CA Community

April 2011 - Posts

Pragmatic Cloud: If a Cloud Falls in the Forest...Nobody Should Hear It

Published: April 28 2011, 09:19 AM | 1 Comment(s)
by George Watt

Resiliency is not a byproduct of cloud computing

CCL image courtesy of pfly - http://www.flickr.com/photos/pfly/154053611/sizes/s/in/photostream/About a week ago while thinking of cloud services I realized that I had been having a recurring thought for several weeks:  "If a cloud falls in the forest, would anybody hear it?" I resisted several urges to tweet those words thinking it might not really make sense to others and that it might not resonate.  I'll never know now - what a difference a week can make.

Collateral Resilience

The buzz following a service disruption at an undisputed leading cloud provider might give one the impression that there was widespread belief that resilience is always a byproduct of cloud services.  If you believe that to be an overstatement perhaps you might at least agree that many consumers of cloud services assumed, and still assume, that resilience is delivered as part of any cloud service.  Worse, the assumption may be that resilience is part of every cloud service.

Caveat Emptor

In fact, much diligence is required in this regard when selecting cloud services.  For example, do you factor into your cloud service selection that:

  • Not all cloud services are resilient/offer business continuity capabilities (...to the extent that your business may require)
  • Not all cloud services that offer resilient services and business continuity capabilities offer them to all subscribers (different packages, licenses, or subscriptions may include different resilience alternatives)
  • The service you consume may itself be a composite service (composite application); and unless your service provider has factored that into their design your application is only as resilient as its weakest link

Please Stay Tuned

Now, if you have been considering "cloudy options" to address your business requirements and opportunities please do not let these items, or anything else you may have recently read about service disruptions, give you the impression that no cloud solutions can offer the resilience you require.  In fact, some cloud solutions may be far more resilient than solutions you might be able to deliver on your own, in your own building.  Solutions are not any more or less resilient than on-premise solutions simply because they are cloud solutions.

Where to Begin?

As with on-premise solutions, some cloud solutions and services are better than others.  We simply need to be diligent with key items. These five items might be a good place to begin:

1) Read the fine print

Read and negotiate contracts carefully, and do not assume that because your resilience requirements are met in one contract they will be satisfied in another contract from the same vendor.  Vendor contract terms and conditions can change frequently, and some contracts even enable vendors to change those at their discretion and put the onus on their customers to remain up to date (e.g.:  by regularly visiting their website).  As well, your business needs and/or objectives may have changed, and your business may be subject to changing compliance regulations.  In addition these services often come with an additional charge.

Not every system requires the same level of resilience so be prepared to make informed choices regarding which level is acquired for each service.  What's important is that these decisions are made consciously and with considered intent; and that key stakeholders are involved and informed.

2) SLAs are paramount: 

Ensure you understand the service provider's detailed obligations in the event of a disruption.  How quickly must they return you to service?  What are their obligations to your business if they cannot meet their SLAs?  What are the remedies (e.g.: will they reimburse you for lost service or business)?  Are they obligated to keep your service up and running?  What if they cannot recover, or cannot recover quickly enough for your business?  Are they obligated to return your data to you?  If they are obligated to return the data, how much time do they have to get it to you?  In what format must the data be?

3) Drive defensively - Think beyond the contract: 

Should something bad happen, what if your cloud provider is not capable of providing the level of service and resilience that is specified in the contract?  What if the service provider is sufficiently damaged by an outage that they can no longer carry on their business?  The fact that you have the legal high ground may not keep your business from failing.  My high school Driver's Education instructor, Mr. Baron, used to say that the fact you had the right of way will be little consolation to you as you look up at the muffler of a car you walked in front of.   So, consider your prospective provider's track record and reputation.  Do they, or their key personnel, have a track record of putting their customers' interests first and of performing Herculean tasks to ensure the success of their customers?  Better still, do they have a reputation of being resilient themselves?

4) Business continuity is everyone's business: 

Of course we want, and expect, our cloud providers to deliver resilient services.  They need to be concerned with details that might span from failure of a device or software component to failure of a rack, or a row, or an entire facility.  It doesn't end there.  It's your company's logo that's on the website or service agreement your customers see; and who was responsible for a disruption likely won't matter to them when they are deciding whether or not they should continue to do business with you.  Business continuity planning remains a key requirement even with cloud solutions and it remains your responsibility to ensure that solid plans are in place.  Consideration must also be given to other items such as how the failure of an on-premise system might impact cloud-based services and vice versa.

