What do you believe is the biggest barrier to entry for cloud computing?

[chris...@gmail.com]

Cloud computing remains a billion dollar slice of a trillion dollar IT
industry. Is it because the technology isn't there? Have companies
have too much invested in their own hardware to make the switch? Or
are lingering security concerns the culprit?

What do you believe the biggest barrier to cloud computing is and what
must the industry do to overcome it?

[Jaymes Davis]

I made this comment once and I will again bring it back up to this question. In my opinion it's the Cloud Providers that are inflexible to the wave. The need for enterprise standards merging with current provider mentality creates levels of both frustration and insecurities. The cloud provider cost model in enterprise doesn't create a standard of partnership and growth it still creates a cost barrier based on short term pricing and markup verse looking at long term contracts and incentives to increase compute verses micro manage compute. Most Cloud providers when you look closely have a potential to implode from a business structure via leasing space verses owning the space, Multi tenancy governance is a must not just from a data perspective but from a "neighborhood perspective" as well as dependency of a global footprint for expansion into the different geos verses maintaining different cloud configurations. Demand Side economics coming into the enterprise is on a rise for Private Cloud creation and "IT as a Service" initiatives based on capex acquisitions but instead of private clouds they are building "Private enclaves" because the variability component of cloud computing is adjusted in the enterprise from capex to opex benefits to proper forecasting and consolidation bringing up Time to value for the capital investment. Externally perceived marketing and industry polls look more at consumer acquisition of cloud compute for much of the metrics defining "cloud computing" but adoption in process and driving an operating model via an enterprise design is become the motivation around extending the virtualization foundation into the Private Cloud verses the Public Cloud for the next coming years. I have stated once using the models like Amazon and other Mega Cloud conglomerates has produced negative attraction to the Public cloud based on availability and specifically customer satisfaction and engagement this from an enterprise standpoint where IT is integral to production even at second level data like Lab, UAT, backup storage and disaster services what is the gain besides not on Site? So it's my opinion that - Yes companies have much invested and have had to do the monetary management so the enterprise is well informed of costs - down to the SAN Disk drive so they are a very educated customer who can see a good deal and when it's going to be overhead if they grow. -- Yes its security concerns not just from the data perspective , but also from the Business structure and the "neighborhood". - Biggest hurdle -- understanding an educated customer --- and cloud providers to create a model where they plan for the long tail and increase profits from growth will letting the educated user benefit from the short term and increase his willing ness to expand

--
~~~~~
Call For Proposals is Open
2nd Annual UP 2011 Cloud Conference
http://up-con.com/propose

Posting guidelines: http://bit.ly/bL3u3v Follow us on Twitter @cloudcomp_group @cloudslam @up_con Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U

~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

[Adrian J Duncan]

I can't speak for many, but I wouldn't put anything into the cloud until
it is significantly more secure. In a Ponemon survey of cloud
providers, something like 75% said that the end user is responsible for
their own security. If I am responsible for my own security, then I may
as well control my whole network, just like I do now!

I would put apps and anything that is not sensitive in anyway in the
cloud if it saved money or allowed access to resources that I didn't
have room or the money for.

I also *guess* that as companies come to replace existing hardware, they
will start to slowly progress to Cloud Computing, but that will take a
few years to see companies moving significant amounts of their
infrastructure there. This makes economic sense, as they have already
invested their money in that hardware, so throwing it away isn't a good
option.

Amy Wohl might have more of an holistic idea than me :)

Cheers
Adrian

[James Pulley]

Poor performing applications whose installation on physical hardware masks
their underlying performance problems. Move these apps to a virtualized
platform and then application goes to crap. The virtualized cloud platform
gets the black eye when it is actually the application design and
implementation is at fault.

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of
Ch...@blackbelt-strategies.com
Sent: Wednesday, August 24, 2011 11:57 AM
To: Cloud Computing
Subject: [ Cloud Computing ] What do you believe is the biggest barrier to
entry for cloud computing?

--

[James Gleason]

Chris,
My perspective is the biggest hold up for
Cloud is a complete cloud automation suite that is reasonably priced, and easy to roll out in a timely fashion.
Everyone is looking for the single shrink wrapped solution that will turn cloud ready IT gear into a automated cloud. To my knowledge it does
not yet exist. There are plenty of best in class components that can be integrated with expensive and time consuming professional services, that
will continue to require integration services as each component of the stack goes through a upgrade. Most clients do not want to sign up
for that on going expense, as well as risk, give the uncertainty of future releases breaking the solution.
Jay

[Manjunathan Subramanian]

I see many aspects of Cloud Computing that need to be addressed in order to make it a bigger slice of the trillion dollar IT industry....this is part of evolution and we are on track to make it happen......just need a few timely tweaks.  My thoughts are based on an enterprise moving to the cloud....not based on how the cloud providers function today......even if the cloud providers were perfect, I am not sure enterprise are ready due to.....

 

1.  Technology:   This is a big paradigm shift.   If a company has not started to virtualize and support multi tenancy, they are going to be in for a big shock.   You will be surprised by the number of big companies which are in this boat.   Though they might be virtualizing to a certain extent with Dev, Test environment, the key is to see if they are doing it across the enterprise and all environments.  Is the Infrastructure team responsible for driving the hardware infrastructure, virtualization, etc or are the business heads or the Application teams supporting the business heads driving the infrastructure architecture.   I personally think, the infrastructure team should have that responsibility with oversight from the Appl / Business teams in terms of requirements, etc.   I was in a role where as infrastructure lead, I had a lot of freedom because the budget for hardware was controlled by the infrastructure team, we were able to bring about significant improvements in DC space usage, budgets, RAS, etc by introducing virtualization.  Our ROI was very good.  Once you are down the virtualization path, it is easy to start looking at Private / Public / Hybrid clouds.   The paradigm shift is minimal.   The cloud technology (barring security concerns with Cloud providers - Private / Hybrid cloud can minimize some of these concerns) is there and getting better every day.....companies have to look towards a hybrid capability in order to have more control over mission critical applications.

 

2.  Process:  If you are not ITIL aligned.....the first step in the evolution would be to go that route.  Service Management is very critical as the technology is there, tools are there.  With good Service Management and Governance in place, a company will see a lot of benefits by moving to the cloud.....especially in a world which is flat or becoming flat.....need to be dynamic and cloud provides it. 

 

3.  People:   A big paradigm shift for people who are used to having their own hardware, ability to touch it, etc.  This is where governance will play a big role in acceptance of this change.  Strong buy in from leadership.  A confident and reliable Infrastructure Operations & Engineering teams, ITIL processes, architecture standards (IaaS, PaaS, SaaS, etc) will all come in handy and make it happen.

 

4. Organization:  Need to move from stovepipes to organization structure which is fluid enough to be matrixed in support of an environment which is very fluid.   Organizations have to think through their policies of OpEx vs CapEx.  CTO's have to build relationships with Business Leads to drive the cost down while providing them the confidence in Cloud.   Business Leads have to understand the need to move in this direction in order to be able to support their changing business needs very fast.

 

5.  Vendors: Can help by making the licensing more in line with Cloud environments by providing some utility model which charges the companies based on number of cores used rather than the number of cores in the physical server.   Vendors should also look at ways of supporting this environment easier rather than putting disclaimers.

 

[Jim Peters]

Trust and accountability. If a cloud provided loses or exposes your data, all you get is a credit for your fees for (maybe) a few months. Any senior IT exec that has the misfortune to run into a situation like this is doomed.

+J

On Wed, Aug 24, 2011 at 11:57 AM, Ch...@blackbelt-strategies.com <chris...@gmail.com> wrote:

--
~~~~~
Call For Proposals is Open
2nd Annual UP 2011 Cloud Conference
http://up-con.com/propose

Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con
Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U

~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--
Jim Peters
+1-415-608-0851 (Cell)
+1-416-466-9790 (Home)
+1-416-785-2500 x 3315 (Office)
+1-415-508-8651 (Google Voice)

[Frank Bogle]

Software license vendors - are not about to simply embrace with open arms the 'pay as you go model' and neither for that matter are the hardware and service guys that earn their crust on the back of license sales. Frank

---

Date: Wed, 24 Aug 2011 13:47:16 -0400
Subject: Re: [ Cloud Computing ] What do you believe is the biggest barrier to entry for cloud computing?
From: j...@jamesgpeters.com
To: cloud-c...@googlegroups.com

[Michael Sheehan (GoGrid)]

Great responses! Obviously this is a hot topic.

