Clouds Ahead

November 2, 2011  10:42 AM

The Trouble with Cloud Security

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

Depending on where you look, you’ll read that business decision makers are either scared stiff of adopting cloud-based solutions or they can’t dig deeply enough into their pockets to fund cloud projects.

Analyst firm IDC predicts cloud spending will reach $72.9 billion by 2015, more than three times as much as in 2010. That isn’t exactly a drop in the bucket, but putting aside macroeconomic swings for a moment, you have to wonder how much more could be spent if fear of the cloud could be eliminated.

Most of that fear has to do with security and privacy. With a host of regulations coming out of Washington and state capitols to protect privacy, concerns over running afoul of the law are justified. Exposure of certain types of data, such as medical, finance and HR records, can lead to severe penalties. So decision makers should be concerned.

By that, I’m not suggesting you should avoid the cloud – just that understanding the risks associated with adoption of cloud solutions is imperative. Doing due research about solutions you are considering could spare a whole lot of trouble.

You’ll never have a 100 percent foolproof solution, no matter what anyone tells you.

In the cloud, there are new layers that have to be protected, and hackers will exploit every opportunity to get at private data for nefarious purposes.

Hosted, shared environments, for instance, potentially can make secured virtual machines vulnerable when connected to others that are less secure. A hacker could exploit the vulnerabilities of one machine and use it as a bridge to another that he or she would otherwise not be able to access. Attackers theoretically also can find ways to break into a virtualized environment to mess with data while still making it look normal.

Even though there have been disputes as to how undetectable certain attacks can be in practice, you don’t want to leave anything to chance if you are going to trust some, or even all, of your computing environment to a provider of cloud solutions. That means learning as much as possible about a solution’s security capabilities, implementing well-defined security policies in your organization and signing a contract with your provider that clearly defines both parties’ responsibilities.

Let’s be realistic: You’ll never have a 100 percent foolproof solution, no matter what anyone tells you. Even if you could prevent breaches, there’s always a very real chance that a leak could occur as a result of inadvertent user action.

Nearly 80 percent of businesses suffered data loss last year, according to a Ponemon Institute report. Chances are you could be part of that statistic this year or next. It’s up to you to minimize the severity when it happens.

October 25, 2011  10:46 AM

Knowing When to Keep It Private

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

First came the Internet, and everything you accessed over the Web was “Internet-based.” But these days we have the “cloud,” and what we used to accomplish over the Internet now takes place in the cloud.

What’s the difference? A lot of it has to do with marketing. Everything you’re doing in the cloud is still taking place over the Internet, but the cloud is the new black. Admittedly, being “in the cloud” implies a cozy quality that you simply don’t get from “over the Internet.”

The reasons for using the cloud are pretty much the same that drove people to buy consumer goods online or access CRM applications over the Web – it’s usually cheaper.

But not always. And that’s important to keep in mind. Most vendors will talk up affordability and scalability when selling you a cloud solution. And, usually, those are pretty persuasive reasons to consume technology over the cloud in a utility-like model, as opposed to having to buy expensive gear and software.

However, there are alternatives to the cloud that can still save you money and give you the scalability you need. I’m talking about “private” and “hybrid” clouds.

There are alternatives to the cloud that can still save you money and give you the scalability you need.

Private clouds essentially replicate a public cloud environment locally. So rather than using the Internet to store your data or accessing a business application in the ether somewhere, you keep those assets on site and use cloud-like virtualization that lets you retain control over your environment. As opposed to typical legacy on-site environments, private clouds centralize security and administration.

Hybrid clouds, as the name implies, employ a mixed model with public and private cloud elements.

When considering a cloud solution, pay attention to what the vendor is offering. “Pay-as-you-go” and “on-demand” public cloud services may prove just right for you, but in some cases you’d be better off going private.

A pay-as-you-go model for a public cloud service conceivably could get pretty expensive if you add enough users. But if you keep the service on premise, it doesn’t matter how many users you add or subtract, though you could end up with unwanted capacity as a result of contraction.

A hybrid approach may solve some problems. Say you need an accounting package for a staff you’re sure won’t change in size any time soon. In that case, a public cloud application could work. But if your business development and sales staffs are growing, perhaps you should keep your CRM application in-house.

It all comes down to your specific business requirements. Before jumping on the cloud, be sure to have a strategy. Peel the layers before you decide whether a public, private or hybrid approach is best for you.

October 19, 2011  9:04 AM

Unused Capacity vs. Capability

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

One of the best things about cloud computing is the elimination of unused capacity. Cloud solutions, however, don’t inherently address a common problem – unused capability. That one is up to you.

