Boycott ISPs that abuse privacy, net neutrality

After Congress repealed the FCC’s broadband privacy rules two weeks ago, new Federal Communications Commission chairman Ajit Pai promised that the personal information they give to their ISPs would continue to be, well, private. Indeed, Pai said that he planned to work with the Federal Trade Commission to police ISPs around privacy issues.

However, many believe that this will not only fail to provide effective broadband privacy protections, but will also come at the cost of removing the FCC’s net neutrality rules. As you may recall, net neutrality prohibits ISPs like Verizon and Comcast from picking winners and losers on the open internet. Indeed, we could be heading for a day where the FTC actually won’t be able to regulate ISPs at all.

At the end of the day, these changes are really about placing trust in the government and the ISPs that they won’t deny or throttle specific internet services, including cloud services, over others. It’s also about placing trust that our use of cloud services or other internet services won’t be monitored for whatever reason. Trust us, right? 

As cloud computing moves toward a trillion-dollar market, we are facing the fact that the open internet is how these cloud services get to users. They typically flow through an ISP, and that ISP’s ability to deal with those services equally is important to enterprises, not only in the United States but all over the world.

Moreover, if ISPs collect data to use for their own purposes or sell to others, enterprises could find that down quarters, pending lawsuits, and even unannounced successes are easy to figure out because that internal information has been monitored by the ISPs and sold or hacked.

Enterprises would have to encrypt everything—and I mean everything—to keep this data away from ISPs. That will cost millions of dollars in terms of system changes and lost performance.

I hope ISPs are not stupid. But enterprises should avoid ISPs that stupidly take advantage of the lack of net neutrality or the removed legal constraints around privacy.

We’re banking on ISPs to regulate themselves, while paying them billions of dollars in broadband fees—both direct and indirect. ISP/cloud customers need to hold the ISPs’ feet to the fire to ensure that they get good ISP service, the ISPs do not favor one cloud provider over another, and most important, the ISPs don’t become Big Brother.

Enterprises should kick abusive ISPs to the curb. I’m pretty sure the government won’t.

Powered by WPeMatico

You need your ‘cloud brain’ more than ever

How we do IT is changing. As it changes, we need to alter the way we think about IT. I like to call that new thinking as having a “cloud brain.” 

So what the hell is a “cloud brain?”

A few core attributes include the following:

  • The ability to stop looking at all workloads as things that must exist in a corporate datacenter. Platforms can reside anywhere: colocation providers, cloud providers, in your datacenter, or on your phone for that matter. Compute is what’s used where you can find it at the lowest cost, and it matters not if you can touch it.
  • The ability to deal with security as a systemic concept, not a bolt-on. The traditional approaches to security don’t work in the cloud. You simply can no longer focus on tactical security that surrounds specific workloads. Instead, you must concentrate on systemic security that’s pervasive to everything you do.
  • The ability to focus on how technology can enable the business, not the other way around. Guess what? IT serves the business, and if you forget that fact, you’re not likely to recover. When IT doesn’t think with its “cloud brain,” it becomes a liability for the business, and the department needs—and often gets—a reboot.
  • Unlimited scalability. Scaling was never hard. What was hard was buying the hardware you needed to do accomplish it. Cloud computing means scaling is only a few clicks away, which removes the risks as well as the costs.

Things are different today than they were even a year ago. Yet many people in IT don’t have “cloud brains.” They think in terms of limitations, not innovation. They consider cloud technology to be a tactical tool.

As time goes on, people who don’t think with a “cloud brain” will find themselves on the sidelines. So … how is your “cloud brain” coming along?  

Powered by WPeMatico

Coping with H-1B limits: Distribute your talent instead

Whatever you may think of the limits put on H-1B work visas for U.S. jobs, it’ll likely be the law of the land for the next four to eight years, so enterprises that use high technology need to adapt. My advice: Distribute your technology talent globally, with help from the power of cloud computing and other technologies.

It was not so long ago that you had to be physically near the systems to build and maintain them. These days, however, systems are pervasive, and your location has little impact on your ability to design, build, deploy, and operate business systems. 

What puzzles me is the number of enterprises that have systems running all over the world, thanks to cloud computing, but that require people to be located in the corporate offices. My advice, again: Get good at distributing your people, all over the world if needed, like we’re getting good at distributing IT resources, thanks to the cloud.

