Congress should reform the NSA in an attempt to restore trust in the US tech industry, the ITI says
By Grant Gross, IDG News Service
February 04, 2014, 5:49 PM — The U.S. Congress needs to help restore global trust in the nation’s technology vendors by reining in surveillance programs at the National Security Agency, an industry representative told lawmakers Tuesday.
Recent revelations about NSA surveillance programs have created a “misimpression” about the U.S. technology industry and are eroding trust in those companies, said Dean Garfield, president and CEO of the Information Technology Industry Council (ITI). The furor over the NSA surveillance programs could lead to lost income in the tens of billions of dollars for U.S. cloud providers, and many U.S. tech vendors are already hearing complaints, he said.
The U.S. needs a “public policy course correction” on NSA surveillance, Garfield told the U.S. House of Representatives Judiciary Committee.
“Made in the U.S.A. is no longer a badge of honor, but a basis for questioning the integrity and the independence of U.S.-made technology,” Garfield said. “Many countries are using the NSA’s disclosures as a basis for accelerating their policies around forced localization and protectionism.”
To stop a “protectionist downward spiral,” Congress needs to ensure greater transparency over NSA surveillance and provide stronger oversight, including a civil liberties advocate at the U.S. Foreign Intelligence Surveillance Court. Congress also needs to find ways to restore trust in the encryption standards process at the U.S. National Institute of Standards and Technology (NIST), he said, after revelations by former NSA contractor Edward Snowden that the NSA worked to compromise the process.
Some witnesses and lawmakers seemed to call for larger changes to NSA surveillance programs, with several calling for President Barack Obama’s administration to scrap the NSA’s bulk collection of U.S. telephone records.
Representatives of Obama’s Review Group on Intelligence and Communications Technology, which recently recommended major changes to the phone records program, and the U.S. Privacy and Civil Liberties Oversight Board, which called the program illegal, testified at the hearing.
Several lawmakers, both Republicans and Democrats, questioned the legality of the phone records program. Representative Ted Poe, a Texas Republican, questioned how many criminal cases federal investigators have filed using information from the phone records program.
There “may be one,” said James Cole, deputy attorney general in the U.S. Department of Justice.
“One criminal case?” Poe said. “[The program] is an invasion of personal privacy, and it’s justified on the idea that we’re going to capture these terrorists. The evidence that you’ve told is all this collection has resulted in one bad guy having criminal charges filed on him.”
Cole defended the phone records program, saying the information it provides helps with large investigations. “The point of the statute is not to do criminal investigations,” he said. “The point of the statute is to do foreign intelligence investigations.”
Officials with the Obama administration haven’t accurately described the NSA programs to Congress, said Representative Trent Franks, an Arizona Republican. “We feel that we have been blatantly deceived on what some of these programs have done,” he said.
Congress should pass the USA Freedom Act, an NSA reform bill that has several Judiciary Committee sponsors, said David Cole, a constitutional law professor at the Georgetown University Law School. The bill would allow the DOJ and NSA to collect U.S. phone records only when they are connected to a suspected terrorist.
“That is how the administration sold what they were asking Congress to do” when it asked for new authority in the Patriot Act to collect information relevant to a terrorism investigation, he said. “I don’t think a single member of Congress thought, ‘what we mean by that is there are no limits on the business records that you can get.'”
But Steven Bradbury, a former DOJ official, defended the phone records program. Some NSA reform proposals “would expose the nation to vulnerability by substantially weakening or even destroying outright the effectiveness” of the phone records program, he said.
Proposals to add a civil liberties lawyer at the surveillance court would slow down the collection-approval process there, and “would, I fear, prove dangerously unworkable in the event of the next catastrophic attack on the United States,” he added.
With the increased pace of change worldwide, many executives are asking, “How can I create value for my company both now and in the future?” and “How can I take advantage of the Internet of Everything (IoE) to increase innovation and strengthen our competitive position?”
In early 2013, Cisco determined that IoE — the networked connection of people, process, data, and things — will create $14.4 trillion in total Value at Stake over 10 years (2013 – 2022). To help executives realize as much of this value as possible, Cisco just launched new, groundbreaking research — called the IoE Value Index —that shows $1.2 trillion of value is “up for grabs” in calendar year 2013.
The IoE Value Index is driven by a survey of approximately 7,500 business and IT decision makers from private-sector firms in 12 of the world’s largest global economies (Australia, Brazil, Canada, China, France, Germany, India, Japan, Mexico, Russia, United Kingdom, and United States). In addition to sizing the opportunity by calendar year, the Index provides valuable insights that enable executives to transform and position their businesses to capture more IoE Value at Stake both this year and in years to come.
The Internet of Everything is poised to generate at least $613 billion in global corporate profits in calendar year 2013.
