Cloud Computing Readings INFS6000

Cloud computing
Defined
http://www.networkworld.com/supp/2009/ndc3/051809-cloud-faq.html bookmark
http://cloudcomputing.sys-con.com/node/612375 bookmark
http://www.networkworld.com/newsletters/frame/2010/021510wan1.html?
source=NWWNLE_nlt_wan_2010-02-16 bookmark
Are we there yet?

http://www.networkworld.com/community/node/57300?
source=NWWNLE_nlt_cloud_security_2010-02-09 bookmark
http://www.networkworld.com/news/2010/012510-cloud-storage-hype.html?
Security
http://www.infoworld.com/d/security-central/it-pros-divided-about-security-virtualization-
cloud-computing-439?source=IFWNLE_nlt_sec_2010-02-22 bookmark
http://www.networkworld.com/news/2010/030410-rsa--ciso-cloud-security.html?
source=NWWNLE_nlt_daily_pm_2010-03-05 bookmark
http://www.infoworld.com/d/cloud-computing/cloud-securitys-pr-problem-shouldnt-be-
shrugged-776?source=IFWNLE_nlt_sec_2010-04-27 bookmark
Costs and Benefits

http://www.infoworld.com/d/cloud-computing/how-gauge-cloud-computing-performance-
722?page=0,0&source=IFWNLE_nlt_cloud_2010-02-01 bookmark
http://www.infoworld.com/d/cloud-computing/3-cloud-computing-mistakes-you-can-avoid-
today-895?page=0,0&source=IFWNLE_nlt_cloud_2010-03-15 bookmark
http://www.networkworld.com/news/2011/041111-what-the-cloud-really-costs.html?
Filename:59718617.doc Return to Index of Articles Page:1 of 29

This story appeared on Network World at
http://www.networkworld.com/supp/2009/ndc3/051809-cloud-faq.html
FAQ: Cloud computing, demystified
What is cloud computing, and can it be trusted? Key questions answered
By Jon Brodkin, Network World
May 18, 2009 12:03 AM ET
Everyone in the IT industry is talking about cloud computing, but there is still confusion about what the cloud is,
how it should be used and what problems and challenges it might introduce. This FAQ will answer some of the key
questions enterprises are asking about cloud computing.
What is cloud computing?
Gartner defines cloud computing as "a style of computing in which massively scalable IT-related capabilities are
provided 'as a service' using Internet technologies to multiple external customers." Beyond the Gartner definition,
clouds are marked by self-service interfaces that let customers acquire resources at any time and get rid of them the
instant they are no longer needed.
The cloud is not really a technology by itself. Rather, it is an approach to building IT services that harnesses the
rapidly increasing horsepower of servers as well as virtualization technologies that combine many servers into large
computing pools and divide single servers into multiple virtual machines that can be spun up and powered down at
will.
How is cloud computing different from utility, on-demand and grid computing?
Cloud by its nature is "on-demand" and includes attributes previously associated with utility and grid models. Grid
computing is the ability to harness large collections of independent compute resources to perform large tasks, and
utility is metered consumption of IT services, says Kristof Kloeckner, the cloud computing software chief at IBM.
The coming together of these attributes is making the cloud today's most "exciting IT delivery paradigm," he says.
Fundamentally, the phrase cloud computing is interchangeable with utility computing, says Nicholas Carr, author of
"The Big Switch" and "Does IT Matter?" The word "cloud" doesn't really communicate what cloud computing is,
while the word "utility" at least offers a real-world analogy, he says. "However you want to deal with the semantics,
I think grid computing, utility computing and cloud computing are all part of the same trend," Carr says.
Carr is not alone in thinking cloud is not the best word to describe today's transition to Web-based IT delivery
models. For the enterprise, cloud computing might best be viewed as a series of "online business services," says IDC
analyst Frank Gens.
What is a public cloud?
Naturally, a public cloud is a service that anyone can tap into with a network connection and a credit card. "Public
clouds are shared infrastructures with pay-as-you-go economics," explains Forrester analyst James Staten in an April
report. "Public clouds are easily accessible, multitenant virtualized infrastructures that are managed via a self-service
portal."
What is a private cloud?
A private cloud attempts to mimic the delivery models of public cloud vendors but does so entirely within the
firewall for the benefit of an enterprise's users. A private cloud would be highly virtualized, stringing together mass
quantities of IT infrastructure into one or a few easily managed logical resource pools.
Like public clouds, delivery of private cloud services would typically be done through a Web interface with self-
service and chargeback attributes. "Private clouds give you many of the benefits of cloud computing, but it's
privately owned and managed, the access may be limited to your own enterprise or a section of your value chain,"
Kloeckner says. "It does drive efficiency, it does force standardization and best practices."
The largest enterprises are interested in private clouds because public clouds are not yet scalable and reliable enough
to justify transferring all of their IT resources to cloud vendors, Carr says.
"A lot of this is a scale game," Carr says. "If you're General Electric, you've got an enormous amount of IT scale
within your own company. And at this stage the smart thing for you to do is probably to rebuild your own internal IT
around a cloud architecture because the public cloud isn't of a scale at this point and of a reliability and everything
where GE could say 'we're closing down all our data centers and moving to the cloud.'"
Is cloud computing the same as software-as-a-service?
You might say software-as-a-service kicked off the whole push toward cloud computing by demonstrating that IT
services could be easily made available over the Web. While SaaS vendors originally did not use the word cloud to
describe their offerings, analysts now consider SaaS to be one of several subsets of the cloud computing market.

What types of services are available via the cloud computing model?
Public cloud services are breaking down into three broad categories: software-as-a-service, infrastructure-as-a-
service, and platform-as-a-service. SaaS is well known and consists of software applications delivered over the Web.
Infrastructure-as-a-service refers to remotely accessible server and storage capacity, while platform-as-a-service is a
compute-and-software platform that lets developers build and deploy Web applications on a hosted infrastructure.
How do vendors charge for these services?
SaaS vendors have long boasted of selling software on a pay-as-you-go, as-needed basis, preventing the kind of
lock-in inherent in long-term licensing deals for on-premises software. Cloud infrastructure providers like Amazon
are doing the same. For example, Amazon's Elastic Compute Cloud charges for per-hour usage of virtualized server
capacity. A small Linux server costs 10 cents an hour, while the largest Windows server costs $1.20 an hour.
Storage clouds are priced similarly. Nirvanix's cloud storage platform has prices starting at 25 cents per gigabyte of
storage each month, with additional charges for each upload and download.
What types of applications can run in the cloud?
Technically, you can put any application in the cloud. But that doesn't mean it's a good idea. For example, there's
little reason to run a desktop disk defragmentation or systems analysis tool in the cloud, because you want the
application sitting on the desktop, dedicated to the system with little to no latency, says Pund-IT analyst Charles
King.
More importantly, regulatory and compliance concerns prevent enterprises from putting certain applications in the
cloud, particularly those involving sensitive customer data.
IDC surveys show the top uses of the cloud as being IT management, collaboration, personal and business
applications, application development and deployment, and server and storage capacity.
Can applications move from one cloud to another?
Yes, but that doesn't mean it will be easy. Services have popped up to move applications from one cloud platform to
another (such as from Amazon to GoGrid) and from internal data centers to the cloud. But going forward, cloud
vendors will have to adopt standards-based technologies in order to ensure true interoperability, according to several
industry groups. The recently released "Open Cloud Manifesto" supports interoperability of data and applications,
while the Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities
work seamlessly together. The goal is to move applications from one cloud to another without having to rewrite
them.
How does traditional software licensing apply in the cloud world?
Vendors and customers alike are struggling with the question of how software licensing policies should be adapted
to the cloud. Packaged software vendors require up-front payments, and make customers pay for 100% of the
software's capabilities even if they use only 25% or 50%, Gens says. This model does not take advantage of the
flexibility of cloud services.
Oracle and IBM have devised equivalency tables that explain how their software is licensed for the Amazon cloud,
but most observers seem to agree that software vendors haven't done enough to adapt their licensing to the cloud.
The financial services company ING, which is examining many cloud services, has cited licensing as its biggest
concern. "I haven't seen any vendor with flexibility in software licensing to match the flexibility of cloud providers,"
says ING's Alan Boehme, the company's senior vice president and head of IT strategy and enterprise architecture.
"This is a tough one because it's a business model change. … It could take quite some time."
What types of service-level agreements are cloud vendors providing?
Cloud vendors typically guarantee at least 99% uptime, but the ways in which that is calculated and enforced differ
significantly. Amazon EC2 promises to make "commercially reasonable efforts" to ensure 99.95% uptime. But
uptime is calculated on a yearly basis, so if Amazon falls below that percentage for just a week or a month, there's
no penalty or service credit.
GoGrid promises 100% uptime in its SLA. But as any lawyer points out, you have to pay attention to the legalese.
GoGrid's SLA includes this difficult-to-interpret phrase: "Individual servers will deliver 100% uptime as monitored
within the GoGrid network by GoGrid monitoring systems. Only failures due to known GoGrid problems in the
hardware and hypervisor layers delivering individual servers constitute failures and so are not covered by this SLA."
Attorney David Snead, who recently spoke about legal issues in cloud computing at Sys-Con's Cloud Computing
Conference & Expo in New York City, says Amazon has significant downtime but makes it difficult for customers
to obtain service credits.
"Amazon won't stand behind its product," Snead said. "The reality is, they're not making any guarantees."
How can I make sure my data is safe?
Data safety in the cloud is not a trivial concern. Online storage vendors such as The Linkup and Carbonite have lost
data, and were unable to recover it for customers. Secondly, there is the danger that sensitive data could fall into the

wrong hands. Before signing up with any cloud vendor, customers should demand information about data security
practices, scrutinize SLAs, and make sure they have the ability to encrypt data both in transit and at rest.
How can I make sure that my applications run with the same level of performance if I go with a cloud
vendor?
Before choosing a cloud vendor, do your due diligence by examining the SLA to understand what it guarantees and
what it doesn't, and scour through any publicly accessible availability data. Amazon, for example, maintains a
"Service Health Dashboard" that shows current and historical uptime status of its various services.
There will always be some network latency with a cloud service, possibly making it slower than an application that
runs in your local data center. But a new crop of third-party vendors are building services on top of the cloud to
make sure applications can scale and perform well, such as RightScale.
By and large, the performance hit related to latency "is pretty negligible these days," RightScale CTO Thorsten von
Eicken. The largest enterprises are distributed throughout the country or world, he notes, so many users will
experience a latency-caused performance hit whether an application is running in the cloud or in the corporate data
center.
Return to Index of Articles
• Mobility: The explosion of mobile devices has created a new set of challenges for IT
execs.
• Pack rat nation: How companies are coping with the escalating problem of data
storage
• Best of NDC: from tools in use to strategies in play
• The virtual spectrum: How virtualization is coloring your world
• Blazin’ apps: How to optimize for great end-to-end performance
• The next stop for storage: a travel guide to the latest developments
Read more about data center in Network World's Data Center section.
All contents copyright 1995-2011 Network World, Inc. http://www.networkworld.com

