IBMCC14

#IBMCC14 Crowd Chat
What does Cloud deliver for mid-sized businesses? Join in and learn more.
   7 years ago
#IBMCC14Cloud in the UK CloudChatCloud in the UK: Trends in IaaS, PaaS & SaaS. We'll look at UK market & discuss the future of cloud
Guy Clapperton
Security is an issue in the cloud – what do people think? http://www.cloudtp.c...
Sorry, Cloud Resisters: Control Does Not Equal Security- CTP
Many of those who push back on cloud computing citing security fears are doing their employers a disservice.
Guy Clapperton
(In fact the report points out that it's an issue in on-premise as well...)
JP Morgenthal
Security is an issue regardless
JP Morgenthal
There is no more inherent risk having data in a public cloud than most private data centers with access to Internet or remote workstations
JP Morgenthal
Like any system, it can have good security measures or poor ones. 2-factor authentication used to encrypt data is a great way to limit accidental breach
Dez Blanchfield
- two schools of thought seem to have unfolded, 1) don't know don't care, or 2) already scared stupid by legacy IT security and cloud fear is 1,000 fold higher.
Tim Crawford
Agree w/ @jpmorgenthal. Security is a red herring for #cloud specifically.
Dez Blanchfield
- all too often it seems to be that migrations to any 3rd party cloud are made with an assumption that "someone esle" will sort out the base line security issues.
JP Morgenthal
My biggest concerns for security in the cloud is around SaaS, where the user has little control over implementation of security architecture
JP Morgenthal
We need equivalent of SAS-70 for SaaS applications
Guy Clapperton
Agreed Dez - it's not just security either. Backup, AV, everything, loads of people assume it's 'done' in the cloud.
Dez Blanchfield
- for me it's more of a case of treating "cloud" the same way we treat every other environment as a strating point, bearing in mind that cloud moves faster so policy needs to be agile as a result.
Tim Crawford
@jpmorgenthal Transparency for SaaS apps can cut both ways though. Thoughts?
JP Morgenthal
@tcrawford isn't transparency for sake of security one of the key tenets of open source?
Doug Clark
most security concerns are manageable in my experience, you design it in.
Tim Crawford
Theoretically, yes. However, we're talking SMB here. There needs to be a level of trust.
Dez Blanchfield
- things get interesting when you ask a #cloud provider "physically prove your infrastructure we'll be "on" is actually in the country we have to legally domicile data within, and the Security Policy underpinning your own DevOps.
Martin Beckwith
For a Managed Service Provider hosting Cloud services, secruity is part of the deal. It's their bread and butter.
Guy Clapperton
That's a useful point @dez_blanchfield - I wonder how many people have visited their outsourced data center?
Tim Crawford
@dez_blanchfield This goes back to @jpmorgenthal's comment about SAS-70. It could easily be addressed.
JP Morgenthal
@tcrawford @dez_blanchfield the US Federal's FedRamp guidelines can also be used by commercial organizations to foster trust
Guy Clapperton
I was at an IBM event a year or so ago at which MSPs were talking about picking up the pieces after things had gone wrong.
Brian Kristensen
@dez_blanchfield Do you think locality of data is as critical for medium business as it is for enterprise?
Mike Kavis
@jpmorgenthal when I was building and selling SaaS solutions into retail, we were required to have SOC2 compliance. Our cloud software was more secure than our competitors on-prem software
Dez Blanchfield
- don't get me started on "backups" - I once had an account rep at Google tell me "you just don't get cloud" when I tried to explain federal government IT governance to them ;-)
brian bulkowski
@guyclapperton The new cloud technology - containers - has been shown deeply insecure - talk yesterday at OSCON. So we're stuck with virtual machine technology, which has proven fairly secure. Just don't get fooled.
Tim Crawford
@1BK2 Locality matters. But only as it applies to latency issues or compliance (i.e.: US Patriot Act).
JP Morgenthal
@madgreek65 what did it take to gain SOC2 compliance timewise and cost?
