Welcome!

@CloudExpo Authors: Ed Featherston, Rostyslav Demush, Jamie Madison, Jason Bloomberg, Greg Pierce

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Riding the Enterprise Cloud Computing Wave of Change into the Future

Plan your path so you can achieve real, practical results

The term cloud computing was first coined in 2007. Enterprise Cloud Computing seems to have emerged as a term in 2009. It's now 2012 and many are trying to ride the wave of Enterprise cloud computing or private cloud into the future. In a short four years, we've seen this phenomena of cloud permeate everything. Some question its validity as a technology and a term. If you look at the Gartner hype curve, the mere questioning of cloud can be considered validation. The abbreviated Gartner curve shows the rapid progress of cloud and private cloud from term introduction to the "peak of inflated expectations." We're about to dive down into the dreaded "trough of disillusionment." Maybe the skeptics are already there. Or maybe, cloud will jump from its current holding spot over to the "slope of enlightenment" without spending (measureable) time in the trough. I'll look forward to the Gartner curve update in 2012.

Why do I think it's possible to skip the trough of disillusionment? Some key reasons were covered in my first talk at Cloud Expo back in 2009. Cloud computing is, simply stated, the next generation of IT architecture. We've been moving to the cloud for the past several years through virtualization, improved enterprise management systems, high-speed global networks, wireless access devices, and so forth. It's a lot less of a revolution and a lot more of an evolution. The ubiquitous, white fluffy physical representation of "cloud" caused much of the initial skepticism, I think. Now, people are comfortable with the word cloud and marketers have found innovative, successful ways to connect the features and benefits for the average technology user.

Enterprises cite many reasons for cloud adoption. This survey from December 2010 highlights reduced CAPEX and OPEX combined with speed and agility as key advantages for federal organizations. The survey results from the federal space mirror the survey answers across all industries. Tough economic challenges over the past few years have catapulted cloud providers to the top of the IT company lists.

A contrasting survey from Meritalk focused on the issues and concerns for cloud. The survey highlighted three key challenges for cloud adoption in the federal space: security, culture, and budget. Our experiences at NRO mimic the survey results. I want to walk through these top three challenges with a focus on practical strategies for reducing barriers to cloud success.

Number One: Security
The number one issue on the Meritalk survey - and many other surveys - is security in the cloud. The myth is that cloud computing is less secure. I recently co-authored a paper for AFCEA with Jamie Dos Santos, President of Terremark Federal. We identified three areas contributing to the myth the cloud is less secure.

  1. The cloud is like fog and the company/organization can't see clearly into what's happening, as a result, security seems compromised. You don't trust what you can't easily see.
  2. The cloud vendors are making the technical decisions/standards and we, as customers, are losing control. We're forced to take what they give us and the inability to demand certain requirements is translated into lack of security.
  3. The cloud is, by nature and characteristic, always changing. My IT workforce is already overwhelmed and they will never be able to keep up with something that changes all the time; it can never be considered secure if my team can't keep up.

In our research - which included touch points with industry, government, and academia - what we actually found is that recent trends in cloud computing demonstrate the architecture has matured and offers distinct advantages for cyber security defense.

The three countering reasons it can be more secure are:

  1. Visibility. The cloud offers you many points of measurement and instrumentation - at every layer of the IT stack. You can use the metrics to improve the overall knowledge of the cloud and gain valuable insights not achievable previously. Using this knowledge, you can improve the overall security posture of the cloud. It takes a commitment to analysis and review but the results are significantly better than today's insights. Knowing vulnerabilities is necessary before you can mitigate them.
  2. Collaboration. We found new and improved public-private partnerships forming to protect national interests, lift the "fog," and change relationships between providers and customers. Knowledge of cyber events is passing between corporations and government entities faster than ever before and new security solutions are emerging to protect all information in clouds from malicious or suspicious events. Industry recognizes data protection is as important as reputation protection. One smear can ruin the company.
  3. Workforce Enrichment. We also found cloud computing is highlighting our need for a workforce that bridges the IT and Information Assurance fields. In the past, we've often segmented work into IT or IA; we need to drive academic and job-training programs to blend the skills for maximum advantage with cloud. This will allow a workforce that skillfully uses measurement and analysis tools to bring better security to the cloud.