Close Window
Print Story
Twenty-One Experts Define Cloud Computing
It is the infrastructural paradigm shift that is sweeping across the Enterprise IT world,
but how is it best defined? I refer of course to 'Cloud Computing' - the phenomenon that
currently has as many definitions as there are squares on a chess-board. To try and
narrow it down we bring here a round-up of some recent attempts to bring welcome
precision where there risks being unnecessary vagueness. Enjoy!
"What is cloud computing all about? Amazon has coined the word “elasticity” which
gives a good idea about the key features: you can scale your infrastructure on demand
within minutes or even seconds, instead of days or weeks, thereby avoiding under-
utilization (idle servers) and over-utilization (blue screen) of in-house resources. With
monitoring and increasing automation of resource provisioning we might one day wake
up in a world where we don’t have to care about scaling our Web applications because
they can do it alone."
-Markus Klems
"For me the simplest explanation for cloud computing is describing it as, 'internet centric software.' This new cloud
computing software model is a shift from the traditional single tenant approach to software development to that of a
scalable, multi-tenant, multi-platform, multi-network, and global. This could be as simple as your web based email
service or as complex as a globally distributed load balanced content delivery environment.
I think drawing a distinction on whether its, PaaS, SaaS, HaaS is completely secondary, ultimately all these
approaches are attempting to solve the same problems (scale). As software transitions from a traditional desktop
deployment model to that of a network & data centric one, "the cloud" will be the key way in which you develop,
deploy and manage applications in this new computing paradigm."
- Reuven Cohen
"I view cloud computing as a broad array of web-based services aimed at allowing users to obtain a wide range of
functional capabilities on a 'pay-as-you-go' basis that previously required tremendous hardware/software
investments and professional skills to acquire. Cloud computing is the realization of the earlier ideals of utility
computing without the technical complexities or complicated deployment worries."
- Jeff Kaplan
"People are coming to grips with Virtualization and how it reshapes IT, creates service and software based models,
and in many ways changes a lot of the physical layer we are used to. Clouds will be the next transformation over the
next several years, building off of the software models that virtualization enabled."
- Douglas Gourlay
"The way I understand it, “cloud computing” refers to the bigger picture…basically the broad concept of using the
internet to allow people to access technology-enabled services. According to Gartner, those services must be
'massively scalable' to qualify as true 'cloud computing'. So according to that definition, every time I log into
Facebook, or search for flights online, I am taking advantage of cloud computing."
- Praising Gaw
See next page for definitions from Damon Edwards, Brian de Haaff, Kirill Sheynkman, Ben Kepes, Omar
Sultan, Kevin Hartig, and Yan Pritzker
See final page for for definitions from Trevor Doerksen, Thorsten von Eicken, Paul Wallis, Michael Sheehan,
Don Dodge, Aaron Ricadela, Bill Martin, Ben Kepes and Irving Wladwasky Berger.
"The “Cloud” concept is finally wrapping peoples’ minds around what is possible when you leverage web-scale
infrastructure (application and physical) in an on-demand way. “Managed Services”, “ASP”, “Grid Computing”,
“Software as a Service”, “Platform as a Service”, “Anything as a Service”… all terms that couldn’t get it done. Call
it a “Cloud” and everyone goes bonkers. Go figure."
- Damon Edwards
"There sure is a lot of confusion when it comes to talking about cloud computing. Yet, it does not need to be so
complicated. There really are only three types of services that are cloud based: SaaS, PaaS, and Cloud Computing
Platforms. I am not sure being massively scalable is a requirement to fit into any one category."
- Brian de Haaff

"SaaS is one consumer facing usage of cloud computing. While it's something of a semantic discussion it is
important for people inside to have an understanding of what it all means. Put simply cloud computing is the
infrastructural paradigm shift that enables the ascension of SaaS."
- Ben Kepes
"The 'cloud' model initially has focused on making the hardware layer consumable as on-demand compute and
storage capacity. This is an important first step, but for companies to harness the power of the cloud, complete
application infrastructure needs to be easily configured, deployed, dynamically-scaled and managed in these
virtualized hardware environments."
- Kirill Sheynkman
"I was chatting with a customer the other day who was struggling with some of the implications of cloud computing.
The analogy that finally made sense to them is what I will call 'cloud dining.' I am the cook in the house and I am
tasked with feeding the family. If my 10-year old is lobbying for Italian, I am cook at home or order out. The
decision may also vary from day to day. For instance, I might not have all the ingredients and have to order out, or,
like this weekend, it may be 103 outside and cooking at home is not all that appealing. Now, the same can be said
for supporting a given application in a cloud computing environment.
In a fully implemented Data Center 3.0 environment, you can decide if an app is run locally (cook at home), in
someone else’s data center (take-out) and you can change your mind on the fly in case you are short on data center
resources (pantry is empty) or you having environmental/facilities issues (too hot to cook). In fact, with automation,
a lot of this can can be done with policy and real-time triggers. For example, during month end processing, you
might always shift non-critical apps offsite, or if you pass a certain cooling threshold, you might ship certain
processing offsite."
- Omar Sultan
"Cloud computing overlaps some of the concepts of distributed, grid and utility computing, however it does have its
own meaning if contextually used correctly. Cloud computing really is accessing resources and services needed to
perform functions with dynamically changing needs. An application or service developer requests access from the
cloud rather than a specific endpoint or named resource. What goes on in the cloud manages multiple infrastructures
across multiple organizations and consists of one or more frameworks overlaid on top of the infrastructures tying
them together. The cloud is a virtualization of resources that maintains and manages itself."
- Kevin Hartig
"Clouds are vast resource pools with on-demand resource allocation. The degree of on-demandness can vary
from phone calls to web forms to actual APIs that directly requisition servers. I tend to consider slow forms of
requisitioning to be more like traditional datacenters, and the quicker ones to be more cloudy. A public facing API is
a must for true clouds.
Clouds are virtualized. On-demand requisitioning implies the ability to dynamically resize resource allocation or
moving customers from one physical server to another transparently. This is all difficult or impossible without
virtualization.
Clouds tend to be priced like utilities (hourly, rather than per-resource), and I think we’ll see this model catching
on more and more as computing resources become as cheap and ubiquitous as water, electricity, and gas (well,
maybe not gas). However, I think this is a trend, not a requirement. You can certainly have clouds that are priced
like pizza, per slice."
- Jan Pritzker
See next page for definitions from Trevor Doerksen, Thorsten von Eicken, Paul Wallis, Michael Sheehan, Don
Dodge, Aaron Ricadela, Bill Martin, Ben Kepes and Irving Wladawsky Berger
"Cloud computing is ... the user-friendly version of grid computing."
- Trevor Doerksen
"Most computer savvy folks actually have a pretty good idea of what the term "cloud computing" means:
outsourced, pay-as-you-go, on-demand, somewhere in the Internet, etc."
- Thorsten von Eicken
"In order to discuss some of the issues surrounding The Cloud concept, I think it is important to place it in historical
context. Looking at the Cloud's forerunners, and the problems they encountered, gives us the reference points to
guide us through the challenges it needs to overcome before it is adopted."
- Paul Wallis
"I would like to propose a 'Cloud Pyramid' to help differentiate the various Cloud offerings out there. [At the top of
the pyramind] users are truly restricted to only what the application is and can do. Some of the notable companies
here are the public email providers (Gmail, Hotmail, Quicken Online, etc.). Almost any Software as a Service (SaaS)
provider can be lumped into this group.

