See the latest CloudViews Unplugged on Cloud Commons.  Andi Mann and George Watt discuss he U.S. Patriot Act, rogue IT and the cloud's impact on IT jobs.   

View original CloudViews Unplugged here. 

While the cloud eases many administrative tasks, it doesn’t absolve IT from basic management responsibilities. And capacity planning is one of those.

CIOs may erroneously think that they can scale back this process since they no longer have to know, down to the terabyte, how much storage and processing power they’ll need to allocate for future growth. They assume that the cloud service provider, using the almost ubiquitous idea of cloud bursting, will allocate appropriate resources. Not so.

While this sounds great in theory, CIOs can’t assume it will happen. In fact, they must continue to own the process of capacity management — especially in a hybrid cloud environment — integrating it with tasks such as provisioning, workload placement and migration, and performance monitoring. The goal is to strike a delicate balance between maximum infrastructure utilization and optimal service delivery to consistently exceed Service Level Agreements (SLAs) and drive business value. If they don’t achieve this balance, say experts, departmental users will simply purchase and allocate cloud-based services on their own. After all, if IT doesn’t allocate enough bandwidth, internal and external storage, and application seats, performance will suffer, affecting productivity and end-user satisfaction.

While you may think about architecture differently in a cloud environment, “You’re still going to need test environments, and you’ll need to plan for the growth of software and the hardware that supports it,” Lora Cecere, Partner and Analyst at The Altimeter Group research firm, told me. “Business analytics, performance and memory analytics, and virtualization software [need to be kept] in-house,” she adds, and they require a specific type of capacity planning.

Automation’s Role

Virtualization may make capacity planning even more crucial since storage growth can “hide” in virtual data centers. Henry Steinhauer, a Capacity Planner at Presbyterian Healthcare Services based in Albuquerque, N.M., says storage virtualization is something his company struggles with. His virtual machines (VMs) request storage automatically when they reach a certain, pre-set threshold, but that can cause problems, he says. “Rather than having the applications specifically request more storage, it’s being requested through VMware, so the cause for storage growth is somewhat masked,” he says. “[Storage] automation has not quite caught up with the [application] request process,” but it is critical.

Just as in the past, IT has to examine and plan for service performance assurance, making sure provider SLAs are met. Cloud computing relies on statistical multiplexing, load-balancing mechanisms, and multiplexing algorithms, so the CIO must focus on these functions and the impact they’re having on the overall environment. Automation is the only way to handle these functions, since agile and virtual applications may move from system to system, changing the way the data is interpreted by the applications.

Steinhauer says he uses automated capacity planning tools that help him create a baseline “normal” for a specific VM or cloud so he can watch for problems or lags with applications. “We’re thinking, ‘Do we expect this to be happening, or is it outside the norm?’ We know that different applications have different profiles, so we can pinpoint potential capacity problems ahead of time,” he says.

Tony Lock, Program Director at the Hampshire, U.K.-based research firm Freeform Dynamics, says Presbyterian Healthcare Services is among the minority; few CIOs have deployed automation in either the active capacity-management process or VM deployment. Most are using capacity management to ensure that their organizations have sufficient resources to meet relatively predictable on-site requirements — not for the dynamic nature of virtualization. This will have to change, Lock says. “Internal cloud models potentially offer great flexibility, but they do not provide infinite resources.” There will be times “when resource capacity will be in short supply and decisions will have to be made on which workloads could be moved onto an external cloud or shut down,” says Lock.

What are you doing to ensure that you’re planning correctly for the cloud? Have you automated these tasks? Share your experiences and successes.

Karen Bannan is executive editor of Smart Enterprise magazine

Even with recent announcements and case studies documenting the value and potential of cloud computing, there is still much discussion about whether business and IT leaders are ready to take concrete steps to adopt it. I believe they are ready to take advantage of what cloud computing has to offer, though perhaps, surprisingly, I’m hearing this more from the business than IT.

Three reasons cloud computing is more than hype, and how it is improving the delivery of business services

A recent survey of North American and European technology leaders conducted by Management Insight Technologies found that 80% of enterprises surveyed (92% of those representing large enterprises) had at least one service in the cloud with slightly more than half stating they had six or more services in the cloud.  (You can read more about the survey results in Jay Fry’s recent post here.) That alone may be sufficient evidence, though when presented with facts in this fashion I like to ask what would have driven them to be as they are.  What might the root causes be?  Are these numbers just a blip on the radar, or is there something more to them?  In this case, I believe there is more.