Back to the Meritalk survey: The number two issue highlighted by Meritalk was Culture.
Gartner's Cloud outlook for 2011 hit upon three cultural changes for the enterprise: (1) using the Cloud can facilitate smaller and shorter projects; (2) the tools used in cloud projects will be more open source and less costly; and (3) to take advantage, companies will be seeking younger talent more familiar with the new tools. The result - as depicted in this picture - is a happy, blended, workforce. But, be careful. Your organization probably includes IT folks representing a diversity of ages and skill sets. You can't just bring in a new workforce and sweep the current one under a rug. Managing the cultural change in your people, your processes, and your technology will improve your overall success rate. Let's talk about those three areas of culture change.

First, let's talk People: You may need a new set of IT professionals but you have a legacy team in place now. You will need to successfully merge your legacy and new workforces to have a high performing blend of talent for the future. If you have legacy team members with a lot of time in your IT program but without a lot of interest in learning the nitty-gritty of the cloud controller, you might consider repurposing or refocusing those team members to fill gaps in other IT areas. For example, we never seem to have enough people to analyze advanced persistent threats and cyber vectors. A company might use its experienced team members to oversee the analysis of the many new data points you get with the cloud. Or, a company might use its experienced team members as customer liaison specialists for technical customer engagement or innovation. Whatever your existing resources, you'll need to make sure the legacy team can get on board with the changes; a mass replacement is not likely to breed success. A lucrative merger of your legacy and new workforces can create the high performing blend you need.

The second cultural area to address is process. It's another legacy you'll have to change for cloud to reap its benefits. You don't need a special purpose infrastructure for each application. Each application doesn't have to build a vertical stovepipe for success. Instead, you will need strict adherence to standards so your infrastructure can scale quickly and efficiently. Your engineering talent doesn't have to spend tons of time in engineering review board meetings or configuration control meetings. By reducing the complexity in the baseline, your engineers can focus on delivering new capabilities higher in the stack that provide greater unique value to your company. You can change your software lifecycle from months to weeks (or less) when you get the infrastructure lifecycle out of the way. Platform as a Service and Infrastructure as a Service require fairly rigid standardization to be a true cloud - anytime, anywhere, elastic capacity on demand. If you don't force the rigid standardization in the lower layers of the IT stack, you are likely to see custom builds creep back into your environment. Customized solutions will, generally speaking, elongate your delivery cycle. Cumbersome, slow, and expensive processes will return and reverse your efficiency gains.

The third area of culture change that will occur with Cloud is in the technology area. Smart choices here will help you turn your server huggers into cloud lovers. First, don't attempt to migrate everything to cloud up front - if ever. Cloud is the latest generation of IT architecture but that doesn't mean cloud works for all. You should start with low hanging fruit - those capabilities ready and ripe for a cloud world - and work your way up the tree to harder, more resistant capabilities. Use cloud as a means of improving your technology curve for certification and accreditation. Once you've certified the cloud infrastructure, the applications are less tethered and become both faster and more innovative. Finally, as your workforce clamors for more access via consumer devices, use cloud migration to securely support that access.

Let's return to the Meritalk survey to discuss its third key issue. Remember we've talked about the first two issues: security and culture. The third issue is budget. This figure provides three perspectives. Lockheed Martin recognizes that most savings will be in your labor, which means IT resources will need to be repurposed or removed to achieve great savings. Another view, from AF GEN Spano, noted that moving to cloud - solely to save money - may not be the right approach. And, Booz Allen noted the path to savings is based on several factors. If your primary driver for cloud is to save money, make sure you're realistic about what it will take to achieve that goal. CapEx savings might be realized but the bulk of savings will be from OpEx reductions.

A key take-away from the Meritalk survey is that you need to spend time planning your cloud implementation. It's not something you just wake up, decide to do, and then leap right in. Timing and planning are critical to success. The wave and surfing analogy fits well. You don't just jump into the water with a board and ride the perfect wave. You need a process: paddle out, position yourself, survey the oncoming waves, pick the wave that best corresponds to your position, and paddle like mad to stay right in front of that wave to catch the perfect ride.