As you move further down the pyramid, you gain increased flexibility and control but your a still fairly restricted to
what you can and cannot do. Within this Category things get more complicated to achieve. Products and companies
like Google App Engine, Heroku, Mosso, Engine Yard, Joyent or force.com (SalesForce platform) fall into this
segment.
At the bottom of the pyramid are the infrastructure providers like Amazon’s EC2, GoGrid, RightScale and Linode.
Companies providing infrastructure enable Cloud Platforms and Cloud Applications. Most companies within this
segment operate their own infrastructure, allowing them to provide more features, services and control than others
within the pyramid."
- Michael Sheehan
"The web fanatics and blogosphere would have you believe that all applications will move to the web. Some will,
most will not. Reliability, scalability, security, and a host of other issues will prevent most businesses from moving
their mission critical applications to hosted services or cloud based services. The risk of failure is too great.
Amazon is the leader in cloud based services, but even Amazon has experienced down times for its own business.
Cloud services will continue to improve. But my guess is the uptake will take longer than most people predict."
- Don Dodge
"Today's combination of high-speed networks, sophisticated PC graphics processors, and fast, inexpensive servers
and disk storage has tilted engineers toward housing more computing in data centers. In the earlier part of this
decade, researchers espoused a similar, centralized approach called "grid computing." But cloud computing projects
are more powerful and crash-proof than grid systems developed even in recent years."
- Aaron Ricadela
"When virtualizing applications to be used by people who care nothing about computers or technology - as is mostly
the case with Clouds - the key thing we want to virtualize or hide from the user is complexity. Most people want to
deal with an application or a service, not software. ... The more intelligent we want [computers and computer
applications] to be - that is, intuitive, exhibiting common sense and not making us have to constantly take care of
them - the more smart software it will take. But with cloud computing, our expectation is that all that software will
be virtualized or hidden from us and taken care of by systems and/or professionals that are somewhere else - out
there in The Cloud."
- Irving Wladawsky Berger
"I view cloud computing as a broad array of web-based services aimed at allowing users to obtain a wide range of
functional capabilities on a ‘pay-as-you-go’ basis that previously required tremendous hardware/software
investments and professional skills to acquire. Cloud computing is the realization of the earlier ideals of utility
computing without the technical complexities or complicated deployment worries."
- Ben Kepes
"Cloud computing really comes into focus only when you think about what IT always needs: a way to increase
capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing
new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over
the Internet, extends IT's existing capabilities."
- Bill Martin
© 2008 SYS-CON Media Inc.

Sponsored by:

http://www.networkworld.com/newsletters/frame/2010/021510wan1.html
Private cloud computing is not an oxymoron
Wide Area Networking Alert By Jim Metzler and Steve Taylor, Network World
February 15, 2010 12:04 AM ET
As we pointed out recently, the use of cloud computing services will increase the amount of traffic that transits the
WAN. As IT organizations begin to plan for how they will cope with that additional WAN traffic they face a curious
challenge. That challenge is that there is a lot of ambiguity relative to what IT professionals mean when they use the
phrase cloud computing. With that in mind, we will use this and the next two newsletters to help remove at least
some of that ambiguity.
FAQ: Cloud computing demystified
We have found that when we talk to an IT vendor about cloud computing, many have a somewhat traditional view.
That view is that cloud computing refers to obtaining a solution from a cloud computing service provider such as
Salesforce.com or Rackspace by utilizing the Internet. While enterprise IT professionals have that same view of
what is meant by cloud computing, it is somewhat less common. In fact, we recently gave a survey to 467 IT
professionals.
The survey respondents were given eight possible characteristics of cloud computing and were asked to identify
which of the characteristics were included in their definition of cloud computing. The three characteristics with the
highest recognition were that cloud computing includes Software-as-a-Service (SaaS); cloud computing involves
access to services over the Internet; and that as part of cloud computing, IT organizations can implement cloud
computing concepts inside of their own IT organization.
The survey responses show an interesting balance between the traditional view of cloud computing and a view of
cloud computing that has emerged over the last 18 months. The emerging view, IT organizations can implement
cloud computing concepts inside of their own IT organization, is typically referred to as private cloud computing.
Some purists, however, believe that the phrase private cloud computing is an oxymoron – that cloud computing by
definition implies the use of services provided by a third party. The survey responses indicate that the purists' view
is out of step with how the majority of IT organizations view cloud computing.
In our next newsletter we will identify the goal and one of the primary characteristics of cloud computing. In the
mean time, we would like to hear from you. If you have already implemented cloud computing, or if you expect to
in the next year, what concerns do you have relative to the network and its ability to support cloud computing?
Read more about lans & wans in Network World's LANs & WANs section.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim
Metzler is vice president of Ashton, Metzler & Associates.

http://www.networkworld.com/newsletters/frame/2010/020110wan1.html
Cloud networking
Wide Area Networking Alert By Jim Metzler and Steve Taylor, Network World
February 01, 2010 12:03 AM ET
In a recent newsletter we introduced the concept of Application Delivery 2.0, a major

component of which is cloud computing. As noted in one of Jim's recent reports on cloud
computing, the goal of cloud computing is a significant improvement in the cost effective,
elastic provisioning of IT services. We will use this newsletter to discuss the impact that
achieving that goal will have on the WAN.
Welcome to Application Delivery 2.0
When the phrase cloud computing is used, many people think about using a WAN to access IT resources from a
third party, such as Amazon, Google or Salesforce.com. In this newsletter we will refer to that approach to cloud
computing as public cloud computing and the third parties that provide these services as cloud computing service
providers. We will also refer to movement on the part of IT organizations to implement inside of their company the
same techniques that cloud computing service providers implement, as being private cloud computing.
Two of the primary characteristics of private cloud computing are the consolidation of servers into centralized data
centers and the virtualization of those servers. In recent newsletters we have discussed the current and expected
deployment of virtualized servers. In particular, our research indicates that the vast majority of IT organizations
have already consolidated at least some servers out of branch offices. That research also indicates that only around
40% of IT organizations have consolidated the majority of servers into centralized data centers and that percentage
will increase slightly over the next year.
Because of the consolidation and virtualization of servers, the deployment of private cloud computing results in
additional application traffic transiting the WAN. In an analogous fashion, a key component of public cloud
computing is that IT organizations will access IT resources such as applications and storage from one or more third
parties. Hence, as IT organizations increase their adoption of both private and public cloud computing solutions, this
means that the wide area network will be involved in an increasing percentage of instances when users access
applications and storage. This increased use of the WAN creates additional security vulnerabilities that adds to the
value of having a WAN optimization controller that tightly integrates with security functionality. Accessing storage
resources over the WAN will increase the need for IT organizations to implement functionality that optimizes the
transfer of large blocks of storage.
In our next newsletter we will discuss the challenges of supporting cloud computing over a WAN and how IT
organizations intend to respond to those challenges. More insight into the changes we expect to see in 2010 can be
found in Jim's recent report on cloud computing.
Read more about lans & wans in Network World's LANs & WANs section.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim
Metzler is vice president of Ashton, Metzler & Associates.

Sponsored by:

http://www.networkworld.com/supp/2009/ndc3/051809-cloud-faq.html
What is cloud computing, and can it be trusted? Key questions answered
May 18, 2009 12:03 AM ET
Sponsored by:
Everyone in the IT industry is talking about cloud computing, but there is still confusion about what the cloud is,
how it should be used and what problems and challenges it might introduce. This FAQ will answer some of the key
questions enterprises are asking about cloud computing.
What is cloud computing?
Gartner defines cloud computing as "a style of computing in which massively scalable IT-related capabilities are
provided 'as a service' using Internet technologies to multiple external customers." Beyond the Gartner definition,
clouds are marked by self-service interfaces that let customers acquire resources at any time and get rid of them the
instant they are no longer needed.
The cloud is not really a technology by itself. Rather, it is an approach to building IT services that harnesses the
rapidly increasing horsepower of servers as well as virtualization technologies that combine many servers into large
computing pools and divide single servers into multiple virtual machines that can be spun up and powered down at
will.
How is cloud computing different from utility, on-demand and grid computing?
Cloud by its nature is "on-demand" and includes attributes previously associated with utility and grid models. Grid
computing is the ability to harness large collections of independent compute resources to perform large tasks, and
utility is metered consumption of IT services, says Kristof Kloeckner, the cloud computing software chief at IBM.
The coming together of these attributes is making the cloud today's most "exciting IT delivery paradigm," he says.
Fundamentally, the phrase cloud computing is interchangeable with utility computing, says Nicholas Carr, author of
"The Big Switch" and "Does IT Matter?" The word "cloud" doesn't really communicate what cloud computing is,
while the word "utility" at least offers a real-world analogy, he says. "However you want to deal with the semantics,
I think grid computing, utility computing and cloud computing are all part of the same trend," Carr says.
Carr is not alone in thinking cloud is not the best word to describe today's transition to Web-based IT delivery
models. For the enterprise, cloud computing might best be viewed as a series of "online business services," says IDC
analyst Frank Gens.
What is a public cloud?
Naturally, a public cloud is a service that anyone can tap into with a network connection and a credit card. "Public
clouds are shared infrastructures with pay-as-you-go economics," explains Forrester analyst James Staten in an April
report. "Public clouds are easily accessible, multitenant virtualized infrastructures that are managed via a self-service
portal."
What is a private cloud?
A private cloud attempts to mimic the delivery models of public cloud vendors but does so entirely within the
firewall for the benefit of an enterprise's users. A private cloud would be highly virtualized, stringing together mass
quantities of IT infrastructure into one or a few easily managed logical resource pools.
Like public clouds, delivery of private cloud services would typically be done through a Web interface with self-
service and chargeback attributes. "Private clouds give you many of the benefits of cloud computing, but it's
privately owned and managed, the access may be limited to your own enterprise or a section of your value chain,"
Kloeckner says. "It does drive efficiency, it does force standardization and best practices."
The largest enterprises are interested in private clouds because public clouds are not yet scalable and reliable enough
to justify transferring all of their IT resources to cloud vendors, Carr says.
"A lot of this is a scale game," Carr says. "If you're General Electric, you've got an enormous amount of IT scale
within your own company. And at this stage the smart thing for you to do is probably to rebuild your own internal IT
around a cloud architecture because the public cloud isn't of a scale at this point and of a reliability and everything
where GE could say 'we're closing down all our data centers and moving to the cloud.'"

