Click here to close now.




















Welcome!

@CloudExpo Authors: Automic Blog, Liz McMillan, Pat Romanski, Roger Strukhoff, Mike Kavis

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Riding the Enterprise Cloud Computing Wave of Change into the Future

Plan your path so you can achieve real, practical results

The term cloud computing was first coined in 2007. Enterprise Cloud Computing seems to have emerged as a term in 2009. It's now 2012 and many are trying to ride the wave of Enterprise cloud computing or private cloud into the future. In a short four years, we've seen this phenomena of cloud permeate everything. Some question its validity as a technology and a term. If you look at the Gartner hype curve, the mere questioning of cloud can be considered validation. The abbreviated Gartner curve shows the rapid progress of cloud and private cloud from term introduction to the "peak of inflated expectations." We're about to dive down into the dreaded "trough of disillusionment." Maybe the skeptics are already there. Or maybe, cloud will jump from its current holding spot over to the "slope of enlightenment" without spending (measureable) time in the trough. I'll look forward to the Gartner curve update in 2012.

Why do I think it's possible to skip the trough of disillusionment? Some key reasons were covered in my first talk at Cloud Expo back in 2009. Cloud computing is, simply stated, the next generation of IT architecture. We've been moving to the cloud for the past several years through virtualization, improved enterprise management systems, high-speed global networks, wireless access devices, and so forth. It's a lot less of a revolution and a lot more of an evolution. The ubiquitous, white fluffy physical representation of "cloud" caused much of the initial skepticism, I think. Now, people are comfortable with the word cloud and marketers have found innovative, successful ways to connect the features and benefits for the average technology user.

Enterprises cite many reasons for cloud adoption. This survey from December 2010 highlights reduced CAPEX and OPEX combined with speed and agility as key advantages for federal organizations. The survey results from the federal space mirror the survey answers across all industries. Tough economic challenges over the past few years have catapulted cloud providers to the top of the IT company lists.

A contrasting survey from Meritalk focused on the issues and concerns for cloud. The survey highlighted three key challenges for cloud adoption in the federal space: security, culture, and budget. Our experiences at NRO mimic the survey results. I want to walk through these top three challenges with a focus on practical strategies for reducing barriers to cloud success.

Number One: Security
The number one issue on the Meritalk survey - and many other surveys - is security in the cloud. The myth is that cloud computing is less secure. I recently co-authored a paper for AFCEA with Jamie Dos Santos, President of Terremark Federal. We identified three areas contributing to the myth the cloud is less secure.

  1. The cloud is like fog and the company/organization can't see clearly into what's happening, as a result, security seems compromised. You don't trust what you can't easily see.
  2. The cloud vendors are making the technical decisions/standards and we, as customers, are losing control. We're forced to take what they give us and the inability to demand certain requirements is translated into lack of security.
  3. The cloud is, by nature and characteristic, always changing. My IT workforce is already overwhelmed and they will never be able to keep up with something that changes all the time; it can never be considered secure if my team can't keep up.

In our research - which included touch points with industry, government, and academia - what we actually found is that recent trends in cloud computing demonstrate the architecture has matured and offers distinct advantages for cyber security defense.

The three countering reasons it can be more secure are:

  1. Visibility. The cloud offers you many points of measurement and instrumentation - at every layer of the IT stack. You can use the metrics to improve the overall knowledge of the cloud and gain valuable insights not achievable previously. Using this knowledge, you can improve the overall security posture of the cloud. It takes a commitment to analysis and review but the results are significantly better than today's insights. Knowing vulnerabilities is necessary before you can mitigate them.
  2. Collaboration. We found new and improved public-private partnerships forming to protect national interests, lift the "fog," and change relationships between providers and customers. Knowledge of cyber events is passing between corporations and government entities faster than ever before and new security solutions are emerging to protect all information in clouds from malicious or suspicious events. Industry recognizes data protection is as important as reputation protection. One smear can ruin the company.
  3. Workforce Enrichment. We also found cloud computing is highlighting our need for a workforce that bridges the IT and Information Assurance fields. In the past, we've often segmented work into IT or IA; we need to drive academic and job-training programs to blend the skills for maximum advantage with cloud. This will allow a workforce that skillfully uses measurement and analysis tools to bring better security to the cloud.