Insight No. 1:
The Internet of Everything is poised to generate at least $613 billion in global corporate profits in calendar year 2013.
These profits stem from corporations around the globe leveraging the Internet of Everything to make their operations more efficient and provide new and/or improved customer experiences.
Insight No. 2:
Corporations could potentially nearly double those profits by adopting business practices, customer approaches, and technologies that more fully leverage IoE.
While IoE is driving a huge number of corporate profits, an additional $544 billion could be realized in calendar year 2013 if companies adjust their strategies to take better advantage of IoE.
Given the level of evident parity, there is real potential for a shakeup of the competitive landscape in nearly every industry
Insight No. 3:
Traditional business advantages are evaporating quickly.
• Firms in developed markets are now realizing the greatest share of IoE value. For example, among the countries studied, German companies are capturing the highest percentage of value at 62.3 percent, followed by Japan at 57.3 percent. In contrast, firms in emerging markets are generally realizing a lower percentage of IoE Value at Stake. For example, companies in Mexico are the lowest in the study at 47.1 percent on average. The narrow range (15.2 percent) between the top and bottom countries, however, highlights the parity among firms worldwide.
• Many companies in developed countries have invested heavily in IT for decades, and have extensive experience implementing the kinds of technologies — such as collaborative tools, industrial automation, sensors, and analytics — that create the foundation of IoE. To stay ahead of competitors in emerging markets, however, firms must continue to invest in the technologies, and in the people and process enablers, that will fuel future success in the IoE economy.
Insight No. 4:
Competition will intensify as IoE evens the playing field between large and small companies around the globe.
Given the level of evident parity, there is real potential for a shakeup of the competitive landscape in nearly every industry. Midsize firms and companies from emerging economies pose a formidable and growing challenge to market incumbents.
• Midsize firms (500-1,999 employees) are actually capturing slightly more Value at Stake on a percentage basis than large enterprises with at least 10,000 employees — 54.1 percent versus 52.4 percent.
• Companies in emerging markets are more confident in their ability to realize IoE value. On a scale of 1-10, where 10 is “extremely confident,” executives from emerging markets scored a 7.8, in contrast to 6.7 for executives in developed markets. Many of these countries, such as Brazil, China, and India, have increased their IT investments in recent years at a rate that far outpaces the global average. In addition, IoE technology drivers such as cloud services and mobility have made it possible for emerging-market firms to close ground quickly on those companies in developed markets that have not remained on the leading edge of technology innovation and adoption.
Insight No. 5:
IT-intensive sectors are capturing a higher percentage of IoE value.
• Companies in high tech and telecommunications (65.4 percent) and financial services (60.5 percent) are realizing a higher percentage of IoE Value at Stake in 2013 than firms in industries that are less IT-intensive.
• Companies in manufacturing, energy, and retail have captured the smallest share of Value at Stake so far, but also have the greatest potential to gain competitive advantage.
Cisco’s analysis reveals the quality of a company’s technology infrastructure and tools is the single most important factor in determining the amount of value realized.
Insight No. 6:
Executives in surveyed countries anticipate job growth and wage increases as a result of IoE.
• Forty-seven percent of executives think IoE will lead to higher wages at their companies, while only 6 percent think wage cuts are likely. This is particularly evident in emerging markets.
• Thirty-three percent of executives believe IoE will lead to higher employment levels in their firms, versus 28 percent who think job losses are more likely. In developed countries, executives, while still positive, were somewhat more reticent about the prospects for job creation.
Insight No. 7:
Executives believe IoE will make their firms more secure.
• Information and physical security are seen as the primary downsides associated with the increased connectedness that comes with IoE.
• Still, 50 percent of respondents think IoE will make information more secure, while just 19 percent fear it will be less secure.
Insight No. 8:
While technology is pivotal, people and process make the difference.
While data analytics is an important enabler of IoE, “data” has become ubiquitous, and is not in itself a differentiator.
• Cisco’s analysis reveals the quality of a company’s technology infrastructure and tools is the single most important factor in determining the amount of value realized. A strong technology foundation, while insufficient on its own, is required for companies to capture Value at Stake.
• However, the combination of “people” and “process” enablers represent more than half of the total value realized. These are the competitive levers that executives must address. Specifically, people-centric management practices and strong information management loom large as the top priorities.
With more and more companies gaining access to technology and innovations that level the playing field, such as cloud computing, what really matters is how executives harness these innovations to maximize value realized from IoE.
Insight No. 9:
The key challenge: harnessing innovation for business gain.