JP Morgenthal
@tcrawford See, now you've done it, this is the UK chat, now they're gonna be like, "damn Americans make it all about them" J
Mike Kavis
@jpmorgenthal a few months, not a big cost since we had no legacy and designed upfront for security
Tim Crawford
@jpmorgenthal Ahh... but it's not just about the US. Other countries have similar 'locality' requirements too.
Dez Blanchfield
- US fed gov references don't do much for those of us outside the USA, in Asia / APAC / ANZ / AU / NZ we're developing much of this from scratch with relevant local focus.
Dez Blanchfield
- state government agencies in the "medium" sized enterprise space are making huge inroads with state gov support here in AU: http://www.computerw...
Guy Clapperton
@dez_blanchfield I think a lot of the issue is that larger enterprises need multi-national frameworks when the laws are local.
Dez Blanchfield
- multinational is another level of complexity to cope with, but the basic rules / governance is usually consistent across borders..
Martin Beckwith
No one's saying it's all or nothing. It's logical to keep mission critical data in house, and non-critical in the Cloud. Hybrid, in fact.
Dez Blanchfield
- for those interested here's a good starting point on how Australia's faring on readiness from Fed Gov level which guides many medium sized enterprises: http://www.finance.g...
Cloud Computing | Department of Finance
Policy The Australian Government Cloud Computing Policy supersedes the April 2011 Australian Government Cloud Computing Strategic Direction paper. It updates the progress on the deliverables of the 2011 strategic paper and provides whole-of-governmen...
Guy Clapperton
@dez_blanchfield Thanks Dez, that's a good resource.
Brian Kristensen
@dez_blanchfield Good set of documents! - I'm wondering what level of guidance there is published from other Goverments for medium business.
Dez Blanchfield
- the 2x boys at Cloud Advantage are seeing solid wins by speaking the lingua franca of medium sized enterprise ( busienss cases and cost models ) - http://www.cloudadva...
JP Morgenthal
@dez_blanchfield There's legalities that need to be taken into consideration regarding compliance, but there's no reason the general framework of things like FedRamp would not be useful
Dez Blanchfield
- Australia's Federal communications minister, Malcolm Turnbull, wants Australian businesses to play a major role in the "cloud revolution": http://www.zdnet.com...
SMEs to be part of Australia’s cloud revolution: Turnbull | ZDNet
Small and medium businesses are set to play a major role in Australia's cloud revolution if communications minister Malcolm Turnbull has his way, with his department releasing a series of guides to encourage cloud services uptake in the sector.
Martin Davies
@MartinBW For some businesses it makes sense for the Cloud to power revenue-critical applications though. Take retail.
Dez Blanchfield
- this thread may need to split into on-prem / off-prem as there are key differences, your private "non-internet connected" cloud is a safer place to take risks on security than any 3rd party cloud or internet cloud service.
Guy Clapperton
@dez_blanchfield That's an entirely fair point.
Dez Blanchfield
@marjodasays - is there any value in segmenting a particular market like Retail? perhaps there is from a solutions focus, but the value proposition of IaaS / PaaS / SaaS surely applies to ALL biz?
Martin Davies
@dez_blanchfield Not all businesses need scalability for example. So it makes sense to think about those that do if that's a key benefit.
Dez Blanchfield
/ @marjodasays - you also need to be clear about the requirement to scale and if it's either Vertically or Horizontally, or Both.. they are chalk and cheese in most cases.
Guy Clapperton
Let’s start with some basics – what does the cloud do specifically for the medium-sized business?
JP Morgenthal
let's clarify that question, public cloud has very different value proposition from private cloud
JP Morgenthal
Public cloud offers compute capacity and economic alternatives that mirror that of very large enterprises
Guy Clapperton
Thanks JP. Which do you use, and why? (Or does it have to be one or the other?)
Brian Kristensen
For one thing I think it lowers the bar of entry for new projects/ideas - taking some of the risk away.
Dez Blanchfield
- perhaps segment that a tad as SME is a very broad segment..
JP Morgenthal
on the other hand a private cloud may add additional strain and burden on the IT organization to manage limiting upside of resource management
Guy Clapperton
Indeed Dez - we're focusing on 'medium' rather than 'sme' here.