Back to the Meritalk survey: The number two issue highlighted by Meritalk was Culture.
Gartner's Cloud outlook for 2011 hit upon three cultural changes for the enterprise: (1) using the Cloud can facilitate smaller and shorter projects; (2) the tools used in cloud projects will be more open source and less costly; and (3) to take advantage, companies will be seeking younger talent more familiar with the new tools. The result - as depicted in this picture - is a happy, blended, workforce. But, be careful. Your organization probably includes IT folks representing a diversity of ages and skill sets. You can't just bring in a new workforce and sweep the current one under a rug. Managing the cultural change in your people, your processes, and your technology will improve your overall success rate. Let's talk about those three areas of culture change.

First, let's talk People: You may need a new set of IT professionals but you have a legacy team in place now. You will need to successfully merge your legacy and new workforces to have a high performing blend of talent for the future. If you have legacy team members with a lot of time in your IT program but without a lot of interest in learning the nitty-gritty of the cloud controller, you might consider repurposing or refocusing those team members to fill gaps in other IT areas. For example, we never seem to have enough people to analyze advanced persistent threats and cyber vectors. A company might use its experienced team members to oversee the analysis of the many new data points you get with the cloud. Or, a company might use its experienced team members as customer liaison specialists for technical customer engagement or innovation. Whatever your existing resources, you'll need to make sure the legacy team can get on board with the changes; a mass replacement is not likely to breed success. A lucrative merger of your legacy and new workforces can create the high performing blend you need.

The second cultural area to address is process. It's another legacy you'll have to change for cloud to reap its benefits. You don't need a special purpose infrastructure for each application. Each application doesn't have to build a vertical stovepipe for success. Instead, you will need strict adherence to standards so your infrastructure can scale quickly and efficiently. Your engineering talent doesn't have to spend tons of time in engineering review board meetings or configuration control meetings. By reducing the complexity in the baseline, your engineers can focus on delivering new capabilities higher in the stack that provide greater unique value to your company. You can change your software lifecycle from months to weeks (or less) when you get the infrastructure lifecycle out of the way. Platform as a Service and Infrastructure as a Service require fairly rigid standardization to be a true cloud - anytime, anywhere, elastic capacity on demand. If you don't force the rigid standardization in the lower layers of the IT stack, you are likely to see custom builds creep back into your environment. Customized solutions will, generally speaking, elongate your delivery cycle. Cumbersome, slow, and expensive processes will return and reverse your efficiency gains.

The third area of culture change that will occur with Cloud is in the technology area. Smart choices here will help you turn your server huggers into cloud lovers. First, don't attempt to migrate everything to cloud up front - if ever. Cloud is the latest generation of IT architecture but that doesn't mean cloud works for all. You should start with low hanging fruit - those capabilities ready and ripe for a cloud world - and work your way up the tree to harder, more resistant capabilities. Use cloud as a means of improving your technology curve for certification and accreditation. Once you've certified the cloud infrastructure, the applications are less tethered and become both faster and more innovative. Finally, as your workforce clamors for more access via consumer devices, use cloud migration to securely support that access.

Let's return to the Meritalk survey to discuss its third key issue. Remember we've talked about the first two issues: security and culture. The third issue is budget. This figure provides three perspectives. Lockheed Martin recognizes that most savings will be in your labor, which means IT resources will need to be repurposed or removed to achieve great savings. Another view, from AF GEN Spano, noted that moving to cloud - solely to save money - may not be the right approach. And, Booz Allen noted the path to savings is based on several factors. If your primary driver for cloud is to save money, make sure you're realistic about what it will take to achieve that goal. CapEx savings might be realized but the bulk of savings will be from OpEx reductions.

A key take-away from the Meritalk survey is that you need to spend time planning your cloud implementation. It's not something you just wake up, decide to do, and then leap right in. Timing and planning are critical to success. The wave and surfing analogy fits well. You don't just jump into the water with a board and ride the perfect wave. You need a process: paddle out, position yourself, survey the oncoming waves, pick the wave that best corresponds to your position, and paddle like mad to stay right in front of that wave to catch the perfect ride.

This graphic represents a potential 9-step plan for cloud deployment. It's just an example. Regardless of the roadmap you use, the first step is a rational approach that will work in your specific environment.

At the NRO, we've spent the past 18 months developing our IT strategy and roadmap. We've determined a private cloud followed by a hybrid cloud (private/community, with the Intelligence Community) will be our delivery model. We'll focus on infrastructure and platform as services first and then move to Software as a service. Our strategy also highlights the need to look beyond the technology of cloud. Understanding the roles and responsibilities between the ISP and ASPs is also being worked out. In our organization, a lot of development is done by general defense contractors. Making sure we know exactly what the ISP must provide and what the ASPs are responsible for is paramount for rapid problem identification and resolution. Acquisition models need to be planned. For us, we needed to understand if it was going to be:

  • GO GO: government owned and government operated;
  • GO CO: government owned and contractor operated; or
  • CO CO: contractor owned and contractor operated.

