Welcome!

Security Authors: Trevor Parsons, Liz McMillan, Elizabeth White, Pat Romanski, Adam Vincent

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Web 2.0, Security, Big Data Journal, SDN Journal

Cloud Expo: Article

Cloud Computing: Rethinking Control of IT

Executives are still dead set on building Private Clouds. The true reason for this stubbornness is the battle over control.

In my role as a globetrotting Cloud consultant, I continue to be amazed at how many executives, both in IT and in the lines of business, still favor Private Clouds over Public. These managers are perfectly happy to pour money into newfangled data centers (sorry, “Private Clouds”), even though Amazon Web Services (AWS) and its brethren are reinventing the entire world of IT. Their reason? Sometimes they believe Private Clouds will save them money over the Public Cloud option. No such luck: Private Clouds are dreadfully expensive to build, staff, and manage, while Public Cloud services continue to fall in price. Others point to security as the problem. No again. OK, maybe Private Clouds will give us sufficient elasticity? Probably not. Go through all the arguments, however, and they’re still dead set on building that Private Cloud. What gives? The true reason for this stubbornness, of course, is the battle over control.

Thinking Like a Control Freak
IT executives in particular have always been control freaks. Our IT environments have been filled with fragile, flaky gear for so long that we figure the only way to run the IT shop is to control everything, grudgingly doling out bits of functionality and information to business users, but only when they ask nicely.

But this old mainframe reality has been fading for years now. The move to client/server to n-tier to the Internet and now to the Cloud are all exercises in increasingly distributed computing, with special emphasis on the distributed. As in distributed control.

The technology powers that be in the enterprise have been fighting this trend kicking and screaming, of course. But they’ve been fighting a losing battle. We saw the tide turn in the first-generation SOA days of the 2000s, when the IT establishment invested tried to implement SOA by buying ESBs, centralized pieces of middleware that purported to run the organization. But too many enterprises ended up with multiple ESBs and other pieces of middleware, since of course every manager in every department silo needs their own, because they all crave control. So the doomed SOA effort became a futile exercise in middleware-for-your-middleware, as the desired agility benefit sank beneath waves of rats-nest complexity.

What’s really going on here? Why do executives crave control so badly? Two reasons: risk mitigation and differentiation. If that piece of technology is outside your control, then perhaps bad things will happen: security breaches, regulatory compliance violations, or performance issues, to name the scariest. The problem is, maintaining control doesn’t necessary reduce such risks. But if you’re responsible for managing the risks, then the natural reaction is to crave control.

Managers also believe that whatever it is they’re doing in their silo is special and different in some way. So there’s no way they can leverage that shared piece of middleware or shared SOA-based Services or multitenant Cloud. If they did, they wouldn’t be special any more. Having a differentiated offering is essential to any viable market strategy, after all. So clearly my technology has to be different from your technology!

Chaos vs. Control
The Cloud, as you might expect, shakes up both these considerations, because the Cloud separates responsibility from control in ways that we’ve never seen before. Every manager knows that these two priorities often go hand in hand, and under normal circumstances, we prefer them to go together, because the last thing we want is responsibility without control: the recipe for becoming the scapegoat, after all. With the Cloud, however, we can maintain control while delegating responsibility to the Cloud Service Provider (CSP). The CSP is responsible for ensuring the operational environment is working properly, including the automated management and user-driven provisioning and configuration that differentiate Cloud Computing from virtualized hosting. However, the CSP has delegated control over each customer environment to that customer.

By turning around this control vs. responsibility equation, we’ve placed the CSP into the scapegoat position. As long as we have an iron-clad Service-Level Agreement with our CSP, we can trust them to take responsibility for our operational environments, and if anything goes wrong, we can hold them responsible. But the control over those environments remains with us, the customer. Once enterprise executives realize this new world order, they will run as fast as they can away from building Private Clouds. After all, if you can maintain control while delegating responsibility, why would you ever want responsibility? Responsibility gets people fired, after all.

Shifting responsibility to the CSP also helps to resolve the regulatory compliance roadblock that so many executives point to as the reason to select Private over Public Cloud. A combination of a properly responsible CSP combined with a sufficiently detailed SLA can go a long way toward indemnifying organizations against compliance breach risks. Remember, regulations rarely if ever specify how you must comply, only that you must. It’s up to you (and your lawyers) to decide on the how. As long as you’re diligent, conscientious, and follow established best practice, you’ve mitigated the bulk of your noncompliance risk. The CSPs are chomping at the bit to take this responsibility, so the smart risk mitigation strategy is shifting toward the Public Cloud.

