Click here to close now.

Welcome!

Cloud Expo Authors: Lori MacVittie, Yeshim Deniz, Carmen Gonzalez, Liz McMillan, Esmeralda Swartz

Related Topics: Cloud Expo, Microservices Journal, Virtualization

Cloud Expo: Article

Riding the Enterprise Cloud Computing Wave of Change into the Future

Plan your path so you can achieve real, practical results

The term cloud computing was first coined in 2007. Enterprise Cloud Computing seems to have emerged as a term in 2009. It's now 2012 and many are trying to ride the wave of Enterprise cloud computing or private cloud into the future. In a short four years, we've seen this phenomena of cloud permeate everything. Some question its validity as a technology and a term. If you look at the Gartner hype curve, the mere questioning of cloud can be considered validation. The abbreviated Gartner curve shows the rapid progress of cloud and private cloud from term introduction to the "peak of inflated expectations." We're about to dive down into the dreaded "trough of disillusionment." Maybe the skeptics are already there. Or maybe, cloud will jump from its current holding spot over to the "slope of enlightenment" without spending (measureable) time in the trough. I'll look forward to the Gartner curve update in 2012.

Why do I think it's possible to skip the trough of disillusionment? Some key reasons were covered in my first talk at Cloud Expo back in 2009. Cloud computing is, simply stated, the next generation of IT architecture. We've been moving to the cloud for the past several years through virtualization, improved enterprise management systems, high-speed global networks, wireless access devices, and so forth. It's a lot less of a revolution and a lot more of an evolution. The ubiquitous, white fluffy physical representation of "cloud" caused much of the initial skepticism, I think. Now, people are comfortable with the word cloud and marketers have found innovative, successful ways to connect the features and benefits for the average technology user.

Enterprises cite many reasons for cloud adoption. This survey from December 2010 highlights reduced CAPEX and OPEX combined with speed and agility as key advantages for federal organizations. The survey results from the federal space mirror the survey answers across all industries. Tough economic challenges over the past few years have catapulted cloud providers to the top of the IT company lists.

A contrasting survey from Meritalk focused on the issues and concerns for cloud. The survey highlighted three key challenges for cloud adoption in the federal space: security, culture, and budget. Our experiences at NRO mimic the survey results. I want to walk through these top three challenges with a focus on practical strategies for reducing barriers to cloud success.

Number One: Security
The number one issue on the Meritalk survey - and many other surveys - is security in the cloud. The myth is that cloud computing is less secure. I recently co-authored a paper for AFCEA with Jamie Dos Santos, President of Terremark Federal. We identified three areas contributing to the myth the cloud is less secure.

  1. The cloud is like fog and the company/organization can't see clearly into what's happening, as a result, security seems compromised. You don't trust what you can't easily see.
  2. The cloud vendors are making the technical decisions/standards and we, as customers, are losing control. We're forced to take what they give us and the inability to demand certain requirements is translated into lack of security.
  3. The cloud is, by nature and characteristic, always changing. My IT workforce is already overwhelmed and they will never be able to keep up with something that changes all the time; it can never be considered secure if my team can't keep up.

In our research - which included touch points with industry, government, and academia - what we actually found is that recent trends in cloud computing demonstrate the architecture has matured and offers distinct advantages for cyber security defense.

The three countering reasons it can be more secure are:

  1. Visibility. The cloud offers you many points of measurement and instrumentation - at every layer of the IT stack. You can use the metrics to improve the overall knowledge of the cloud and gain valuable insights not achievable previously. Using this knowledge, you can improve the overall security posture of the cloud. It takes a commitment to analysis and review but the results are significantly better than today's insights. Knowing vulnerabilities is necessary before you can mitigate them.
  2. Collaboration. We found new and improved public-private partnerships forming to protect national interests, lift the "fog," and change relationships between providers and customers. Knowledge of cyber events is passing between corporations and government entities faster than ever before and new security solutions are emerging to protect all information in clouds from malicious or suspicious events. Industry recognizes data protection is as important as reputation protection. One smear can ruin the company.
  3. Workforce Enrichment. We also found cloud computing is highlighting our need for a workforce that bridges the IT and Information Assurance fields. In the past, we've often segmented work into IT or IA; we need to drive academic and job-training programs to blend the skills for maximum advantage with cloud. This will allow a workforce that skillfully uses measurement and analysis tools to bring better security to the cloud.

