So in my previous blog I provided my thoughts from the Cloud World Forum event. During that event I was asked what I believed the cloud market would be like in 5-10 years time. Well I had a stab at an answer at the time but I've had more time to think now and I think I'd revise my answer a little. As much as I hate offering up a hostage to fortune, I think it may be fun to check back in a year or two to see just how wrong I am :o)
First things first. I'll be using the NIST definitions for cloud computing - check them out, they're good and they're vendor-independent. [One beef I did have with the speakers at the Cloud WF was that they all insisted on giving us their own definition of cloud computing. We really should be over that by now... Particularly when they all mentioned the Internet and then a number went on to talk about private clouds.]
Let's have some initial assumptions:
i) IaaS will become more interoperable and portable - either provider-supported through the use of standard APIs (check out http://www.occi-wg.org) or by default through meta-cloud providers reverse engineering closed APIs.
ii) PaaS and SaaS vendors will have a big question to answer around the granularity of the services that they offer.
iii) Consumers will have some serious thinking to do with respect to the amount of lock-in (and subsequent pricing consequences) they are willing to endure.
So in my future IaaS will become seriously commoditised with consumers able to switch loads or other basic IT needs as and when necessary through the use of meta-clouds or other mechanisms for managing multiple cloud providers. I think that's a given. [I'm not going to talk about private or community clouds much in this post, let's just assume that most internal IT systems will be delivered by either private or community cloudy resources - let's face it, there's not much that won't be virtualised in 5 years time other than the obvious usual suspects, y'know those guys still running Cobol on legacy kit...]
The PaaS and SaaS space is much more interesting. In an ideal world, these kinds of providers would completely open up and offer very granular services, presumably charged per transaction or subscription, that consumers could use on a per-service basis from outside of the provider environment. Enabling SOA via cloud services. That would be good. What I fear is that PaaS providers in particular will be very close minded in their thinking and actually encourage the PaaS lock-in that has many cloud commentators (including this one) worried. Why would they do this? Well, once a consumer is effectively locked-in there'll be every temptation to start upping the prices - as long as the pain to the consumer is less than migrating away from the PaaS it's a definite win for the provider. Ah, but competition will prevent this I hear you say. Well, only if the competition isn't doing the same thing!
So that's my view of how the future will pan out. Anyone care to share theirs?
Friday, 30 October 2009
Friday, 23 October 2009
Cloud World Forum
I attended the rather grandly titled Cloud World Forum in London yesterday. Have to say that it was an excellent event, certainly more business focussed than other events such as Cloud Camp (which is always good fun if more IT oriented) or the rather disappointing CloudStorm event a couple of weeks ago.
Highlights and interesting tidbits from the event:
o Kate Craig-Wood of Memset, Intellect and the BCS is now co-leading the technical architecture stream of the Cabinet Office data centre consolitation work
o Asite are a public cloud service that have apparently obtained HMG accreditation for use by the Environment Agency. Unfortunately the presenter left before I had a chance to quiz him on the accreditation aspect!
o Lots of good presentations from the likes of Gartner and BT and some interesting panel sessions, particularly interested in the Gartner research that showed security was still the leading concern with organisations yet to adopt cloud computing. Also interesting that the main drivers for those organisations that have adopted cloud computing were cost and functionality. Who'd have thought it? ;-)
o If you have an interest in collaboration then certainly check out www.huddle.net - collaboration tools, video conferencing etc all in one user-friendly cloud-based offering.
o BT's virtual data centre is an interesting proposition - they do not run VMs for more than one customer on a physical blade. Of course, from a paranoid perspective you may still have de-commissioning concerns when the blade is returned to the wider resource pool. Not dug into the real low-level details here.
o Mimecast have released a Forrester Consulting report into the "total economic impact" of their solution. Yes, the report is specific to Mimecast, however the methodology of the report is of interest and it's useful to have a (vaguely) independent, albeit funded, report showing a detailed ROI argument for a cloud-based service. The report should be downloadable from the Mimecast web-site but I don't think it's there yet.
Downsides:
o Terribly dull presentation from VMWare, Cisco and EMC. Everybody else talking about business benefits, these guys droning on for a long time about IT and infrastructure issues. Bored everyone to tears. Content was actually not bad from a technical perspective but was wrong for the event and the delivery was way too dry. [Example of the problem with the presentation, when talking of moving to cloud services "...got to start with server virtualisation" - well, only if you're talking IaaS and I'd personally start with identifying what you want to do from a business perspective!]
o Still a general ignorance with respect to security - lots of mentions of it during the day but no real understanding of how to manage risk in a cloud environment. [One panellist even described escapes from VMs as 'a bit of a myth' - a bit problematic given that exploits have been published which do just that...]
o Slightly disappointing presentation on cloud security from Cryptocard which was basically yet another demonstration of using Cain and Abel to intercept passwords (*yawn*) and an overly broad statement that 2 factor authentication solves all authentication issues in a cloud environment. Yes, they would say that being as they sell 2FA solutions but it's blatantly not true!
Overall - good event, will definitely try to attend next year's. The attendees were left with the feeling that cloud computing is here, is real and is delivering benefits to the early adopters.
