.. a cloud salesman Dave? Just asking.
Umpty-squillion surveys come out every week, and they generally disagree with each other. Personally I tend to take notice of the ones that tell me that red wine is good for weight loss and long life. I read one recently, though, in which no fewer than 51 per cent of managers said they're not presently investing in cloud …
He is on the buy side - not the supply side.
.. and, by the looks of it, wisely on the opposite side of the building as their legal team. The moment you start shoving data out of the door. all sorts of ugly issues start showing up that have little to do with IT but everything with compliance, protection of IP, differences in jurisdictions and laws and generally can get ugly and costly quickly f you get them wrong.
I agree with him, it's nice to make it all someone else's problem, but that demands checking that that someone else won't drop you in it in terms of reliability, sustainability and ability to meet regulation. If you want a simple example how things can go pear shaped quickly, just look at what happened in UK Parliament with Office 365, and that was just a technical problem that demonstrated the lack of SLA or accountability you have with such providers..
If your business risk profile can handle that exposure, lucky you. But that's certainly not valid for all.
You have to weigh the risks. Yes, if you put stuff in (say) O365 then you have to live with the downsides of outages should they happen. But in-house solutions have been known to get sick from time to time, and the hardware gets old, and you have to be diligent with capacity management and planning.
Similarly security: service providers sometimes have security issues, and so do on-prem offerings.
Neither the cloud nor the on-prem solution is always the right answer - and my personal opinion is that the average setup in the future will have some cloud and some on-prem.
(Oh, and: yes, I am an IT guy)
But in-house solutions have been known to get sick from time to time, and the hardware gets old, and you have to be diligent with capacity management and planning.
Sure, in-house solutions break, but if it's home built, you usually have a dev to fix it. Hardware getting old or just failing, you usually have a support guy to go replace the part.
These things can be done pretty quickly (usually), and your management team can always chase up the actual engineer for a detailed report when things are taking too long.
Try and get any information out of cloud hosts when things go down...
Hahaha! No, 'fraid not. Is the average company going to shift all its stuff to the Cloud? Of course not. The point is, though, that it's increasingly becoming the case that applications we use are increasingly Cloud-based by default. If you choose Salesforce for your CRM system, for instance, you're choosing it for what it does, what it interfaces with, how powerful it is, etc: it just happens to be in the Cloud. And I gave Websense as an example of a product that you can run in the Cloud - a few years back I had a choice between their on-prem offering and the Cloud offering and the Cloud was both faster to implement and less expensive over three years thanks to the avoidance of having to buy kit. The point was that 49% of people said they wouldn't be using the Cloud *at all* in two years' time. I find that surprising - don't you?
If IT managers do not want a cloud based product there will be a vendor who will sell that (non cloudy) product to them - it is called supply & demand.
The problem may be with large vendors (eg MS, Oracle, ...) who insist on going cloudy or jack up the non cloud prices. Also those who make it very hard to migrate away from their product. Organisations may need to do what the vendor wants.
This is why when buying into something you should always be clear how easy/expensive it will be to move away. Another reason for using Open Standards.
The big boys are only promoting the cloud to secure the revenue stream. They don't want you hanging about 3 versions back on the OS or the Office productivity suite. They want subscription apps - pay per month forever. Yes you get the "latest and greatest" but you likely lose control over when upgrades and updates occur, and hence system stability, and you also lose pricing power as you can hardly just tell them to fuck off when they jack the prices. "We're moving to Linux/whatever" isn't much of a threat when you just stuck all your data in their hands.
MS is one example, Adobe is another. They're doing it for their benefit, not yours.
Is it really that big a leap of security confidence to decide to shift it all to (say) Office 365?
Are you smoking something? The answer is *YES*. I've not read the Office 365 T&Cs, but have you seen Win10's?
What's this fixation of palming your (private) data off to somebody else? Don't want the responsibility? Yeah, well shut up shop and go stack shelves.
Errr ... no, actually. Was I saying that everyone's going to do all of the above? Course not. Actually I was saying that I reckon the majority of organisations will have *something* in the Cloud, no matter how small, before long. Yes, there are security considerations to the Cloud. I dunno if anyone's noticed, however, but there are rather a log of very big companies using the Cloud to some extent - and they're likely to have security officers and certifications that require them to implement suitable security mechanisms.
But let's just look at that for a minute:
But no Office 365? No Google Apps? No DropBox? No AWS for a cheap server for a pilot project?
Office 365: locked in, financially trousers down ad-infinitum, no control over data security or location, no control over downtime recovery (you're likely too small to matter). Palm off and live with the consequences.
Google Apps: See above.
Dropbox: How open and unsecure would you like your data sir? Ok for personal stuff if you're aware of what you're getting but every place I've recently worked has it blocked for good reason. If your corporate data is unimportant enough to be placed on Dropbox (security, regulations etc) then I'd argue it just isn't important enough to bother putting there anyhow.