Is cloud computing the same as software-as-a-service?
You might say software-as-a-service kicked off the whole push toward cloud computing by demonstrating that IT
services could be easily made available over the Web. While SaaS vendors originally did not use the word cloud to
describe their offerings, analysts now consider SaaS to be one of several subsets of the cloud computing market.
What types of services are available via the cloud computing model?
Public cloud services are breaking down into three broad categories: software-as-a-service, infrastructure-as-a-
service, and platform-as-a-service. SaaS is well known and consists of software applications delivered over the Web.
Infrastructure-as-a-service refers to remotely accessible server and storage capacity, while platform-as-a-service is a
compute-and-software platform that lets developers build and deploy Web applications on a hosted infrastructure.
How do vendors charge for these services?
SaaS vendors have long boasted of selling software on a pay-as-you-go, as-needed basis, preventing the kind of
lock-in inherent in long-term licensing deals for on-premises software. Cloud infrastructure providers like Amazon
are doing the same. For example, Amazon's Elastic Compute Cloud charges for per-hour usage of virtualized server
capacity. A small Linux server costs 10 cents an hour, while the largest Windows server costs $1.20 an hour.
Storage clouds are priced similarly. Nirvanix's cloud storage platform has prices starting at 25 cents per gigabyte of
storage each month, with additional charges for each upload and download.
What types of applications can run in the cloud?
Technically, you can put any application in the cloud. But that doesn't mean it's a good idea. For example, there's
little reason to run a desktop disk defragmentation or systems analysis tool in the cloud, because you want the
application sitting on the desktop, dedicated to the system with little to no latency, says Pund-IT analyst Charles
King.
More importantly, regulatory and compliance concerns prevent enterprises from putting certain applications in the
cloud, particularly those involving sensitive customer data.
IDC surveys show the top uses of the cloud as being IT management, collaboration, personal and business
applications, application development and deployment, and server and storage capacity.
Can applications move from one cloud to another?
Yes, but that doesn't mean it will be easy. Services have popped up to move applications from one cloud platform to
another (such as from Amazon to GoGrid) and from internal data centers to the cloud. But going forward, cloud
vendors will have to adopt standards-based technologies in order to ensure true interoperability, according to several
industry groups. The recently released "Open Cloud Manifesto" supports interoperability of data and applications,
while the Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities
work seamlessly together. The goal is to move applications from one cloud to another without having to rewrite
them.
How does traditional software licensing apply in the cloud world?
Vendors and customers alike are struggling with the question of how software licensing policies should be adapted
to the cloud. Packaged software vendors require up-front payments, and make customers pay for 100% of the
software's capabilities even if they use only 25% or 50%, Gens says. This model does not take advantage of the
flexibility of cloud services.
Oracle and IBM have devised equivalency tables that explain how their software is licensed for the Amazon cloud,
but most observers seem to agree that software vendors haven't done enough to adapt their licensing to the cloud.
The financial services company ING, which is examining many cloud services, has cited licensing as its biggest
concern. "I haven't seen any vendor with flexibility in software licensing to match the flexibility of cloud providers,"
says ING's Alan Boehme, the company's senior vice president and head of IT strategy and enterprise architecture.
"This is a tough one because it's a business model change. … It could take quite some time."
What types of service-level agreements are cloud vendors providing?
Cloud vendors typically guarantee at least 99% uptime, but the ways in which that is calculated and enforced differ
significantly. Amazon EC2 promises to make "commercially reasonable efforts" to ensure 99.95% uptime. But
uptime is calculated on a yearly basis, so if Amazon falls below that percentage for just a week or a month, there's
no penalty or service credit.
GoGrid promises 100% uptime in its SLA. But as any lawyer points out, you have to pay attention to the legalese.
GoGrid's SLA includes this difficult-to-interpret phrase: "Individual servers will deliver 100% uptime as monitored
within the GoGrid network by GoGrid monitoring systems. Only failures due to known GoGrid problems in the
hardware and hypervisor layers delivering individual servers constitute failures and so are not covered by this SLA."
Attorney David Snead, who recently spoke about legal issues in cloud computing at Sys-Con's Cloud Computing
Conference & Expo in New York City, says Amazon has significant downtime but makes it difficult for customers
to obtain service credits.

"Amazon won't stand behind its product," Snead said. "The reality is, they're not making any guarantees."
How can I make sure my data is safe?
Data safety in the cloud is not a trivial concern. Online storage vendors such as The Linkup and Carbonite have lost
data, and were unable to recover it for customers. Secondly, there is the danger that sensitive data could fall into the
wrong hands. Before signing up with any cloud vendor, customers should demand information about data security
practices, scrutinize SLAs, and make sure they have the ability to encrypt data both in transit and at rest.
How can I make sure that my applications run with the same level of performance if I go with a cloud
vendor?
Before choosing a cloud vendor, do your due diligence by examining the SLA to understand what it guarantees and
what it doesn't, and scour through any publicly accessible availability data. Amazon, for example, maintains a
"Service Health Dashboard" that shows current and historical uptime status of its various services.
There will always be some network latency with a cloud service, possibly making it slower than an application that
runs in your local data center. But a new crop of third-party vendors are building services on top of the cloud to
make sure applications can scale and perform well, such as RightScale.
By and large, the performance hit related to latency "is pretty negligible these days," RightScale CTO Thorsten von
Eicken. The largest enterprises are distributed throughout the country or world, he notes, so many users will
experience a latency-caused performance hit whether an application is running in the cloud or in the corporate data
center.
• Mobility: The explosion of mobile devices has created a new set of challenges for IT
execs.
• Pack rat nation: How companies are coping with the escalating problem of data
storage
• Best of NDC: from tools in use to strategies in play
• The virtual spectrum: How virtualization is coloring your world
• Blazin’ apps: How to optimize for great end-to-end performance
• The next stop for storage: a travel guide to the latest developments

>
Published on NetworkWorld.com Community (http://www.networkworld.com/community)
Cisco, others take heed: Cloud not taking hold... yet
By Jim Duffy
Created Feb 9 2010 - 12:25am
The majority of enterprises surveyed recently by Infonetics Research have no firm plans to use cloud-based data
center services [1]. As a data center investment driver, cloud gets trumped by security, virtualization [2] and an
increasing number of gigabit ports.
"For those who are expecting 'the cloud' to be a savior of the IT industry, our study is a bit of a reality check: while
there is some interest in cloud-based services, particularly on the software side, the majority of respondents have no
concrete plans for it," states Infonetics analyst Matthias Machowinski in a press release [3] on the firm's findings.
Virtualization is more in demand as enterprises look to make their data centers more efficient and manageable,
Infonetics found. But investments in security upgrades, both for IT and physical security, was #1 on the list when
respondents were asked what major changes they planned for their data centers over the next two years.
Infonetics conducted the survey last month. It queried IT buyers at 134 North American companies with 100 or
more employees that have a formal data center infrastructure in place.
Among respondents planning to use cloud-based services, interest lies primarily in SaaS and cloud-based software
applications, such as salesforce.com, and those from Microsoft, Google, and Oracle, Infonetics found. Of more
immediate need is bandwidth to deal with the rising number of devices and traffic - respondents expect the number
of Gigabit Ethernet switch ports to surpass 100 million by 2012, Infonetics discovered.
Also, outsourcing or leasing data center space shows the greatest growth as a model over the next two years, the
firm noted.
More from Cisco Subnet: [4]
This is Network World's Cisco Subnet [5] news alert in which we focus on the top items from Cisco Subnet, your
source for Cisco news, blogs, discussion items, security alerts, giveaways and more.
Cisco said to be readying major upgrade to CRS-1 [6]
Cisco shipping 160G Ethernet card for ASR 9000 [7]
Another analyst sees Cisco UCS deployment delays [8]
If Cisco buys you, you're 1 in 100 [9]
IPv4 Space is Getting Low - Really Low [10]
The scoop on the New TSHOOT Course and Exam [9]
Win one of 50 CCNP training books, videos and Cert Kits [11]
Win great stuff from Cisco Subnet [5]
Like e-mail? Subscribe to the Cisco Alert newsletter. [12]
Like RSS readers? Subscribe to the Cisco Subnet RSS feed [13]
Follow all Cisco Subnet bloggers on Twitter [14].
Follow Jim Duffy on Twitter [15]
Cloud? No now, not ever

By Anon (not verified) on Tue, 02/09/2010 - 12:28pm.
Why should I trust my data to some unknown staff, working who knows where, implementing god only knows what
kind of security delivered by a less and less reliable Internet?
Oh that's right, I have to shovel out everything I have and replace it with the 'cloud model'
• Cisco
• data center
• Infonetics Research
• survey

Source URL: http://www.networkworld.com/community/node/57300
Links:
[1] http://www.networkworld.com/topics/utility.html
[2] http://www.networkworld.com/topics/virtualization.html
[3] http://www.infonetics.com/pr/2010/CRS-Data-Center-Deployment-Survey-Highlights.asp
[4] http://www.networkworld.com/community/node/45798
[5] http://www.networkworld.com/subnets/cisco/
[12] http://www.networkworld.com/nl/nl_subscribe.jsp?k=NLHP09C&mo=re
[13] http://www.networkworld.com/community/blogs/cisco/feed
[14] http://twitter.com/ciscosubnet
[15] http://twitter.com/jim_duffy