There are several things, beyond the rhetoric, that are driving business and IT leaders to accept and adopt cloud computing.

Trust created through widespread adoption of consumer cloud services.

People of many diverse backgrounds and experience, not only IT professionals, have been widely adopting cloud-style services such as TurboTax.com, Carbonite.com, and MobileMe for quite some time, at least in relative terms. These services have proven to be reliable and valuable, and people are not only beginning to believe that their data is safe in the hands of these providers, they believe it is safer than the data they care for personally.  (Ask a user of these services whose laptop crashed and took with it all of the photos of their child’s graduation…)  Similar services targeted at small and even larger businesses such as Mozy have carried that through to the “enterprise world.”

Comfort and savvy created through widespread adoption of social media.

Widespread use of social media such as Flickr and Facebook (which now claims more than 500 million users and over 700 billion hours of use a month) have made millions of people more comfortable working with and sharing information in the cloud, and better educated on how to do so safely.

This widespread exposure has certainly made business people and business and IT leaders more comfortable with cloud solutions, but there is more to the story.  First, these things have resulted in changing the way people solve problems.  The use of complete services provided off-premise by a cloud company is now commonplace thinking.  And it gets even better than this.

Widespread use of social media and consumer cloud solutions raises consumers’ expectations of how software should behave.

This is a tremendously exciting development. Enterprise software can be frustrating. I realize this may be an overly broad statement, particularly considering I work for a software vendor, but I’ve been a user of enterprise software too. It can be frustrating to acquire, frustrating to deploy, frustrating to maintain, and having negotiated many software contracts I believe it’s not too far off the mark to classify that as a dark art. Not so with consumer software and social media. Thus, the software consumer is now aware of how simple every interaction with software could be.  (“I need to think of an ID and password, to supply my credit card number, and to be capable of using a browser.)”  And that is great for the industry.

So, what’s the really good news in all of this?

With simplicity comes agility, speed, and flexibility.

There has been a lot of discussion on the cost advantages of private and public clouds.  As a former private cloud provider I can attest that those benefits do exist, but it’s not always just about the money.  The most common reasons  people “moved to the cloud” are for business agility, speed of delivery, and flexibility.  In fact, it was an agility challenge that drove our team to build our first private cloud here at CA Technologies six or more years ago.  Of course the substantial cost savings did help with our business case, but our real business issue was the need to reduce product delivery times while increasing product quality.

We are hearing more and more stories of enterprises dropping systems in order to obtain the flexibility, speed, and agility (and in some cases reliability) of cloud solutions – even opting to abandon systems into which they had invested millions of dollars.  We’ve had to make some of those tough decisions at CA Technologies as well.

In addition to speed, agility, and flexibility, the cloud may also result in more visible/transparent pricing. Earlier I inferred that in order to successfully negotiate an enterprise software contract one required a degree from Hogwarts. Though I will not predict that the last software negotiator “will be unplugged on March 15, 2016″ (my apologies to Stewart Alsop for the reference) pricing of cloud services is, and is becoming, more transparent.  This should help to level the playing field, especially for smaller businesses.

So, is business ready for the cloud? I believe so. The promise of the cloud is to deliver valuable business services while insulating the consumer of those services from the complexities involved in their delivery.  Isn’t that what IT was always about?  So it’s good news we’re finally “getting there.”  Cloud computing is like a band that took 20 years to become an overnight success, and a pragmatic approach to the adoption of cloud services and technologies will enable business to reap the benefits of the evolution of our industry.

Originally Published: January 21, 2011

This post originally appeared at Pragmatic Cloud and CA Cloud Storm Chasers. Follow @GeorgeDWatt on Twitter.

I approach cloud computing from two perspectives: First, as a longtime CIO and IT executive, and second, as a co-founder of The Cloud Computing Consortium (C3) at Steven's Institute of Technology. Both give me unique insight into the history as well as the current challenges and future impact of the cloud.

Those of you who have been IT professionals for quite a while like I have, may not realize that you remember the introduction of infrastructure as a service (IaaS) and software as a service (SaaS). How truly remarkable it seemed to simply request a virtual machine and have one in a matter of minutes. Need more memory or additional storage space? You merely asked and almost immediately the additional resources materialized.