With more and more companies gaining access to technology and innovations that level the playing field, such as cloud computing, what really matters is how executives harness these innovations to maximize value realized from IoE. To that end, the top three challenges cited by respondents in realizing IoE value were:
1. Investing in the right technology infrastructure and capabilities
2. Integrating new technologies with legacy IT environments
3. Updating processes to absorb new technologies
Insight No. 10:
Firms must invest in the right IoE capabilities to improve competitiveness.
Cisco identified several key areas of opportunity for firms in sectors that have the greatest potential to benefit from IoE. To capture the most value, these companies should focus on the following IoE-driven capabilities:
• Manufacturing firms: real-time, multidimensional data analysis; integrated video collaboration; remote tracking of physical assets; intelligent robots
• Energy firms: integration of sensor data; ability to locate experts when vast distances are involved between experts and energy-production sources; predictive analytics
• Retailers: data visualization and predictive analytics; BYOD; location-based marketing
For more information about the IoE Value Index study, please contact:
Cisco IBSG Research & Economics Practice firstname.lastname@example.org
Cisco IBSG Research & Economics Practice email@example.com
Cisco IBSG Research & Economics Practice firstname.lastname@example.org
Cisco IBSG Research & Economics Practice email@example.com
Cisco IBSG Research & Economics Practice firstname.lastname@example.org
First off, let me say I agree 100 percent with the premise that Enterprises are absolutely INSANE to believe they can go from their traditional internal IT and Devops/Netops infrastructures to the Public Cloud! That IS the definition of INSANE in my book and I would Hazzard the guess that 100 percent of the companies stupid enough to do something like that discovered that FACT the HARD WAY. I know, I’ve been called in to consult for many of them with regards to “what do we do now”….
Let me say one thing, the Public Cloud is NO Better than A FULL HOSTED SOLUTION WAS TEN YEAR Ago it still has the exact same REASONS NO ENTERPRISE WOULD FULLY PUBLIC HOST THEIR INFRASTRUCTURE THEN!
If I have to spell it out think of how you are treated when you call your bank, your insurance company, your utility company or Anyone else who thinks of you as a NUMBER and hires minimum wage support to handle all their customers and cut costs and maybe you’ll get the idea of what you have placed your ENTIRE BUSINESS in the hands of…. For example, I cannot tell you how many simple Web hosting companies FAIL TO BACKUP A SIMPLE WEBSITE as a matter of fact one of my clients site was recently hacked (they outsourced their company website, thinking something that simple cannot go wrong right?!?!?!? WRONG ABSOLUTELY WRONG if you’ve been in High-Tech longer than 24hrs you know already that the age old addage “what can go wrong, will….” they were down almost 10 days apparently their supposed daily backups did not work and we’re backing up nothing… I can’t tell you how many complete businesses have experienced the exact same thing at Amazon and other “Public Cloud Providers” and called me almost in tears because they were about to go out of business after being down for two weeks after some “twenty something, software engineer told them he could handle the network Operations..”no need to build a Netops team or pay all that money for a professional Director of Network Operations when we can just use Amazon!”…. Because of a simple backup not being VERIFIED as any internal IT Department would do on a regular basis….
Okay, I’ve finished my rant, back to the article 🙂
Private clouds require a Capex investment ahead of demand, which means companies actually need to make a larger investment than does a company with the traditional IT deployment model for compute resources. Thus, the initial cost of deploying infrastructure is not where the private cloud model yields its benefits; the operational efficiencies of deploying a cloud and consuming its resources over the entire lifecycle are where private cloud benefits lie.
Enterprises must take advantage of the difference between a private cloud and virtualized infrastructure to capitalize on benefits.
There are at least four areas where a private cloud can enhance IT efficiency. They include:
- Purchasing: If you procure multiple instances of the same server stockkeeping unit (SKU) in a single transaction, the vendor will offer volume discounts. Also, cloud compute servers are usually specified to take advantage of mainstream pricing rather than pushing performance limits. High-performance applications will use multiple moderate performance compute units rather than a single high-performance unit.
Installation: The inherent modularity of cloud infrastructure makes the installation of new resources more efficient than in traditional IT. A module may be of any size, but “rack scale” is very convenient for most enterprise data centers. At a minimum, a module contains compute servers and the network to connect them. It is possible to outsource the assembly of the rack, which further streamlines both purchasing and installation, and repair can also occur at the module level.
Resource sharing: Many IT workloads occur on a schedule; different workloads occur on different schedules. Typically, resources are dedicated to each workload, which leads to poor utilization because resources sit idle a large part of the time. Properly architected cloud applications use the same resources, which greatly improves utilization. Other private cloud scenarios include temporary or seasonal workloads, in which sharing is not as predictable, but, currently, it represents a huge opportunity to improve efficiency.