Sponsored by:

http://www.networkworld.com/news/2010/012510-cloud-storage-hype.html
Cloud storage hype: Customers not buying it
Forrester study casts doubt on cloud storage adoption
January 25, 2010 02:56 PM ET
Sponsored by:
For all the hype around cloud computing, few business customers are actually storing data on Web-based platforms,
according to a new study that casts doubt on the popularity of cloud storage.
Just 3% of companies have implemented cloud storage, and the vast majority of the customers have no plans to put
data in the cloud, according to a survey of 1,272 IT decision-makers at enterprises and SMBs in North America and
Europe.
Storage vendors and IT professionals both have spent much time discussing the cloud over the past year, because
data storage needs are growing at least 30% per year while budgets stay flat, writes Forrester analyst Andrew
Reichman in the report “Business Users Are Not Ready For Cloud Storage.”
But so far, “this is just talk,” Reichman states.
“Respondents in all geographies and of all company sizes appear to have little interest in moving their data to the
cloud any time soon,” he writes. “There is long-term potential for storage-as-a-service, but Forrester sees issues with
guaranteed service levels, security, chain of custody, shared tenancy, and long-term pricing as significant barriers
that still need to be addressed before it takes off in any meaningful way.”
The Forrester survey asked IT decision makers if they have any plans to adopt cloud storage services such as
Amazon S3, EMC Atmos, Nirvanix, The Planet, or AT&T.
Forty-three percent of respondents said they are not interested in cloud storage, and another 43% said they are
interested but have no plans to adopt. Three percent plan to implement a cloud storage platform in the next 12
months, and another 5% plan to do so one year from now or later.
While 3% of respondents have already implemented cloud storage, only 1% are expanding an existing
implementation.
In general, enterprises are slightly more interested in cloud storage than small- and medium-sized businesses, and
interest in cloud storage for backup is greater than interest in general purpose storage clouds, Reichman says. The
market has numerous mature backup services such as Asigra, EMC’s Mozy, i365, IBM Business Continuity and
Resilience Services and Iron Mountain, he writes.
“Why the greater interest and adoption of backup-as-a-service? First, it’s a complete service offering, not just CPU
or storage capacity,” he writes. “You get the backup software intelligence and storage capacity in a fully managed
service. Second, it’s solving a very specific pain point — the pain of bringing a costly and error-prone, but very
necessary, IT function under control. This is in contrast to storage-as-a-service offerings where the user has to figure
out how to put it all together.”
Overall, though, storage-as-a-service offerings still need time to develop, Reichman says. Before adopting,
customers need to consider how cloud storage integrates with existing applications and processes, and analyze the
total cost over at least a three-year period.
“The hype is strong around storage-as-a-service, but given the fact that your peers are adopting it very slowly, it
makes sense to wait on this,” Reichman writes. “It’s likely to be several years before offerings are mature, so don’t
rush into anything here.”
Follow Jon Brodkin on Twitter: www.twitter.com/jbrodkin

Published on InfoWorld (http://www.infoworld.com)
Home > News > Security > Vulnerability Assessment > IT pros divided about security of
virtualization,... > IT pros divided about security of virtualization, cloud computing
IT pros divided about security of virtualization, cloud computing
By Ellen Messmer
Created 2010-02-22 07:32AM
Is moving to virtualization [1] and cloud computing [2] making network security easier or harder? When some 2,100
top IT and security managers in 27 countries were asked, the response revealed a profound lack of consensus,
showing how divided attitudes are within the enterprise.
The "2010 State of Enterprise Security Survey -- Global Data" report shows that about one-third believe
virtualization [3] and cloud computing [4] make security "harder," while one-third said it was "more or less the
same," and the remainder said it was "easier." The telephone survey was done by Applied Research last month on
behalf of Symantec, and it covered 120 questions about technology use -- organizations remain overwhelmingly
Microsoft Windows-based -- and cyber attacks [5] on organizations.
[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute webcast, Data Loss
Prevention [6], which covers the tools and techniques used by experienced security pros. ]
Contending with virtualization hangover [7]
To explain such different perceptions about the security impact of virtualization and cloud computing, Matthew
Steele, Symantec director of strategic technology, said the best way to understand these answers is to know that "if
they had a real security background, they immediately got concerned. But if they care for IT operations, they were
thinking about it from an IT optimization standpoint." And the middle-of-the-road responses -- it's all "more of less
the same" -- tended to originate from those with budget responsibilities. "If the business is still moving, things are
OK," Steele remarked.
Although endpoint virtualization is widely believed to trail server-based virtualization, 8 percent of the survey's
respondents said they had implemented the former, 16 percent were in the course of implementing it, 9 percent were
in a "trial stage," 26 percent had plans for it and 25 percent were in "early discussion," whereas 16 percent weren't
considering it.
And on the question of whether endpoint virtualization makes it "easier or harder to do your job with regards to
network security," the opinion was divided, with about a third each way thinking it's "easier," "harder" or about the
same.
The survey showed that the median annual budget for enterprise security in 2010 is $600,000, an 11 percent increase
over 2009, with yet another 11 percent increase anticipated in 2011. But despite incremental budget growth, the
survey's respondents -- who hail from banking, healthcare, telecommunications and other sectors as well as local and
federal government agencies -- often indicated they had a hard time finding and retaining security personnel.
Organizations on average assigned 120 staffers to IT and compliance matters, with larger enterprises of 5,000 or
more assigning 232. But much of the time this was seen as insufficient, with 51 percent of respondents saying
finding qualified applicants was a "huge" or "big" problem.
Difficulty in finding the right expertise was a driver in all manner of outsourcing, including use of managed security
services, which about half the organizations used. But only about half were truly "satisfied" with outsourcing
arrangements, even as they contemplated expansion into software-as-a-service, platform-as-a-service, and
infrastructure-as-a-service, which Symantec defined as everything from use of Google Apps to full-blown hardware
and operating system rental on demand, making up today's evolving concept of "cloud computing."
In fact, 40 percent of the respondents indicated their organizations were currently using applications in the cloud in
some way -- yet 40 percent said it would be more difficult to prevent or react to data loss under their firm's cloud-
computing strategy.
And when asked "Does your cloud-computing strategy make the risk of losing data bigger or smaller?" 38 percent
said it would be higher, with the reminder pretty much split saying it would be the same or lower. The answers
broke the same way on the question of virtualization strategy.
When it comes to cyber attacks and data loss, the situation looks bleak based on the responses in the report.
Three quarters of respondents said their organization had experienced cyber attacks in the past 12 months, with 36
percent calling them "somewhat/highly effective." The annual cost of a cyber attack was pegged at more than $2
million for large enterprises when tallying up lost productivity, theft of intellectual property, loss of customers, legal
fees and more.

"Every day we see new viruses, new spyware, new backdoors. It is beyond crazy," one IT director is quoted as
saying. The survey showed the most frequent types of attacks were malware implantation, social-engineering ploys
and denial-of-service (DoS) attacks.
On average, Web properties were targeted twice last year with the implanting of malware, and also suffered one
significant DoS attack and one theft of information.
Data losses [9] were attributed to numerous sources, including outsiders (20 percent) and accidental insider actions
(15 percent).
Healthcare providers specifically reported 58 percent of data loss was accidental exposure of patient information, 22
percent was theft, with identity theft and even malware attacks on medical equipment a problem as well.
Patching is regarded by 87 percent of the respondents as one of the most effective measures to ward off cyber
attacks, with about three quarters also putting trust in perimeter security and authentication processes, along with
antimalware controls.
According to the survey, a surprising 20 percent of Windows-based PCs in use by employees were selected,
purchased and owned by the employee, along with 12 percent of their laptops and 6 percent of smartphones. But 52
percent of the survey's IT and security pros viewed that as something that could compromise security.
With Windows 7 [10] just released, one survey question on that topic indicated that 19 percent had "no plans" to use
Windows 7, but 9 percent already had, and the rest were discussing or had plans for it. In all, 72 percent of the
survey's respondents think Windows 7 offers improved security over previous Windows versions.
Finally, in something of a blow to Symantec and other security vendors, the survey asked telecom companies who
they considered their main security vendor and the found about two-thirds said "network equipment providers" and
only a third said "security companies."
Read more about wide area network [11] in Network World's Wide Area Network section.
• Cloud Computing
• Security
• Virtualization
• SaaS
• Identity Management
• Malware
• Vulnerability Assessment
• Virtualization
Source URL (retrieved on 2011-05-23 01:27PM): http://www.infoworld.com/d/security-
central/it-pros-divided-about-security-virtualization-cloud-computing-439
Links:
[1] http://www.networkworld.com/news/2009/122209-outlook-virtualization-security.html
[2] http://www.networkworld.com/supp/2009/outlook/hottech/010509-nine-hot-techs-cloud-computing.html
[3] http://www.infoworld.com/d/virtualization
[4] http://www.infoworld.com/d/cloud-computing
[5] http://www.infoworld.com/t/cyber-crime
[6] http://www.accelacomm.com/jaw/ifwtsr/13/50754841/?source=fssr
[7] http://www.networkworld.com/columnists/2010/011810-editorial.html
[8] http://www.infoworld.com/cloud-deepdive?idglg=ifwsite_editinline&source=ifwprm_news
[9] http://www.networkworld.com/news/2009/020209-data-breach.html
[10] http://www.networkworld.com/news/2009/101909-a-guide-to-windows-7.html
[11] http://www.networkworld.com/topics/wan.html