CCL image courtesy of roboppy - http://www.flickr.com/photos/roboppy/349167552/sizes/s/in/photostream/5) Disruption comes in many flavors: 

While recent discussions have been largely focused on what might be referred to as a catastrophic or complete service disruption, "smaller" failures such as performance degradation can hurt just as badly.  For example, what if an online shopping site's response time was degraded from sub-second to five minutes per click for a forty-eight hour period?  The affect - two days of lost sales - would likely be quite similar to a complete outage.  In fact, it is possible that sustained unacceptable response time might even be more frustrating to customers.  These things are just as important tot he health of a business, and they become even more critical in the context of a composite application.  How does your application or service respond when one component of that composite application fails or is too slow?

Allons-y

These are just a few of the things that come to mind; and they're not unique to cloud solutions.  The question we should be asking is not "Will things fail?" but rather "When they fail will anyone notice?" and "Can they recover that seamlessly?"  In fact, cloud solutions may offer opportunities to provide resilience far beyond what can be provided on-premise (at times at lower cost) through the use of pooled capacity, globally available resources, and the ability to leverage multi-purpose capacity.  There may even be opportunities to leverage cloud capacity in the event of a failure that impacts on-premise systems and services.  We worked with our Business Continuity team to develop strategies for the use of engineering cloud capacity as "production" capacity in the event of a substantial failure.

So, in consideration of recent events should we all drop, or at least postpone, our plans to consume cloud services?  Well, the things that must be considered in order to provide a business service that includes cloud-based components are not terribly different from those we have always needed to consider.  And we continue to read about and hear of all of the great benefits and opportunities cloud computing can bring to a business.  (Dan Kusnetzky's article provides a nice summary of some of those.)  And with that in mind my answer is "of course not."  Cloud-based solutions offer compelling business advantage.  We simply need to be as diligent with certain aspects of our cloud-based solutions as we have been with our on-premise solutions.  In fact it may often be the case that the effort required will be much lighter on the part of the consumer in the sense that they may need to be aware of what their providers are doing but will be required to do a lot less of the heavy lifting themselves.  ("Trust, but verify.")

So, when our business will benefit, we should confidently go forth and experience the benefits of cloud computing.  What would you add to this list?

This blog is cross-posted at Pragmatic Cloud. Do you tweet? Follow @GeorgeDWatt on Twitter.

Share this post:  
Tags: , , , , ,
Leave a comment

 

By: George Watt
George Watt ( @GeorgeDWatt ) is VP of Strategy for the Cloud Computing organization at CA Technologies. For nearly 25 years, George has been helping customers simplify and automate their complex IT infrastructures. Prior to his current role, George founded CA Technologies Engineering Services team, which...
Read More..

More than 7 deadly sins of cloud computing

Published: April 26 2011, 09:21 AM | no comments
by Jay Fry

I'm a sucker for a clever headline.

Word cloud created at wordle.netA while back I ran across an article about the "7 Deadly Sins of Cloud Computing" in Computerworld. Antony Savvas was writing about a report from the Information Security Forum (ISF) that announced it had identified those items of great IT wickedness that will turn something that sounds as angelic as it comes - cloud computing - into some sort of pit of eternal damnation.

OK, maybe I'm exaggerating, but just go with it. (Though after the beating that Amazon took from some quarters after their EC2 outage last week, maybe I'm not exaggerating by much.)

So what were those 7 cloudy yet sinful atrocities? I'll tempt fate by listing them here, as reported by Computerworld UK:

Ignorance - cloud services have little or no management knowledge or approval

Ambiguity - contracts are agreed without authorization, review or security requirements

Doubt - there is little or no assurance regarding providers' security arrangements

Trespass - failure to consider the legality of placing data in the cloud

Disorder - failure to implement proper management of the classification, storage, and destruction of data

Conceit - belief that enterprise infrastructure is ready for the cloud when it's not

Complacency - assuming 24/7 service availability

It's a solid list, for sure. For each of these, you can probably recollect relevant horror stories. For example, the folks whose sites were impacted by Amazon EC2 going down for an extended period of time last week are probably guilty of the last one: complacency. They forgot to architect for failure, something they had probably done all the time in pre-cloud IT environments.