This graphic represents a potential 9-step plan for cloud deployment. It's just an example. Regardless of the roadmap you use, the first step is a rational approach that will work in your specific environment.

At the NRO, we've spent the past 18 months developing our IT strategy and roadmap. We've determined a private cloud followed by a hybrid cloud (private/community, with the Intelligence Community) will be our delivery model. We'll focus on infrastructure and platform as services first and then move to Software as a service. Our strategy also highlights the need to look beyond the technology of cloud. Understanding the roles and responsibilities between the ISP and ASPs is also being worked out. In our organization, a lot of development is done by general defense contractors. Making sure we know exactly what the ISP must provide and what the ASPs are responsible for is paramount for rapid problem identification and resolution. Acquisition models need to be planned. For us, we needed to understand if it was going to be:

  • GO GO: government owned and government operated;
  • GO CO: government owned and contractor operated; or
  • CO CO: contractor owned and contractor operated.

It may seem simple to you but the complex relationships between the government and our contractor base made this analysis "not simple" for us.

And, we decided to implement and migrate in four phases: test it, prove it, use it, then exploit it. We're currently in the Prove It Phase. At each phase, we will specifically assess "go/no go" to ensure we remain properly focused and successful.

Phase 1 (Test It) allowed us to focus a few pilots on different capabilities for testing and risk assessment/buy-down. We had three cloud pilots focused on different kinds of capabilities, technologies, and processes. We had a pilot that determined if commercial cloud operating models would work on our business/admin systems. We had a pilot to determine how cloud controllers did/didn't work with graphical processor units vice CPUs. And, we also did some work on data clouds for big analytics.

We're in the Prove It phase now. This phase is designed to put an enterprise-class capability on the floor. It has specific technology activities combined with many "governance-like" activities such as standard products, applications inventories, and policy development. We actually are pursuing two distinct commodity clouds: one supports business, administrative, and enterprise systems and the other supports NRO unique mission needs. Each is implementing a different cloud controller and we intend to prove necessary federation in this area. We are maintaining work on the high performance, GPU cloud. It's turned out to be sufficiently different from the commodity cloud. Our data work is proceeding along a slower pace internally while we examine potential leverage points across the Intelligence Community for smart data.

Assuming success in the Prove It phase, we intend to scale the current work for broader success. It will take a few years. We have a lot of program alignment to do in the Use It phase. Deciding which applications migrate when is likely to be a combination of those that are ready and those that are facing a major recap/refresh anyway.

Our path - as you can see - is pragmatic and methodical; we will take time to gauge our progress each year by properly measuring and analyzing results along the way. For some, our path is shockingly slow. For others, it's ridiculously rapid. We think we've built a strategy that can respond to both views - allowing those applications/capabilities that need more time, to take the time they need.

In summary, you have to plan your path so you can achieve real, practical results. You have to identify the top issues that might impede your cloud success. Within your organization, you'll need to develop plans to overcome the issues while continuing to make progress. Don't underestimate the cultural forces at work. Some members of your workforce may be hoping this new technology will just go away. Moreover, if you try to move to cloud but you don't tackle your business processes currently in place, it will be hard to achieve success. You can't deliver in hours or days if your culture is used to working things in months and years.

More Stories By Jill Tummler Singer

Jill Tummler Singer is CIO for the National Reconnaissance Office (NRO)- which as part of the 16-member Intelligence Community plays a primary role in achieving information superiority for the U.S. Government and Armed Forces. A DoD agency, the NRO is staffed by DoD and CIA personnel. It is funded through the National Reconnaissance Program, part of the National Foreign Intelligence Program.

Prior to joining the NRO, Singer was Deputy CIO at the Central Intelligence Agency (CIA), where she was responsible for ensuring CIA had the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, she served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Singer has served in several senior leadership positions within the Federal Government. She was the head of Systems Engineering, Architecture, and Planning for CIA's global infrastructure organization. She served as the Director of Architecture and Implementation for the Intelligence Community CIO and pioneered the technology and management concepts that are the basis for multi-agency secure collaboration. She also served within CIA’s Directorate of Science and Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta Chakraborty, Chief Customer Officer at Ayasdi, provided a tactical framework to become a truly intelligent enterprise, including how to identify the right applications for AI, how to build a Center of Excellence to oper...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...