@Jaymes - being part of a cloud provider myself (GoGrid), I completely
agree about the standards. It is, however, a double edge sword.
Standards are great but require a great deal of time to get everyone
"on board" and agreeing to these standards. When we designed our
cloud, we kept that in mind so that appliances, servers or other
components act and feel the way that they would traditionally in a
physical space. But often that is simply not enough (look at hybrid
hosting, for example, which combines elastic scalability of clouds
with physical, compliance-centric side of dedicated, physical
environments).If you are looking at the "neighborhood", and you
mention private clouds, the issue there is CapEx. Most private clouds
require significant expenditures moving them away from the
characteristics of cloud computing in general.

@Adrian - do you think that "security" in the cloud might be a
misperception and simply FUD being spread? Traditional data centers
are just as prone to security issues, if not more so. If it is the
multi-tenancy that you are concerned about, look to hosted private
clouds where you get a cloud environment but within hardware dedicated
to a particular organization alone. But more concerning to me is that
rogue laptop of a sales person who might get "misplaced." IMHO, that
is more of a security concern.

@James P. - I think that application performance depends on a lot of
factors like how it was designed, if it was ported to a cloud
environment, was it optimized for that purpose, and how the
application will be used (on-going vs. bursting/temporary CPU
allocations). Companies should look carefully at 3rd party
benchmarking sites (like CloudHarmony.com) to evaluate this prior to
porting to a cloud environment.

@James G - my view on this is that every IT environment needs to be
crafted uniquely (e.g., your Cloud Fingerprint). Sure, you can get
down the path of an 80/20 rule and provide automation of some aspects,
however, I believe that cloud implementations require some
consultation and hand-holding. Commodity clouds like AWS or Rackspace
might not completely offer this. I don't think that automation of
professional services will be something that we see for quite a while,
if at all, as the "one-offs" are a bit too unique.

@Manjunathan - I agree that we are on track to making this a trillion
dollar industry. Enterprises, as a whole, are moving slowly, but
divisions or business units therein are pushing this ahead. I agree
that it will take a dramatic shift in mentality within the enterprise
and there will be some internal landgrabs during this process.
Unfortunately, this in-fighting may slow enterprise adoption down a
bit. I see the commonality in your comments that it will require
enterprises to dramatically shift their thinking and get champions
within these organizations to push towards cloud adoption, whether
public, private or hybrid.

At the beginning of the year, we conducted a Cloud Computing Survey
and one of the questions we asked was around the barriers of cloud
computing. There are some interesting stats on this, the biggest (of
this particular question) is that of the "Other" category which
reinforces that idea of a "cloud fingerprint". People have some common
concerns but for the most part, their concerns are extremely specific
to their organization needs. For those interested, the "barriers"
survey result can be found at (as well as the download of the entire
survey results): http://j.mp/r9pfT3

Thx,
Michael Sheehan (Tech Evangelist for GoGrid)

On Aug 24, 10:30 am, Manjunathan Subramanian

> > Post Job/Resume athttp://cloudjobs.net

>
> > Download hundreds of recorded cloud sessions at
> > -http://cloudslam.org/register
> > -http://2010.up-con.com/register
> > -http://cloudslam09.com/content/registration-5.html

> > -http://cloudslam10.com/content/registration

>
> > or get it on DVD at
> >http://www.amazon.com/gp/product/B002H07SEC,
> >http://www.amazon.com/gp/product/B004L1755W,
> >http://www.amazon.com/gp/product/B002H0IW1U
>
> > ~~~~~
> > You received this message because you are subscribed to the Google Groups

> > "Cloud Computing" group.> To post to this group, send email tocloud-...@googlegroups.com

[Mark Wenig]

Mindset - CIOs and IT execs like to create change, but too many do not embrace it.  They are being pushed and pulled to the cloud by CEOs, investors, and others focused on cost, outcomes, and capabilities.  It is the classic slide rule vs. calculator conversation. 

Regards,

Mark Wenig
President, TrueCloud
http://www.truecloud.com
480.227.7777

[Manjunathan Subramanian]

Agree with Frank Bogle but that is one of the biggest barriers to virtualization and will be for cloud also.....these are big ticket items and game changers will bring about this change in order to make themselves relevant in the marketplace.

[Adrian J Duncan]

Hi Michael,
great reply! I was thinking that it had got a bit quiet in here lately
too :-)

On the security debate, I will, with red cheeks, admit that I focus on
this as that is what my research is on.

In your paper on this same subject (part 7) security does rate second
place in the graph. As I said though, the Ponemon report said that
providers themselves don't think security is that high on the agenda,
hence my comments. I guess it does depend on how good one's own
security is to start, but I maintain that for governments and highly
sensitive data, I *personally* don't think the provisions are ready yet.
That said, LulzSec might disagree that these entities are any better
than our home PCs!

I would love to debate it in detail if I ever come to San Francisco for
a conference or you come to Oxford :)

One comment that I do have, is that I think its great that yourself and
Robert Jenkins of CloudSigma do read the group and are happy to reply
and contribute to the debates.

Kind regards
Adrian

[Jeanne Morain]

The biggest barriers from our research for our book "Visible Ops Private Cloud" (www.itpi.org) to migrating workloads (bursting) from private cloud to a public cloud are: - Licensing interoperability & tracking across clouds - Private, Public, or Hybrid.   Something we coin as Licensing as a Service required for compliance (Security, Regulatory, Business - vendor license compliance). - Standards for above (although DMTF is working on this as we speak with companies like Flexera, Microsoft, VMware, Citrix, and others). - Automation for above processes for tracking and auditing across migratory workloads.  The handshake between the Enterprise, ISV, and the Cloud Provider to : Prove Compliance:  They are compliant with vendor licensing requirements (such as MS License Mobility) but does not violate or have to show contractual agreements for proof Limited Liability for unauthorized actions Companies are not held liable for unauthorized migrations from employees Eliminate double dipping - Cloud Providers do not have to charge Service Provider License agreement for software the Enterprise is already licensed for. Regards, Jeanne Morain www.universalclient.blogspot.com --- On Wed, 8/24/11, Frank Bogle <fcb...@msn.com> wrote:

[Pietrasanta, Mark]

It seems to me that people use security as an excuse to justify not moving to the cloud. But the real issue is just irrational fear of the unknown. There aren't many people who have actually moved into the cloud and would still say security is the main barrier of doing more.

The security of your systems has little to do with the cloud. At worst the cloud just exposes how insecure you systems already are, and puts them into an environment that might be a bigger overall target where you might get randomly nailed. But your systems are already as secure/insecure as they are, and moving to the cloud doesn't change that, IMO.

On the other hand, cloud providers have a lot in place to help make your systems more secure, from the the virtualized networking tools, the monitoring tools, the templating tools. As well as the other services they often package like CDNs, databases, load balancing, and easier DR/COOP.

The fact is major cloud providers like AWS (as an example) are probably more secure and better administered than whatever you are using right now, likely by one or more orders of magnititude. I'd be impressed if moving to them would be a step backwards for anyone!

> Post Job/Resume at http://cloudjobs.net

>
> Download hundreds of recorded cloud sessions at

> - http://cloudslam.org/register
> - http://2010.up-con.com/register
> - http://cloudslam09.com/content/registration-5.html

> - http://cloudslam10.com/content/registration

>
> or get it on DVD at
> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U
>
> ~~~~~
> You received this message because you are subscribed to the Google Groups "Cloud Computing" group.

> To post to this group, send email to cloud-c...@googlegroups.com

[Michael Sheehan (GoGrid)]

Hi Adrian,

Thanks! Yes, it's definitely a lively discussion (and space for that
matter). I personally don't think the security debate will ever go
away. And we should always remember that the best security is the one
that you DON'T talk about. I remember seeing a presentation at a cloud
conference where the presenter said that the "biggest" cloud is
actually a botnet. So, whether it's Anonymous hacking into sites, or a
botnet on your home PC, a DDoS, or losing a laptop, or a combination
of these items, we will continue to have this debate. And the threats
will become more complex and hidden. (Wow, that's a bit of doom and
gloom.)

