Click here to close now.




Welcome!

@CloudExpo Authors: Automic Blog, Nicholas Lee, Ian Khan, SmartBear Blog, Tom Kelly

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Riding the Enterprise Cloud Computing Wave of Change into the Future

Plan your path so you can achieve real, practical results

The term cloud computing was first coined in 2007. Enterprise Cloud Computing seems to have emerged as a term in 2009. It's now 2012 and many are trying to ride the wave of Enterprise cloud computing or private cloud into the future. In a short four years, we've seen this phenomena of cloud permeate everything. Some question its validity as a technology and a term. If you look at the Gartner hype curve, the mere questioning of cloud can be considered validation. The abbreviated Gartner curve shows the rapid progress of cloud and private cloud from term introduction to the "peak of inflated expectations." We're about to dive down into the dreaded "trough of disillusionment." Maybe the skeptics are already there. Or maybe, cloud will jump from its current holding spot over to the "slope of enlightenment" without spending (measureable) time in the trough. I'll look forward to the Gartner curve update in 2012.

Why do I think it's possible to skip the trough of disillusionment? Some key reasons were covered in my first talk at Cloud Expo back in 2009. Cloud computing is, simply stated, the next generation of IT architecture. We've been moving to the cloud for the past several years through virtualization, improved enterprise management systems, high-speed global networks, wireless access devices, and so forth. It's a lot less of a revolution and a lot more of an evolution. The ubiquitous, white fluffy physical representation of "cloud" caused much of the initial skepticism, I think. Now, people are comfortable with the word cloud and marketers have found innovative, successful ways to connect the features and benefits for the average technology user.

Enterprises cite many reasons for cloud adoption. This survey from December 2010 highlights reduced CAPEX and OPEX combined with speed and agility as key advantages for federal organizations. The survey results from the federal space mirror the survey answers across all industries. Tough economic challenges over the past few years have catapulted cloud providers to the top of the IT company lists.

A contrasting survey from Meritalk focused on the issues and concerns for cloud. The survey highlighted three key challenges for cloud adoption in the federal space: security, culture, and budget. Our experiences at NRO mimic the survey results. I want to walk through these top three challenges with a focus on practical strategies for reducing barriers to cloud success.

Number One: Security
The number one issue on the Meritalk survey - and many other surveys - is security in the cloud. The myth is that cloud computing is less secure. I recently co-authored a paper for AFCEA with Jamie Dos Santos, President of Terremark Federal. We identified three areas contributing to the myth the cloud is less secure.

  1. The cloud is like fog and the company/organization can't see clearly into what's happening, as a result, security seems compromised. You don't trust what you can't easily see.
  2. The cloud vendors are making the technical decisions/standards and we, as customers, are losing control. We're forced to take what they give us and the inability to demand certain requirements is translated into lack of security.
  3. The cloud is, by nature and characteristic, always changing. My IT workforce is already overwhelmed and they will never be able to keep up with something that changes all the time; it can never be considered secure if my team can't keep up.

In our research - which included touch points with industry, government, and academia - what we actually found is that recent trends in cloud computing demonstrate the architecture has matured and offers distinct advantages for cyber security defense.

The three countering reasons it can be more secure are:

  1. Visibility. The cloud offers you many points of measurement and instrumentation - at every layer of the IT stack. You can use the metrics to improve the overall knowledge of the cloud and gain valuable insights not achievable previously. Using this knowledge, you can improve the overall security posture of the cloud. It takes a commitment to analysis and review but the results are significantly better than today's insights. Knowing vulnerabilities is necessary before you can mitigate them.
  2. Collaboration. We found new and improved public-private partnerships forming to protect national interests, lift the "fog," and change relationships between providers and customers. Knowledge of cyber events is passing between corporations and government entities faster than ever before and new security solutions are emerging to protect all information in clouds from malicious or suspicious events. Industry recognizes data protection is as important as reputation protection. One smear can ruin the company.
  3. Workforce Enrichment. We also found cloud computing is highlighting our need for a workforce that bridges the IT and Information Assurance fields. In the past, we've often segmented work into IT or IA; we need to drive academic and job-training programs to blend the skills for maximum advantage with cloud. This will allow a workforce that skillfully uses measurement and analysis tools to bring better security to the cloud.

Back to the Meritalk survey: The number two issue highlighted by Meritalk was Culture.
Gartner's Cloud outlook for 2011 hit upon three cultural changes for the enterprise: (1) using the Cloud can facilitate smaller and shorter projects; (2) the tools used in cloud projects will be more open source and less costly; and (3) to take advantage, companies will be seeking younger talent more familiar with the new tools. The result - as depicted in this picture - is a happy, blended, workforce. But, be careful. Your organization probably includes IT folks representing a diversity of ages and skill sets. You can't just bring in a new workforce and sweep the current one under a rug. Managing the cultural change in your people, your processes, and your technology will improve your overall success rate. Let's talk about those three areas of culture change.