Sponsored by:

http://www.networkworld.com/news/2010/030410-rsa--ciso-cloud-security.html
CISOs rain on cloud-computing parade at RSA
By Ellen Messmer, Network World
March 04, 2010 04:22 PM ET
SAN FRANSISCO -- Economic pressures are driving more businesses and governments to nervously eye cloud
computing, despite myriad unanswered questions that swirl around a single central concern: security. This was
backdrop for a panel discussion between CISOs at this week's RSA Conference.
Slideshow: Products shown at RSA Conference
"We're all in dire straits," said Seth Kulakow, Colorado's CISO. "Cloud computing is obviously on everybody's
mind." But even if cloud-computing looks like a bargain, "it's got to have the same kind of risk controls you have
now."
"It's imperative we look at it," said Nevada's CISO Christopher Ipsen, who had noted that the economic crisis and
housing-market collapse have left his state's financial situation "extremely bad."
"We are doing some cloud services with e-mail," said California's CISO, Mark Weatherford. "It's very efficient. We
can't ignore the benefits in the cloud, but we have to proceed carefully." The Los Angeles Police Department is
regarded as the state's early adopter in all this since it's moving to a cloud-computing arrangement with Google.
But giving up control over IT infrastructure and software assets in favor of rental and pay-as-you-go models evokes
anxiety, too. "What I'm most worried about is catastrophic failure, and if we put all our eggs in one basket, someone
in the middle hold the keys," Ipsen noted.
IT customers are not the only parties that need to evolve their thinking, panelists said.
"The cloud represents a fundamental change in how vendors will work with their customers," said another panel
participant, Forrester Research analyst Jonathan Penn. "We need some sort of standardization in this so we can have
some way of comparing platforms and levels of service so I can understand what I'm getting."
IDC analyst Chris Christiansen said the cloud security market is estimated at $1 billion, mainly for e-mail and Web
services, and trying to track it is going to be a challenge since many new forms of product and service delivery are
arising.
So, too, are horror stories, including one about an enterprise that needed to pay $170,000 merely to pry its own data
back from a cloud service.
"Just about any kind of dispute can arise in a cloud-computing relationship," said Tanya Forsheit, founder and
partner at Information Law Group. "The inability to obtain data, the level of data security, the allocation of liability
in the result of a breach, and what are the default rules?" Privacy regulations in the United States and Europe, for
instance, may mean that certain kinds of sensitive data simply cannot move about freely.
And a tricky aspect in cloud negotiations is that there's the strong perception that most cloud-service providers,
Amazon Web Services included, are not "transparent" enough -- the preferred word many are using -- about their
internal infrastructure. And this secrecy is making the legal situation more tenuous and expensive than it should be.
"I call it 'faith-based IT,'" quipped Chris Whitener, chief security strategist at HP. "They think they'll use it and
nothing will happen to them."
But HP, now one of the world's largest data outsourcing companies since its merger with EDS, is itself in internal
foment to re-define or expand its data center services, often completed in multi-year formalized contracts, to add
more flexible on-demand, pay-as-you-go, cloud-like services. With announcements on that score possible later this
year, HP is mulling possibilities such as cloud services with well-defined security services, though wondering
whether customers so eager for bargains will pay a bit more for better security, such as PCI-compliant computing
clouds.
But the high-tech industry, re-inventing itself in virtualization, does seem to be betting that customers will demand
the means to extend security controls from the enterprise into the cloud. And this idea is triggering a new era of
creative change among long-established security vendors.

At RSA this week, CA announced how its Identity Manager product can be used with Salesforce's Sales Cloud 2
service so CA customers can automatically provision and de-provision access and privileges. And Cisco outlined a
product-development strategy for mobile and cloud-based security, with products expected in the second quarter.
Trend Micro, known for its antimalware software and services, is making a leap into the area of encryption,
primarily to come up with new ways to protect customer data as it transits the Internet and ends up stored in a cloud-
computing facility.
Encryption vendor PGP is also preparing to provide a new range of options for cloud-based computing, says PGP
president and CEO, Phil Dunkelberger. He argues the public-key encryption model favored by PGP will triumph
over any private-key models. A third vendor, McAfee, is also expected to make cloud-security announcements in the
next week or so.
Some vendors, though, are having to admit their cloud-computing security efforts are dragging on. VMware and
RSA, for instance, at a press conference this week had to acknowledge that the initiative they had announced at RSA
in 2009 to integrate the RSA data-loss prevention (DLP) technology into VMware's vSphere product had not
progressed as quickly as expected, and it remains uncertain whether a DLP integrated vSphere will be out by year-
end.
Read more about security in Network World's Security section.

Home > Cloud Computing > Cloud Computing > Cloud security's PR problem shouldn't be
shrugged... > Cloud security's PR problem shouldn't be shrugged off
Cloud security's PR problem shouldn't be shrugged off
By David Linthicum
Created 2010-04-27 03:00AM
"One of the main issues people have with cloud computing is security. Four in five online Americans (81 percent)
agree that they are concerned about securing the service. Only one-quarter (25 percent) say they would trust this
service for files with personal information, while three in five (62 percent) would not. Over half (58 perent) disagree
with the concept that files stored online are safer than files stored locally on a hard drive and 57 percent of online
Americans would not trust that their files are safe online."
That's the sobering conclusion from a recent Harris poll conducted online between March 1 and 8 among 2,320
adults.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in
InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with
InfoWorld's Cloud Computing Report newsletter. ]
Cloud security has a significant PR problem. I'm sure there will be comments below about how cloud computing, if
initiated in the context of a sound security strategy, is secure -- perhaps moreso than on-premise systems. While I
agree to some extent, it's clear that the typical user does not share that confidence, which raises a red flag for
businesses seeking to leverage the cloud.
If you think about it, users' fears are logical, even though most of us in the know understand them to be unfounded.
For a typical user, it's hard to believe information stored remotely can be as safe as or safer than systems they can
see and touch.
Of course, you can point out the number of times information walks out the door on USB thumb drives, stolen
laptops, and other ways that people are losing information these days. However, there continues to be a mistrust of
resources that are not under your direct control, and that mindset is bad for the cloud.
Not helping matters is the recent debacle where Blippy.com, a site that allows people to share their purchase info
with others by linking to credit cards accounts, found that some credit card information was indexed by Google and
publically exposed. To be sure, that was a mistake on someone's part, not an inherent flaw in cloud technology, but
these kinds of breaches further the fears that placing personal or core business information in the cloud may be a bad
idea.
There is no easy answer to this problem, though a look to history can help. When the Web first hit businesses, it was
feared and misunderstood until the business value became clear to all. This took years, and even today we use the
traditional Web by taking the good (for example, the ability to find instantly the one piece of information that caps
your presentation to the board) with the bad (the creepy guy down the hall who was caught surfing porn). The
benefits outweigh the problems, and cloud computing will eventually find a similar path to acceptance.
This article, "Cloud security's PR problem shouldn't be shrugged off," originally appeared at InfoWorld.com. Read
more of David Linthicum's Cloud Computing blog and follow the latest developments in cloud computing and
security at InfoWorld.com.
• Cloud Computing
• Security
• The Industry Standard
• Cloud computing
• Security

Source URL (retrieved on 2011-05-23 01:36PM): http://www.infoworld.com/d/cloud-
computing/cloud-securitys-pr-problem-shouldnt-be-shrugged-776
3 of 3 comments
Sign In to comment
SYSPRO 27-Apr-10 7:56pm
In the business computing sphere there is a definite perceived security issue when
addressing the issue of data security when looking at cloud as an option today. SME
businesses are not ready to put their data on the cloud; especially where the entire
enterprise system and their data reside with the same service, there appears to be much too
much perceived business risk. Despite the fact that all the major enterprise software
vendors are in some way addressing cloud computing solutions, the peak in interest does
not necessarily translate into a real demand on the ground. Businesses assessing enterprise
solutions are not interested in deploying cloud solution today however there is some interest
in whether the solution has some kind of cloud strategy. Business should look carefully at
the underlying technology and whether the technology will support housing the application
server as well as the database server in a cloud environment. There is no question that
cloud really needs some solid PR in order to instill confidence in businesses looking to deploy
enterprise cloud based solutions. With the convergence of personal and business computing,
where personal business trends are starting to determine how enterprise systems deploy,
there will be a trend to move towards the cloud as a real business platform. I personally feel
that the real uptake will come into play when a business can choose whether to have either
their application server or their database servers in the cloud, on different services. Some
SME businesses may choose to house their data on premise and run their applications on
the cloud. Larger SME's who may require personalization of their applications as a key to
differentiality and competitive advantage may even choose, or have to choose, to have their
app server on premise and put their data on the cloud. The real question when choosing an
enterprise application today is; is the company that you are buying from looking at cloud as
a future strategy and can the database and/or the application be placed on the cloud on
separate instances or services, will the technology support these instances down the line. As
with many pervasive and inevitable technologies we spend an inordinate amount of time
investigating the multiple options and before we know it the technology reaches the tipping
point and we once again find out that business commuting is once again changed right
under our inquisitive noses. Harold Katz, Technology Enabling Manager, Syspro.com Blog:
http://responsibleerp.com/
twessels 3-May-10 1:37pm
Hmmm...maybe those 2320 adults polled should have been asked if they ever went on-line
to Amazon to buy anything over the last decade. If they did, then they were using the cloud
infrastructure that eventually became Amazon Web Services in 2006. I would not put much
stock in this survey as customers are already voting with their dollars. Salesforce.com is the
first billion dollar cloud SaaS provider. Popular cloud apps, like facebook and twitter are the
proving grounds for future cloud apps. You have to remember that is all about the apps.
When all of the apps are developed in the cloud and for the cloud, then everyone will be
running their apps in the cloud.
stevecrawf 6-May-10 12:41pm
The issue isn't so much around security, as arguably the controls most cloud providers have
in place for their specific offerings are as good or better than what many businesses might
have in place more generally. The real issue is compliance -- i.e. how can an IT organization
monitor/audit which of their users are importing/accessing business data within which cloud
providers, how do they enable SSO access and/or enforce password policies, and how can
they centrally provision/deprovision their users to disparate public clouds. Extending internal
corporate security and compliance policies beyond the firewall to public cloud providers is
the key. The risk is somewhat manageable when a business is using one or two cloud
services (like salesforce.com, hosted Exchange, etc.), but becomes a huge compliance
management issue when they have lots of users accessing lots of cloud services, and in

many cases IT doesn't know what their users have signed up for. Steve Crawford
www.jamcracker.com