JP Morgenthal
I'm an influencer. I recommend technology selection and provide cloud through leadership.
Dez Blanchfield
- early adoption thus far has obviously been tech savvy, how are you finding adoption rates faring from non-tech savvy ?
John Furrier
to me it's simplicity and easy of use to get access to compute to drive basic applications.
John Furrier
in big enterprises it's shadowIT in SME it's just IT #cloud #bigdata
Dez Blanchfield
- the benefits are easy to sell, it's the adoption that seems to be the key hurdle, as in "how to get the journey started".. ( i.e. what to migrate 1st ).
Tim Crawford
There's a difference between mid-size using public cloud directly vs. indirectly.
Guy Clapperton
Interesting, Dez - how have you started answering that question about what to migrate first?
Brian Kristensen
@dez_blanchfield I usually advocate to start with something new/small and find your feet, rather than migration of existing workloads.. unless there is a good use case. First small steps and all that.
Jennifer Parker
according to the latest Cloud Industry Forum report, adoption rates among the midsize are 75%
Jennifer Parker
I think many of them are tech savvy or going with partners who are
Guy Clapperton
Yes @swimgal45 I agree - outsourcing is a powerful tool here. As long as you get the right partner.
JP Morgenthal
@swimgal45 unfortunately, a lot of that is at the detriment of having the necessary internal IT staff to manage the data
Jennifer Parker
@1BK2 what workloads are you seeing migrated 1st?
Jennifer Parker
the right partner essential is essential or a service provider who does SaaS
Dez Blanchfield
@guyclapperton - yes, I've successfully stewarded a broad range of medium sized enterprise and government organizations through the challenges by crowd-sourcing "what should move first" within their own departments / staff.
Tim Crawford
@swimgal45 The smaller the org, the more they rely on their MSP for advice. #SMB
Dez Blanchfield
/ @swimgal45 - fully agree, 99% of the adoption I've seen in APAC / ANZ is tech heavy organisations - who are usually technically, commercially, and emotionally more ready and capable to leverage #cloud in some form.
Doug Clark
@guyclapperton it's an enablement platform that offers fantastic business agility for almost all companies in almost any sector. Perfect for helping a UK Midsize business to punch above its weight! #cloudspeed!
Martin Beckwith
The right partner is vital according to your personal requirements and extent and type of the IT is to be outsourced. And whether they actually have their own data centre.
Brian Kristensen
@swimgal45 No one clear winner in the workload migration stakes, I think in the small/medium space its mainly driven by tech refresh or new projects.
Doug Clark
what to move first - I'd chose something in a new space, probably in Systems of Record: mobile, social, analytics...where you can get fast visible impact for the business without the overhead of heavy lifting in IT (syst of record)
Jennifer Parker
@dez_blanchfield interesting about the emotional readiness for cloud. There are some hurdles here...I think one of them is around privacy and data location.
Doug Clark
stet that should have said Systems of Engagement...
Dez Blanchfield
- can I invite you to kick off a new thread focused on example case studies we can point to to share pros / cons of real world examples as theory is fun but real beats theory hands down ;-)
Dez Blanchfield
/ @swimgal45 - I think we can all agree that even in medium sized organizations emotions drive many decisions in liew of experience, facts, or knowledge, cloud is no different in this case.
Dez Blanchfield
/ @cloudstuff - I highly recommend you start with DEV, then TEST, then INTEGRATION and UAT, and finally run a parallel PROD where you can do trial live runs, as your DEV and OPS folk will be ready and able to support your efforts.
Dez Blanchfield
/ @cloudstuff - you will find the recent success QANTAS have had interesting: http://www.itnews.co...
Dez Blanchfield
- get your customers business to answer the "what to move first" question for you, ask them "where are your biggest pain points" regarding "time to implement", "time to market", "capacity", "performance", "cost" et al..
Guy Clapperton
@dez_blanchfield Thanks - may I repost that into the case studies thread?
Dez Blanchfield
- medium enterprise seems to respond better to the "educate rather than sell" approach as well - teach them and you will have champions of the cause, sell to them and you're an outsider..