As part of the write-up on these big no-nos, Steve Durbin, ISF global vice president, explains that "with users signing up to new cloud services daily - often 'under the radar' - it's vital that organizations ensure their business is protected and not exposed to threats to information security, integrity, availability and confidentiality." No argument there from me at all.

But, security isn't the only thing you need to be concerned about if you're going to list out cloud computing sins. And why stop at seven? (Historical and liturgical tradition aside, of course.)

So, after talking about some additions to the list with folks on Twitter, here are a few more sins that I've heard suggested that I think are worthy of adding to the list:

Cloudwashing (from @Staten7) - Describing something as a cloud offering that is not. Vendors get beaten up for this all the time. And they often deserve it. In his research at Forrester, James Staten points out that enterprises do this, too. So, this can apply to vendors and to enterprises who believe they've checked the cloud box by just doing a little virtualization work.

Defensive posture (also from @Staten7) - I think this is one of the reasons an enterprise cloudwashes their own internal efforts. They are not looking at cloud computing for the agility or cost benefits, but instead are working to meet someone's internal goal of "moving to cloud." They're trying to cross cloud off the list while trying to avoid breaking their own existing processes, technology, or organizational silos. Or by saying they've already done as much as they need to do. Pretty selfish, if you ask me. Which is a sin all its own, right?

Needless complexity (from @mccrory) - The cloud is supposed to be clean, simple, and dead easy. Yet, there are cloud offerings that end up being just as complicated as the more traditional route of sourcing and operating IT. That's sort of missing the point, I think.

Too many separate security projects (from @jpmorgenthal) - Back on the security topic, JP Morgenthal tweeted this: "I'm a big supporter of security investments but I believe there are too many separate cloud security efforts." What are the issues? For starters, the right hand needs to know what the left hand is doing. And those different efforts need to be at the right level, area of focus, and have the right buy-in. Folks like Chris Hoff at Cisco and our own security experts here at CA Technologies can help you sort through this in more detail.

Worshipping false idols (from @AndiMann) - Well, this sounds a bit more like a commandment than a deadly sin, but I'm not going to split hairs at this point. This directive from on high can cover two topics, in fact: don't get all hung up on cloud computing definitions to the exclusion of a useful approach. And, secondly, ignore silly rhetoric from vendors going on and on about "false clouds." Yes, salesforce.com, I'm talking about you.

So there you go. Five newly minted Deadly Cloud Sins to go along with the 7 Cloud Security Sins from the ISF. All those sins, and I still didn't figure a way to wrap in gluttony. That was always a favorite of mine.

What's the bottom line here? Aside from a little bombast, there's some good advice to be had in all this. Avoid these approaches and you have a fighting chance at cloud computing salvation. Ignore them and your users will be drawing pictures of you with little devil horns and pitchforks on them. That last scenario is never a path to success in my book.

Any additional sins you will admit to? There are plenty more cloud computing sins that could be added to this list, that's for sure. Share any glaring ones that you think absolutely have to be here. Even if you're the one that committed them. After all, confession is good for the soul.

This blog is cross-posted at Data Center Dialog. Do you tweet? Follow @jayfry3 on Twitter.

Share this post:  
Tags: ,
Leave a comment

 

By: Jay Fry
Jay Fry is vice president of marketing, Cloud Computing, at CA Technologies. He has over 20 years of experience in marketing and management for innovative enterprise software companies. Prior to CA, Jay was vice president of marketing at cloud computing start-up Cassatt and founded the marketing department...
Read More..

April 21, the day the cloud was out!

Published: April 25 2011, 10:56 PM | no comments
by CA Community

Some blogs percolate for a while, waiting for a good day to be put to paper. For this one - about the cost of reliable cloud - that day was last Thursday, the day a network mishap caused an outage at Amazon Web Services taking down more than 100 customers, many of which cloud providers themselves, in its aftermath, while at the same time a similar mishap at Sony PlayStation´s network stopped about 70 million gamers from connecting.