But I still stand by the fact that security is only as good as what
you put into it. Any vendor will provide some level, but if your
organization is concerned, you need to take your own preventative
measures to further harden your environments, cloud or not.

Definitely look me up if you are in SF (I don't think I will be making
my way to Oxford in the near future - grin!).

Best,
M

> ...
>
> read more »

[chris...@gmail.com]

Thank you all for your replies! This discussion has been very
educational and informative.

Security and understanding seem the be biggest barriers. Is this
because cloud isn't ready yet? Does there need to be more advancements
in technology? Or does there need to be more time and education before
the market adapts?

[Pietrasanta, Mark]

People generally are slow to adapt to change...  Often more-so in IT...  I don't think there's much more to it?

-------

Mark Pietrasanta | CTO | o: 301-939-1152 | www.Aquilent.com

Aquilent - Innovating Tomorrow’s Government

Top 50 Best Places to Work, Washington Business Journal

Government Contracting Firm of the Year, Tech Council of Maryland

 

--
~~~~~
Call For Proposals is Open
2nd Annual UP 2011 Cloud Conference
http://up-con.com/propose

Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con

Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at

- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html  

- http://cloudslam10.com/content/registration

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U

~~~~~

You received this message because you are subscribed to the Google Groups "Cloud Computing" group.

To post to this group, send email to cloud-c...@googlegroups.com

[Oya SANLI]

I believe Cloud computing is mature enough to be used.
I think there is a need for education before the market adapts. With
education understanding problems may be perfectly solve. I also believe most
of the concerns about security will ve solved after education too.
So my humble idea is, educating the IT people and consumer is the next step
from now on.
Best,
Oya Şanlı
-----Original Message----- From: Ch...@blackbelt-strategies.com Sent:
Wednesday, August 24, 2011 11:26 PM To: Cloud Computing Subject: [ Cloud
Computing ] Re: What do you believe is the biggest barrier to entry for
cloud computing?

--
~~~~~
Call For Proposals is Open
2nd Annual UP 2011 Cloud Conference
http://up-con.com/propose
Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con

Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at

- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html

- http://cloudslam10.com/content/registration

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC,
http://www.amazon.com/gp/product/B004L1755W,
http://www.amazon.com/gp/product/B002H0IW1U
~~~~~

You received this message because you are subscribed to the Google Groups
"Cloud Computing" group.

To post to this group, send email to cloud-c...@googlegroups.com

[Paul Horvath]

Hi Adrian, when you say "significantly more secure" are there specific
things you are waiting for or expect that aren't available from the
major cloud vendors today?

On Aug 24, 1:19 pm, Adrian J Duncan <adrianjdun...@gmail.com> wrote:
> I can't speak for many, but I wouldn't put anything into the cloud until
> it is significantly more secure.  In a Ponemon survey of cloud
> providers, something like 75% said that the end user is responsible for
> their own security.  If I am responsible for my own security, then I may
> as well control my whole network, just like I do now!
>
> I would put apps and anything that is not sensitive in anyway in the
> cloud if it saved money or allowed access to resources that I didn't
> have room or the money for.
>
> I also *guess* that as companies come to replace existing hardware, they
> will start to slowly progress to Cloud Computing, but that will take a
> few years to see companies moving significant amounts of their
> infrastructure there.  This makes economic sense, as they have already
> invested their money in that hardware, so throwing it away isn't a good
> option.
>
> Amy Wohl might have more of an holistic idea than me :)
>
> Cheers

[timeXchange.net]

I believe one big barrier is the need for new pricing models that are
appropriate for the cloud. At least as far as applications go, it was
too easy for people to think "pay-as-you-go" subscriptions were going
to simplify things. As a provider of a cloud computing solution, I
know first hand from my clients how much they hate variable per-seat
subscriptions, using credit cards and promo codes to sign up, and
paying for accounts that are not being used. That is why we took their
advice and now offer Domain Subscription Plans.

My clients tell us approximately how many users they will have on a
month-to-month basis which determines the subscription plan that's
right for them. They pay a flat fee for an annual agreement and each
time someone signs up using an email tied to their domain, the person
is automatically subscribed for one year from the date they register.
We meter the number of users logging in from each account monthly and
as long as the count stays within the range of users allowed by their
plan they are good to go. If they begin exceeding their plan's range
of users, they can upgrade to the next level for a fee prorated to the
remainder of their annual agreement. If they have high turnover it's
not a problem because we only count the accounts being used, not the
number registered. My clients don't have to admin users in and out
because their end users do self-service registration. My clients are
happier because it's simple and their spend is predictable.

This model works for us too because it makes it easier for companies
to do business with us, thus we have shorter sales cycles and more
clients.

A lot of cloud providers, especially those that are really just hosted
applications (or instances), may not like this model because they love
the incremental revenue gained by per user subscriptions. My clients
sure do like it though.


On Aug 24, 10:57 am, "Ch...@blackbelt-strategies.com"

[Tim Hunkapiller]

One issue not addressed here is scientific computing. In genomics we
generate very large data sets (a terabyte or more at a time). The cloud has
become particularly appealing because of the economics and speed of the
computation over these data. However, the pricing for storage is
prohibitive in the commercial clouds. There needs to be better archiving
utilities and pricing models for data that has a reasonably short hot
period, but can't be deleted. Current models mean thousands of dollars
simply to keep old data around, only occasionally used, over the years of
its necessary storage. A data set that might cost $100 to compute on, can
cost thousands to store the first year alone. Upload speeds are also an
issue as these data come essentially in chunks this size that need to
analyzed often sooner than they can be uploaded. There are workarounds for
both of these issues, but nothing very seamless.
Tim Hunkapiller

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of timeXchange.net
Sent: Wednesday, August 24, 2011 4:17 PM
To: Cloud Computing
Subject: [ Cloud Computing ] Re: What do you believe is the biggest barrier
to entry for cloud computing?

--

[Adrian J Duncan]

Mark, is it ironic that in IT we force the world to change, often when
they didn't want to. And now, we are slow to accept new IT technologies
ourselves? Or is it just because we have seen so many new fads in IT
and not all live up to the hype and many fizzle out?

I think we are probably right to be cautious as careers depend on not
jumping ship from an OK ship to one that looks flash but can't float
long-term. (not a great analogy, sorry!)

Oya, what sort of education?

Michael, thanks for the invite :D

Adrian

[Adrian J Duncan]

Hi Paul, yes! :-)

Somewhere along the line, I hope I said that it does depend on what one
does on a cloud service more than anything. If a company that deal with
local companies and doesn't have sensitive data, then the cloud is
mature enough as has been said. I work in an e-Security research lab
and we are taught to think cynically ;-) Largely, my concerns that were
echoed by Michael form GoGrid I think, that the data in the cloud is a
much better target than a company server. *If* I can get in, I don't
just hack one company, by possibly hundreds. My feeling is that this
will become the focus for attacks in the very near future and the
attacks will come in relentless waves.

I hate the fact that it will happen and in some ways don't like the
thought of doing the research that I do. I would rather be surfing
knowing that some criminal isn't looking for my credit card details each
time I switch my machine one.

To answer your question, encryption, as discussed here, is a good
starting place.

PS
Sony should move all their stuff to the cloud as its so much more secure
for them! ;-)

[Adrian J Duncan]

AaaS? Archiving as a Service?
Can't you store your data on a floppy? :)
How long do you have to keep the data, and how often may you access it?
If you wanted to access today's terabyte, would you need access
instantly or would a few days be acceptable?

Cheers Tim,
Adrian

[Juan J.]

On Wed, 2011-08-24 at 08:57 -0700, Ch...@blackbelt-strategies.com wrote:

I don't know if it's the biggest barrier, but definitely we have found
lost of customers that have this problem: legacy applications.

They would like to move into a cloud computing environment, but they are
limited to buy bigger machines because it's the only way their
application can "scale".

There's a time factor here too (older applications, less likely to move
to cloud computing), and using open technologies it's usually a good
thing too.

Regards,

Juan

--
Juan J. Martinez
Development, MEMSET

mail: ju...@memset.com
web: http://www.memset.com/

Memset Ltd., registration number 4504980. 25 Frederick Sanger Road, Guildford, Surrey, GU2 7YD, UK.