Get good at distribution: data, development, processes, applications, and yes, people. I routinely run teams that are multinational, and the use of cloud computing becomes the common thread that allows distributed teams to be successful. In fact, I believe they’re more successful in such cloud-connected teams than if you made them show up to an official corporate cubicle each day. 

There are other benefits in addition to using talent wherever it happens to be. If being green is a goal, forcing people to sit in, say, Highway 101 traffic in Silicon Valley undermines that effort. Moreover (and most important), those two or more hours a day could be used much more productively.

When I give such advice, I get pushback concerning legal issues around use of labor, particularly the ability to monitor and evaluate employees. In other words, it’s really about control.

But the bottom line is if you can trust your applications and data to run outside your walls as they do in the cloud, you should easily be able figure out how to gain the same trust for your people.

Powered by WPeMatico

AWS is moving beyond IaaS and PaaS

Last week, Amazon Web Services launched Amazon Connect, a cloud-based contact center service. The objective is to provide enterprises with an easier-to-use and faster-to-deploy call center system. But there’s deeper meaning to Amazon Connect than simply a new service from AWS.

From a technology perspective, Amazon Connect works the same way as Amazon’s customer service system, incorporating its Lex AI technology for natural language processing, which is also used by the Alexa virtual assistant—yes, Alexa from the Amazon Echo.

The service lets users to dynamically configure customer interaction processes. Of course, it’s easy to integrate with AWS’s IaaS cloud.

But what’s unique about Amazon Connect is that AWS is moving up the stack. Although storage and compute are AWS’s bread and butter, higher-level services like Amazon Connect are likely to be AWS’s focus going forward.

The reason is simple: Such services are usually more profitable for vendors, and customers historically stay with them far longer than they do with infrastructure services (it’s much easier to change a server than a software system).

AWS won’t be the only one looking to use its cloud to move up the stack. Microsoft already offers a few business services, and I suspect it will buy more this year—ditto for Google.

Both Microsoft and Google started with SaaS, moved to PaaS, then IaaS. AWS seems to be going in the opposite direction.

What should enterprises think about this development? Anything that can solve a problem that you don’t have to build yourself—that’s a good thing. Amazon Connect is an instance of a solution for call centers. Similar solutions are likely to follow from AWS, as well as Microsoft and Google, building upon their existing basic cloud services.

While most will be tempted to call these SaaS, they are really a hybrid of SaaS, PaaS, and IaaS. Connect, for instance, is fully extensible using a configuration approach, but you can also broaden it with the vast number of AWS tools. Thus, these types of cloud services become more valuable, considering that most SaaS providers give you only what they got, and extending their capabilities is not an option for most.

Powered by WPeMatico

IT pros agree: Security is better in the cloud

About 42 percent of IT decision-makers and security managers say they are running security applications in the cloud, according to a survey of about 300 IT security pros from Schneider Electric. Almost half of those surveyed said they are likely or extremely likely to move their security operations to the cloud in a few years.

In the survey, 57 percent of respondents believe the cloud is secure. The cloud has the most confidence in on-demand security, and that confidence is highest among IT professionals (78 percent). I’ve stated before that cloud security is better than on-premises security, but it’s nice to see external evidence backing that up. 

The fact of the matter is that security is a complex and expensive set of technologies. Moreover, security is only as good as its ability to be proactive. Cloud-based security has been able to outperform traditional security approaches and technologies for a few key reasons:

  • The ability to be more proactive: Cloud technology is on-demand, so it can combat emerging and changing threats with updates that occur automatically.
  • The cost: Most on-demand security services charge by use, not for licenses. This means you pay for only what you work with.
  • The ability to better integrate security and devops: Security and devops seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devops processes.

On the downside, Schneider’s survey suggests there are considerable barriers that still need to be overcome. For example, 54 percent indicated that their security systems aren’t able to adopt new systems and services.

Still, it’s clear that cloud-based security is not only an option, but the preferred approach.

Powered by WPeMatico

In the cloud, you don’t need a college degree

Like most in this business, I have an advanced degree. I even taught computer science at the college level part-time for eight years before life got too busy.

That said, you don’t need a college degree to be successful in cloud computing. In fact, over the last few years, I’ve seen a clear trend toward accepting those without degrees not only in cloud computing specifically but in tech in general.

Although many tech companies and enterprises state they want candidates to have at least a bachelor’s degree, I find that most don’t actually care these days. They see 20 cloud computing jobs chasing one candidate, so it’s a seller’s market.

Employers are looking for people with certifications—for example, with AWS. After that, they seek people with initiative and demonstrated ability. Having a college degree is further down the list.