The Price of Differentiation
The second threat to centralized control of IT is the business driver toward differentiation. Whatever our department or business is doing is special and different, and thus our infrastructure as well as our application environment must be unique as well. This principle is always true up to a point, which is why executives love to cling to it like a floating log in a vast sea of change. But just where that point falls continues to shift, and has shifted further than many people realize.

No enterprise would dream of calling a computer chip company and asking them to fabricate a custom processor for general business needs. What about a server? Unlikely, but perhaps. What about your core business applications, like finance, human resources, or customer relationship management (CRM)? Somewhat more likely. How about applications that provide capabilities that differentiate you in the marketplace? OK, now we’re talking.

In other words, virtually no enterprise has any rational motivation to specify custom infrastructure. Today’s Infrastructure-as-a-Service (IaaS) will do, especially considering how many configuration choices are available today: processor speed, operating system (as long as you want Windows or a flavor of Linux), memory, storage, and network are all user configurable and provisionable. Furthermore, there’s no reason to customize your dev, test, or deployment environments, so might as well use a Platform-as-a-Service (PaaS) offering.

But what about the applications? For non-strategic apps like CRM, might as well use Software-as-a-Service (SaaS) like Salesforce. No executives in their right mind would say that their customer relationship needs are so unique that they should code their own CRM system. So, what about those strategic apps, the ones that offer our differentiated capabilities or information to our customers? If an existing SaaS app won’t do, well, that’s what PaaS and IaaS are for: building and hosting our custom apps for us, respectively.

Still not convinced? Consider the competitive risk: the risk of spending too much money on unnecessary capabilities. While your competition is leveraging the Cloud, focusing their efforts on their true strategic differentiation in the market and saving buckets of dough everywhere else, you’re busy pouring cash into building yet another widget that might as well be the same widget you can get much more cheaply in the Cloud. If doing something unique and different doesn’t help the bottom line, then you’re simply wasting money. The asteroid is almost here. Which would you rather be, a dinosaur or a mammal?

The ZapThink Take
Outsourcing commodity capabilities to the low-cost provider while focusing your strategic value-add on customized offerings is an oft-repeated pattern in the world of business, but it hasn’t really taken hold in the world of IT until the rise of Cloud Computing. The reason it’s taken so long for the techies is because we’ve never been able to separate control and responsibility in the past as well as we can today. Before the Cloud, if we wanted to outsource one, then the other went along for the ride. Any enterprise that outsourced their entire IT operation went down this road. Sure, your technology becomes somebody else’s responsibility, but you end up giving up control as well.

Perhaps the greatest challenge with maintaining such control with the Cloud is that it raises the stakes on governance, leading to what we call next-generation governance in our ZapThink 2020 Poster as well as my new book, The Agile Architecture Revolution. The Cloud’s automated self-service represents powerful tools in the hands of people across our organization. Without a proactive, automated approach to governance, we risk running off the rails. Such issues are endemic in today’s technology environments: from Bring-Your-Own-Device (BYOD) challenges to SOA governance to rogue Clouds, we must learn how to maintain control while maintaining the agility benefit such powerful technology dangles in front of us. But until we learn to delegate responsibility for the underlying technology to Public Cloud Providers, we’ll never be able to maintain control cost-effectively while maintaining our competitiveness.

Image source: Diego David Garcia

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@ThingsExpo Stories
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of ...
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
We’re no longer looking to the future for the IoT wave. It’s no longer a distant dream but a reality that has arrived. It’s now time to make sure the industry is in alignment to meet the IoT growing pains – cooperate and collaborate as well as innovate. In his session at @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, will examine the key ingredients to IoT success and identify solutions to challenges the industry is facing. The deep industry expertise behind this presentation will provide attendees with a leading edge view of rapidly emerging IoT oppor...
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the technology industry and how do they see opportunities for other women in their area of expertise.
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's platform-as-a-service. The new platform enables developers to build ap...

Building low-cost wearable devices can enhance the quality of our lives. In his session at Internet of @ThingsExpo, Sai Yamanoor, Embedded Software Engineer at Altschool, provided an example of putting together a small keychain within a $50 budget that educates the user about the air quality in their surroundings. He also provided examples such as building a wearable device that provides transit or recreational information. He then reviewed the resources available to build wearable devices at home including open source hardware, the raw materials required and the options available to power s...
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup loading complex sites necessitates hundreds of DNS queries. In addition, as more internet-enabled ‘Things' get connected, people will rely on DNS to name and find their fridges, toasters and toilets. According to a recent IDG Research Services Survey this rate of traffic will only grow. What's driving t...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
"For over 25 years we have been working with a lot of enterprise customers and we have seen how companies create applications. And now that we have moved to cloud computing, mobile, social and the Internet of Things, we see that the market needs a new way of creating applications," stated Jesse Shiah, CEO, President and Co-Founder of AgilePoint Inc., in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...