I recently returned from a week at Salesforce.com's (SFDC) annual user conference, Dreamforce in San Francisco.  Given the importance of SFDC to the cloud movement overall, I think some valid opinions can be drawn about that market in general and the potential impact on the traditional IT market in particular.

• The audience was generally bigger (with 19,000 attendees), younger, hipper, and skewed more toward the female demographic than your traditional IT conference. In fact the conference had a "feel" closer to people who are like the Macintosh guy versus the PC guy. Whether you like it or not, what SFDC does is considered cool. In addition the audience had what might be described as a cultish following for SFDC, with a zeal towards changing the world of IT. Lesson for Enterprise IT - Ignore this trend at your peril. While SFDC talks about "no software" this is largely hyperbole as software remains everywhere, on-premise and off-premise. The fact remains that the cloud approach has merit and must be taken (and managed) seriously by enterprise IT organizations. Don't be the IT person manning the barricades. Be the IT and security person who makes sure the cloud benefits your organization.
• Platforms-as-a-Service (PaaS) - A lot was made of SFDC's Force.com platform. The world has a lot of development platforms, now both in the cloud and on premise, so the number of options for application developers keeps going up, not down. However, while every application platform provider says something (including SFDC) like, "if everyone just used my platform for everything we could eliminate integration and other interoperability challenges," anyone in IT for more than a few years knows that this is impractical and undesirable in reality. Application platform heterogeneity almost always increases. Homogeneity is nice in theory but unattainable for most organizations. Lesson for Enterprise IT - The multitude of cloud platforms from MSFT, SFDC, & Google, to name three, in addition to the longstanding on-premise application development stacks from IBM, Oracle, Microsoft, and others, are driving greater IT heterogeneity, not less. This has significant implications for how organizations need to manage and secure IT, not whether they need to manage and secure IT. It also highlights why a vendor like CA (with no application platform axe to grind) is in the perfect position to provide cross-platform IT and security management capabilities for both on and off-premise applications and infrastructure.
• Security and privacy was mentioned, but only in passing in the keynotes. There was some general hand-waving that the platform is secure, but nothing I came across backed up this assertion. I will note that there was brief reference to SSO and SFDC's support of the SAML standard, which is certainly a step in the right direction. But there is a lot more that needs to be done to make cloud applications a seamless part of an enterprise's security fabric. Lesson for Enterprise IT - This is a critical area that hasn't been sorted out by the Cloud community and is a great place for IT security organizations and vendors to bring forward both security challenges and their potential solutions. Let's hope that massive data leaks are not needed to prod the industry into action....but given human nature I am afraid that this will need to happen.

The only gripe I have about the conference is that it started so early in the morning (7:30 a.m.).  Maybe it is easy for those young and hip folks to get up so early after retiring so late, but for us older (PC) guys that is more challenging.