A lot has been written about the outage, so I won't repeat that here (if you want to catch up suggest you read: TechCrunch for the PlayStation story, GigaOM for an overview of the Amazon issue, eWeek for some interesting analysis and the DotCloud blog for a very readable explanation of day to day use of a public cloud service like Amazon).

Instead, let's focus on the big picture of the cost of reliable cloud, comparing it - again - with the move from mainframe to distributed computing.  History tends to repeat itself, especially in IT where generations of technology tend to be heavily siloed, and staffed with different generations of people who often do not even sit at the same table in the canteen.

Somewhere during the 1980s, IT pros started to realize they could get the same processing power for significantly less money, when selecting distributed servers - till that time used mainly for scientific work - instead of traditional mainframes.  Soon after, companies began porting existing applications to the new platforms, focusing initially on applications that were more compute than I/O or data intensive (sounds familiar?). And indeed, initially the new departmental platform, not requiring all the resource intensive water cooling, air-conditioning or a heightened floor did seem a lot more cost effective. But, it didn't take long after initial proofs-of-concept to find that for some applications we needed more processors or to set up clusters, or uninterruptable power supplies and other redundant features. On the storage front, we started to use the same - not so cheap - storage solutions as we did on the mainframe. And shortly thereafter, the distributed boxes started to look and cost about the same as the systems they were replacing. Let's not forget that at the same time, smart mainframe developers - pushed by the competition from distributed systems - found ways to abandon water cooling, leverage off the shelf standard components like NICs and RISC processors and even re-examined their licensing cost for specific (Linux) workloads.

What does this all have to do with cloud computing? Likewise, we see that running a certain "compute intensive" workload can be done much faster and cheaper in the new environment. But when replacing these one-off batch jobs with services that have higher availability and reliability needs, the picture changes. We need to have redundant copies and failover machines in the data center, and in many cases a backup data center in another part of the country, preferably located on an alternate power grid and connected to multiple network backbone providers. All of a sudden it sounds a lot like the typical set-up a bank would have - and likely with a similar cost profile. So far cloud seems to offer cost benefits, but will this cost advantage still exist if we need to replicate our whole cloud setup at a second vendor - worst case scenario, doubling the cost.  Now cloud has many other advantages beyond cost (elasticity, scalability, ubiquitous access, pay per use, etc.), so many specific use cases are still ideally suited  for the cloud, but if a certain application has no need for these, then it may be worth (re-)considering the business case for a move to the cloud.

Regarding redundancy, the cloud business case actually has two opposing vectors. On one hand, there is the fact that as a user you have less control (you can't fly there and ‘kick' the server) leads to requiring a secondary backup installation. On the other hand, the cloud - with its pay-as- you-go model - offers much more efficient ways to arrange for a backup configuration for running your applications, than finding your own second location and filling it with shiny new kit.

At the same time you have to take into account the likelihood of the cloud having capacity available at the moment you need it. If your own data center fails, I am sure you could find another cloud provider with some capacity. But in this case, where one of the largest (cloud) data centers in North America had issues, all customers, in principle, could be looking to move their workloads elsewhere, it is not certain that enough excess capacity would be available at alternate providers.

In this specific case there seemed to have been technical issues inside Amazon and Sony's data centers that caused a series of events impacting the services running within, but what if there had been a major physical problem, such as a large fire or accident? With more mission critical applications moving to the cloud, companies need to make contingency planning a top priority.

As a result of last week's incidents, enterprises should take stock to assess what services are truly vital to their customers and/or to their own continuity. Organizations (and the world) seem to be more resilient than you might expect. In the Netherlands we saw Telcos ceasing mobile service in a large part of the country  for periods of up to half a day, with ISPs unable to offer Internet services for as long as a week in certain regions. And yet, these companies did not go under. Each industry, government and organization will have to assess its own priorities and success metrics/criteria and standards. As I mentioned in a past blog post, aiming to continue your on-demand video services after a mayor flood, hurricane or nuclear disaster may be over-shooting what is necessary under those circumstances - survival will be the only concern in a case like that.