Management: A private cloud finally delivers on the automation that virtualization promised. With a clearly defined service catalog — that includes compute, storage, database, etc. –developers not only acquire the resources they need to build and test an application, they also know at design time what the production environment will be. A quick visit to a cloud portal delivers those resources with zero involvement from IT personnel. Once the application is in production, automation enables seamless scaling in response to changes in demand.
So where are enterprises missing out? The way enterprises currently approach the private cloud model is reminiscent of the definition of insanity attributed to Albert Einstein: doing the same thing over and over again and expecting different results. If an enterprise deploys a private cloud and uses it the same way it uses its existing virtualized infrastructure, that enterprise should not expect any significant improvement in efficiency.
The same is true of cloud washing an existing data center, as nothing has changed and the end result is quite literally “doing the same thing.” Instead, enterprises must take advantage of the difference between a private cloud and virtualized infrastructure to capitalize on benefits and achieve different results.
The single biggest change that has to happen to reap the benefits of a private cloud is that applications must target the infrastructure, instead of the infrastructure conforming to the applications. Enterprise application architects need to make this change for internally created business applications, and ISVs need to change how off-the-shelf software is deployed.
This is a strategic shift in how business applications are installed and requires a team effort. Developers consume the cloud. And executives must be patient while their organization makes the evolution to achieve truly different results. Without support from the top, politics will disrupt the creative processes required to break free of the old paradigm.
The channel has come a long way in the short history of cloud computing: from concerns of the channel’s role — and future — in a cloud market, to embracing the cloud and thereby growing affinity with customers. As the cloud, combined with mobile computing, social networking and big data analytics, replaces PCs and servers as the next computing platform (collectively referred to as the third platform), IT channel companies face a number of new business opportunities.
“Channel companies, from my perspective, have the greatest opportunity ahead of them. The question is how quickly … they [are] going to embrace it as a mechanism to drive business and retain stickiness with customers,” said Jeremy Sherwood, cloud strategist and product manager at ScienceLogic Inc., a Reston, Va.-based provider of IT operations management software. “How you do that is by embracing it — finding differentiations. Instead of battling Amazon, Google, Rackspace, let me embrace them and fill in the niches [and] the spaces that you don’t get from them.”
Instead of battling Amazon, Google, Rackspace, [the channel should] embrace them and fill in the niches [and] the spaces that you don’t get from them.
That is exactly what value-added resellers, systems integrators and service providers are doing, by providing what we’ll refer to here as cloud support services. In its 4th Annual Trends in Cloud Computing report, which is based on a July survey of 501 technology users and 400 IT channel companies in the U.S., CompTIA describes four cloud-related business models that IT channel companies are adopting: build, provide/provision, manage/support and enable/integrate. While these aren’t the only cloud-based business models, they tend to be common ones. It should also be noted that companies can move from one category to another and in no particular order.
That said, the “build” business model has the lowest barrier to entry, according to Carolyn April, director of industry analysis for CompTIA. “It’s a natural progression from reselling hardware and software to customers to helping them build a private cloud,” April explained. This business model also includes reselling “cloud-in-a-box” offerings. According to the report, about 60% of channel firms that identify themselves as resellers currently offer build services, whereas only 47% of channel companies that identify themselves as services providers offer build services.
While channel companies may find that the ‘build’ business model fits well with their current offerings, the provide/provision model holds the most promise. According to the report, a third of all respondents believe the provide/provision model has the most growth potential in the next two years — regardless of whether or not they are currently involved in it.
“We see the most activity in the provide/provision category,” April said. This cloud support services business model includes several subcategories: 60% of IT channel companies involved in cloud white label a vendor’s cloud offering; another 60% operate their own data center and sell homegrown cloud services; and 54% resell vendor-based cloud services, such as Microsoft Office 365 or Google Apps, according to the survey.
For Wilmington, Del.-based MySherpa, rebranding Software-as-a-Service products has been a win-win for both the managed services provider and its customers. According to Ethan Tancredi, president of MySherpa, the company offers about 10 “cloud bolt-ons.” Some are included when customers sign up for MySherpa’s services and others are offered as add-ons.
“They provide a lot of flexibility to us, the managed service provider. We get the ability to have a robust product we can offer to customers, and we build the cost into the price of our managed service product,” Tancredi said. In terms of benefits to the customer, he said, “We can remove these [technology] components from the organization so that the client’s infrastructure doesn’t have to be as complex or as expensive, while still giving them the features they need.”
Like the provide/provision business model, the manage/support model offers IT channel companies the opportunity to build a recurring revenue stream with cloud services. Manage/support includes ongoing management and support of cloud-based services, either as project-based work or in a contractual revenue model, as well as adding, scaling or troubleshooting cloud services as needed. According to CompTIA, a third of channel companies report offering basic services, such as troubleshooting or repairing cloud-based IT, while another six in 10 report offering remote monitoring and management of cloud services that reside in a multicloud environment.