Cloud computing requires skills—not random skills, but specific skills such as cloud architecture, cloud development, cloud databases, and cloud security, with a further focus on AWS or Azure development or expertise in particular types of cloud database. You wouldn’t pick up those skills in college anyhow.

College is simply no longer a hard requirement for working in technology, including cloud computing. If you get focused training and certifications, you’ll find that you’re accepted more often than your high school counselor would’ve told you.

I’m not saying a college degree, and the loans that come with it, are worthless. It’s where you learn the fundamentals that give you an advantage in learning specific areas on the job, especially in areas that require understanding connections and patterns like architecture and security.

But someone who learned the specifics on the job and in other nonacademic venues can build the necessary level of knowledge, not only specific technical skills. Of course, you need initiative to get there.

My recommendation if you’re going down the noncollege route is to map out a path for your training. This means not only taking certifications from cloud providers, but also some training around less tactical topics such as cloud architecture, security, and monitoring.

Your training path must also include on-the-job training—it is often more important than what you learn from certification and external training. On the job, you must learn to deliver solutions effectively, as well as understand them.

The ability to understand the problem domain and deliver an effective solution is in fact the best metric for success. Because first and foremost, both tech companies and enterprises look for what you’ve accomplished.

Powered by WPeMatico

The barrier to cloud security isn’t the technology

You want solid cloud security, so you work to find the best approach and technology. But that won’t get the job done.

The truth is that competent cloud security technology is available, and most IT organizations’ cloud teams are good at finding and using it. But cloud IT doesn’t exist in a vacuum, so having the right approach and technology alone won’t secure your cloud operations.

To achieve solid cloud security, departments across IT need to come together, both those that focus on legacy and those that focus on cloud computing.

In reality, this union has proven to be difficult. Why? The people down the hall are dead set against you driving change.

In many instances, the groups that build and deploy clouds are decoupled from traditional IT. They have no formal relationship with traditional IT. However, to have effective cloud security, most traditional systems need to be included In the design and deployment.

The weakest security link is typically where the breaches will occur. The security of your public cloud-based systems may be almost perfect, but your traditional systems provide a side door to those systems. Attackers will focus on those often inadvertent side doors—and so should you.

In my work with Global 2000 enterprises that deploy cloud computing security, I often find huge holes on the legacy side through techniques such as penetration testing. It’s bad enough that the legacy IT systems have such holes, but it’s worse when those legacy IT systems connect to cloud systems, as they often must, and undermine in-place cloud security.

When I ask my IT clients charged with ensuring cloud security about the issues, the response is always the same: So-and-so in legacy IT would not allow me to update his or her security, or they would otherwise decline to cooperate in ensuring security across the systems.

That kind of culture is dangerously shortsighted: If we don’t get together on this stuff, all of the enterprise’s security will suffer.

I have very little patience for those who draw lines within IT, then dare others to cross it. In these days of devops, agile, and open source, we need to understand that IT is a holistic endeavor. Adding cloud computing to IT is even more reason to think about synergy. The wrong concern is turf; the right concern is effectiveness—enough said.

Powered by WPeMatico

Calculate your cloud costs with this simple formula

“Cloudops” is the latest buzzword. Its meaning is simple: the ability to operate workloads, including both applications and data, once they get to the public cloud.

What’s not so simple is figuring out what cloudops will cost over time, both based on future changes in technology costs and on adding or deleting workloads from the public cloud. 

The good news is that the back-of-the-napkin calculation to get started with is straightforward, once you’ve determined the values of a few basic variables:

  • NW: Number of workloads under cloudops
  • CW: Complexity of workloads (on a scale of 1.01 to 2.0)
  • SR: Security requirements (on a scale of 100 to 500)
  • MR: Monitoring requirements (on a scale of 100 to 500)
  • COM: Cloudops multiplier (on a scale of 1,000 to 10,000), based on resources used, including the cost of cloud services and the cost of people

The typical calculation looks like this:

Cloudops Cost Per Year = ((NW*CW)*COM)+((NW*CW)*SR)+((NW*CW)*MR)

Thus, a typical use case would be:

Cloudops Cost Per Year = ((1,000*1.75)*5,000)+((1,000*1.75)*350)+((1,000*1.75)*250)

That use case’s cost comes to $9.8 million: $8,750,000 + $612,500 + $437,500. It covers the cloudops budget for a year to operate a thousand fairly complex workloads (CW=1.75), with somewhat above-average security complexity (SR=350), average monitoring complexity (MR=250), and low resource usage (COM=1,000).