Back to the Meritalk survey: The number two issue highlighted by Meritalk was Culture.
Gartner's Cloud outlook for 2011 hit upon three cultural changes for the enterprise: (1) using the Cloud can facilitate smaller and shorter projects; (2) the tools used in cloud projects will be more open source and less costly; and (3) to take advantage, companies will be seeking younger talent more familiar with the new tools. The result - as depicted in this picture - is a happy, blended, workforce. But, be careful. Your organization probably includes IT folks representing a diversity of ages and skill sets. You can't just bring in a new workforce and sweep the current one under a rug. Managing the cultural change in your people, your processes, and your technology will improve your overall success rate. Let's talk about those three areas of culture change.

First, let's talk People: You may need a new set of IT professionals but you have a legacy team in place now. You will need to successfully merge your legacy and new workforces to have a high performing blend of talent for the future. If you have legacy team members with a lot of time in your IT program but without a lot of interest in learning the nitty-gritty of the cloud controller, you might consider repurposing or refocusing those team members to fill gaps in other IT areas. For example, we never seem to have enough people to analyze advanced persistent threats and cyber vectors. A company might use its experienced team members to oversee the analysis of the many new data points you get with the cloud. Or, a company might use its experienced team members as customer liaison specialists for technical customer engagement or innovation. Whatever your existing resources, you'll need to make sure the legacy team can get on board with the changes; a mass replacement is not likely to breed success. A lucrative merger of your legacy and new workforces can create the high performing blend you need.

The second cultural area to address is process. It's another legacy you'll have to change for cloud to reap its benefits. You don't need a special purpose infrastructure for each application. Each application doesn't have to build a vertical stovepipe for success. Instead, you will need strict adherence to standards so your infrastructure can scale quickly and efficiently. Your engineering talent doesn't have to spend tons of time in engineering review board meetings or configuration control meetings. By reducing the complexity in the baseline, your engineers can focus on delivering new capabilities higher in the stack that provide greater unique value to your company. You can change your software lifecycle from months to weeks (or less) when you get the infrastructure lifecycle out of the way. Platform as a Service and Infrastructure as a Service require fairly rigid standardization to be a true cloud - anytime, anywhere, elastic capacity on demand. If you don't force the rigid standardization in the lower layers of the IT stack, you are likely to see custom builds creep back into your environment. Customized solutions will, generally speaking, elongate your delivery cycle. Cumbersome, slow, and expensive processes will return and reverse your efficiency gains.

The third area of culture change that will occur with Cloud is in the technology area. Smart choices here will help you turn your server huggers into cloud lovers. First, don't attempt to migrate everything to cloud up front - if ever. Cloud is the latest generation of IT architecture but that doesn't mean cloud works for all. You should start with low hanging fruit - those capabilities ready and ripe for a cloud world - and work your way up the tree to harder, more resistant capabilities. Use cloud as a means of improving your technology curve for certification and accreditation. Once you've certified the cloud infrastructure, the applications are less tethered and become both faster and more innovative. Finally, as your workforce clamors for more access via consumer devices, use cloud migration to securely support that access.

Let's return to the Meritalk survey to discuss its third key issue. Remember we've talked about the first two issues: security and culture. The third issue is budget. This figure provides three perspectives. Lockheed Martin recognizes that most savings will be in your labor, which means IT resources will need to be repurposed or removed to achieve great savings. Another view, from AF GEN Spano, noted that moving to cloud - solely to save money - may not be the right approach. And, Booz Allen noted the path to savings is based on several factors. If your primary driver for cloud is to save money, make sure you're realistic about what it will take to achieve that goal. CapEx savings might be realized but the bulk of savings will be from OpEx reductions.

A key take-away from the Meritalk survey is that you need to spend time planning your cloud implementation. It's not something you just wake up, decide to do, and then leap right in. Timing and planning are critical to success. The wave and surfing analogy fits well. You don't just jump into the water with a board and ride the perfect wave. You need a process: paddle out, position yourself, survey the oncoming waves, pick the wave that best corresponds to your position, and paddle like mad to stay right in front of that wave to catch the perfect ride.

This graphic represents a potential 9-step plan for cloud deployment. It's just an example. Regardless of the roadmap you use, the first step is a rational approach that will work in your specific environment.

At the NRO, we've spent the past 18 months developing our IT strategy and roadmap. We've determined a private cloud followed by a hybrid cloud (private/community, with the Intelligence Community) will be our delivery model. We'll focus on infrastructure and platform as services first and then move to Software as a service. Our strategy also highlights the need to look beyond the technology of cloud. Understanding the roles and responsibilities between the ISP and ASPs is also being worked out. In our organization, a lot of development is done by general defense contractors. Making sure we know exactly what the ISP must provide and what the ASPs are responsible for is paramount for rapid problem identification and resolution. Acquisition models need to be planned. For us, we needed to understand if it was going to be:

  • GO GO: government owned and government operated;
  • GO CO: government owned and contractor operated; or
  • CO CO: contractor owned and contractor operated.