Looking at the reactions in the market so far, the responses of the vendors impacted by the Amazon mishap seem to be a lot more benign that the reactions of impacted PlayStation gamers. Maybe because these vendors feel they have a good thing going and the last thing they won't to do is kill it by too much honesty. What is refreshing is that not too many vendors crawled out of the woodwork saying "private cloud, private cloud, private cloud" -- not even my colleagues who recently published a book on the topic. Good!  Nobody loves "I told you so" types and there's no point in kicking your opponent when he is down. But the case for private cloud did get a bit better, or is it just me thinking that?

Share this post:  
Tags: , , , , ,
Leave a comment

 

By: CA Community
CA Community is the blog manager’s account used to post general updates and news items.
Read More..

5 Simple Rules for Creating a Cloud Strategy

Published: April 20 2011, 10:10 PM | no comments
by CA Community

Over the last 18 months, the media, technologists, analysts, CIOs and CEOs have all been talking about the cloud. Now, most organizations are embarking on some form of cloud computing, but as always, technology is the relatively easy part. For those of you wanting to keep your feet firmly on the ground, and looking to set your direction and strategy, here are some simple guidelines to help you along the way.

CCL image courtesy of deleted.scenes - http://www.flickr.com/photos/dephineprieur/3571763921/sizes/s/in/photostream/1. Start your cloud strategy (and any cloud project) with an exit strategy

Now this may seem like contradictory advice, but there is a great risk of vendor lock-in with cloud computing than there is with traditional on premise software, and I'm sure that you will be aware of the downside of vendor monopolies such as high cost, low responsiveness and inflexible vendor business practices, which result in vendor lock-in and prohibitive switching costs.

A second important reason to avoid vendor lock-in to any cloud computing services is that unlike today, where software is purchased and then used to deliver services to customers, in the cloud era organizations are directly dependent on external providers to deliver those services. The impact of a breakdown or contract termination of as a service delivery is much more immediate to the business, it is therefore imperative to have a plan B.

Ideally you will architect your cloud services and contracts in such a way, that you can move to an alternative (Plan B) within a reasonable timeframe. A definition of reasonable depends on the type of business and may vary be between six months and six seconds. Standards, although currently just emerging, will play a crucial role and I recommend that you consider any implementations that are not based on such standards as temporary. Meanwhile the automation capabilities of vendor neutral management tools can help enable such exit strategies in a cost effective manner.

2. Design IT as a supply chain

Although deceivably simple, this analogy will help to change both the way the IT organization thinks and acts and, how other departments perceive IT. Supply chain thinking allows you to both buy and build; it allows you to make all your decisions in the context of what your company needs in order to deliver services to its customers. It allows you to look at what your IT department owns in-house but also all the services you sourced externally too. A good rule of thumb in setting your IT supply chain strategy is the lean mantra: Only do what adds value to your customers and remove any steps/activities/processes that don't add value or aren't legally required.

A supply chain approach means dynamically balancing resources (both internal and external) against rapidly changing goals and constraints towards an optimal end result. This is a very different game from traditional IT where IT operations avoided changing anything that was not broken to "keep the lights on" in the most reliable and stable manner possible. Just as in a car factory the product mix changes constantly, new products are introduced while others are phased out, the supply chain will enable IT to switch services on and off as and when required.

3. Use a portfolio approach for deciding WHAT to move to the cloud

A good cloud strategy is as much about WHAT to do as about HOW to do it. A portfolio approach helps you identify which services could be moved to the cloud and deliver cost savings and agility to the business, versus the more business critical services which - at this time - are less desirable to move to the cloud.

A portfolio approach needs to begin with the strategic goals of your organization in mind. These goals may vary from becoming customer focused to launching products in emerging markets or; reducing cost within the business.

Once the strategic goals are identified, these need to be matched to business or market constraints for example legislation, resources, geography or finance. The final step would be to map the goals and constraints to existing IT services and your cloud based opportunities.

From this exercise you will produce a roadmap of what you need to do; how you allocate human, financial and technical resources to deliver the most critical services and, monitor progress against your plan.

IT portfolio planning is not a one-off exercise and not something that can implemented overnight. It will constantly evolve as the business evolves and as IT gains maturity and experience in consuming and deploying cloud services.  It is a good starting point to determine  your "low hanging cloud fruit" which could add considerable value in terms of benefits or cost savings quickly and, those services which are too business critical to be put into the cloud.