According to the report, “Multicloud management is a solid opportunity area for the channel as myriad cloud apps and other solutions mushroom in the market. Customers are accessing solutions from an array of different providers and data center locations, often with little real handle on the source of these services. Channel firms are optimally positioned to serve as a gatekeeper.”
The final cloud support services business model — enabling/integrating — gives IT channel companies an opportunity to further increase their revenue over and above recurring services. According to the CompTIA report, the No. 1 source of post-sale dollars for the past three years has been integration work. “Since most solution providers charge customers on a recurring basis for cloud solutions … the project work associated with the Enable/Integrate category allows them to add revenue not included in the base contract,” the industry group reports.
More medium-sized channel companies (100 to 499 employees) are offering cloud enabling/integration services than their cohorts, with 66% of companies reporting involvement in this business model, versus 49% of small companies (1 to 99 employees) and 50% of large (more than 500), according to the CompTIA report.
Author – Crystal Bedell
Published by Jarrett Neil Ridlinghafer
Founder & Chief Cloud Consultant
Cloud Consulting International
If we believed the marketing and vendor hype, we’d think every enterprise was abandoning its entire data center infrastructure in the name of cloud computing. Most of us realize, however, that vendor claims must be taken with a grain of salt — everyone has an agenda. Still, the question remains: How is cloud computing in all its facets — public, private and hybrid — penetrating the enterprise?
In September 2012, TechTarget conducted its first Cloud Pulse survey, focusing on cloud computing adoption and usage, to gauge industry trends. The study, conducted three times a year, takes a continual look at cloud adoption trends among IT professionals.
TechTarget’s Cloud Adoption Index uses survey data to gauge cloud migration activity, as well as future plans in a variety of areas. By tracking our index, you can follow adoption over time and see how new standards, services and industry needs are leading the push into the cloud — and how your enterprise compares.
Public and private cloud both have reached about 25% penetration within IT, according to the Cloud Adoption Index, with hybrid cloud adoption lagging at 16%. And, despite what vendors want you to believe, survey data shows that adoption rates are not rising steadily, but that from September 2012 to March 2013, they could be flat to down. It’s important to note that, with this index, if all respondents ran all IT workloads in the cloud, the index would equal 100.
Can all this buzz be skewing enterprise IT’s adoption expectations? Perhaps. A fair amount survey respondents in September 2012 projected moving IT workloads to the cloud in some form over the next six months. In actuality, however, data from the March survey does not support this.
So, what’s stalling adoption? Why did respondents who expected to be in cloud six months ago not get there? Thirty-four percent of survey respondents cited a lack of control over the cloud environment as the main reason for non-adoption, while 33% feel their data centers are not virtualized enough to be ready to move to the cloud. Security still weighs heavily on 31% of respondents’ minds as a reason to forgo cloud computing.
It seems cloud service providers still have some convincing to do when it comes to enterprise IT. But as cloud management tools advance and data centers become further virtualized, it may only be a matter of time until actual cloud adoption catches up with the noise.
About the author
Michelle Boisvert is executive site editor for SearchCloudComputing, SearchWindowsServer and SearchDataCenter. Contact her at email@example.com.
Published by Jarrett Neil Ridlinghafer
Founder & Chief Cloud Consultant
Cloud Consulting International
Rackspace claims “Consistent”, “Reliable”, “Unlimited” Block Storage in the Cloud and are competing Head-To-Head with Amazon EBS (Elastic Block Store) & Google’s GCE (Google Computer Engine). A big boost for Open Source as they are using the OpenStack framework however, like ALL shared infrastructure the chances of major outages and failures cascading throughout their entire customer portfolio is pretty high.
They offer both SSD and traditional drive storage selections, their pricing is a bit higher than most and along with “Dreamhost” who just anounced their new “DreamCompute” service announcement earlier this month.
With the list of new Public Cloud providers growing like weeds, you can mark my words the short term future means massive acquisitions, failures and consolidation. There just is not a large enough demand for Public Cloud and as Private Cloud Technology becomes more reliable and the Major Outages like the recent (again) Amazon Outage continue to happen with the large Public Providers (which they will, as I’ve stated previously many times, if your going to outsource your critical infrastructure to a managed/shared/hosted solution you better be prepared to have your business “go down” just as I tell anyone wishing to purchase and ride a motorcycle, as everyone goes down eventually) and more companies continuing to build their own private clouds while others migrate off the public cloud hazard, look for the market to really consolidate down to two or three players in the Public Cloud Arena over the next 3 years.
