Cloud Security Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Dana Gardner, Maria C. Horton

Related Topics: Containers Expo Blog, Java IoT, Microservices Expo, @CloudExpo, Cloud Security, @BigDataExpo

Containers Expo Blog: Article

2013 Predictions: Private Cloud Is Really "Cloud-Washed Virtualization"

Private Cloud exposed as a fraud

If you're an IT manager calling your internal VMware or other virtualization farm a "Private Cloud" in an attempt to prove to your leadership that "public cloud is insecure" or "I built the same thing as Amazon Web Services (AWS)", you need to get ready for a dose of reality in the coming year.

Server-huggers beware, you might have been able to get away with it until now, but 2013 will mark a turning point in which the term Private Cloud will be permanently exposed for what it is...  a capital intensive, server stacking, virtualization game.

Just because you might have flexibility to decide how much RAM you can assign to a VM, doesn't give you the right to "cloud-wash" your internal IT operation and call it something that it's not... because although it may be Private (can someone tell me again why it's important to be able to touch your servers?), it's certainly not Cloud.

Not that there's anything wrong with that...

Just as Jerry Seinfeld so famously quoted... I'm not saying there is anything wrong with running an IT shop where you still spend lump sums of capital (CapEx) for physical resources, especially if you are working to make those resources flexible and reliable by optimizing your data center, using virtualizing, and invoking best practices like continuous monitoring and agile development.

Just don't use the word "Cloud" because your business users and C-level leadership are getting smarter every day on the incredible economic advantages, real security story, and global scalability benefits of public cloud.

In short, selling them a story like "my private cloud is the same as AWS, but more secure because it's on-premise" is going to begin to look childish.  And worse, it will discount the credibility of the (probably pretty good and still very useful) internal IT environment that you've worked so hard to build.

If you physically touched it, estimated your peak demand before buying, and/or don't have a re-occurring OpEx fee... IT'S NOT CLOUD.

Tightening definitions

The definition of  "Cloud" will also further tighten in 2013, where it will be reserved only for systems that allow you to:

• transform your IT into only operational expenditures (OpEx)

• go global in minutes

• never have to guess your initial or future capacity

Despite all the marketing from old guard IT and large virtualization software companies that claim building your own Cloud is the best way to go, your Private Cloud still:

• is a large capital expense (CapEx)

• rarely allows even the largest installs to go global in minutes

• makes you commit to a upfront minimum and requires you to predict future capacity

In his recent keynote at Amazon Web Services Re:Invent conference, SVP Andy Jassy put it in the best perspective I've heard yet, giving these six simple items that differentiate the burden of private, from value of public.  You can watch his keynote on Youtube here.  Check out around minute 32 for the best Private Cloud bashing.

It's okay, just try a little bit... it won't hurt you.

Remember those drug prevention classes in middle school (was it called D.A.R.E. everywhere or was that just an Ohio thing?) where the police officers would come and tell you the dangers of drugs and how they get you hooked by getting you to just try a little bit?

"Don't even do it once," they would say, "Because if you try it once, you'll be hooked for life!"

Well, it seems the private cloud loving internal IT folks were all sitting in the front row during those officer presentations, because they took this advice a little too seriously and have applied it to public cloud adoption too.

"The best thing about public cloud is it's cheaper to fail than belabor conversations about whether to try it or not." - Me

Internal IT will remain greatly relevant

Don't worry internal IT, you'll still be greatly needed by your company in 2013 and well beyond because there absolutely is a place for flexible, private infrastructure in today's IT.

Organizations that have invested millions in capital on IT hardware, software, networking, and human resources would be completely insane to throw it all away today and move everything to public cloud tomorrow; however, in the same breath, I would also call these organizations insane to keep piling investment into more private resources given the extreme economic, scalability, and functionality advantages of public cloud.

Over the coming years, even very large internal IT groups, simply won't be able to keep up with the rate of innovation, security, and scale that public cloud operations will achieve.

Internal IT will also face tough competition from rogue business users going outside of their internal IT to get what they need from public cloud with something as simple as a credit card swipe.  Of course, internal IT may think the best weapon against this is a strict lock-down policy where business users get punished for going rouge; but, a moratorium on public cloud only hampers corporate innovation and creates animosity between the teams.  I suggest there is another answer for internal IT... Embrace, broker, and support.

Although easier said than executed correctly, cloud brokering both public and private IT services, while supporting business users on both,will be the key function for internal IT groups staying relevant to the business and even thriving in 2013 and beyond.

Disclaimer:  These predictions are based on the fact that world does not end on December 21, 2012 as the Mayan calendar predicts. If we never reach 2013, I reserve all rights to drastically modify these predictions.

More Stories By Ryan Hughes

Ryan Hughes, blogging at www.RyHug.com, is the Co-founder and Chief Strategy Officer (CSO) of Skygone (www.skygoneinc.com), a Cloud Computing solution provider to SI's, ISV's, Commercial, and Government. Education: MBA in Project Management from Penn State University; BS in GIS from Bowling Green State University Ryan currently has 10 years in Enterprise-level IT Program Management and Operations Management, as well as vast experience in Enterprise System Design and Cloud implementation methodology.

@ThingsExpo Stories
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
Cloud based infrastructure deployment is becoming more and more appealing to customers, from Fortune 500 companies to SMEs due to its pay-as-you-go model. Enterprise storage vendors are able to reach out to these customers by integrating in cloud based deployments; this needs adaptability and interoperability of the products confirming to cloud standards such as OpenStack, CloudStack, or Azure. As compared to off the shelf commodity storage, enterprise storages by its reliability, high-availabil...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
SYS-CON Events announced today that Transparent Cloud Computing (T-Cloud) Consortium will exhibit at the 19th International Cloud Expo®, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The Transparent Cloud Computing Consortium (T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data proces...
Donna Yasay, President of HomeGrid Forum, today discussed with a panel of technology peers how certification programs are at the forefront of interoperability, and the answer for vendors looking to keep up with today's growing industry for smart home innovation. "To ensure multi-vendor interoperability, accredited industry certification programs should be used for every product to provide credibility and quality assurance for retail and carrier based customers looking to add ever increasing num...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessi...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.