[Karthik Sukumar]

Over the Past decade, anxiety over cloud computing security, and its impact
on regulatory compliance, has been consistently increasing and been ranked
as the most widespread reason for avoiding further use of this service
oriented computing by many organizations. Developing attack resistance,
improving trust metrics, enhancing reliability and increasing the risk
transparency remain crucial to widespread enterprise use of cloud computing.
Amazingly, the cloud delivery model is being used to deliver a growing
number of security critical tasks.

Regards,
Karthiksukumar

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of Pietrasanta, Mark
Sent: Thursday, August 25, 2011 5:06 AM
To: cloud-c...@googlegroups.com
Cc: cloud-c...@googlegroups.com
Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest
barrier to entry for cloud computing?

[Pietrasanta, Mark]

RIght - but the point is, these are additional security layers on top of whatever security your system already has.  Whatever security you have now, moving to the cloud does nothing to compromise that.  And the major cloud providers have, at a minimum, the same or better "core" security as any traditional hosting provider or managed services hosting provider.

What moving to the cloud does require is a full audit and analysis of your current system and infrastructure security.  And many IT folks are fearful of that kind of audit and what it would expose.

But moving to the cloud, if anything, increases security for the reasons you mention below, and the need to go through your systems and infrastructure and fix what's broken.

For the "sky is falling" crowd, there's little a cloud provider can do to appease that fear, as it is typically out of ignorance or misinformation.

Does anyone actually disagree with this?  Does anyone think moving to the cloud adds security risks that otherwise would not be there?  

(I allow for the increased attack surface argument - that just being in a cloud means you're part of something that might be more readily found in random attacks, but that's not what people typically refer to around their security concerns.)

-------

Mark Pietrasanta | CTO | o: 301-939-1152 | www.Aquilent.com

Aquilent - Innovating Tomorrow’s Government

Top 50 Best Places to Work, Washington Business Journal

Government Contracting Firm of the Year, Tech Council of Maryland

 

[Greg Pfister]

Mark, I think one could have a good, rousing debate with lots of true points about whether security is actually worse on the cloud.

However, I think that irrespective of that debate, FEAR of additional security risks is still a significant barrier to adoption. It's an emotional reaction: My proprietary data is no longer housed in servers I own in buildings I own, and I'm not comfortable with that.

I doubt that in the short term any technical argument is going to overcome that. What I think will change it over time is the emergence of an increasingly large number of examples of people who did put their private data in the cloud, and did not get burned as a result - people who are peers of the ones worrying, with similar concerns.

Chicken? Egg? Chicken? Over time, it doesn't matter. It'll happen, case by case.

Greg Pfister

http://perilsofparallel.blogspot.com/

[Miha Ahronovitz]

Thank Mark for clarifying this, once again. The security concern for clouds is a cautious, Luddite� externalization of fears unfounded by reality and know-how.

M

On 8/26/2011 7:25 AM, Pietrasanta, Mark wrote:

RIght - but the point is, these are additional security layers on top of whatever security your system already has. �Whatever security you have now, moving to the cloud does nothing to compromise that. �And the major cloud providers have, at a minimum, the same or better "core" security as any traditional hosting provider or managed services hosting provider.

What moving to the cloud does require is a full audit and analysis of your current system and infrastructure security. �And many IT folks are fearful of that kind of audit and what it would expose.

But moving to the cloud, if anything, increases security for the reasons you mention below, and the need to go through your systems and infrastructure and fix what's broken.

For the "sky is falling" crowd, there's little a cloud provider can do to appease that fear, as it is typically out of ignorance or misinformation.

Does anyone actually disagree with this? �Does anyone think moving to the cloud adds security risks that otherwise would not be there? �

(I allow for the increased attack surface argument - that just being in a cloud means you're part of something that might be more readily found in random attacks, but that's not what people typically refer to around their security concerns.)

-------

Mark Pietrasanta�| CTO | o: 301-939-1152 |�www.Aquilent.com

Aquilent - Innovating Tomorrow�s Government

Top 50 Best Places to Work, Washington Business Journal

Government Contracting Firm of the Year, Tech Council of Maryland

�

On Aug 26, 2011, at 4:03 AM, Karthik Sukumar wrote:

Over the Past decade, anxiety over cloud computing security, and its impact
on regulatory compliance, has been consistently increasing and been ranked
as the most widespread reason for avoiding further use of this service
oriented computing by many organizations. Developing attack resistance,
improving trust metrics, enhancing reliability and increasing the risk
transparency remain crucial to widespread enterprise use of cloud computing.
Amazingly, the cloud delivery model is being used to deliver a growing
number of security critical tasks.

Regards,
Karthiksukumar

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of Pietrasanta, Mark
Sent: Thursday, August 25, 2011 5:06 AM
To: cloud-c...@googlegroups.com
Cc: cloud-c...@googlegroups.com
Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest
barrier to entry for cloud computing?

It seems to me that people use security as an excuse to justify not moving

to the cloud. �But the real issue is just irrational fear of the unknown.

There aren't many people who have actually moved into the cloud and would
still say security is the main barrier of doing more.

The security of your systems has little to do with the cloud. �At worst the

cloud just exposes how insecure you systems already are, and puts them into
an environment that might be a bigger overall target where you might get

randomly nailed. �But your systems are already as secure/insecure as they

are, and moving to the cloud doesn't change that, IMO.

On the other hand, cloud providers have a lot in place to help make your
systems more secure, from the the virtualized networking tools, the

monitoring tools, the templating tools. �As well as the other services they

often package like CDNs, databases, load balancing, and easier DR/COOP.

The fact is major cloud providers like AWS (as an example) are probably more
secure and better administered than whatever you are using right now, likely

by one or more orders of magnititude. �I'd be impressed if moving to them

would be a step backwards for anyone!



On Aug 24, 2011, at 2:47 PM, "Adrian J Duncan" <adrian...@gmail.com>
wrote:

Hi Michael,

great reply! �I was thinking that it had got a bit quiet in here lately

too :-)

On the security debate, I will, with red cheeks, admit that I focus on

this as that is what my research is on.

In your paper on this same subject (part 7) security does rate second

place in the graph. �As I said though, the Ponemon report said that

providers themselves don't think security is that high on the agenda,

hence my comments. �I guess it does depend on how good one's own

tweaks. �My thoughts are based on an enterprise moving to the

cloud....not

based on how the cloud providers function today......even if the cloud

providers were perfect, I am not sure enterprise are ready due to.....

1. �Technology: ��This is a big paradigm shift. ��If a company has not

started to virtualize and support multi tenancy, they are going to be in

for

a big shock. ��You will be surprised by the number of big companies

which

are in this boat. ��Though they might be virtualizing to a certain

extent

with Dev, Test environment, the key is to see if they are doing it

across

the enterprise and all environments. �Is the Infrastructure team

responsible

for driving the hardware infrastructure, virtualization, etc or are the

business heads or the Application teams supporting the business heads

driving the infrastructure architecture. ��I personally think, the

infrastructure team should have that responsibility with oversight from

the

Appl / Business teams in terms of requirements, etc. ��I was in a role

where

as infrastructure lead, I had a lot of freedom because the budget for

hardware was controlled by the infrastructure team, we were able to

bring

about significant improvements in DC space usage, budgets, RAS, etc by

introducing virtualization. �Our ROI was very good. �Once you are down

the

virtualization path, it is easy to start looking at Private / Public /

Hybrid clouds. ��The paradigm shift is minimal. ��The cloud technology

(barring security concerns with Cloud providers - Private / Hybrid cloud

can

minimize some of these concerns) is there and getting better every

day.....companies have to look towards a hybrid capability in order to

have

more control over mission critical applications.

2. �Process: �If you are not ITIL aligned.....the first step in the

evolution would be to go that route. �Service Management is very

critical as

the technology is there, tools are there. �With good Service Management

and

Governance in place, a company will see a lot of benefits by moving to

the

cloud.....especially in a world which is flat or becoming flat.....need

to

be dynamic and cloud provides it.

3. �People: ��A big paradigm shift for people who are used to having

their

own hardware, ability to touch it, etc. �This is where governance will

play

a big role in acceptance of this change. �Strong buy in from leadership.

A

confident and reliable Infrastructure Operations & Engineering teams,

ITIL

processes, architecture standards (IaaS, PaaS, SaaS, etc) will all come

in

handy and make it happen.

