750 just to get started, and then by the day. Amazon: nothing to start, pay by the hour.

Translate that into use cases and you get Verizon=deliberate act by someone with a budget, Amazon=casual act by someone with an expense account. Of course, Amazon already has customers with budgets, but they may well have started as casual users kicking the tires at virtually no risk. Verizon’s early adopters will have likely gotten a nod from someone in authority and have a budget — no mention was made of self-service and credit cards.

At first glance, Verizon’s entry seems a bit like Dad showing up at the high school dance dressed like all the cool kids. But in some ways, Verizon’s offering marks a turning point in the emerging cloud market because Verizon (as with most major telcos) is all about uptime and process. Brooks’ story quotes a Verizon exec suggesting, for example, that users will likely be able to bring auditors in to meet their compliance and security audit needs. Verizon is talking about “100% uptime.” Amazon is a bit elusive on their exact uptime and to my knowledge has no kind of customer audit capability.

Verizon is only committing “a few hundred” servers to the project as yet, but they are the first major player to emphasize those kind of enterprise requirements. The question to readers is, are you looking for that kind of enterprise reliability in cloud now, or are you currently more into cheap trials? And if it all works out, do you see a Verizon as a long-term partner?

Academics at MIT CIO Symposium advise on innovation, future of IT

CIOs look to the MIT CIO Symposium for information on management, technology and innovation. Those in attendance at the academic panel held in Kresge Auditorium in Cambridge, Mass., enjoyed a healthy helping of all three, as distinguished researchers from MIT’s business centers offered ample insight into how successful organizations leverage technology to increase innovation and profit. Over the course of the hour, the audience heard about the power of collective thinking, the impact of Web 2.0 tools behind the firewall and the methodologies for innovation that have served to differentiate IT giants like Google from their competitors.

[From left to right: Prof. Erik Brynjolfsson, Gary Beach, Prof. Thomas Malone, Dr. Jeanne Ross]

The moderator for the panel, publisher emeritus of CIO magazine Gary Beach, didn’t waste any time, asking each academic what “the next big thing” in IT was. Professor Thomas Malone, Director of MIT’s Center for Collective Intelligence, noted immediately that the “elephant on the table is cloud computing.” In his opinion, “It may well be the next being thing in the hardware progression.” He chose, however, to focus on the power of collective intelligence.

His choice may not be surprising, given his research, but his coinage of the term crowd computing to describe distributed online collective intelligence turned to solving problems drew appreciative chuckles from the crowd. In Malone’s view, the answers of the many, or so-called “wisdom of the crowds,” is a powerful tool for organizations seeking answers to tough questions. Malone noted Twitter and Innocentive as two examples of the concept.

Dr. Jeanne Ross from MIT’s Center for Information Systems Research (CISR) chose to focus on the digitization of organizational resources, stating that in her view, only “about 2% of global companies have nailed the concept of a digitized platform.” She said here are two things IT does well: standardizing and integrating business processes. Organizations of all types will gain the most from their IT investments by focusing in these areas.

Professor Erik Brynjolfsson, author of the forthcoming Wired for Innovation: How Information Technology is Reshaping the Economy, sees opportunity in the downturn. As he noted, “the lion’s share of Fortune 500 companies were founded in earlier economic disruptions.” Brynjolfsson calls today’s recession the “great restructuring.” In that trend, he sees three key elements: Experimentation, measurement and scale

Each of these elements is substantially enabled by innovations in information technology, like A/B testing, Web and data analytics and cloud computing or enterprise resource planning systems. Brynjolfsson provided a bottom-line example of how such methodologies can result in increased profitability, noting that “Yahoo only makes 16% as much per page served as Google with the same underlying technology. Why? Scale.”

Brynjolfsson suggested to the CIOs in the audience that they push for experiments, measure and validate them in order to rapidly adopt the innovation, replicate it and then scale it. “Experiments aren’t an excuse to validate preconceived notions,” Brynjolffsson was quick to note. “That’s the wrong mentality. Leaders must approach experimenting with a genuinely open mind to see what works and what doesn’t.” Brynjolffson offered a CVS case study that he and Harvard Professor Andrew McAfee wrote in 2005 as an example. CVS created a pharmacy service improvement at one test location. Once the new process proved effective, CVS embedded the process into all of its IT system, replicating it to thousands of other locations.

Take his research with McAfee as another example. McAfee hypothesized that companies would become more similar over time as each organization enjoyed the benefits of improvements in information technology. What he and Brynjolfsson found was striking. When you compare leaders with laggards, over the past decade there has been a substantial growth in the gap. From the 1960s through the late 1990s, technology advancements benefited the nation’s companies in roughly the same amount.  Starting in the late 90s, however, there was a discernible shift to higher profitability in the top 25% of the nation’s corporations, particularly in more IT-intensive areas of economy. Increasing performance heterogeneity was a result that appeared to be closely correlated with IT - if not IT itself.

In other words , the results implied that companies were using information technology in a new way after the dot-com bubble, with the top echelon leveraging investments in ways that dramatically accelerated their growth and profitability in the new millennium.

When asked what CIOs and CEOs could invest in now for returns on investment in recessionary times, Brynjolfsson focused on so-called “Enterprise 2.0” technologies. In his view, blogs, wikis and enterprise microblogging quickly allow innovations to be discovered and amplified across the companies.

Cloud computing: You pay your money, you make your choices

MIT’s Kirsch Auditorium was standing room only last night for a forum on cloud computing, part of the university’s Innovation Series for entrepreneurs, investors and patent attorneys. But there was a liberal sprinkling of technology types as well in the audience, including some upper-level IT folks trying to get an early read on what cloud might offer them.

The forum’s avowed purpose was to give a sense of what’s real now in the cloud and so it focused on the Amazon Web Services ecosystem. Several speakers spoke of “hundreds” of providers of value-added layers to the basic Amazon services, much in the form of middleware. When you peel back the layers of the onion, in many cases what you are renting has a high open source content. If enterprises have been slow to widely deploy free or freeish open source software internally, will they be quick to pay for it in the cloud just because someone has done the initial heavy lifting of configuration?

Other vendors have more novel models. Take Allurent, for example. They’ve distilled down many of the more desired features of e-commerce websites into a set of modules that run in the Amazon cloud. They do some design customization, but seemingly a lot of the time-and-money uncertainty inherent in the handoff from graphic design to software design that plagues so many Web projects has already been boiled out of the designs.

There’s also an accompanying content management system that your marketing department can use to manage sales, promotions, etc. The pages are hosted on Amazon but appear as part of your site and integrate with your e-commerce back end. My point isn’t to do a commercial for Allurent, but to point out that the cloud model creates some new ways of doing things that may well be an improvement over current ways.

Next week, VMware will shine a spotlight on the private and private/public hybrid cloud notions. This conference was more about the platform and application services that you will likely find coalescing in the cloud in the near future. If cloud flops, it won’t be for a lack of choices.