4) Make service costing a core competency

If cloud computing it going to achieve one of the goals it is heralded for, then it needs to remove unnecessary cost - not just move CAPex to OPex.

Regardless of whether a service is completely rendered in house, composed from various sourced components or procured completely as a service, it is essential to understand the exact cost characteristics and the impact on the overall cost of doing business.

IT needs to be able to determine the cost of each service delivered rather than just the cost of individual IT functions. For example, services may include payment processing, issuing tickets, sending invoices, creating an order, facilitating video conference calls and delivering online training courses.

In electronics manufacturing the heads of production are not interested in how much the company spends in total on plastic versus aluminum or copper, but they want to know whether they can offer their new product at a competitive price compared to their competitors.  In the same way, IT needs to prepare itself for such discussions, can they deliver services at an optimal cost, and if not, can they suggest a viable alternative?

Cost reduction is not the only reason or benefit when adopting cloud computing, increased accountability and agility and reliability are a few other areas which cloud computing can really impact positively. So whilst increasing transparency in the cost of IT services will give you insight into areas to optimize from a cost perspective, you may need to balance this view with potentially needing to increase investment in the short term for greater business agility.

5. Treat security as a service

Security or to be precise "fear of a lack of security" is consistently cited as the biggest barrier to cloud computing. However, a recent study conducted by Management Insight and sponsored by CA Technologies showed that 80 percent of mid-sized and large enterprise organizations have implemented at least one cloud service, with nearly half saying they have implemented more than six cloud services. This adoption is happening even though 68 percent of respondents cite security as a barrier to cloud adoption. These survey results indicate that for now cost and speed of deployment are leading reasons for cloud adoption and are strong enough to offset the perceived risks associated with deploying cloud services. This may be a sufficient for now, but as increasingly sensitive data and applications are selected to migrate to the cloud, organizations will quickly reach an impasse.

The security challenge with the "supply chain" model is an organization's ability to dynamically control access of a variety of users across a changing portfolio of applications running internally and externally from multiple suppliers.

The cloud computing model demands a rethink about how security is approached- making it an enabler instead of an inhibitor. The challenge is, not denying access to everyone, but letting the right people access the data they need to have access to (and no more than that) and to actively control the usage to prevent any out-of-the-ordinary activities.

 

Now having shared some advice and suggested first steps to start planning, I'd like to add one last thought.

The appropriate speed for deploying cloud computing depends on the culture and current state of your organization and realistically you aren't going to be in the cloud tomorrow. The US Federal government issued a directive called "Cloud First." This is basically a type of "Comply or Explain policy" which states that cloud options should be evaluated first (comply) unless there are significant reasons not to do so (in which case departments should explain). Pushing the accelerator that hard might not be everyone's cup of tea, but whatever you do: don't rush in, but also make sure you do not get left behind!

 

Share this post:  
Tags: , , ,
Leave a comment

 

By: CA Community
CA Community is the blog manager’s account used to post general updates and news items.
Read More..

The CLOUD2 Commission Kicks Off: Q&A with Adam Famularo

Published: April 19 2011, 10:34 AM | 3 Comment(s)
by Christine Needles

Adam Famularo, general manager of the Cloud Computing business here at CA Technologies, recently was named a commissioner for TechAmerica Foundation's new Commission on the Leadership Opportunity in U.S. Deployment of the Cloud (CLOUD²). The commission's three-month mandate is to provide the Obama Administration with recommendations for how government could better deploy cloud computing, and for public policies that will help drive United States innovation in the cloud and spur economic growth. 

In his role as a CLOUD² commissioner, Adam will collaborate with leaders across industry and academia to provide recommendations to drive further U.S. advancement and innovation with cloud computing. The commission's first meeting took place on Friday, April 15, 2011, and I had a chance to catch up with Adam to get his reactions. Following is a recap of our conversation.

 

Christine Needles: Tell us about the first meeting. In your opinion, how did it go?

Adam Famularo: The first meeting went very well. A lot of material was covered setting expectations for what the commission was set up to accomplish and to make sure that our feedback was collected before we break off into smaller sub groups.