4. Organization: �Need to move from stovepipes to organization structure

which is fluid enough to be matrixed in support of an environment which

is

very fluid. ��Organizations have to think through their policies of OpEx

vs

CapEx. �CTO's have to build relationships with Business Leads to drive

the

cost down while providing them the confidence in Cloud. ��Business Leads

have to understand the need to move in this direction in order to be

able to

support their changing business needs very fast.

5. �Vendors: Can help by making the licensing more in line with Cloud

environments by providing some utility model which charges the companies

based on number of cores used rather than the number of cores in the

physical server. ��Vendors should also look at ways of supporting this

�

Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con
Post Job/Resume at http://cloudjobs.net

�

Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration

�

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U

�

[Pietrasanta, Mark]

Yes, the server-huggers will always be an issue, and security is one of the many weapons they use as it tends to result in the most fear.

The problem with relying only on examples of success, is that there will be lots of examples of security being compromised in the cloud.  And this rarely (if ever) has to do with the cloud, but with the poor system design.  But the cries of cloud security will continue to drown out the rational explanations.

So I think I disagree with your statements on education.  In fact, I think this is probably the only way we'll ever get past this.  We need people to understand about security and the cloud, both so they can cut through the noise, and so they can adequately assess their own readiness for moving to the cloud.

And at a minimum it's a contrary voice with rational information to balance out the internal chicken-little cries coming from the data center downstairs.

-------

Mark Pietrasanta | CTO | o: 301-939-1152 | www.Aquilent.com

Aquilent - Innovating Tomorrow’s Government

Top 50 Best Places to Work, Washington Business Journal

Government Contracting Firm of the Year, Tech Council of Maryland

 

[Jim Peters]

IMO, it's not so much the concern about security practices themselves, it's the fact that there's little to nothing a user can do to affect security in the cloud, or to react to a problem. Users just have to trust the cloud provider, which is fine with music and videos, but maybe not so good for sensitive commercial or health-care data.

+J

On Fri, Aug 26, 2011 at 11:23 AM, Miha Ahronovitz <mij...@sbcglobal.net> wrote:

Thank Mark for clarifying this, once again. The security concern for clouds is a cautious, Luddite  externalization of fears unfounded by reality and know-how.

M

On 8/26/2011 7:25 AM, Pietrasanta, Mark wrote:

RIght - but the point is, these are additional security layers on top of whatever security your system already has.  Whatever security you have now, moving to the cloud does nothing to compromise that.  And the major cloud providers have, at a minimum, the same or better "core" security as any traditional hosting provider or managed services hosting provider.

What moving to the cloud does require is a full audit and analysis of your current system and infrastructure security.  And many IT folks are fearful of that kind of audit and what it would expose.

But moving to the cloud, if anything, increases security for the reasons you mention below, and the need to go through your systems and infrastructure and fix what's broken.

For the "sky is falling" crowd, there's little a cloud provider can do to appease that fear, as it is typically out of ignorance or misinformation.

Does anyone actually disagree with this?  Does anyone think moving to the cloud adds security risks that otherwise would not be there?  

(I allow for the increased attack surface argument - that just being in a cloud means you're part of something that might be more readily found in random attacks, but that's not what people typically refer to around their security concerns.)

-------

Mark Pietrasanta | CTO | o: 301-939-1152 | www.Aquilent.com

Aquilent - Innovating Tomorrow’s Government

Top 50 Best Places to Work, Washington Business Journal

Government Contracting Firm of the Year, Tech Council of Maryland

 

On Aug 26, 2011, at 4:03 AM, Karthik Sukumar wrote:

Over the Past decade, anxiety over cloud computing security, and its impact
on regulatory compliance, has been consistently increasing and been ranked
as the most widespread reason for avoiding further use of this service
oriented computing by many organizations. Developing attack resistance,
improving trust metrics, enhancing reliability and increasing the risk
transparency remain crucial to widespread enterprise use of cloud computing.
Amazingly, the cloud delivery model is being used to deliver a growing
number of security critical tasks.

Regards,
Karthiksukumar

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of Pietrasanta, Mark
Sent: Thursday, August 25, 2011 5:06 AM
To: cloud-c...@googlegroups.com
Cc: cloud-c...@googlegroups.com
Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest
barrier to entry for cloud computing?

It seems to me that people use security as an excuse to justify not moving

to the cloud.  But the real issue is just irrational fear of the unknown.

There aren't many people who have actually moved into the cloud and would
still say security is the main barrier of doing more.

The security of your systems has little to do with the cloud.  At worst the

cloud just exposes how insecure you systems already are, and puts them into
an environment that might be a bigger overall target where you might get

randomly nailed.  But your systems are already as secure/insecure as they

are, and moving to the cloud doesn't change that, IMO.

On the other hand, cloud providers have a lot in place to help make your
systems more secure, from the the virtualized networking tools, the

monitoring tools, the templating tools.  As well as the other services they

often package like CDNs, databases, load balancing, and easier DR/COOP.

The fact is major cloud providers like AWS (as an example) are probably more
secure and better administered than whatever you are using right now, likely

by one or more orders of magnititude.  I'd be impressed if moving to them

would be a step backwards for anyone!



On Aug 24, 2011, at 2:47 PM, "Adrian J Duncan" <adrian...@gmail.com>
wrote:

Hi Michael,

great reply!  I was thinking that it had got a bit quiet in here lately

too :-)

On the security debate, I will, with red cheeks, admit that I focus on

this as that is what my research is on.

In your paper on this same subject (part 7) security does rate second

place in the graph.  As I said though, the Ponemon report said that

providers themselves don't think security is that high on the agenda,

hence my comments.  I guess it does depend on how good one's own

tweaks.  My thoughts are based on an enterprise moving to the

cloud....not

based on how the cloud providers function today......even if the cloud

providers were perfect, I am not sure enterprise are ready due to.....

1.  Technology:   This is a big paradigm shift.   If a company has not

started to virtualize and support multi tenancy, they are going to be in

for

a big shock.   You will be surprised by the number of big companies

which

are in this boat.   Though they might be virtualizing to a certain

extent

with Dev, Test environment, the key is to see if they are doing it

across

the enterprise and all environments.  Is the Infrastructure team

responsible

for driving the hardware infrastructure, virtualization, etc or are the

business heads or the Application teams supporting the business heads

driving the infrastructure architecture.   I personally think, the

infrastructure team should have that responsibility with oversight from

the

Appl / Business teams in terms of requirements, etc.   I was in a role

where

as infrastructure lead, I had a lot of freedom because the budget for

hardware was controlled by the infrastructure team, we were able to

bring

about significant improvements in DC space usage, budgets, RAS, etc by

introducing virtualization.  Our ROI was very good.  Once you are down

the

virtualization path, it is easy to start looking at Private / Public /

Hybrid clouds.   The paradigm shift is minimal.   The cloud technology

(barring security concerns with Cloud providers - Private / Hybrid cloud

can

minimize some of these concerns) is there and getting better every

day.....companies have to look towards a hybrid capability in order to

have

more control over mission critical applications.

2.  Process:  If you are not ITIL aligned.....the first step in the

evolution would be to go that route.  Service Management is very

critical as

the technology is there, tools are there.  With good Service Management

and

Governance in place, a company will see a lot of benefits by moving to

the

cloud.....especially in a world which is flat or becoming flat.....need

to

be dynamic and cloud provides it.

3.  People:   A big paradigm shift for people who are used to having

their

own hardware, ability to touch it, etc.  This is where governance will

play

a big role in acceptance of this change.  Strong buy in from leadership.

A

confident and reliable Infrastructure Operations & Engineering teams,

ITIL

processes, architecture standards (IaaS, PaaS, SaaS, etc) will all come

in

handy and make it happen.

4. Organization:  Need to move from stovepipes to organization structure

which is fluid enough to be matrixed in support of an environment which

is

very fluid.   Organizations have to think through their policies of OpEx

vs

CapEx.  CTO's have to build relationships with Business Leads to drive

the

cost down while providing them the confidence in Cloud.   Business Leads

have to understand the need to move in this direction in order to be

able to

support their changing business needs very fast.

5.  Vendors: Can help by making the licensing more in line with Cloud

environments by providing some utility model which charges the companies

based on number of cores used rather than the number of cores in the

physical server.   Vendors should also look at ways of supporting this

--

[Pietrasanta, Mark]

I think we have been mostly referring to IaaS cloud providers, where you are moving a system you currently maintain either on-premise, or in a traditional hosting facility.  I think this is where the bulk of the security concerns are coming from when we say "move to the cloud".