First, let's talk People: You may need a new set of IT professionals but you have a legacy team in place now. You will need to successfully merge your legacy and new workforces to have a high performing blend of talent for the future. If you have legacy team members with a lot of time in your IT program but without a lot of interest in learning the nitty-gritty of the cloud controller, you might consider repurposing or refocusing those team members to fill gaps in other IT areas. For example, we never seem to have enough people to analyze advanced persistent threats and cyber vectors. A company might use its experienced team members to oversee the analysis of the many new data points you get with the cloud. Or, a company might use its experienced team members as customer liaison specialists for technical customer engagement or innovation. Whatever your existing resources, you'll need to make sure the legacy team can get on board with the changes; a mass replacement is not likely to breed success. A lucrative merger of your legacy and new workforces can create the high performing blend you need.

The second cultural area to address is process. It's another legacy you'll have to change for cloud to reap its benefits. You don't need a special purpose infrastructure for each application. Each application doesn't have to build a vertical stovepipe for success. Instead, you will need strict adherence to standards so your infrastructure can scale quickly and efficiently. Your engineering talent doesn't have to spend tons of time in engineering review board meetings or configuration control meetings. By reducing the complexity in the baseline, your engineers can focus on delivering new capabilities higher in the stack that provide greater unique value to your company. You can change your software lifecycle from months to weeks (or less) when you get the infrastructure lifecycle out of the way. Platform as a Service and Infrastructure as a Service require fairly rigid standardization to be a true cloud - anytime, anywhere, elastic capacity on demand. If you don't force the rigid standardization in the lower layers of the IT stack, you are likely to see custom builds creep back into your environment. Customized solutions will, generally speaking, elongate your delivery cycle. Cumbersome, slow, and expensive processes will return and reverse your efficiency gains.

The third area of culture change that will occur with Cloud is in the technology area. Smart choices here will help you turn your server huggers into cloud lovers. First, don't attempt to migrate everything to cloud up front - if ever. Cloud is the latest generation of IT architecture but that doesn't mean cloud works for all. You should start with low hanging fruit - those capabilities ready and ripe for a cloud world - and work your way up the tree to harder, more resistant capabilities. Use cloud as a means of improving your technology curve for certification and accreditation. Once you've certified the cloud infrastructure, the applications are less tethered and become both faster and more innovative. Finally, as your workforce clamors for more access via consumer devices, use cloud migration to securely support that access.

Let's return to the Meritalk survey to discuss its third key issue. Remember we've talked about the first two issues: security and culture. The third issue is budget. This figure provides three perspectives. Lockheed Martin recognizes that most savings will be in your labor, which means IT resources will need to be repurposed or removed to achieve great savings. Another view, from AF GEN Spano, noted that moving to cloud - solely to save money - may not be the right approach. And, Booz Allen noted the path to savings is based on several factors. If your primary driver for cloud is to save money, make sure you're realistic about what it will take to achieve that goal. CapEx savings might be realized but the bulk of savings will be from OpEx reductions.

A key take-away from the Meritalk survey is that you need to spend time planning your cloud implementation. It's not something you just wake up, decide to do, and then leap right in. Timing and planning are critical to success. The wave and surfing analogy fits well. You don't just jump into the water with a board and ride the perfect wave. You need a process: paddle out, position yourself, survey the oncoming waves, pick the wave that best corresponds to your position, and paddle like mad to stay right in front of that wave to catch the perfect ride.

This graphic represents a potential 9-step plan for cloud deployment. It's just an example. Regardless of the roadmap you use, the first step is a rational approach that will work in your specific environment.

At the NRO, we've spent the past 18 months developing our IT strategy and roadmap. We've determined a private cloud followed by a hybrid cloud (private/community, with the Intelligence Community) will be our delivery model. We'll focus on infrastructure and platform as services first and then move to Software as a service. Our strategy also highlights the need to look beyond the technology of cloud. Understanding the roles and responsibilities between the ISP and ASPs is also being worked out. In our organization, a lot of development is done by general defense contractors. Making sure we know exactly what the ISP must provide and what the ASPs are responsible for is paramount for rapid problem identification and resolution. Acquisition models need to be planned. For us, we needed to understand if it was going to be:

  • GO GO: government owned and government operated;
  • GO CO: government owned and contractor operated; or
  • CO CO: contractor owned and contractor operated.

It may seem simple to you but the complex relationships between the government and our contractor base made this analysis "not simple" for us.

And, we decided to implement and migrate in four phases: test it, prove it, use it, then exploit it. We're currently in the Prove It Phase. At each phase, we will specifically assess "go/no go" to ensure we remain properly focused and successful.

Phase 1 (Test It) allowed us to focus a few pilots on different capabilities for testing and risk assessment/buy-down. We had three cloud pilots focused on different kinds of capabilities, technologies, and processes. We had a pilot that determined if commercial cloud operating models would work on our business/admin systems. We had a pilot to determine how cloud controllers did/didn't work with graphical processor units vice CPUs. And, we also did some work on data clouds for big analytics.