Remember the first time you sat at the keyboard, entered your credentials and began to use a multi-tenant application running somewhere in the ether? There you were sharing an application along with hundreds, perhaps thousands of other people, literally all over the world, yet none of you were hosting or managing the system.

No, I am not talking about VMWare or Salesforce.com: In the late 70s, it was possible to obtain a complete virtual machine including processor, memory, disk, card reader, printer and console from a mainframe running the IBM VM monitor. The virtual machine had a conversational operating system (CMS) which allowed you to create programs and data files through a command line interface.

For recreation, one could visit the Courant Institute of Mathematics at New York University and sign into Plato--an online simulation of fighter planes in a virtual sky flown by the participants. It was Microsoft Flight Simulator meets the Xbox on the precursor to the Internet. But this was over 30 years ago!

My point is this: the basis of cloud computing is not really new. What is new is the breadth and scale of the offerings combined with the speed and the level of adoption in the commercial and government sectors. With Dell and Verizon beginning to restructure their businesses around this new phenomenon, you know it is headed for wide-scale adoption by businesses globally.

Still lacking, however, are business understanding, experience and the tools to maximize the benefits of this utility platform while mitigating the considerable risks inherent in cloud-based business models. The challenge is how a business can quickly move to cloud computing for front and/or back-office operations, while the technology and capabilities are morphing at a record pace.

The C3, was founded last year to grapple with key leadership and management aspects of computing in the cloud. A variety of topics, including the value proposition, business economics, risk mitigation, governance, sourcing and legal considerations of the cloud are being studied and debated by business leaders, IT executives, academics, management consultants and service providers. We are taking existing best practices and applying them to the new computing paradigm. I am on the committee examining the value proposition and business economics of the cloud. The committees have made good progress and are on target to contribute to a comprehensive document which will form the basis for our initial findings, recommendations and programs to be discussed at our next working session in September.

Amid all of the discussions, one area constantly stands out: Security in the cloud. Frankly, I don’t get what all the controversy is about. Management expresses concern over putting sensitive data into the cloud yet we routinely place our servers in shared hosting facilities and outsource payroll and benefits management. IT has been wrestling with third-party computing services for decades and knows full well how to mitigate the risks of availability, reliability and security.

In this regard, today’s “new” IaaS and SaaS are just more of the same. We’ve seen this stuff before and we should be able to readily adapt our proven contract language, deliverable definitions, SLAs, governance and other management practices to it.

Do you have a different point of view? I will be discussing this topic further as a panelist on the Smart Enterprise Exchange live webcast, May 10. I hope you will join us so that I can address your questions in real-time. You can register here now.

* The Cloud Computing Consortium was created to help you navigate through all of the competing claims. It operates within the Stevens Center for Information Research at Stevens Institute of Technology. For more information, contact Ken Saloway, Program Director, ksawoway@stevens.edu

Originally posted:  Cloud Commons

“Cloud Mavericks! Going Out on a Limb, without Falling Out of the Tree!” The discussion at the CA Technologies workshop at GigaOM last month in San Francisco revealed a set of best practices and clear messages for the so called “Cloud Mavericks” who are viewed to reach just outside the fringes to meet the ever growing and demanding business expectations. Contrary to what the mainstream thinks these mavericks know how to leverage the new opportunities that Cloud presents without jeopardizing the sanctity of business, and more important, it seems that these are the types of individuals the businesses need to provide that much needed edge to accelerate past the competition.

Ravi Rajagopal, Vice President, Cloud Strategy, CA Technologies & Adjunct Professor, New York University led a panel discussion with two other IT experts: Jim Prebil, Principal at Fujitsu Management Consulting, and Raman Kannan, former CTO at Rosenblatt Securities, a major front end transaction processing firm on Wall Street, who was the first on the Street to successfully use Cloud for “mission critical” applications without a glitch.

Through these trail-blazing initiates spearheaded by these mavericks, many enterprises are taking advantage of the new paradigm and rapidly adopting cloud services. 74% of enterprises have deployed a cloud service and have allocated up to 30% in cloud spending, and about 70% of enterprises are investing in building private clouds [Avanade 2011 Cloud Global Survey]. What’s interesting is the fact that 72% of CIOs say they have to think outside the box and be innovative to answer to these growing business demands [Harvey Nash global CIO Survey 2011].