First, let’s deal with how the cloud addresses wasted capacity. Most servers operate at anywhere between 5 percent to 30 percent, which means businesses have tended to get way more computing power than they needed. The Green Grid, a consortium of users, policy makers, IT providers and utility companies working to improve computing efficiency, found in 2009 that 10 percent of servers in datacenters were going unused. The organization estimated those machines added up to 4.4 million servers worldwide collecting dust.

That is a staggering amount of budget-busting waste. By and large it went unnoticed by decision makers until cloud computing started to show people a better way. A growing number of IT vendors now offer computing resources in the cloud that can be turned on and off based on customer needs.

Most servers operate at anywhere between 5 percent to 30 percent, which means businesses have tended to get way more computing power than they needed.

While they are turned on, there should be no reasonable excuse for any capacity to go unused because cloud solutions are elastic, letting you add or remove capacity depending on current requirements. If you need to add users to a cloud-based accounting application, you can do so. You’ll see a small increase on your monthly bill, which is still better than paying for unused equipment. Conversely, if you’ve downsized your sales staff and you need to reduce the number of users of your cloud-based CRM application, you may do so – and save some money.

Regardless of how many users leverage that CRM application to do their jobs, you may not be getting all the use you should out of the software. The application could have more functionality than your users realize. And that’s where unused capability comes in.

Companies often buy an application to solve a single business problem but don’t bother to learn what else the software can do. They actually may be aware of other features they don’t need just yet but figure those functions will come in handy later. In many cases, that never happens.

So you end up with a lot of unused capability, which while not quite as wasteful as unused server capacity, carries the hidden costs of arrested efficiency. The software may have a function or two that, if in use, could spare your workers from mundane day-to-day tasks and allow them to focus on more strategic endeavors.

But you will be able to accomplish this only if you learn as much as you can about the application, so be sure you have the right discussions with your cloud services provider. If there are features in a solution that you don’t need, you might be able to just not buy them. But if they are embedded and you have to buy them anyway, at least find out if or how they can benefit your business.

October 11, 2011  9:27 AM

How to Fight Human Nature with Backup and Disaster Recovery

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

In his wonderful book, “Collapse: How Societies Choose to Fail or Succeed,” Jared Diamond wonders what the people on Eastern Island were thinking when they cut down their last tree. Diamond posits that environmental causes such as deforestation led to the collapse of the island’s society.

What is it about human nature that prevents us from seeing what should be the obvious consequences of our actions? Is disaster simply too much for our perhaps unduly optimistic natures to contemplate?

Well, that’s a question for the philosophers. But one decidedly more modest question we can address here is the need to prepare for disasters involving data loss. Anybody who has ever used a computer knows you can lose your work for any number of reasons: An application quits unexpectedly. A server fails. A browser session goes poof.

Any one of these situations – and lots more that I won’t scare you with just now – can cause data loss. And data loss is potentially devastating, depending on the magnitude of the loss. A survey released in June by the Ponemon Institute revealed that 80 percent of businesses had lost data within the past year.

Hardly anyone is immune to data loss. And while you may have been among the fortunate 20 percent last year, this year there is an 8 in 10 chance you won’t be.

Eighty percent! So, you see, hardly anyone is immune to data loss. And while you may have been among the fortunate 20 percent last year, this year there is an 8 in 10 chance you won’t be.

But that’s OK, because you’re ready for any sort of data-loss disaster. Right? Well, not according to study after study and anecdotal evidence from IT service providers. Too many companies still play fast and loose when it comes to backing up and storing their data so that they can restore it if the need ever arises. The thinking seems to be, “It won’t happen to me.”

But that’s dangerous thinking, and it speaks to human nature’s refusal to contemplate disaster.

Of course, it also has something to do with budgets. But even as cloud computing has made reliable backup and disaster recovery solutions accessible to even the smallest businesses out there, excuses for not properly backing up your data start to ring hollow.

Let’s face it, there is no excuse. And companies that still neglect this extremely important piece in running a secure, reliable IT environment are putting their own future at risk. I won’t bother you with the statistics of how many companies go out of business after a catastrophic data loss because I suspect you’ve seen them. Let’s just say most businesses don’t make it.

So what’s holding you back? Take the time to investigate available cloud-based backup and disaster recovery solutions, determine which vendor has the best fit for your needs, and get busy developing and implementing a business continuity plan that will keep your company going should the unthinkable ever happen.

As the folks in Eastern Island certainly discovered, the unthinkable can and will happen.