The main goal is to develop a set of recommendations for the federal government that answers the following two questions:

  1. What are the barriers to utilization and deployment of the cloud by the public sector and what practices/policies can be used to overcome those barriers?
  2. What public policies can be implemented that will facilitate adoption of the cloud by the commercial sector and thereby spur job growth and facilitate innovation?

We will be meeting several times over the next three months to complete the work, bringing together many of the technology industry's leading experts on cloud.

 

CN: What topics did the group touch on and what seemed to be the top hot button issues for the group?

AF: During the first meeting, we got to hear from several senior leaders in the public sector, including Vivek Kundra, Federal CIO; Dr. Dave McClure, Associate Administrator, Office of Citizen Services and Innovative Technologies, General Services Administration (GSA); and Gary Locke, Secretary, Department of Commerce; as well as representatives from industry and academia, including salesforce.com, VCE, Microsoft, CSC, Georgetown University and MIT.

Each of these experts discussed top areas of focus and concern in driving cloud adoption and innovation in the federal government.  The topics centered on some key themes:

  • Data Sovereignty - where does (or should) the data live?
  • Security - belief that we overdo the security concern, what are some solutions that can help?
  • Data Portability and Interoperability - how can we use standards and policies to ensure portability and interoperability of our data?
  • Transparency and Vendor Lock-in - how can we prioritize applications to move to the cloud without being locked-in to any one vendor?
  • Regulations and Policies - how can we empower rather than restrict the move to cloud?

 

CN: What were the key take-aways from the meeting? Were there any concrete outcomes?

AF: I was impressed with the level of knowledge in the room. We have the right people that can make a real difference. We also need to act quickly, as all of the industry players in the room agreed that the cloud is our "Digital Gold" that we need to capitalize upon. We are in the position to set standards for the rest of the world to follow and need to move fast. 

From our perspective, CA Technologies has a great opportunity to help drive standards development based on our work with SMI and other cloud standards organizations. We also have products and expertise to help organizations address the new challenges that cloud computing creates, and I am eager to help drive the commission's work in this area.

 

CN: Can you tell us about next steps or plans that the group kicked off? Working groups, topics, etc.?

AF: There will be a series of working groups kicked off in our next meeting, set for May 24, 2011. The teams will be investigating the following topics:

  • Transnational Data Flows
  • Security/Privacy/Trust & Compliance
  • Infrastructure Investment & Transformation
  • Human Capital & Organizational Change Management
  • Management and Movement of Applications
  • Acquisition and Budgetary Concerns

I will be participating in the Security and Management break-out groups focused on the Public Sector.

 

CN: What do you see as the top barriers and opportunities for cloud-driven innovation in the U.S.?

AF: The most important challenge and opportunity that I see is making sure the policies we recommend in CLOUD2 create a floor that we can all build upon and not a ceiling that inhibits innovation.

The opportunity for the U.S. is to create the standards that are applied to cloud computing worldwide.  We are the clear leader in this technology space and we need to capitalize on our first mover position to add more jobs - "Digital Gold."

 

CN: Were there any unexpected conversations or themes that arose during the meeting?

AF: One common theme/concern was around moving applications and data to the cloud and then being able to move from vendor to vendor. We also have heard this concern with our enterprise and managed service provider customers. Likewise, government agencies want to make sure they can always give new vendors opportunities to provide a better level of service than they are receiving today, or to switch providers easily as requirements or needs change.

 

CN: Why is it important for CA Technologies to be a part of the conversation?

AF: We have a great opportunity to share our practical knowledge and technology expertise to solve many of the key challenges facing both the public sector and commercial markets. Through this group, I'm also able to gain a new level of understanding about what our customers - including those that specifically serve the public sector -- see as their top challenges in cloud computing. With this insight, we can adjust our roadmaps to best meet our customers' needs. 

Share this post:  
Tags: , , , , , , ,
Leave a comment

 

By: Christine Needles
Christine Needles ( @cmneedles ) is a director of communications at CA Technologies, working with the Cloud Computing business. She is immersed in the world of B2B public relations and marketing communications, with 11 years of experience spanning several PR firms, until joining the communications team...
Read More..

More Posts Next page »