And for IaaS, you have just as much, often more control of (or at least options and tools for) the security your systems in the cloud.

For SaaS providers, yes this is something different, and needs to be evaluated on a provider-by-provider basis.

[Ray]

Every single data there are sensitive data breaches that involve the existing infrastructure. No cloud, no SaaS, just plain old IT. These breaches plague all levels of supposed security including the most trusted security vendors such as RSA and  Symantec. PCI, Hippa and a host of other security standards don’t seem to slow the bad guys down much either. So, suggesting the cloud somehow makes things worse ignores the current state of affairs, which is not good. Consider mobile for example. Do you think your data is more at risk in the cloud that it is with 10,000 user owned  devices having access to it? I think a sober examination of your security architecture will reveal many more vulnerable points of attack than the cloud.

 

Ray

[Paul Renaud]

“server-huggers”  LOL

 

Thank you for that.  Puts “tree-huggers” in bad company!  At least tree-huggers are trying to save the planet.

 

Paul Renaud

Chief Executive

The Lanigan Group

 

From: cloud-c...@googlegroups.com [mailto:cloud-c...@googlegroups.com] On Behalf Of Pietrasanta, Mark
Sent: August-26-11 12:57 PM
To: cloud-c...@googlegroups.com
Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest barrier to entry for cloud computing?

 

Yes, the server-huggers will always be an issue, and security is one of the many weapons they use as it tends to result in the most fear.

[Greg Pfister]

I think we mostly agree, since I agree that to get any examples somebody has to be convinced.

Also, you point to a valid problem: Every negative case will instantly get publicity; people having no problems don't naturally get the spotlight. Diligence in digging up success cases, both anecdotal and statistical, is, I think, a necessary part of creating the education materials.

I have to say that while I think "server-huggers" is amusing and clever, it probably won't help the cause to have that term leave the virtual locker room.

Greg Pfister

http://perilsofparallel.blogspot.com/

[kowsik]

+1 for "server-huggers". People have to get past this mental block to
adopt the cloud. There is no spoon.

K.
---
http://blog.mudynamics.com
http://blitz.io
@pcapr

[Ian Mills]

As almost always it is Legacy Applications that are the inhibitor to wide scale adoption of the new technology in this case cloud. But what we have to remember is that although those with a bent for technical innovation see Legacy Applications in a negative way, they do run todays economy. For most mature IT users the ammount of business function bound up in their existing applications is an order of magnitude or more of the function in anything new they may want to introduce. Then you have the problem that the 'new' stuff can't live in isolation and needs to interface to the old making it hard to not use the same technology.