The discussion focused on many critical issues on how IT can help facilitate the journey into cloud and provide businesses a structure to access and use Cloud services effectively. A number of questions were tackled including:

−    How to use the Cloud, even for mission critical applications, without leaving the enterprise exposed to risks and associated expenses?

−    How can IT organizations help business units and mavericks navigate through seemingly complex options without exposing the                      corporate network and to the benefit of the enterprise?

−    How to empower these cloud trail-blazers, while protecting the company, from the impact of risky but potentially rewarding decisions?

−    How to make the corporate network less fragile and ready to add newer cloud services? And, what can IT do to help facilitate this                    process?

−   What type of education is needed to ensure that the businesses understand the security, privacy and SLA concerns when they                        procure cloud services?

−  How can IT take the lead and create value so that businesses come to IT to get cloud services rather than going on their own?

Based on proven experiences of the panelists, a series of best practices emerged. The following is a summary of these best practices which will be expanded into detailed roadmaps and guidelines in upcoming articles.

1.   Excellent IT Management Tools that extend into cloud:  An absolute requirement for any enterprise integrated IT management tools that extend the capabilities into the Cloud.

2.   Holistic ROI and TCO analysis – prove economics: Do a detailed holistic economic analysis to prove the value of Cloud.  Build a               dynamic model that can be monitored for the lifecycle of all applications.

3.  Focus on agility and innovation: Once the economics is proven, elevate to nest level, focus on agility and innovation capabilities of  Cloud. Start with reengineering simple business processes in making them more efficient, and expand into creating newer business models that can help business innovate better.

4.  Run trials – showcase the value: Start small, pick a non critical application, migrate to Cloud and showcase its value. Follow this with one aspect of a critical application, and demonstrate who it can be executed in the Cloud.

5.  It’s an organizational shift – engage operations, legal, and finance: It’s not just IT, engage other lines of business. Cloud is a                  corporate initiative, where IT can lead, but with the help of other vital organizations.

6.  A dynamic applications Portfolio strategy and a service catalog: Create and maintain a dynamic applications portfolio so                        businesses can come to IT rather than going out searching the Cloud.

7.  Use public/private key based access: Raise the Security bar. Implement robust Identity, Access and Information management tools.         Consolidate access, and use public/private key based as needed for certain mission critical applications.

8.  Establish cloud governance – resolve issues immediately: Create a governance roundtable that comprise of members of all                    organizations where IT is a player (not the player), and resolve issues that emerge immediately giving direction and confidence for the business.

9.  Get experts to help you – don’t do it alone: Get experts to help you. Join a council that includes peers, academics, and industry              experts.

10.  Partner with a company that values your relationship: Go with a company that not only has the state of the art solutions, but a                   vision, and leadership to execute the vision. Partner with a company that can stand by you and values your relationship at all levels.

-----------------------------

Ravi Rajagopal

Vice President, Cloud Strategy, CA Technologies; ravi.rajagopal@ca.com

Adjunct Professor, New York University; RaviRaja@poly.edu

Ravi Rajagopal is a results-oriented technology executive with a 20+ years of experience in leading and managing organizations that deliver innovative & practical solutions for corporations and governments around the globe.

As Vice President at CA Technologies, he helps define and execute CA cloud strategy, and advises CIOs of large enterprises on planning and implementation of IT. Prior to joining CA in 2006, Ravi had 17 years of progressive leadership tenure at AT&T. He held several senior management positions, built global organizations ground up, received numerous awards and was elected to the AT&T leaders' council.

Ravi is also an Adjunct Professor at New York University. He teaches graduate courses on Cloud Computing, Technology Strategy, and Innovation. Ravi holds multiple degrees including a master's in computer science from City University of New York, and has completed post graduate work in Electrical Engineering at Columbia University.

He is co-founder of a charitable international organization that helps orphan and underprivileged children in India.