It may seem simple to you but the complex relationships between the government and our contractor base made this analysis "not simple" for us.

And, we decided to implement and migrate in four phases: test it, prove it, use it, then exploit it. We're currently in the Prove It Phase. At each phase, we will specifically assess "go/no go" to ensure we remain properly focused and successful.

Phase 1 (Test It) allowed us to focus a few pilots on different capabilities for testing and risk assessment/buy-down. We had three cloud pilots focused on different kinds of capabilities, technologies, and processes. We had a pilot that determined if commercial cloud operating models would work on our business/admin systems. We had a pilot to determine how cloud controllers did/didn't work with graphical processor units vice CPUs. And, we also did some work on data clouds for big analytics.

We're in the Prove It phase now. This phase is designed to put an enterprise-class capability on the floor. It has specific technology activities combined with many "governance-like" activities such as standard products, applications inventories, and policy development. We actually are pursuing two distinct commodity clouds: one supports business, administrative, and enterprise systems and the other supports NRO unique mission needs. Each is implementing a different cloud controller and we intend to prove necessary federation in this area. We are maintaining work on the high performance, GPU cloud. It's turned out to be sufficiently different from the commodity cloud. Our data work is proceeding along a slower pace internally while we examine potential leverage points across the Intelligence Community for smart data.

Assuming success in the Prove It phase, we intend to scale the current work for broader success. It will take a few years. We have a lot of program alignment to do in the Use It phase. Deciding which applications migrate when is likely to be a combination of those that are ready and those that are facing a major recap/refresh anyway.

Our path - as you can see - is pragmatic and methodical; we will take time to gauge our progress each year by properly measuring and analyzing results along the way. For some, our path is shockingly slow. For others, it's ridiculously rapid. We think we've built a strategy that can respond to both views - allowing those applications/capabilities that need more time, to take the time they need.

In summary, you have to plan your path so you can achieve real, practical results. You have to identify the top issues that might impede your cloud success. Within your organization, you'll need to develop plans to overcome the issues while continuing to make progress. Don't underestimate the cultural forces at work. Some members of your workforce may be hoping this new technology will just go away. Moreover, if you try to move to cloud but you don't tackle your business processes currently in place, it will be hard to achieve success. You can't deliver in hours or days if your culture is used to working things in months and years.

More Stories By Jill Tummler Singer

Jill Tummler Singer is CIO for the National Reconnaissance Office (NRO)- which as part of the 16-member Intelligence Community plays a primary role in achieving information superiority for the U.S. Government and Armed Forces. A DoD agency, the NRO is staffed by DoD and CIA personnel. It is funded through the National Reconnaissance Program, part of the National Foreign Intelligence Program.

Prior to joining the NRO, Singer was Deputy CIO at the Central Intelligence Agency (CIA), where she was responsible for ensuring CIA had the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, she served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Singer has served in several senior leadership positions within the Federal Government. She was the head of Systems Engineering, Architecture, and Planning for CIA's global infrastructure organization. She served as the Director of Architecture and Implementation for the Intelligence Community CIO and pioneered the technology and management concepts that are the basis for multi-agency secure collaboration. She also served within CIA’s Directorate of Science and Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch ...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable clou...
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in t...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the dat...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, de...
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of ...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at 16th Cloud Expo, Haseeb Budhani, CEO and Co-founder of Soha, will share five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the frict...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists will discuss how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations m...
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what th...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, will discuss how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic...
Deploying and operating cloud technology is difficult and falls outside the core competencies of most organizations. As a result, many on-premises private cloud installations falter, casting doubt on private cloud as a solution in general. Yet private clouds come with a unique set of benefits that continue to drive widespread interest. There must be a better way. This session will give participants a clear roadmap of private cloud implementation challenges and offer actionable ideas for...
SYS-CON Events announced today that AIC, a leading provider of OEM/ODM server and storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. AIC is a leading provider of both standard OTS, off-the-shelf, and OEM/ODM server and storage solutions. With expert in-house design capabilities, validation, manufacturing and production, AIC's broad selection of products are highly flexible and are conf...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
SYS-CON Events announced today that the DevOps Institute has been named “Association Sponsor” of SYS-CON's DevOps Summit, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. The DevOps Institute provides enterprise level training and certification. Working with thought leaders from the DevOps community, the IT Service Management field and the IT training market, the DevOps Institute is setting the standard in quality for DevOps education and training.