2011/8/26 Juan J. <ju...@memset.com>

--
~~~~~
Call For Proposals is Open
2nd Annual UP 2011 Cloud Conference
http://up-con.com/propose

Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con
Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration

or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U

~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--
Ian Mills
0755 394 6958
Service to the customer, the pursuit of excellence, respect for the individual.

[Jeanne Morain]

There is actually more to the "fear factor" than just pure technology level security.  One of the biggest gaps for compliance (regulatory/license and yes security) is not that the Cloud technology does not have security level access controls of a traditional data center.  It is the people and process issues that are driving concerns for Enterprises. Some of the key issues are around: Understanding who has moved/bursted what work load to what cloud.  How doe they protect the company from being cited or fined from employees unauthorized moves or usage? Are they licensed to use that software in that way in that particular environment? How do they automate the handshake between the Cloud Provider, Enterprise, and Software Producer to provide compliance reports in a timely fashion for both Audit and Software Producers to avoid being overcharged for licenses they already purchased? Enterprises still need to prove compliance for "their" system for HIPAA, SOX, etc.  Regardless of what the cloud provider has in terms of security it will not equate to an auto magic pass in terms of compliance.  We need to traverse the 3 entities (Producers, Enterprise, and Cloud Provider) where once it was just a 1:1 relationship in the past. If all the concerns are unfounded - there would be broader adoption and many of the customers we have worked with in researching my book (Visible Ops Private Cloud - www.itpi.org) would be bursting in lieu of just implementing a private cloud environment.  In fact, these concerns cited were the reasons my co-authors and I opted to stop at Private Clouds...  but lay foundation for bursting. The cloud still has a way to go in terms of standardizing process and identification of those not following it for organizations.   There are industry initiatives around this area that are being spearheaded by Distributed Management Task Force (www.dmtf.org) and several leading providers to create standards. Having said that - I have worked on and seen compelling use cases/architectures for regulated applications using a hybrid approach for patient data/records and the application.  In the interim there are solutions - they just have to be customized/self built until standard ones are put in place and proven to aid in the other functions beyond the security bits and bytes... Cheers, Jeanne Morain www.universalclient.blogspot.com --- On Fri, 8/26/11, Miha Ahronovitz <mij...@sbcglobal.net> wrote:

From: Miha Ahronovitz <mij...@sbcglobal.net> Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest barrier to entry for cloud computing?

To: cloud-c...@googlegroups.com Date: Friday, August 26, 2011, 8:23 AM

Thank Mark for clarifying this, once again. The security concern for clouds is a cautious, Luddite  externalization of fears unfounded by reality and know-how. M On 8/26/2011 7:25 AM, Pietrasanta, Mark wrote:

RIght - but the point is, these are additional security layers on top of whatever security your system already has.  Whatever security you have now, moving to the cloud does nothing to compromise that.  And the major cloud providers have, at a minimum, the same or better "core" security as any traditional hosting provider or managed services hosting provider. What moving to the cloud does require is a full audit and analysis of your current system and infrastructure security.  And many IT folks are fearful of that kind of audit and what it would expose. But moving to the cloud, if anything, increases security for the reasons you mention below, and the need to go through your systems and infrastructure and fix what's broken. For the "sky is falling" crowd, there's little a cloud provider can do to appease that fear, as it is typically out of ignorance or misinformation. Does anyone actually disagree with this?  Does anyone think moving to the cloud adds security risks that otherwise would not be there?

(I allow for the increased attack surface argument - that just being in a cloud means you're part of something that might be more readily found in random attacks, but that's not what people typically refer to around their security concerns.)

------- Mark Pietrasanta | CTO | o: 301-939-1152 | www.Aquilent.com Aquilent - Innovating Tomorrow’s Government Top 50 Best Places to Work, Washington Business Journal Government Contracting Firm of the Year, Tech Council of Maryland

On Aug 26, 2011, at 4:03 AM, Karthik Sukumar wrote:

Over the Past decade, anxiety over cloud computing security, and its impact on regulatory compliance, has been consistently increasing and been ranked as the most widespread reason for avoiding further use of this service oriented computing by many organizations. Developing attack resistance, improving trust metrics, enhancing reliability and increasing the risk transparency remain crucial to widespread enterprise use of cloud computing. Amazingly, the cloud delivery model is being used to deliver a growing number of security critical tasks. Regards, Karthiksukumar -----Original Message-----

From: cloud-c...@googlegroups.com [mailto:cloud-c...@googlegroups.com] On Behalf Of Pietrasanta, Mark

Sent: Thursday, August 25, 2011 5:06 AM To: cloud-c...@googlegroups.com

Cc: cloud-c...@googlegroups.com Subject: Re: [ Cloud Computing ] Re: What do you believe is the biggest barrier to entry for cloud computing?

chrisheg...@gmail.com> wrote: Cloud computing remains a billion dollar slice of a trillion dollar IT industry. Is it because the technology isn't there? Have companies have too much invested in their own hardware to make the switch? Or are lingering security concerns the culprit? What do you believe the biggest barrier to cloud computing is and what must the industry do to overcome it?

-- ~~~~~ Call For Proposals is Open 2nd Annual UP 2011 Cloud Conference http://up-con.com/propose Posting guidelines:http://bit.ly/bL3u3v Follow us on Twitter @cloudcomp_group @cloudslam @up_con

Post Job/Resume athttp://cloudjobs.net

Download hundreds of recorded cloud sessions at

-http://cloudslam.org/register -http://2010.up-con.com/register -http://cloudslam09.com/content/registration-5.html -http://cloudslam10.com/content/registration

or get it on DVD at http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U ~~~~~ You received this message because you are subscribed to the Google Groups "Cloud Computing" group.> To post to this group, send email

tocloud-...@googlegroups.com

[Melody Childs]

Nicely put Karthiksukumar!

-Dee

Dee Childs, CISSP
Deputy CIO
Information Technology Services
Louisiana State University

[John Gilda]

There are differences between barriers and excuses - security can be an excuse. I remember the same talk track on virtualization adoption. Oh...the sky will fall when we have all these VMs on a single box - that means the bad guys get control of X servers after just breaking 1 physical box. I continued to hear that excuse from slow adopters for years while their peers were becoming more efficient. Granted, there are valid security considerations, as there are with all systems and applications.

The inhibitor to adoption is normal human resistance to change:

• Pain - until the pain on traditional infrastructure drives people toward cloud adoption is much more than the perceived pain associated with moving into the cloud...adoption will be slow. Though in many firms operating a big complicated infrastructure is very painful, the pain you know is normally better than the pain you imagine.
• Fear - since every cloud vendor trumpets the operating cost efficiencies, many IT professionals simply view the Cloud as outsourcing. Hence the stampede toward private clouds using the excuse of security and compliance...you know, if we have a private cloud, we can still have jobs..I mean the company will be more efficient and flexible and secure. There is lot of resistance to structural changes that challenge the status quo and will threaten traditional IT jobs.
• Greed - the long history of rosy ROI/TCO studies sponsored by vendors, the long history of attractive earlier adopter pricing being ratcheted up as lock-in increases. the long history of unanticipated costs piling up over time in outsourcing arrangements have trained firms to expect greed and avarice. Until buying firms motivated by their own self interest are fully confident they will consistently gain advantages in the long and midterm, they will avoid stepping into a bear trap.
• Laziness - it is real work to leverage new technologies. Many organizations have run leaner and leaner over the past decade and have a difficult time supporting new initiatives with adequate resource. Some overloaded resources playing whack a mole day to day, might not see the cloud as anything but another mole.
• You first - there is a small segment of people and firms who are early adopters who revel in novelty and being on the bleeding edge. Most folks want these early adopters and a good layer of the mainstream to adopt and grind down any rough edges before jumping in with both feet. Because it is easier to overcome pain, fear, greed, and laziness if everyone is doing it. ;)

I'd have a hard time picking just one of these.

j

Linkedin

---

From: ren...@lanigangroup.ca
To: cloud-c...@googlegroups.com
Subject: RE: [ Cloud Computing ] Re: What do you believe is the biggest barrier to entry for cloud computing?
Date: Fri, 26 Aug 2011 17:52:06 -0400

[Oya SANLI]

Hi Adrian,
For cloud computing education began with marketing from consumer side.. May
be that was the way to transfer IT to business - humble opinion.
As we all know the way of IT perspective is going to change with cloud
computing. The way of dealing with IT is going to change. To let business to
adopt this new way and understand what is cloud computing and what is not,
education is needed, I believe. With education of the consumers most of the
security concerns may be solve at the begining. A very very small exmaple,
after explaning that they can use some kind of cryptology and encryption
sevices from a trusted service provider they can use google docs and gmail
the small law firm agreed on using it.
I also would like to write about standardization. I think standardization of
cloud computing is not so easy. We have difeerent service models on
diffrent deployment models. And as I can see most of the use cases needs own
standardization. With education of the IT people use cases may increase and
so standardization may ease.
Best,
Oya Şanlı
@oyasan
Linkedin Profile
Virtual Business Card
Virtual Profile
Skype:oyasanli1959
http://oyasanli.com
http://paydeg.com
-----Original Message----- From: Adrian J Duncan Sent: Thursday, August
25, 2011 1:32 PM To: cloud-c...@googlegroups.com Subject: Re: [ Cloud

[Jafar Ismail]

I have been enjoying this discussion. My thoughts are that we should look at the issue from the "customers" vantage point. What is their compelling reason to migrate to cloud computing. The first interest of the companies/consumers is the solution and not the technology. If the latest and greatest and the coolest technology doesn't solve their core problem or provide for their core service, you will not find them too keen to embrace it. Imagine who would buy the iPhone if it did everything it could, but couldn't place a call.

 

A personal example I could offer is the Microsoft Office 365 service for professional and small business. As my wife is in the process of going on her own, I explored this service. My primary interest was secure and reliable email. One glitch was that I couldn't configure the outgoing email address to be from her company domain. The only help available were the forum where I found resolution only for the "Enterprise" Office 365 solution, but not for the professional! Add to that the service went down for hours a day later. So not only did it not do what I wanted, it wasn't too reliable either. And that was enough for me to go to the tradional hosting provider

 

The other concern is regarding security. Now understandably, the weakest link could be the application and not the infrastructure. But the impact of failure and the recovery process must clearly be understood and if it will meet the standards we have come to expect today?

 

Cheers,

 

Jafar  

[Ray LaDriere]

Perfect example. Our problem is build it and they will come rather than build what they will buy. Customers and revenue still are lacking in profitability
Ramps.

Ray

[Heiko]

Interesting question and answers here. Many of the replies focused on
security and/or education. But shouldn't we focus on what the cloud
does or can do better? A good example of a cloud based service is
Google's gmail. It's been around for some time (so have yahoo's and
MS' email services) and has found widespread adaptation. The biggest
benefit of webmail is access from anywhere, from any smart Internet
connected device. I can read my mail on a public Internet access
without my having to carry my own PC/netbook/smartphone. I can sync
between PC, notebook, and smartphone, read a mail on my desktop PC at
work, rush out for a meeting and answer the mail from an iphone while
driving in a cab.

The cloud can bring similar benefits to the users, but for many more
applications and data. Applications, IMHO, are a crucial ingredient in
a widespread cloud adoption. As important as enterprise apps are for
the enterprise, the users will want to retain their flexibility and
choice of apps. Apple's iphone has been so successful because it
provides a myriad of apps (or made it easy for developers to produce
and market their apps). Without the appstore, the iphone would be
nothing but a nicely designed toy, and not even that. If going to the
cloud means that users are tied down to company provided/sanctioned
apps, then that's the beginning of the end of the cloud adoption. Who
wants to go backwards?

Then there is the price and licensing issue. Companies and users can
easily see the benefit of not investing in hardware when going to a
cloud provider. But software licensing is confusing, at the very
least. Some of the major software players take a very twofold approach
to the cloud - they play the game while trying to keep the old PC/
notebook/netbook thick client model (each with OS and local
application software) alive. Using full-fledged thick clients to
access hosted applications and data is counterproductive. It's not
only a waste of resources and money, it's also a security threat and
expensive to maintain.

How would the ideal cloud look like? Users would have anywhere access
to their apps and data, irrespective of the device. They would choose
and use applications they like, without having to install or maintain
anything. They would have a choice between different licensing/payment
options - lifetime license, subscriptions, pay as you go, whatever. In
essence, they would be able to use the applications without having to
deal with the technicalities and maintenance.

Back in the old days, the PC became a success because it made
computers affordable and available to the average person. Today the PC
and its derivatives have become a costly burden - short hardware
lifecycle, complexity, maintenance, security threats all add up to
produce mixed feelings about it. Building on the service concept of
IaaS/PaaS/SaaS, the cloud could make life better.

Heiko

On Aug 29, 4:41 am, Ray LaDriere <rayladri...@gmail.com> wrote:
> Perfect example. Our problem is build it and they will come rather than build what they will buy. Customers and revenue still are lacking in profitability
> Ramps.
> Ray
>

> On Aug 28, 2011, at 6:22 PM, Jafar Ismail <jafar_ism...@yahoo.com> wrote:
>
>
>
>
>
>
>
> > I have been enjoying this discussion. My thoughts are that we should look at the issue from the "customers" vantage point. What is their compelling reason to migrate to cloud computing. The first interest of the companies/consumers is the solution and not the technology. If the latest and greatest and the coolest technology doesn't solve their core problem or provide for their core service, you will not find them too keen to embrace it. Imagine who would buy the iPhone if it did everything it could, but couldn't place a call.
>
> > A personal example I could offer is the Microsoft Office 365 service for professional and small business. As my wife is in the process of going on her own, I explored this service. My primary interest was secure and reliable email. One glitch was that I couldn't configure the outgoing email address to be from her company domain. The only help available were the forum where I found resolution only for the "Enterprise" Office 365 solution, but not for the professional! Add to that the service went down for hours a day later. So not only did it not do what I wanted, it wasn't too reliable either. And that was enough for me to go to the tradional hosting provider
>
> > The other concern is regarding security. Now understandably, the weakest link could be the application and not the infrastructure. But the impact of failure and the recovery process must clearly be understood and if it will meet the standards we have come to expect today?
>
> > Cheers,
>
> > Jafar  
>

> > > Post Job/Resume athttp://cloudjobs.net

> > > Download hundreds of recorded cloud sessions at

> > > -http://cloudslam.org/register
> > > -http://2010.up-con.com/register
> > > -http://cloudslam09.com/content/registration-5.html

> > > -http://cloudslam10.com/content/registration

> > > or get it on DVD at
> > >http://www.amazon.com/gp/product/B002H07SEC,
> > >http://www.amazon.com/gp/product/B004L1755W,
> > >http://www.amazon.com/gp/product/B002H0IW1U
> > > ~~~~~
> > > You received this message because you are subscribed to the Google Groups
> > > "Cloud Computing" group.
> > > To post to this group, send email to cloud-c...@googlegroups.com
> > > To unsubscribe from this group, send email to
> > > cloud-computi...@googlegroups.com
>
> > -- ~~~~~
> > Call For Proposals is Open
> > 2nd Annual UP 2011 Cloud Conference
> >http://up-con.com/propose
> > Posting guidelines:http://bit.ly/bL3u3v
> > Follow us on Twitter @cloudcomp_group @cloudslam @up_con

> > Post Job/Resume athttp://cloudjobs.net

> > Download hundreds of recorded cloud sessions at

> > -http://cloudslam.org/register
> > -http://2010.up-con.com/register
> > -http://cloudslam09.com/content/registration-5.html

> > -http://cloudslam10.com/content/registration

> > or get it on DVD at

> >http://www.amazon.com/gp/product/B002H07SEC,http://www.amazon.com/gp/product/B004L1755W,http://www.amazon.com/gp/product/B002H0IW1U

> > ~~~~~
> > You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> > To post to this group, send email to cloud-c...@googlegroups.com
> > To unsubscribe from this group, send email to cloud-computi...@googlegroups.com
> > -- ~~~~~
> > Call For Proposals is Open
> > 2nd Annual UP 2011 Cloud Conference
> >http://up-con.com/propose
>
> > Posting guidelines:http://bit.ly/bL3u3v
> > Follow us on Twitter @cloudcomp_group @cloudslam @up_con

> > Post Job/Resume athttp://cloudjobs.net

>
> > Download hundreds of recorded cloud sessions at -http://cloudslam.org/register

> > -http://2010.up-con.com/register-http://cloudslam09.com/content/registration-5.html -http://cloudslam10.com/content/registration
>
> > or get it on DVD athttp://www.amazon.com/gp/product/B002H07SEC,http://www.amazon.com/gp/product/B004L1755W,http://www.amazon.com/gp/product/B002H0IW1U

> > ~~~~~
> > You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> > To post to this group, send email to cloud-c...@googlegroups.com
> > To unsubscribe from this group, send email  to cloud-computi...@googlegroups.com
>
> > --
> > ~~~~~
> > Call For Proposals is Open
> > 2nd Annual UP 2011 Cloud Conference
> >http://up-con.com/propose
>
> > Posting guidelines:http://bit.ly/bL3u3v
> > Follow us on Twitter @cloudcomp_group @cloudslam @up_con

> > Post Job/Resume athttp://cloudjobs.net

>
> > Download hundreds of recorded cloud sessions at

> > -http://cloudslam.org/register
> > -http://2010.up-con.com/register
> > -http://cloudslam09.com/content/registration-5.html

> > -http://cloudslam10.com/content/registration

>
> > or get it on DVD at

> >http://www.amazon.com/gp/product/B002H07SEC,http://www.amazon.com/gp/product/B004L1755W,http://www.amazon.com/gp/product/B002H0IW1U

[Vijay Shah]

Working with large enterprises on cloud adoption strategy, one of the issue I have seen is in-house infrastructure investment which is already made and dependency on the main frame based applications for mission critical business processes. Of course there is a chance for  distributed decoupled apps to be moved into the cloud  or setting up dev/ test environment in the cloud but it represents very small fraction of workload foot print. Business wants to see the use of  Capex which is already made in setting up large scale data center.

 

-Vijay

Post Job/Resume at http://cloudjobs.net

Download hundreds of recorded cloud sessions at

- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html

- http://cloudslam10.com/content/registration

[Frank Greco]

On 8/24/11 11:57 AM, Ch...@blackbelt-strategies.com wrote:

Cloud computing remains a billion dollar slice of a trillion dollar IT
industry. Is it because the technology isn't there? Have companies
have too much invested in their own hardware to make the switch? Or
are lingering security concerns the culprit?

What do you believe the biggest barrier to cloud computing is and what
must the industry do to overcome it?

Just to clarify your question, I'm assuming you are talking about external cloud computing.  Many enterprises are adopting private cloud computing technologies without exposing any of their family jewels to external cloud vendors.  You can argue that internal or even hybrid clouds are bigger money makers than the external companies.  Certainly the enterprise software vendors feel a lot more comfortable with selling their products that way.  "By the drink" pricing is not a good comp model for the enterprise software sales force.

There are several barriers yet to overcome for the external cloud; software licensing, resource accounting, network performance, developer training, governance, compliance/regulatory, overall maturity, PaaS complexity, etc.

But the biggest barrier by far and away (imho) is the security angle.  Or more accurately the perception of lowered security.  Large enterprises still don't have the warm and fuzzies despite external cloud vendors probably having superior security than their own IT.

There are a slew of startups attacking all these problems, so they will all be addressed over time.  There's even a startup that is working on a mechanism that allows machines to directly work on encrypted data without decrypting it (but its probably 5 years away).  We're talking about enterprise infrastructure not consumer iPad apps. 

Enterprise infrastructure is slow-moving and primarily risk-averse.

Frank G

[John Savageau]

It may also be as simple as a large percentage of companies have not yet entered their next technology refresh cycle since the emergence of public and private cloud service models.  If a normal tech refresh is somewhere between 3~5 years, 2012 may show a significant increase in the percentages.

--
~~~~~
Register to attend UP 2011 Cloud Conference
http://up-con.com/register-now