Home > Cloud Computing > Cloud Computing > How to gauge cloud computing
performance > How to gauge cloud computing performance
How to gauge cloud computing performance
By David Linthicum
Does cloud computing perform well? That depends on whom you ask. Those using SaaS
systems and dealing with standard Web latency can't tell you much about performance.
However, those using advanced "big data" systems have a much different story to relate [1].
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in
InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report [2]. | Stay up on the cloud with
InfoWorld's Cloud Computing Report newsletter [3]. ]
You need to consider the performance models, which you can break into three very basic categories:
• Client-oriented (performance trade-off)
• Cloud-oriented (performance advantage)
• Hybrid (depends on the implementation)
Client-oriented cloud computing architectures are those systems where the cloud computing providers, typically
SaaS (software as a service), interact with users constantly over the Internet. The issue here is not that the cloud
provider is slow, but that there is latency with the constant back-end machine-to-machine conversation that occurs
between the SaaS provider and the browser.
There's not much you can do about this, other than create your own expensive private link between your company
and the SaaS provider, but that dilutes the value of SaaS quickly. Client-oriented platforms are clearly not as fast as
applications running on the local network, but in most instances, the user won't notice the latency unless there is
network saturation.
Cloud-oriented cloud computing architectures are those systems where the processing occurs within the cloud.
Most infrastucture-as-a-service providers, and some platform-as-a-service providers, fit into this category. Typically,
these systems can provide better performance than their on-premise counterparts because they have access to many
more virtualized resources and can allocate those resources dynamically.
For instance, you could have a database query saturating an on-premise system and taking many hours to run. In
contrast, a well-provisioned cloud computing provider can drag as many additional servers into the mix as required
to support the burst in processing, with a result set returning in minutes. This is the scalable nature of cloud
computing, and it is a clear selling point of cloud when performance is considered against cost.
Hybrid, as you may have guessed, leverages both the client- and cloud-oriented models, typically for platform-as-a-
service systems, but there are many shades of gray. The concept is that you can mix and match user interactions with
highly scalable and on-demand back-end processing. The trade-off is the more you communicate with the browser,
the more latency that's brought into the model. Thus, the approach to the architecture here is to optimize the chatter
between the back-end cloud-based servers and the browser. You accomplish this with some old-fashioned
distributed application architecture.

If you're moving to the cloud, don't forget about performance -- good, bad, and indifferent.
This article, "How to gauge cloud computing performance [5]," was originally published at InfoWorld.com [6].
Follow the latest development on cloud computing [7] at InfoWorld.com.
• Cloud Computing
• Cloud computing
computing/how-gauge-cloud-computing-performance-722
Links:
[1] http://www.infoworld.com/d/cloud-computing/cloud-will-finally-solve-big-data-problem-106
[2] http://www.infoworld.com/cloud-deepdive?source=fssr
[3] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_cloud_computing&source=fssr
[4] http://www.infoworld.com/cloud-deepdive?idglg=ifwsite_editinline&source=ifwprm_blog_cc
[5] http://www.infoworld.com/d/cloud-computing/how-gauge-cloud-computing-performance-722?source=footer
[6] http://www.infoworld.com/?source=footer
[7] http://www.infoworld.com/d/cloud-computing?source=footer
Home > Cloud Computing > Cloud Computing > The cloud will finally solve the 'big data'...
> The cloud will finally solve the 'big data' problem

The cloud will finally solve the 'big data' problem
By David Linthicum created 2009-11-24 04:00AM

InfoWorld's own Pete Babb provided some good coverage [1] around the "analytics cloud" recently debuted by
IBM, called Blue Insight. You can think of Blue Insight as a system that gathers data from those who use it and
externalizes the data to those who need it, doing so on a cloud -- a private cloud.
However, IBM clearly does not have a lock on "big data." There has been movement in this direction for some time
now, including some innovative approaches to leveraging data such as MapReduce. For those of you unfamiliar with
the concept, MapReduce [2] is a software framework brought to us by Google to support large distributed data sets
on clusters of computers. What's unique about MapReduce is that it can process both structured and unstructured
data and, through the use of a distributed "share nothing"-type query-processing system, return result sets in record
time.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the
InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report [3], featuring an exclusive
excerpt from David Linthicum's new book on cloud architecture [4]. | Stay up on the cloud with InfoWorld's
Cloud Computing Report newsletter [5]. ]
Map, meaning the master node, accepts the request and divides it between any number of worker nodes. Reduce
means that the master node considers the results from the worker nodes and combines them to determine the answer
to the request. Simply put, each mapping operation is independent of the other, and thus maps can be performed in
parallel. The reason Google developed this is rather obvious, as is its use within Facebook [6] and Yahoo [7].
There are open source software instances of that leverage MapReduce, such as Hadoop [8], which has caught fire in
the last year or so as a very cleaver approach to managing large data sets. Typically this means many terabytes, but it
could easily go significantly higher. Cloud providers are either leveraging, or looking to leverage, Hadoop as a
mechanism to manage data, as the big search engines and social networking sites do today.
This indicates a trend toward much of the innovation around leveraging larger amounts of structured and
unstructured data for business intelligence, or general business operations, coming from innovation in the cloud, and
not traditional on-premise software moving up to the cloud. This is a shift. Considering this trend and the fact that
cloud providers provide scalability on-demand could be the one-two punch that sends much of our business data to
cloud computing platforms.
This article, "The cloud will finally solve the 'big data' problem [9]," was originally published at InfoWorld.com
[10]. Follow the latest evelopments on cloud computing [11] at InfoWorld.com.
• Business Intelligence Cloud Computing Big Data Cloud
computing
computing/the-cloud-will-finally-solve-the-big-data-problem-106
Links:
[1] http://www.infoworld.com/d/applications/ibm-debuts-massive-analytics-cloud-455
[2] http://www.infoworld.com/d/infoworld/2009s-top-10-emerging-enterprise-technologies-
467&current=11&last=2#slideshowTop
[4] http://www.amazon.com/gp/product/0136009220?ie=UTF8&tag=ergo-
20&linkCode=as2&camp=1789&creative=9325&creativeASIN=013600
9220
[5] http://www.infoworld.com/newsletters/subscribe?
showlist=infoworld_cloud_computing&source=fssr
[6] http://www.facebook.com/
[7] http://www.yahoo.com/
[8] http://www.infoworld.com/t/Hadoop
[9] http://www.infoworld.com/d/cloud-computing/cloud-will-finally-solve-big-data-problem-
106?source=footer

Home > Cloud Computing > Cloud Computing > 3 cloud computing mistakes you can avoid
today > 3 cloud computing mistakes you can avoid today
3 cloud computing mistakes you can avoid today
By David Linthicum
Created 2010-03-11 04:00AM
Companies and individuals implementing cloud computing these days are doing some things correctly and many
other things incorrectly. Here are the top three mistakes I'm seeing and how you can avoid them.
1. Not considering a public cloud
You love cloud computing and you love your server farm. Thus, you're moving directly to private clouds and not
considering public clouds. While private clouds are great solutions in many instances, not considering public clouds
as an architectural option could mean you're missing opportunities to leverage on-demand and inexpensive capacity.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the
InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report [1], featuring an exclusive
excerpt from David Linthicum's new book on cloud architecture [2]. | Stay up on the cloud with InfoWorld's
Cloud Computing Report newsletter [3]. ]
The fact is public clouds provide elastic scaling -- and can do so on a pay-per-server-instances basis. Thus, if there is
processing that occurs a few days a month or on a seasonal schedule (holiday shopping), the use of a public cloud, if
only to provide additional capacity at certain times, can be a good fit.
2. Security and governance as afterthoughts
Although you should consider both security and governance to be systemic to the architecture, many organizations
look at security and governance only after deploying their cloud computing solution, whether private, public, or
hybrid. The problem is that you just can't layer security and governance on top of your clouds; they must be
accounted for in the architecture and planning from Day 1.
3. No continuation of business strategy
While many clouds provide good resiliency and even hot standby sites, it's your responsibility to plan the
continuation of service around your systems, on-premise or in clouds -- it is not your cloud computing providers' job
to do so. Thus, you need to think about what would happen if your provider went down, shut down, or shut you
down.
There've been a few major outages in 2009, and I suspect we'll see many more in 2010. What would happen if the
outage affected you for days or weeks, instead of hours? How would you continue your business? You need a plan
to address this, including storing current versions of your data on premise and backup systems that can keep the
business rolling.
Beyond outages, you need to consider what you'll do if your cloud providers go away or shut down the business
without warning. Also, what would you do if you're locked out, due to billing mistakes or if the provider considers
your use of its cloud to be in violation of some policy?
Pretty obvious stuff, if you ask me. Clearly, these are mistakes you can avoid.
This article, "3 cloud computing mistakes you can avoid today [5]," was originally published at InfoWorld.com [6].
Read more of David Linthicum's Cloud Computing blog [7] and follow the latest developments in cloud computing
[8] at InfoWorld.com.
• Cloud Computing
• Risk Management
• Cloud computing

