Innovation in the forecast at 'Cloud' conference
An important challenge for the future of enterprise cloud computing is balancing speed and agility with security, audit, and data controls -- all themes this week at an industry confab, Forecast 2012.
NEW YORK--Industry consortia are pervasive. But they often don't amount to much -- a spate of press releases, a series of progressively less energetic meetings making little progress, and the eventual fade to black. And even most successful consortia tend to be about vendors cooperating on specific standards and technologies. Important, but very limited in scope.
The Open Data Center Alliance (ODCA) has been an exception. It announced in October of 2010 with a membership including more than 70 global IT leaders, representing $50 billion dollars in annual IT spend. Intel has been the organizing force and is the technical advisor to the organization, but the steering committee includes marquee end users such as BMW, Deutsche Bank, Disney, Marriott, JP Morgan Chase, National Australia Bank, and UBS. The focus of the organization is "to deliver a unified voice for emerging data center and cloud computing requirements" expressed primarily in the form of usage models. For example, a VM Interoperability Model defines user requirements for virtual machine interoperability in a hybrid cloud environment.
This week, about 18 months after its founding, the ODCA held its first conference in New York, Forecast 2012. Run mostly in the form of "rapid fire panels," many of the topics came down to opportunity and risk -- and how to balance the two. The two panels on which I participated were typical: one was on software innovation, the other cloud regulation.
Richard Villars of market researcher IDC moderated the software innovation panel. As Eric Mantion wrote "It should be of no surprise that the phrase 'Open Source' was mentioned several times. However, another fascinating observation was the impact that the 'Cloud' was having on how software is even distributed today.
The genesis of the latter point was an audience question about whether some of the large, traditional enterprise software vendors are holding back the adoption of cloud whether private, public, or otherwise. From my perspective, this question was backwards. Mantion notes that I raised a few eyebrows when I responded that "consumers are getting accustomed to the cloud, so if software vendors aren't embracing that, then their competition will and they will be left behind."
However, there was a perhaps surprising level of agreement on the panel given the differing roles and employers of the panelists which included proprietary software vendors, open source software vendors, and public cloud providers (and various intersections thereof). For example, notions like open source have been a fundamental enabler of public clouds and that other aspects of openness such as APIs can be critical for both innovation and user acceptance sparked little debate.
Innovation, flexibility, ease-of-use, agility, and speed are one face of cloud computing. In the form of the public cloud, they represent a new benchmark for enterprise IT. But enterprise IT (especially as embodied by the larger, more conservative end-user organizations who are representative of the ODCA membership) has concerns that are often in tension with fast and easy.
One such concern is security. Take just about any survey on inhibitors to cloud adoption and "security" is likely to lead the list. Christofer Hoff of Juniper Networks moderated a panel on the topic.
It's not that public clouds are inherently insecure compared to an in-house infrastructure. All the panelists agreed on this point. Dov Yoran, the CEO of ThreatGRID, bluntly stated: "For smaller companies, the cloud is more secure because they don't have the infrastructure in place. As a small company, it's pretty straightforward are going to get a better level of security [in public cloud] when you have a part-time security guy."
But issues remain, especially with respect to data location and other policies. Dell's Mark Wood echoed the general consensus when he said: "Cloud introduces a loss of control that we don't yet have good answers for. The really hard part as a cloud service provider is pulling out the bits but making sure you only get the bits which are important [in response to e-discover]." Ian Lamont of BMW was even blunter: "E-discovery is nightmarish in the cloud."
Similar themes carried through to the regulation panel moderated by Deborah Salons. Especially troublesome to a number of the panelists was what one described as the "balkanization" of data regulations across different countries, most notably in Europe.
Yin and yang, speed and control, are at the heart of the future of enterprise computing. Historically IT was focused on control--which worked well enough when the job of IT was relatively well-defined and bounded--although not well enough to prevent successive waves of more distributed systems. But with IT increasingly a strategic weapon in more and more industries, simplistically locking everything down is no longer an option. Going forward, the focus needs to be on bringing together the best of both worlds: the agility of the cloud as demonstrated by leading public clouds and the control needed by enterprises to meet regulatory, security, audit, and data privacy requirements.