It may seem simple to you but the complex relationships between the government and our contractor base made this analysis "not simple" for us.

And, we decided to implement and migrate in four phases: test it, prove it, use it, then exploit it. We're currently in the Prove It Phase. At each phase, we will specifically assess "go/no go" to ensure we remain properly focused and successful.

Phase 1 (Test It) allowed us to focus a few pilots on different capabilities for testing and risk assessment/buy-down. We had three cloud pilots focused on different kinds of capabilities, technologies, and processes. We had a pilot that determined if commercial cloud operating models would work on our business/admin systems. We had a pilot to determine how cloud controllers did/didn't work with graphical processor units vice CPUs. And, we also did some work on data clouds for big analytics.

We're in the Prove It phase now. This phase is designed to put an enterprise-class capability on the floor. It has specific technology activities combined with many "governance-like" activities such as standard products, applications inventories, and policy development. We actually are pursuing two distinct commodity clouds: one supports business, administrative, and enterprise systems and the other supports NRO unique mission needs. Each is implementing a different cloud controller and we intend to prove necessary federation in this area. We are maintaining work on the high performance, GPU cloud. It's turned out to be sufficiently different from the commodity cloud. Our data work is proceeding along a slower pace internally while we examine potential leverage points across the Intelligence Community for smart data.

Assuming success in the Prove It phase, we intend to scale the current work for broader success. It will take a few years. We have a lot of program alignment to do in the Use It phase. Deciding which applications migrate when is likely to be a combination of those that are ready and those that are facing a major recap/refresh anyway.

Our path - as you can see - is pragmatic and methodical; we will take time to gauge our progress each year by properly measuring and analyzing results along the way. For some, our path is shockingly slow. For others, it's ridiculously rapid. We think we've built a strategy that can respond to both views - allowing those applications/capabilities that need more time, to take the time they need.

In summary, you have to plan your path so you can achieve real, practical results. You have to identify the top issues that might impede your cloud success. Within your organization, you'll need to develop plans to overcome the issues while continuing to make progress. Don't underestimate the cultural forces at work. Some members of your workforce may be hoping this new technology will just go away. Moreover, if you try to move to cloud but you don't tackle your business processes currently in place, it will be hard to achieve success. You can't deliver in hours or days if your culture is used to working things in months and years.

More Stories By Jill Tummler Singer

Jill Tummler Singer is CIO for the National Reconnaissance Office (NRO)- which as part of the 16-member Intelligence Community plays a primary role in achieving information superiority for the U.S. Government and Armed Forces. A DoD agency, the NRO is staffed by DoD and CIA personnel. It is funded through the National Reconnaissance Program, part of the National Foreign Intelligence Program.

Prior to joining the NRO, Singer was Deputy CIO at the Central Intelligence Agency (CIA), where she was responsible for ensuring CIA had the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, she served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Singer has served in several senior leadership positions within the Federal Government. She was the head of Systems Engineering, Architecture, and Planning for CIA's global infrastructure organization. She served as the Director of Architecture and Implementation for the Intelligence Community CIO and pioneered the technology and management concepts that are the basis for multi-agency secure collaboration. She also served within CIA’s Directorate of Science and Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
"We've just seen a huge influx of new partners coming into our ecosystem, and partners building unique offerings on top of our API set," explained Seth Bostock, Chief Executive Officer at IndependenceIT, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Arch...
Malicious agents are moving faster than the speed of business. Even more worrisome, most companies are relying on legacy approaches to security that are no longer capable of meeting current threats. In the modern cloud, threat diversity is rapidly expanding, necessitating more sophisticated security protocols than those used in the past or in desktop environments. Yet companies are falling for cloud security myths that were truths at one time but have evolved out of existence.
Public Cloud IaaS started its life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in adop...
The time is ripe for high speed resilient software defined storage solutions with unlimited scalability. ISS has been working with the leading open source projects and developed a commercial high performance solution that is able to grow forever without performance limitations. In his session at Cloud Expo, Alex Gorbachev, President of Intelligent Systems Services Inc., shared foundation principles of Ceph architecture, as well as the design to deliver this storage to traditional SAN storage co...
MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs. The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with ...
The Cloud industry has moved from being more than just being able to provide infrastructure and management services on the Cloud. Enter a new era of Cloud computing where monetization’s services through the Cloud are an essential piece of strategy to feed your organizations bottom-line, your revenue and Profitability. In their session at 16th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed how to easily o...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Opening Keynote at 16th Cloud Expo, S...