•
computing/3-cloud-computing-mistakes-you-can-avoid-today-895
Links:
[2] http://www.amazon.com/gp/product/0136009220?ie=UTF8&tag=ergo-
20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0136009220
[3] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_cloud_computing&source=fssr
[4] http://www.infoworld.com/server-virt-deep-dive?idglg=ifwsite_editinline&source=ifwprm_blog_cc
[5] http://www.infoworld.com/d/cloud-computing/3-cloud-computing-mistakes-you-can-avoid-today-895?
source=footer
[7] http://www.infoworld.com/d/cloud-computing/blogs?source=footer
eseerd 11-Mar-10 1:45pm
I went to a presentation from a major cloud vendor and was surprised to find out they had
no backup system in place.
Personally, I don't think it's a good idea to send important data into cyberspace for any
purpose. However, if you are expecting the cloud to provide persistence, be sure your cloud
provider has the same vision and has actually implemented it.
IFWTEH 15-Mar-10 12:59pm
To minimize your capital outlay, use a public cloud and to cover issues with public cloud
usage, why not use 2 or more independent public cloud vendors? The likelihood that they all
would fail or go out of business would seem to be very low. Define a very narrow set of
resources to cover the 3 issues you raise and focus your main resources on your business
and your customers to maximize your success.
drdam4n 15-Mar-10 2:56pm
These 3 points are all too obvious, and I don't see how they could be overlooked. 1) Public
vs. Private -Evaluating options and vendors (do your homework) 2) Security and governance
should be built into every process and service that IT implements 3) Again, business
contiunity should be part of every implementation.
• Cloud providers must learn to keep secrets

• Chromebooks and the cloud: The ugly truth
• The 'is the private cloud a false cloud?' debate is false
• Why Sony's PSN problem won't take down cloud computing
List of all recent posts
• Understanding the Cloud Computing Stack: SaaS, PaaS, IaaS | White Paper
• Building a Cloud-Ready File Storage Infrastructure | Webcast
• Consideration for the Cloud: The Process Every Enterprise Should Think Through |
White Paper
• CLOUDONOMICS: The Economics of Cloud Computing | White Paper
• Revolution not Evolution: How Cloud Computing Differs from Traditional IT and Why it
Matters | White Paper
• Moving your Infrastructure to the Cloud: How to Maximize Benefits and Avoid Pitfalls |
White Paper
See all White Papers / Webcasts

Sponsored by:

http://www.networkworld.com/news/2011/041111-what-the-cloud-really-costs.html
What the Cloud Really Costs: Do You Know?
By David Carr, CIO
April 11, 2011 09:37 AM ET
Sponsored by:
For CIOs who distrust most technological promises (having heard too many of them), cloud computing sets off
alarm bells. Yet those CIOs finding success in the cloud say their colleagues should be equally skeptical of IT
managers who claim they can deliver better and cheaper results internally. (For expert advice about cloud-vendor
contracts, see " How the Cloud Can Turn Toxic.")
DeVry University CIO Eric Dirst is careful to keep his team honest about the real costs of internal IT. "You have to
think it through. We try to calculate 10-year [total cost of ownership] when we make a big purchase. We don't want
to have to replace things in two or three years," he says.
An honest comparison must take into account the cost of provisioning servers and replacing them about every three
years, plus the overhead of system administration, security patches and disaster recovery. Those are built into the
monthly fee for a cloud computing service, Dirst says. So far, DeVry uses software as a service (SaaS) applications
for CRM, HR and email. It has also has deployed custom applications on Saleforce.com's Force.com and custom
utilities on Amazon Web Services (AWS).
It's difficult to make direct comparisons between cloud computing and internal IT, notes Larry Bolick, CIO of the
creative services staffing firm Aquent. "It's not like when you upgrade a server, and the clock speed is twice as fast
or you're getting four times the memory. That kind of comparison doesn't exist necessarily in the cloud."
Over the past two years, Aquent has converted more than 30 offices in North America to a cloud-based phone
system and moved its core business system to the cloud. In the process of changing the company's homegrown ERP
system to a Web-based model, Aquent switched it from traditional data center colocation to hosting on AWS. The
software now runs in three AWS clouds-one in the United States, one in Ireland and one in Singapore-to deliver
global coverage. "With that particular application, we get some disaster-recovery capability in the bargain because
we're replicating between the three different instances," Bolick says.
James Staten, a Forrester Research ( FORR) analyst, agrees that companies tend to underestimate the cost of internal
IT. "Often, organizations only count the capital expenditure, not the operational costs, so they come to the incorrect
conclusion that it would be cheaper to do it on premise," Staten asserts.
The Capital Expenditure Monster
Today, cloud computing is most popular with small-to-midsize businesses (SMBs). Large enterprises tend to be
more conservative, often citing security concerns. That will change as the servers that those large enterprises own
come to the end of their useful life and CIOs look for money to replace them, predicts Michael Hugos, a consultant,
former CIO and current CIO.com blogger.
At that point, says Hugos, "I think it becomes a CFO discussion about capital expenditure." CFOs may increasingly
force the issue of replacing investments in IT equipment with the variable costs of cloud computing. In addition to
the direct costs, a CFO is likely to consider the opportunity cost of tying up capital in fixed assets such as servers, he
says.
And precisely because customers are crying out for reassurances about the security of cloud services, service
providers will invest in making them secure-at the same time many enterprises are cutting back on information-
security investments. "The idea that data sitting on a server in my server room is more secure [than in the cloud] is
disingenuous," says Hugos. Underlying the argument, he says, are IT professionals trying "to convince the suits not
to outsource my job."
Because many technology managers have a vested interest in fending off this wave of
change, CIOs need to turn a gimlet eye on their staffs (and their own) cost projections,
Hugos says. "I would give my estimate to a bunch of hard-nosed accounting and finance
guys and see what they say about it."

Joe Weinman, a Hewlett-Packard ( HPQ) executive who is one of HP's chief spokesmen on cloud computing,
predicts a more gradual transition. "I do believe most IT will move into the cloud for consumers and SMBs," he
says. On the other hand, large enterprises have enough systems-management discipline "that the idea that a cloud
provider would achieve better, meaningful economies of scale is difficult for me to believe."
For large enterprises, using a public cloud infrastructure will make sense in special cases, such as when they could
profit from renting a large number of computers for a short period to run an intensive calculation quickly, Weinman
suggests.
A big company also might use cloud services as a hedge against uncertainty in case a fast-growing new product or
business unit stalls, Weinman says. "While you're growing, it's easy to say you should just buy servers and keep
deploying them. But if you do enter into a period of decline, those assets are like concrete shoes."
Costs That Lurk in the Cloud
Dirst and Bolick agree that cloud computing also can have hidden or unanticipated costs. Bolick says he
underestimated the cloud server capacity he would need to achieve an acceptable level of performance because he
made the mistake of treating cloud servers as the equivalent of physical servers.
Because a cloud server actually represents a virtualized slice of memory and processor resources from a pool of
servers, its performance may not match what you would expect from a dedicated server in your data center or a co-
location facility.
"If I was doing it again, I would essentially overengineer the environment in the cloud. Then, once I had the system
stabilized, I would downsize it from there," Bolick says. "Of course, one of the beauties of the cloud is we were able
to ramp up quickly," correcting the performance problem in a few days.
And when transitioning to the cloud, your cost model should allow for a few months of running the new and old
systems in parallel, which will lead to a spike in expenses.
Organizations that have adopted principles of service-oriented architecture will be in the best position to take
advantage of cloud technologies, Dirst says, while those that have not may need to play catch-up. That might mean
training staff, upgrading middleware, or both.
Dirst admits he underestimated the management and monitoring costs associated with cloud apps. Because
traditional enterprise-network-management tools don't do a good job of tracking cloud apps, his department has had
to script its own monitoring routines so it knows when a cloud app-or the integration between an app and enterprise
systems-stops working.
"That usually costs more than we had expected," Dirst says. Still, he sees good ROI, combined with the ability to
deliver new capabilities faster in the cloud environment. That's particularly true of SaaS apps, which typically
deliver new features instantly two or three times a year. When a traditional software vendor releases a new version,
it's usually three to six months before DeVry can roll it out with confidence.
In the overall cost equation, "Not having to go through that? How does that commercial go? Priceless," says Dirst.
David F. Carr is a freelance writer based in Florida.
Read more about e-mail in CIO's E-Mail Drilldown.

Cloud Computing Readings INFS6000

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Computing Readings INFS6000

Uploaded by

Copyright:

Available Formats

Cloud computing

Are we there yet?

Costs and Benefits

Filename:59718617.doc Return to Index of Articles Page:1 of 29

Filename:59718617.doc Return to Index of Articles Page:2 of 29

Filename:59718617.doc Return to Index of Articles Page:3 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:4 of 29

Filename:59718617.doc Return to Index of Articles Page:5 of 29

Filename:59718617.doc Return to Index of Articles Page:6 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:7 of 29

This story appeared on Network World at

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:8 of 29

In a recent newsletter we introduced the concept of Application Delivery 2.0, a major

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:9 of 29

This story appeared on Network World at

Filename:59718617.doc Return to Index of Articles Page:10 of 29

Filename:59718617.doc Return to Index of Articles Page:11 of 29

Return to Index of Articles

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:12 of 29

Cloud? No now, not ever

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:13 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:14 of 29

This story appeared on Network World at

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:15 of 29

Filename:59718617.doc Return to Index of Articles Page:16 of 29

Filename:59718617.doc Return to Index of Articles Page:17 of 29

This story appeared on Network World at

Filename:59718617.doc Return to Index of Articles Page:18 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:19 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:20 of 29

Filename:59718617.doc Return to Index of Articles Page:21 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:22 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:23 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:24 of 29

By David Linthicum created 2009-11-24 04:00AM

Filename:59718617.doc Return to Index of Articles Page:25 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:26 of 29

• Cloud providers must learn to keep secrets

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:27 of 29

This story appeared on Network World at

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:28 of 29

Return to Index of Articles

Filename:59718617.doc Return to Index of Articles Page:29 of 29

You might also like