 
Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con
Post Job/Resume at http://cloudjobs.net
 
Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration
 
or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U
 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--

_______________________________
John Savageau
Los Angeles, California

_______________________________

[Jim Starkey]

I can't say that it generalizes, but the companies that we as a "cloud" database company talk to fall into two disjoint sets, new starts that are attracted to public clouds for financial reasons and enterprises that are exclusively interested in private clouds.  The latter, when pressed for an explanation, generally respond with "for any number of reasons", which, I believe, translates to a loss of control without a corresponding transfer of responsibility.  Or, in other words, if a cloud vendor screws up for any reason, it's still the IT department's fault.  Simply put, the notion that nobody ever got fired for going with IBM does not translate to cloud vendors.

There is an irony here recognized by all parties: While Amazon may have (for the sake of argument) the best security, the best network access, the best storage facilities, and the best possible operation staffs, if something goes wrong, their SLA provides that they are not on the hook for damages.  Legally, this degrades a superb service to "best efforts."

I'm sure enterprises will accelerate their usage of public clouds for one-off projects, non-critical applications, and software development, I don't see them moving mission critical applications and data into the public cloud, ever.  Private clouds, definitely.  Virtual private clouds, maybe.  Public clouds, I just don't see it.

--
~~~~~
Register to attend UP 2011 Cloud Conference
http://up-con.com/register-now
 
Posting guidelines: http://bit.ly/bL3u3v
Follow us on Twitter @cloudcomp_group @cloudslam @up_con
Post Job/Resume at http://cloudjobs.net
 
Download hundreds of recorded cloud sessions at
- http://cloudslam.org/register
- http://2010.up-con.com/register
- http://cloudslam09.com/content/registration-5.html
- http://cloudslam10.com/content/registration
 
or get it on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B004L1755W, http://www.amazon.com/gp/product/B002H0IW1U
 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

-- 
Jim Starkey
Founder and CTO
NuoDB, Inc.