Don’t worry about this specific formula; its general nature will likely result in an incorrect calculation when you first use it. Instead, consider it a starting point, then customize the formula and your definition of the correct values over time to end up with a formula you can wield with assurance. Or at least employ it as a reality check to ensure you account for the operational costs of cloudops, not only the startup costs.

Too many enterprises don’t get the proper budget needed to operate cloud-based systems effectively, and they may die the death of a thousand cuts due to their underestimated operational costs. Those operations are critical, so you can’t afford to underfund them.

Powered by WPeMatico

Why the U.S. should give tax breaks to cloud adopters

To promote the use of cloud computing by small businesses in India, the Indian government is planning to introduce a subsidy for cloud usage. The hope is that the use of the cloud will make small businesses more successful, thus increasing both employment and tax revenues to the government.

In the United States we see the opposite approach, with the government more interested in taxing cloud computing than promoting its use.   

Subsidies or not, the cloud does make it easier to start a small business because it makes IT resources both affordable and available. Before the cloud, those resources could cost millions of dollars.

Small businesses tend to operate on tight margins, and cheaper IT is great, but the reality is that it’s also just as cheap to competitors large and small. So cloud taxation would especially hurt small businesses.

And it would slow cloud adoption by enterprises already faced with extensive upfront migration costs to move to the cloud. They will save over the long run, but putting hurdles in the initial phases only delays getting to that end game. Public companies are already penalized in cloud migrations because they are rated by earnings per share (EPS), and migration costs reduce that short-term metric, angering investors and the boards that respond to them.

In the long run, delaying or otherwise inhibiting cloud adoption is bad for both companies and governments.  

So perhaps the U.S. government should try what India is doing: promoting cloud adoption through tax policy. Here are two reasons why I believe it should consider the idea:

  1. Corporations are taxed on their profits, so more profits means more tax revenue. Enterprises that move to the cloud will see lower IT costs and thus more profits just from those savings. That means more taxable income.
  2. Cloud computing reduces the need for electrical power, which is a big cost that the government subsidizes in so many ways. A tax-the-cloud approach would encourage enterprises to keep building datacenters — after all, those capital expenses are tax deductible. And that means more power plants and energy resources (whether coal, gas, solar, biofuel, wind, or hydro) to subsidize and regulate, as well as more pollution to remediate or pay for such as through increased medical costs for the poor who tend to live near pollution emitters.

You could argue that penalizing the cloud will preserve high-paying jobs at all those enterprise software and hardware companies already struggling as enterprises move to Amazon Web Services, Google, and Microsoft, not to mention the construction and management jobs at the power generation facilities that datacenters need.

But that’s short-term thinking. The cloud and its benefits will prevail, for a greater good. Perhaps rather than slowing down the inevitable, the government can speed it up.

Powered by WPeMatico

The path to cloud success goes through your data

Last week, Google showcased its enterprise cloud offerings at the Google Cloud Next conference, trying to show it could meet the needs of businesses, not only schools and small companies. The underlying pattern I saw in Google’s presentations was data.

Increasingly, I see the same focus on data among all cloud providers. It’s not Google alone that understands the need for data. Data should also be your IT organization’s measure of success in the cloud. I often look at the state of the data to determine success or failure of an enterprise that’s moving—or has moved—to the cloud.

Here are the three specific data issues you should be focused on.

The ability to seamlessly move data between on-premises and cloud systems

This means staging, prep, transport, security, and governance—the whole enchilada. Enterprises that are good at this typically have a strategic technology for integrating their data. More and more, this technology is available on demand from a public cloud.

The ability to store data, so it can be read and analyzed when needed

I often find enterprises with petabytes of data in the public cloud, but with no good methods to access or make sense of it in a manner that provides value to the business. You need the ability to get at the data for dashboards and reporting. More important, you need the ability to embed those analytics directly into business processes. Machine learning is an emerging option to better understand your data.

The ability to manage the data using a layer of abstraction

An abstraction layer removes you from the underlying complexities of the data. To have such abstraction, you need data governance, database management, data performance monitoring, and data security. And you need to manage all of these through a single pane of glass for accessing solid tools.

How do you rank? Most enterprises don’t do data well in the cloud, so they have some work ahead to make data work in the cloud. But it’s worth the effort: The ability to manage, access, and exploit your data in the public cloud is how you actually succeed in the cloud.

Powered by WPeMatico