Jim Prebil is a Business/technology leader with over 25 years as a consultant and leader of technology groups. He has worked for Fujitsu Consulting and Mercer Management Consulting, as well as the CIO for four different businesses from large global companies to two early stage aviation companies.  Jim is currently a Principal at Fujitsu Consulting, working with clients on adopting cloud computing, shared service and other organization forms, and significant business/IT transformations. Jim received his BS from the University of Illinois and his MBA from the University of Baltimore. He served as a guest lecturer at the University of Minnesota Carlson Graduate School.  jim.prebil@us.fujitsu.com

Raman Kannan is hands on C level executive with an MBA from Columbia University and a PhD from West Virginia. Former CTO at Rosenblatt Securities, Raman is a Financial Service Technologist with 15 years experience consulting and adopting emerging technology solution on Wall Street. He is a regular speaker on Disruptive Technologies as an essential American Value. He has deep experience on Object Relational Mapping, Model Based Programming, and SOA for STP, and Cloud in a highly regulated Agency Brokerage.  rk2153@gmail.com]

Earlier this month at our videocast on cloud security, panelists discussed the issue from both the customer and the service provider perspective. Many questions were raised about who is responsible for cloud security and how useful Service Level Agreements (SLAs) are in contract negotiations.

Both Liz Mann, CISO of Mycroft Inc., and Lina Liberti, VP of the CA Technologies Security Business Unit, said that customers must partner with vendors to protect their data in the cloud.

Liberti noted that “it’s critical to work with your vendor very closely; SLAs give you control and help you define what you want.” With specific language in place, you should “understand what’s shared or not, what options and technologies are used, and define the comfort level you need,” she said. An audience poll during the videocast showed that 79 percent of respondents believe that cloud security is a shared responsibility between providers and users.

Mycroft’s Mann said that as a service provider, “We have to deliver against those SLAs, and we take them very seriously. Quality-of-service (QoS) delivery and commitment to SLAs are what we live by.”

These assurances are just what concerned users — who are considering whether to trust service providers with their sensitive data — want to hear. Why, then, is there so much anxiety among CIOs when it comes to signing away their applications, storage, infrastructure and platforms to cloud service providers?

One answer, as Liberti also noted, is that customers: “Can’t give up control,” when entering into cloud arrangements. And Mann told CIOs that having service providers host applications doesn’t absolve them from their basic security practices.

Revealing Results from Ponemon Study

To delve even deeper, I turned to a newly released study, Security of Cloud Computing Providers, conducted by CA Technologies and Ponemon Institute. The paper, the second in a two-part series about the state of security in the cloud, was eye-opening to me. Clearly, I realized, most vendor-user relationships are not 50-50 partnerships, and not all vendors are offering the type of assurances our panelists described.

After surveying a total of 127 service providers in the U.S. and Europe earlier this year, the Ponemon researchers concluded: “The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.”

As noted in the chart, there is a large disconnect between the perceptions of users and those of vendors about who is responsible for security cloud data.

It’s Still the ‘Wild West’
During the Smart Enterprise Exchange videocast, Joseph Puglisi, a member of the executive council of the Cloud Computing Consortium at Stevens Institute and former CIO at Emcor Group, also advised customers to be cautious when they enter into cloud relationships and to weigh the benefits and risks carefully. Industry standards will evolve, he says, but right now “it’s the Wild West, and we need to establish law and order.”

Liberti, at CA Technologies, said that for all of their efforts to collaborate, ultimately IT will be held responsible by the CEO if problems arise. Therefore, she recommends getting CISOs involved in cloud contract negotiations from the start.

Here are additional highlights of the Ponemon survey:

• The majority of cloud providers believe it is their customer’s responsibility to secure the cloud, not theirs. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers.
• Buyer beware: On average, providers of cloud computing technologies allocate 10 percent or less of their operational resources to security, and most do not have confidence that customers’ security requirements are being met.
• Cloud providers say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications; improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services.
• The majority of cloud providers admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms.
• Providers of private cloud resources appear to attach more importance and have a higher level of confidence in their organization’s ability to meet security objectives than providers of public and hybrid cloud solutions do.
• While security as a “true” service from the cloud is rarely offered to customers today, about one-third of the providers are considering such solutions as a new source of revenue sometime in the next two years.

The good news from all of this is that shared responsibility will move both sides to better services and better security. Otherwise, as the report notes: “If the risk of breach outweighs potential cost savings and agility, we may reach a point of “cloud stall, where cloud adoption slows or stops” until organizations believe cloud security is as good as or better than enterprise security.

What are your security expectations when you enter into cloud computing contracts? Have you had success with SLAs? Share your experiences and advice for your peers here. And you can also view highlights from our recent live event here.

I approach cloud computing from two perspectives: First, as a longtime CIO and IT executive, and second, as a co-founder of The Cloud Computing Consortium (C3) based at Steven's Institute of Technology. Both give me unique insight into the history as well as the current challenges and future impact of the cloud.