We're in the Prove It phase now. This phase is designed to put an enterprise-class capability on the floor. It has specific technology activities combined with many "governance-like" activities such as standard products, applications inventories, and policy development. We actually are pursuing two distinct commodity clouds: one supports business, administrative, and enterprise systems and the other supports NRO unique mission needs. Each is implementing a different cloud controller and we intend to prove necessary federation in this area. We are maintaining work on the high performance, GPU cloud. It's turned out to be sufficiently different from the commodity cloud. Our data work is proceeding along a slower pace internally while we examine potential leverage points across the Intelligence Community for smart data.

Assuming success in the Prove It phase, we intend to scale the current work for broader success. It will take a few years. We have a lot of program alignment to do in the Use It phase. Deciding which applications migrate when is likely to be a combination of those that are ready and those that are facing a major recap/refresh anyway.

Our path - as you can see - is pragmatic and methodical; we will take time to gauge our progress each year by properly measuring and analyzing results along the way. For some, our path is shockingly slow. For others, it's ridiculously rapid. We think we've built a strategy that can respond to both views - allowing those applications/capabilities that need more time, to take the time they need.

In summary, you have to plan your path so you can achieve real, practical results. You have to identify the top issues that might impede your cloud success. Within your organization, you'll need to develop plans to overcome the issues while continuing to make progress. Don't underestimate the cultural forces at work. Some members of your workforce may be hoping this new technology will just go away. Moreover, if you try to move to cloud but you don't tackle your business processes currently in place, it will be hard to achieve success. You can't deliver in hours or days if your culture is used to working things in months and years.

More Stories By Jill Tummler Singer

Jill Tummler Singer is CIO for the National Reconnaissance Office (NRO)- which as part of the 16-member Intelligence Community plays a primary role in achieving information superiority for the U.S. Government and Armed Forces. A DoD agency, the NRO is staffed by DoD and CIA personnel. It is funded through the National Reconnaissance Program, part of the National Foreign Intelligence Program.

Prior to joining the NRO, Singer was Deputy CIO at the Central Intelligence Agency (CIA), where she was responsible for ensuring CIA had the information, technology, and infrastructure necessary to effectively execute its missions. Prior to her appointment as Deputy CIO, she served as the Director of the Diplomatic Telecommunications Service (DTS), United States Department of State, and was responsible for global network services to US foreign missions.

Singer has served in several senior leadership positions within the Federal Government. She was the head of Systems Engineering, Architecture, and Planning for CIA's global infrastructure organization. She served as the Director of Architecture and Implementation for the Intelligence Community CIO and pioneered the technology and management concepts that are the basis for multi-agency secure collaboration. She also served within CIA’s Directorate of Science and Technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
As someone who has been dedicated to automation and Application Release Automation (ARA) technology for almost six years now, one of the most common questions I get asked regards Platform-as-a-Service (PaaS). Specifically, people want to know whether release automation is still needed when a PaaS is in place, and why. Isn't that what a PaaS provides? A solution to the deployment and runtime challenges of an application? Why would anyone using a PaaS then need an automation engine with workflow ...
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Father business cycles and digital consumers are forcing enterprises to respond faster to customer needs and competitive demands. Successful integration of DevOps and Agile development will be key for business success in today’s digital economy. In his session at DevOps Summit, Pradeep Prabhu, Co-Founder & CEO of Cloudmunch, covered the critical practices that enterprises should consider to seamlessly integrate Agile and DevOps processes, barriers to implementing this in the enterprise, and pr...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
In most cases, it is convenient to have some human interaction with a web (micro-)service, no matter how small it is. A traditional approach would be to create an HTTP interface, where user requests will be dispatched and HTML/CSS pages must be served. This approach is indeed very traditional for a web site, but not really convenient for a web service, which is not intended to be good looking, 24x7 up and running and UX-optimized. Instead, talking to a web service in a chat-bot mode would be muc...
It's easy to assume that your app will run on a fast and reliable network. The reality for your app's users, though, is often a slow, unreliable network with spotty coverage. What happens when the network doesn't work, or when the device is in airplane mode? You get unhappy, frustrated users. An offline-first app is an app that works, without error, when there is no network connection.
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
SYS-CON Events announced today that AppNeta, the leader in performance insight for business-critical web applications, will exhibit and present at SYS-CON's @DevOpsSummit at Cloud Expo New York, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. AppNeta is the only application performance monitoring (APM) company to provide solutions for all applications – applications you develop internally, business-critical SaaS applications you use and the networks that deli...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
Advances in technology and ubiquitous connectivity have made the utilization of a dispersed workforce more common. Whether that remote team is located across the street or country, management styles/ approaches will have to be adjusted to accommodate this new dynamic. In his session at 17th Cloud Expo, Sagi Brody, Chief Technology Officer at Webair Internet Development Inc., focused on the challenges of managing remote teams, providing real-world examples that demonstrate what works and what do...
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry's single source for the cloud. Fusion's advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.