- Google Compute Engine for OpenStack. But Why? (devopsangle.com)
- Cloudscaling Bringing Google Compute Engine APIs to OpenStack Project (prweb.com)
- Rackspace stream from the Clouds to you ‘will out-flow the Amazon’ (go.theregister.com)
- Rackspace Launches OpenStack-Powered Block Storage (cloudcomputing.sys-con.com)
- Dreamhost Builds New Public Cloud On OpenStack As Market Shows Signs Of Federation (techcrunch.com)
The EVIL Cloud strikes again
As I’ve been saying for 2-3 years now, Cloud Technology is still WAY too early for any company to be using as their “end-all” strategy. And for sure, Public Clouds may be good for Mom & Pop organizations or for large inefficient ones like the US Federal Government (to be sure!) but for any major corporation or even a new fast Startup to throw their critical infrastructure onto Amazon, Rackspace, Google or any other Public Cloud and walk away expecting nothing but rainbows and pretty pictures, is foolhardy at best and downright idiotic and a fire able offense (in my opinion) at worst. I’m sure many board of Director’s are screaming bloody murder the past week and would not be surprised to see some heads rolling.
The problem is that ANYONE who has been in this business 10 years or longer KNOWS (or should) exactly what will happen. Anyone who has had a hosted server, Hosted DNS, or Hosted Website for ANY length of time KNOWS they eventually go down, they all do. So why ANYONE with any experience would place their core business and their whole company in that situation is beyond my comprehension.
The only thing I can think of, as I’ve also stated previously and have seen first hand, is that a lot of these new startups and I consider Reddit, Foursquare, Pinterest, etc… ALL as young and inexperienced startups with Young Executive staff (I’m talking ALL in their twenties) and a refusal to hire older, wiser heads to help them with their business and infrastructure strategies. You may think I’m full of hot air here, but believe me I’ve SEEN IT MANY MANY TIMES over the past few years folks. I’ve spoken till blue in the face in many cases and in one my 25 years of experience was over-ruled by a 21 year old software developer who thought he was an infrastructure specialist and demanded the company use Amazon Cloud Services. Even after a two week outage at Amazon almost lost them their company, the CEO who was also around 21 years old was apparently buddies with this software developer, and even though the one older person they had working there (the VP of Software Development who was in his late 40’s and was the one who recommended they call in me) also advised them to migrate to their own Private Cloud, they decided to ignore our combined experience of close to 50 years and doubled down with Amazon and Rackspace.
I cannot tell you how many new startups I’ve interviewed with who have fallen for the “marketing hype” and believe that Amazon is the worlds gift to Cloud and some (I’m not kidding here) even had no idea there was anything other than Amazon! As I’ve said many people equate Cloud=Amazon and so in my Not so Humble Opinion, that is the major reason many of these companies are in trouble and some are bailing ship and finally deciding to build their own private cloud infrastructures and I would bet you anything they finally brought in someone like myself our “Cloud Consulting International” who finally convinced them, as every technology analyst has written reams about (ie, Gartner, IDC Network World, and others) how the Public cloud IS NOT SAFE and WONT BE FOR 5-10 YEARS YET for any sort of “critical” infrastructure or “sensitive” data and that the majority of businesses other than MoM”n”PoP shops need to build their own private cloud infrastructures FIRST and then SLOWLY, in the future, perhaps they will be able to migrate some of the infrastructure to the Public cloud.
Spiraling out of Control
What has happened with Amazon, EACH TIME that they have experienced an outage, something small has spiraled out of control into a Major Catastrophe. That is what typically happens when your relying on minimum waged (or not much higher waged) employees to manage a complex infrastructure. I’ve seen it during the past 18 years in almost every hosting facility/colocation facility I’ve worked in or visited. The fact is you have a massive amount of square footage and many hundreds of thousands of pieces of equipment if not millions in these large public hosting companies, OF COURSE they cannot afford to hire skilled workers like myself or others to manage all the little details, they’d go broke, so they hire college kids with no experience. You would be surprised.
So add it all up, massive infrastructure of millions of components, a NEW technology “cloud”, college aged kids with no or minimal experience running the place and in many instances in upper management even, A Massive Marketing Hype and Advertising Campaign telling everyone that their service is 100% Safe, Secure and Reliable (They still claim a 99.99% UPTIME! Which is a physical and scientific impossibility with the number and length of outages they’ve had the past 3 years, even a single hour outage can affect uptime percentage for months) and the Best Thing Since Sliced Bread and you have the makings for continued disaster after disaster.
My Best advice?
Do yourself a major Favor, Call “Cloud Computing International” or other respected cloud consulting company or hire yourself someone with at least 15 years of data-center and/or Cloud Infrastructure Experience BEFORE making any major commitments to your core infrastructure and the cloud.
Believe me, If all I was after was money, I’d be whitewashing this over like many others are doing so as not to kill the goose with the golden egg!