October 5, 2011  9:04 AM

Freedom in the Cloud

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

As business decision makers review cloud offerings to determine what fits into their IT environments and strategic plans, they should pay particular attention to what a cloud platform allows them to do.

Some of you may be familiar with Amazon’s cloud-based storage service, Google Apps or’s web-based CRM application, but what if you wanted to start moving significant portions of your infrastructure, if not all of it, to the cloud? You’ll want to make sure you do it with an eye to anticipating future needs.

Most, if not all, vendors tout scalability as a key feature of their cloud-based offerings, but typically that applies only to a specific product. So if you want to add nodes later on, you’ll be able to do that, which is of course desirable but not necessarily the answer to all your needs.

Some companies offer platforms with plenty of room for expansion but you’ll have to stick with their products as you add resources.

If you are actually looking to deploy a platform on which to build a cloud infrastructure, be mindful of the freedom the platform you choose gives you to add technology as you go along. Some companies offer platforms with plenty of room for expansion but you’ll have to stick with their products as you add resources.

Other companies take a more open approach, giving you the platform and then letting you build on top of it by pulling technology from different vendors. Such vendors include Cloupia, whose Open Automation for Clouds technology allows users to automatically add resources from multiple infrastructure and cloud vendors to satisfy their datacenter needs.

The technology, Cloupia said in a recent statement, allows “users to take control of systems and applications with a minimum of engineering effort and without vendor lock-in.” IT administrators can use the platform to customize and automate tasks, while IT staffs have the ability to “build and execute repeatable physical and virtual infrastructure provisioning workflows without complex custom scripts and expensive system integration engagements.”

Companies looking to build on an open cloud environment might also consider OpenStack. Self-christened as “the open source cloud operating system,” OpenStack is a collaboration of developers who want to create freely available code and establish standards for cloud services consumption. For those of you familiar with Linux, this approach should ring a bell.

OpenStack is getting collaboration from some big names, including NASA, Dell, Citrix and Intel. It’s definitely worth keeping an eye on this collaboration because, if successful, it could have a significant impact on defining what “cloud” means.

I mention Cloupia and OpenStack not to steer you in the direction of these brands, but rather to alert you to the choices out there. You may find that a vendor with an all-in-one package may be just right for your needs, but before you make that decision, it won’t hurt to explore the possibilities.

Remember, there are plenty of clouds in this expanding sky.

September 29, 2011  9:45 AM

Questions to Ask Before Jumping on the Cloud

Pedro Pereira Pedro Pereira Profile: Pedro Pereira

Thinking about the cloud but not quite sure what to do? You are not alone. Thousands of businesses across the land have been bombarded with advertising about the cloud, how it can save you money and how you won’t be able to live without it.

The truth is cloud computing is definitely worthy of consideration by any business with an IT strategy, no matter how big or small the company. It would be negligent, bordering on criminal even, to not at least consider available cloud choices and which legacy computing resources you would be better off replacing with cloud-based applications.

However, before you start ripping out applications and equipment from your office, you should take a few things into consideration regarding cloud offerings. Chief among those considerations are the cloud vendor, its track record and whether the vendor’s offerings are a good fit for your IT needs.

It would be negligent, bordering on criminal even, to not at least consider available cloud choices

You see, everybody is a cloud vendor today. But it wasn’t long ago that some vendors that claim they are cloud leaders thought about clouds only when the sky was grey. So it’s important to do your research.

Read up on the products and consult with your IT provider to learn if the cloud-based applications you are considering have been around a while, whether they are known to cause more problems than they solve, and whether they have a good security track record. Based on the information you gather, think hard about whether the application or solution still looks like the right choice for your specific requirements.

Regarding the latter, you must take into consideration your current infrastructure and whether to invest in upgrades. Do you have enough bandwidth to handle additional Internet-based resources? Is your network architecture set up for cloud-based computing? Should you can a physical server or two and replace them with a virtual server?

What about data backup and recovery? How have you handled that essential piece of your IT environment, and should you move it to the cloud?

And, of course, there are budget considerations. While it may make sense to move most, or all, of your IT to a cloud-based environment, your budget may restrain you from doing so just yet. But you might be able to take a step now, be it deployment of a business application or backup and recovery, to be followed by others later.

The cloud looms ahead, and you’re bound to feel pressure to jump on it. And while your business likely will benefit from the cloud, you ought to make cloud computing decisions methodically and add cloud resources gradually.

In blogs to come, we’ll explore the plethora of cloud choices available out there, how virtualization fits into this whole cloud thing, and what to watch out for in terms of security. It’s going to be a good ride, so climb aboard the Clouds Ahead blog.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: