Skip navigation
Twitter   Follow us  •   Share   Share    Become a member
Home Business Technology Strategy Business Technology Execution Professional Development Live Exchanges Smart Archive Smart Enterprise Magazine
Up to Blog Posts in Cloud Computing

Cloud Computing

2 Posts tagged with the costs tag
Paula Klein
0

Earlier this month at our videocast on cloud security, panelists discussed the issue from both the customer and the service provider perspective. Many questions were raised about who is responsible for cloud security and how useful Service Level Agreements (SLAs) are in contract negotiations.

 

Both Liz Mann, CISO of Mycroft Inc., and Lina Liberti, VP of the CA Technologies Security Business Unit, said that customers must partner with vendors to protect their data in the cloud.

 

Liberti noted that “it’s critical to work with your vendor very closely; SLAs give you control and help you define what you want.” With specific language in place, you should “understand what’s shared or not, what options and technologies are used, and define the comfort level you need,” she said. An audience poll during the videocast showed that 79 percent of respondents believe that cloud security is a shared responsibility between providers and users.

 

Mycroft’s Mann said that as a service provider, “We have to deliver against those SLAs, and we take them very seriously. Quality-of-service (QoS) delivery and commitment to SLAs are what we live by.”

 

These assurances are just what concerned users — who are considering whether to trust service providers with their sensitive data — want to hear. Why, then, is there so much anxiety among CIOs when it comes to signing away their applications, storage, infrastructure and platforms to cloud service providers?

 

One answer, as Liberti also noted, is that customers: “Can’t give up control,” when entering into cloud arrangements. And Mann told CIOs that having service providers host applications doesn’t absolve them from their basic security practices.

 

Revealing Results from Ponemon Study

To delve even deeper, I turned to a newly released study, Security of Cloud Computing Providers, conducted by CA Technologies and Ponemon Institute. The paper, the second in a two-part series about the state of security in the cloud, was eye-opening to me. Clearly, I realized, most vendor-user relationships are not 50-50 partnerships, and not all vendors are offering the type of assurances our panelists described.

 

After surveying a total of 127 service providers in the U.S. and Europe earlier this year, the Ponemon researchers concluded: “The majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage. Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.”

 

chart11.gif

 

As noted in the chart, there is a large disconnect between the perceptions of users and those of vendors about who is responsible for security cloud data.

 

It’s Still the ‘Wild West’
During the Smart Enterprise Exchange videocast, Joseph Puglisi, a member of the executive council of the Cloud Computing Consortium at Stevens Institute and former CIO at Emcor Group, also advised customers to be cautious when they enter into cloud relationships and to weigh the benefits and risks carefully. Industry standards will evolve, he says, but right now “it’s the Wild West, and we need to establish law and order.”

 

Liberti, at CA Technologies, said that for all of their efforts to collaborate, ultimately IT will be held responsible by the CEO if problems arise. Therefore, she recommends getting CISOs involved in cloud contract negotiations from the start.

 

Here are additional highlights of the Ponemon survey:

 

  • The majority of cloud providers believe it is their customer’s responsibility to secure the cloud, not theirs. They also say their systems and applications are not always evaluated for security threats prior to deployment to customers.
  • Buyer beware: On average, providers of cloud computing technologies allocate 10 percent or less of their operational resources to security, and most do not have confidence that customers’ security requirements are being met.
  • Cloud providers say the primary reasons why customers purchase cloud resources are lower cost and faster deployment of applications; improved security or compliance with regulations is viewed as an unlikely reason for choosing cloud services.
  • The majority of cloud providers admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms.
  • Providers of private cloud resources appear to attach more importance and have a higher level of confidence in their organization’s ability to meet security objectives than providers of public and hybrid cloud solutions do.
  • While security as a “true” service from the cloud is rarely offered to customers today, about one-third of the providers are considering such solutions as a new source of revenue sometime in the next two years.


The good news from all of this is that shared responsibility will move both sides to better services and better security. Otherwise, as the report notes: “If the risk of breach outweighs potential cost savings and agility, we may reach a point of “cloud stall, where cloud adoption slows or stops” until organizations believe cloud security is as good as or better than enterprise security.

 

What are your security expectations when you enter into cloud computing contracts? Have you had success with SLAs? Share your experiences and advice for your peers here. And you can also view highlights from our recent live event here.

1070 Views 0 Comments Permalink Tags: cloud, cloud_security, cloud_computing, research, security, videocast, joseph_puglisi, lina_liberti, liz_mann, mycroft, slas, negotiations, costs, cloud_providers, ponemon, survey, contracts
Paula Klein
1

Is the cloud “the end of client/server computing” as we know it? That’s the belief of Mark Forman, the former U.S. government CIO, and currently an advisory service leader at KPMG. The CIO needs “to know where to ‘disintermediate’ client/service apps” and how to offer new service platforms to end users.

 

During a panel discussion on cloud computing at the MIT CIO Symposium last week, Forman also said that “CIOs who resist [cloud models] fear losing control of IT,” but that is the wrong approach. Instead, CIOs should see cloud computing as one more sourcing option and opportunity.

 

Also on the panel, Michael Kirwan, CIO at Yahoo, said that the benefits of cloud services to a giant IT enterprise like his were “obvious.” Yahoo is able to offer instant delivery and extremely high availability to “tens of petabytes of data” on a global server network using cloud services. An added side benefit: reducing the data center’s carbon footprint while increasing utilization, he said.

 

Other highlights from the panel:
--Forman said that governments need to make data available and transparent to citizens because “it’s their data.” Moreover, younger workers and consumers will drive the need for collaboration and openness in the public sector.


--Kirwan notes that if business users adopt cloud services without IT, it “is not an end run if you are on the same team.” In other words, he said, CIOs must work closely with line-of-business leaders to understand how the business as a whole can benefit from these services—rather than opposing them.


--On the question of hard-dollar cost savings from cloud models, panelists were less emphatic. Forman expects that “costs will go down as usage goes up.” But he also said that spending on BI and analytic tools may rise to offset the gains.


Kirwan said that cost savings result from “smarter, smaller data centers with fewer CPUs and storage units” as well as more efficiency and power savings.


--Trae Chancellor, VP at salesforce.com noted that while CIOs weren’t previously the target customers for his company’s cloud offerings—departments were—that is now changing. “Cloud is tearing down the walls between IT and the business,” he said.


--Sanjay Mirchandani, Senior VP and CIO at EMC Corp., said that his company began server virtualization when servers were at 100 percent capacity and 30 percent utilization. He moved to a private cloud model to gain even more efficiency and is now interested in developing apps in the cloud. R&D, however, is too critical to put in a public cloud, he noted. That will remain inside the firewall.

 

What do these dramatic changes mean for your data center as you consider cloud services?

762 Views 1 Comments 0 References Permalink Tags: cloud, cloud_computing, virtualization, mit, yahoo, kirwan, forman, public-sector, government, carbon_footprint, green_it, sourcing, costs, private_cloud


Incoming Links

We encourage your feedback. Reach out via the "Contact the Editor" and "Contact the Concierge" services for any needs, questions or comments. We look forward to serving you!

Paula Klein, Smart Enterprise Exchange Editor
e-mail

Ellen Lalier, Smart Enterprise Exchange Concierge
e-mail
phone 516-562-5727; fax 516-562-5466