- Startup claims it saw early signs of Amazon’s cloud outage (techworld.com.au)
- After Amazon Outage, Rivals Seek to Capitalize (datacenterknowledge.com)
- Amazon Web Services outage once again shows reality behind “the cloud” (arstechnica.com)
- Amazon Cloud Outage KOs Reddit, Foursquare & Others (datacenterknowledge.com)
- Amazon cloud outage brings Reddit, Pinterest, Netflix down (androidcommunity.com)
- Amazon outage takes down Netflix, other sites (nbcnews.com)
- Amazon Web Services Failed, but AirBNB Didn’t Have To (cloud.dzone.com)
- Amazon Cloud Outage Affects Major Web Properties (coated.com)
- Reddit, Flipboard, ‘Minecraft,’ and others taken out by another Amazon Web Services outage (theverge.com)
- Amazon outage takes down Reddit, others (cnn.com)
An April 2012 IDG Research survey found more than two-thirds of respondents—69 percent— reported their companies are consuming or piloting applications or infrastructure via the cloud. This trend is growing. This makes security of data and applications a critical concern. Security vulnerabilities can undermine every advantage the cloud brings. This white paper explores the top security concerns of cloud users, and the challenges enterprises face in resolving these concerns.
The IDG survey found that fewer than 40 percent of respondents ranked themselves as highly effective in ensuring cloud security. They acknowledge weaknesses in:
■ Finding and fixing existing application vulnerabilities
■ Understanding security and risk in the cloud infrastructure
■ Establishing a productive feedback loop with software developers and vendors
■ Ability to audit new code and applications for residency in the cloud
Another self-described weakness is a lack of enterprise-wide software security culture. The large majority of application security remains in the hands of IT operations or IT security teams. Only 26 percent report that cloud security is an enterprise-wide effort. But a strong majority—74 percent—know they need to change that. They say creating and sustaining a partnership between IT security and software development and cloud vendors around cloud application security will be a high priority during the next year.
This desire for change is driven by an increasing awareness of the risks facing enterprises that fail to maintain security. At the top of the list, 89 percent of respondents cite a lack of control over areas where personally identifiable information (PII) is present in the cloud.
A loss of PII can be devastating to an enterprise. While the average cost per record breached ( A single file, a typical breach consists of tens of thousands or hundreds of thousands of files) is estimated to range from $150 to $200. Also high on the list of concerns, at 76 percent, is cyber crime/identity theft. The sophistication and ubiquity of cyber attacks means thousands of malware variants can hit major enterprises or cloud providers every day. Numerous surveys have found that corporate data is highly desired by criminals, competitors and nation states.
The Benefits of a Good Security Policy
Given the loss of consumer confidence in enterprises that suffer major data breaches, it is not surprising that the most important benefit from good security cited by survey respondents was protection of a company’s reputation. It is not simply the raw cost of lost data that damages an enterprise, although that itself can be crippling, significant damage to a brand means lost business in the future from consumers or clients who feel they can no longer trust a vendor. This can be an existential threat. And it is no longer possible to keep major breaches out of the public eye. In late 2011, the SEC issued guidelines that require public companies to disclose security events if they materially affect the entity’s products, services, relationships, or competitive conditions, or if they would make an investment in the company speculative or risky. Security readiness of applications deployed in the cloud means greater business availability; a notion cited by 62 percent of respondents. The cloud is accessible 24/7, which means customers and clients never have to wait for office hours.
Finally, a secure cloud enterprise environment allows employees to improve their productivity, through collaboration with colleagues and clients at anytime anywhere across the globe.
The Right Cloud Security Solution For You
Cloud Consulting International specializes in Security not only for your Cloud but for your whole organization.
We take Security seriously and our policy with regards to security issues and concerns is one of “Openess, Honesty & Common-Sense“.
To that end we work directly and partner with each of the major security alliances as well as every commercial and open-source vendor we utilize or recommend to our clients, in order to make sure our clients individual security needs are met and exceed the highest standards.Unlike many consulting companies, we do not subscribe to many of the “one size fits all” security solutions that get slapped in place. When we work with a client, we drill down and through deep analysis and intense interviews and discussions with your executive staff, software development, IT, Ops departments to discover your unique security concerns and issues. At the end of which we produce one of our proprietary reports this one entitled “Detailed Security Analysis Report” which is presented and which includes not only the issues but the steps and products, processes and procedures to resolve each one in unique and common-sense ways.
Every implementation we undertake goes through a rigorous series of security and compliance audits including Symantec, VISA, Master Card, PCI & SOX. Although some clients may not be required to comply with those regulations we believe in the philosophy of “Better Safe than Sorry” and therefore every analysis, design and installation we perform is built upon a solid foundation consisting of Our 3 Core Principles:
3 Core Design Principles
- Operational Readiness
- We never install anything without a complete and robust operational infrastructure in place first. Without which, all the data which will be produced would be meaningless and without which your infrastructure would shortly be in shambles.