Those of you who have been IT professionals for quite a while like I have, may not realize that you remember the introduction of infrastructure as a service (IaaS) and software as a service (SaaS). How truly remarkable it seemed to simply request a virtual machine and have one in a matter of minutes. Need more memory or additional storage space? You merely asked and almost immediately the additional resources materialized.

Remember the first time you sat at the keyboard, entered your credentials and began to use a multi-tenant application running somewhere in the ether? There you were sharing an application along with hundreds, perhaps thousands of other people, literally all over the world, yet none of you were hosting or managing the system.

No, I am not talking about VMWare or Salesforce.com: In the late 70s, it was possible to obtain a complete virtual machine including processor, memory, disk, card reader, printer and console from a mainframe running the IBM VM monitor. The virtual machine had a conversational operating system (CMS) which allowed you to create programs and data files through a command line interface.

For recreation, one could visit the Courant Institute of Mathematics at New York University and sign into Plato--an online simulation of fighter planes in a virtual sky flown by the participants. It was Microsoft Flight Simulator meets the Xbox on the precursor to the Internet.  But it was over 30 years ago!

My point is this: the basis of cloud computing is not really new. What is new is the breadth and scale of the offerings combined with the speed and the level of adoption in the commercial and government sectors. With Dell and Verizon beginning to restructure their businesses around this new phenomenon, you know it is headed for wide-scale adoption by businesses globally.

Still lacking, however, are business understanding, experience and the tools to maximize the benefits of this utility platform while mitigating the considerable risks inherent in cloud-based business models. The challenge is how a business can quickly move to cloud computing for front and/or back-office operations, while the technology and capabilities are morphing at a record pace.

The C3, was founded last year to grapple with key leadership and management aspects of computing in the cloud. A variety of topics, including the value proposition, business economics, risk mitigation, governance, sourcing and legal considerations of the cloud are being studied and debated by business leaders, IT executives, academics, management consultants and service providers. We are taking existing best practices and applying them to the new computing paradigm. I am on the committee examining the value proposition and business economics of the cloud. The committees have made good progress and are on target to contribute to a comprehensive document which will form the basis for our initial findings, recommendations and programs to be discussed at our next working session in September.

Amid all of the discussions, one area constantly stands out: Security in the cloud. Frankly, I don’t get what all the controversy is about. Management expresses concern over putting sensitive data into the cloud yet we routinely place our servers in shared hosting facilities and outsource payroll and benefits management. IT has been wrestling with third-party computing services for decades and knows full well how to mitigate the risks of availability, reliability and security.

In this regard, today’s “new” IaaS and SaaS are just more of the same. We’ve seen this stuff before and we should be able to readily adapt our proven contract language, deliverable definitions, SLAs, governance and other management practices to it.

Do you have a different point of view? I will be discussing this topic further as a panelist on the Smart Enterprise Exchange live videocast, May 10. I hope you will join us so that we can address your questions in real-time. You can register here now.

*About the Cloud Computing Consortium

The emergence of cloud computing will be a ground change for IT and a highly disruptive business event. The Cloud Computing Consortium was created to help you navigate through all of the competing claims. It operates within the Stevens Center for Information Research at Stevens Institute of Technology. For more information, contact Ken Saloway, Program Director, ksaloway@stevens.edu

Before they can address cloud security, IT executives need to be aware of their own, as well as their customer's, expectations for services, according to cloud computing experts.

At a Smart Enterprise Exchange forum on cloud security today, Arnold Felderbaum, Chief  IT Security and Complilance Officer, Reed Elsevier Technology Services, said that security may not be a de facto service when apps are hosted in the cloud. "With ubiquitous computing, people get used to warnings, detection and protection," he told attendees in New York, "but in the cloud, you can't assume you will get the same level of protection." The goal is "to educate the business" about the new rights and rules.

Cloud evangelist and author, Tim Chou, said that with everyone "living online, no one is invisible" and new rules are needed. He also urged CIOs to "get educated" in order to have better conversations with business users.

Felderbaum asked CIOs to consider whether they were "running away from the mess they created" by seeking cloud services or whether they are going toward new business solutions. Until they really consider the business value, the opportunities won't be clear. "You can close the vulnerability gaps," he said, but you must also "open the opportunities."

For more advice and comments from the event, read this blog.

What's your vision for the cloud?