Highlights and interesting tidbits from the event:
o Kate Craig-Wood of Memset, Intellect and the BCS is now co-leading the technical architecture stream of the Cabinet Office data centre consolitation work
o Asite are a public cloud service that have apparently obtained HMG accreditation for use by the Environment Agency. Unfortunately the presenter left before I had a chance to quiz him on the accreditation aspect!
o Lots of good presentations from the likes of Gartner and BT and some interesting panel sessions, particularly interested in the Gartner research that showed security was still the leading concern with organisations yet to adopt cloud computing. Also interesting that the main drivers for those organisations that have adopted cloud computing were cost and functionality. Who'd have thought it? ;-)
o If you have an interest in collaboration then certainly check out www.huddle.net - collaboration tools, video conferencing etc all in one user-friendly cloud-based offering.
o BT's virtual data centre is an interesting proposition - they do not run VMs for more than one customer on a physical blade. Of course, from a paranoid perspective you may still have de-commissioning concerns when the blade is returned to the wider resource pool. Not dug into the real low-level details here.
o Mimecast have released a Forrester Consulting report into the "total economic impact" of their solution. Yes, the report is specific to Mimecast, however the methodology of the report is of interest and it's useful to have a (vaguely) independent, albeit funded, report showing a detailed ROI argument for a cloud-based service. The report should be downloadable from the Mimecast web-site but I don't think it's there yet.
Downsides:
o Terribly dull presentation from VMWare, Cisco and EMC. Everybody else talking about business benefits, these guys droning on for a long time about IT and infrastructure issues. Bored everyone to tears. Content was actually not bad from a technical perspective but was wrong for the event and the delivery was way too dry. [Example of the problem with the presentation, when talking of moving to cloud services "...got to start with server virtualisation" - well, only if you're talking IaaS and I'd personally start with identifying what you want to do from a business perspective!]
o Still a general ignorance with respect to security - lots of mentions of it during the day but no real understanding of how to manage risk in a cloud environment. [One panellist even described escapes from VMs as 'a bit of a myth' - a bit problematic given that exploits have been published which do just that...]
o Slightly disappointing presentation on cloud security from Cryptocard which was basically yet another demonstration of using Cain and Abel to intercept passwords (*yawn*) and an overly broad statement that 2 factor authentication solves all authentication issues in a cloud environment. Yes, they would say that being as they sell 2FA solutions but it's blatantly not true!
Overall - good event, will definitely try to attend next year's. The attendees were left with the feeling that cloud computing is here, is real and is delivering benefits to the early adopters.
Thursday, 15 October 2009
Resources for the busy security pro...
I'm going to step away from cloud computing for a change and go back to the main day job - security. Like many security pro's I'm a busy guy but at the same time my clients (and I) expect me to remain up to date with the latest happenings in the security space. Over the years I've whittled down the number of Internet resources I keep track of - I'm going to talk about a couple that I still check on a daily basis in this post.
Firstly: http://archives.neohapsis.com/
There are loads of security mailing lists - the site above is a convenient method for keeping track of the most useful ones. I'd recommend their Yesterday, Today, Full-Disclosure and DailyDave archives. There are other aggregators but I've been using this one for years and I'm a loyal soul...
Secondly: http://www.monkey.com/~jose/secblogs.html
As with mailing lists, there are loads of security blogs and loads of blog aggregators. I tend to use the one above as it aggregates blogs I'm interested in and provides a manageable number of links per day - I don't feel overwhelmed by the sheer volume of posts!
Hope you find them useful. If you have any other resources that you think would help a busy security guy keep up to date (in a quick and manageable way!) please add some comments.
Firstly: http://archives.neohapsis.com/
There are loads of security mailing lists - the site above is a convenient method for keeping track of the most useful ones. I'd recommend their Yesterday, Today, Full-Disclosure and DailyDave archives. There are other aggregators but I've been using this one for years and I'm a loyal soul...
Secondly: http://www.monkey.com/~jose/secblogs.html
As with mailing lists, there are loads of security blogs and loads of blog aggregators. I tend to use the one above as it aggregates blogs I'm interested in and provides a manageable number of links per day - I don't feel overwhelmed by the sheer volume of posts!
Hope you find them useful. If you have any other resources that you think would help a busy security guy keep up to date (in a quick and manageable way!) please add some comments.
Thursday, 1 October 2009
Cloud Security Summit
I presented my first ever web-cast yesterday as part of the BrightTALK Cloud Security Summit. An interesting experience and strangely enjoyable. I found the BrightTALK platform fairly straightforward to use, although the voting system could be a little more slick. It's a little uncomfortable whilst you're presenting as you've no way of knowing whether you're carrying your audience with you - fortunately the ratings have been quite positive and so I think I got away with it :-)
If you're interested in cloud security, my web-cast can be found here:
http://www.brighttalk.com/webcasts/5688/play
If you have any questions or want to leave any feedback, feel free to comment :-)
If you're interested in cloud security, my web-cast can be found here:
http://www.brighttalk.com/webcasts/5688/play
If you have any questions or want to leave any feedback, feel free to comment :-)
Subscribe to:
Posts (Atom)