- HA (High-Availability)
- Our final budget analysis and indeed our installation includes two of every piece of critical hardware and software. Everything is designed and built with multi-redundancy in mind. There is no reason whatsoever your infrastructure should ever go down in a way that A. Loses you money, B. Loses you customers or C. Loses you employee productivity
- We are proud that our project up-time percentage average is 99.999% and always will be until it reaches 100%
- Our Security solutions are second to none and so far not a single client has reported a single security breach which, is how it should be and can be for you also when done properly.
- We believe in a producing unique, specific, pinpointed and common-sense solutions rather than the “one-size fits all” blanket approach many consultants would have you waste money and resources on.
- We believe every clients organizational and infrastructure security issues are unique and in response, our solutions are unique to that client alone.
From Physical Security, to Email and Social Messaging, Corporate Espionage, Network Data, Wireless, Data-Centers, Server Hardening, Networking Equipment, Compliance Issues to Application & Service Security, let Cloud Consultants International’s unique and expert security consultants perform a Security Analysis for you, you’ll be glad you did.
- Six pitfalls to avoid with enterprise cloud deployment (gigaom.com)
- Cloud security fears: justified or hot air? (xlntelecom.co.uk)
- Study Finds Cloud Security Is the Biggest Barrier to Cloud Adoption (cloudcomputing.sys-con.com)
- 7 Steps to Developing a Cloud Security Plan (infosecurity-magazine.com)
- Companies Remain Distrustful of Cloud Security (V3.CO.UK Latest UK Technology News)
For competitive advantage, you must engage and support more customers, more effectively, every day. And when it comes to customer satisfaction, quantity does not trump quality. In fact, today’s customers have demands that go beyond the actual services offered; they now care as much about how your services are offered.
Cloud computing, which is becoming an integrated part of our IT infrastructures, has enabled companies to make significant strides in the customer service realm. But to be fully successful, you need to account for all data on all systems. And that includes mainframe systems.
Despite their intrinsic customer-service value, mainframe applications don’t always play well with avant-garde solutions. That’s because mainframe systems, by design, keep their legacy data and logic locked up, even when it’s sorely needed elsewhere. There is a need and a benefit to tackling this issue.
An Everyday Business Case
To illustrate the value of cloud enabling mainframe applications, let’s look at the real-life IT challenge of a large department store. As part of daily operations, the store deploys field-based collections and sales personnel throughout their greater metropolitan area.
Because computer use is not feasible for the functions and travels of the field force, their operations are done on a paper system. They receive activity rundowns (batched from the corporate mainframes) each morning and return in the evening with their new results to be entered overnight. The company would clearly benefit from an automated system.
The ideal direction for this department store would build on the advances of a cloud computing approach. While the field force cannot carry computers, they do travel with company phones — in this case, smartphones. So why not build an online collections and sales-activity application using the phone as the client?
Scoping the Solution
Building a smartphone app for this need is relatively easy compared to the other challenge: how to include the mainframe applications in the automated process. The good news is that Attachmate® Verastream® legacy modernization solutions can help.
Verastream can quickly create services from your mainframe applications – services that can be deployed and used as needed. With a little security and firewalling, the traveling sales force can use smartphone apps to query and update the system.
That means the field staff can conduct dynamic business operations in real time. Redundant tasks are removed from the process. And use of a cloud-style architecture ensures that critical company data is never stored locally on the smartphones.
A Zero-Impact Approach to Cloud Enabling Legacy Data
The business solution above, although entirely plausible, might never be considered in some IT organizations. That’s because it’s often assumed any solution of this magnitude must be a large and daunting endeavor. The Verastream edge lies in its ability to integrate, expose, and control access to your mainframe applications, without risk. Thanks to powerful Verastream tools, no new mainframe coding is needed. You simply use the Verastream Design Studio to create reusable services and to control them with governing workflows and processes.
Competitive Advantage and The Cloud Connection
Verastream keeps your projects sized to fit the need. It enables fast migrations to the cloud by permitting you to map only as much of the mainframe application as needed to enable your desired transactions. When a new project comes along, Verastream continues to earn ROI by letting you simply map new transactions to the appropriate parts of the mainframe application.
With the Verastream family of legacy modernization solutions, your mainframe can become a back end to your own data integration cloud. You can implement new integration projects as needed, helping to achieve competitive advantage while ensuring maximum IT agility. And with Verastream, you can do it quickly, safely, and economically.
1500 Dexter Ave.
Seattle Washington, 98109