AWS for a pilot project: Hmmm. I'm guessing if you're one of the "no" brigade then you aren't in a surgey retail sector - think stores that use AWS for the Christmas shopping ramp up. You could use it for marketing but then there's likely a company that would do that for you - a specialist in running such things. That leaves true in-house development projects as the likely target. I'd question any business that performs such tasks themselves and that doesn't have any spare capacity - sounds badly run to me.
is the above article news or propaganda? at times advertisers will attempt to use articles that look like news in an attempt to fix into the mind of consumers that x, or y, or z -- is "where it's at" -- "everybody's doing it and so if you are lagging behind you're a luddite"
it's just a marketing ploy.
cloud computing has two problems: 1 network latency and reliability, and 2 privacy
"cloud computing" -- just ain't where it's at: it's a Bad Idea at the start.
When has that ever been the case? Security is an arms race, and a key weapon my side has in that arms race is keeping things that matter in a nice big fortress that only people on our payrole can possibly touch. I DO NOT TRUST cloud companies to take care of my data. I don't know who works for them. I don't know who their other clients are. I don't know how good their separation of access is between their clients.
Moreover, I don't even know when some TLA has forced them to fork over my information. At least if we get a request for it here our legal team can fight it.
Many people do not realise that cloud computing is more about how services are delivered than if they are private (in house delivered) or public (externally delivered AWS, Microsoft etc...).
Having worked as an IT Security manager for a large investment Bank and delivered software in to many Retail / Investment Banks, large energy companies, large logistic companies - I can clearly state that the security of many of these organisation would be improved by providing these services as a cloud public or private.
More managers need to look at installing a pilot VMWare or Microsoft Hyper-V or HP Helion or OpenStack solution to see the benefits of delivering services as a solution. They then need to look at the impact on their own in-house developed apps and moving them into the service delivery model.
But the problem is that organisations do not pay or respect quality IT people and instead stuff their organisation with overpaid managers who often have little to no IT knowledge and end up making the design decisions.
It always blows my mind when people assume that they have better security protocols/procedures/technology than a cloud provider. In almost every instance its incorrect (I mean come on, Amazon is not as up on security as you? Really?). In the end these arguments sound a lot like people putting money in the bank vs. keeping it under the mattress.
BTW - The easiest way to hack any company is through social engineering. JT, odds are if you got hacked it would be because someone on your payroll was stupid enough to click on a bad link.
"BTW - The easiest way to hack any company is through social engineering. JT, odds are if you got hacked it would be because someone on your payroll was stupid enough to click on a bad link."
And if your stuff is on somebody else's computer that's a whole extra payroll's worth of possibilities.
Hmmm. Talking about payroll, how many companies run their payroll internally? It's a common function to outsource - and even though it's usually an on-prem solution I bet many Cloud installations will be more secure than the on-prem servers of some outsource companies.
It always blows my mind when people assume that they have better security protocols/procedures/technology than a cloud provider.
On the other hand, the aggregation of so much juicy data makes them a prime target for not only hacking but also leveraged subversion. As it's outside, you have no idea what they are doing unless you throw an audit at them and that too requires some pretty competent people to do it right. In my experience, larger consultancies tend to be worse than specialised shops for this, but you'd have to convince the executive gremlins to choose skills over a big name because they're more interested in big names to point at when it goes wrong, ignoring the fact that in doing so they have caused to conditions for that to become a certainty.
If it works for you and you're willing to accept the risks, fine. Just don't come and whinge when it all goes wrong, because I will just point you at a big poster we made for the IT room which has just 4 words on it:
I told you so.
Sorry people, it comes down to the quality of the IT Staff and this is determined by the quality of the management.
Many out sourcing deals are about outsourcing a problem rather than fixing the problem, the management can afford to admit that the problem is themselves and as they have the power to blame the techies that is what they do.
And nobody's in-house firewalls are running five-year-old firmware, and everyone's Exchange server has at least one service pack installed, and everyone's confident that when people leave their logins are removed, and ...
Yes, there are risks to data held externally. But that doesn't mean there aren't risks to data held internally.
I find it astounding to see that so many articles vaunting The Cloud do so only by avoiding the topic of data security.
At this point in time, The Cloud is a sexy vixen that promises to give you a great time, but she has syphilis. She looks great, she's super sexy and she promises she's available all the time, but you go there and your data's security health is toast.
So come back when the issues are solved, when she's got a clean bill of health, and then I'll take her out for a drink and see what's what.
Until then, I don't want my data to have anything to do with that skank, clear ?
There's the fact that in all but the smallest cloud providers you have bugger all influence over their techies if the infrastructure goes down and your finance server is unavailable at year end, or your email's not working for a couple of days. I get that.
So if you get that, why are you still pushing for people to jump in feet first?
Right there, you've outlined why no sensible business will use the cloud, as neither of the two issues outlined above is likely to change for the better.
If an SME uses Office365, and Microsoft lose your email, what real-world comeback have you got? You can't sue them, they've got endless lawyers, and probably fine print that says it's not their problem anyway. You're screwed.
This is just 1960s Computer Rental using Internet instead of leased lines and dialup.
Less clarity about what it's running on.
Connection to it for some is less reliable than leased Lines.
The "cloud" is useful for short term insecure collaboration for people in different companies or none. But as an actual Business solution or personal backup it's for the naive or desperate.
Other than for the convenience of vendors? I get the 'everything defined as a service' idea but even that could be implemented on infrastructure that you control. It is possible that infrastructure costs could be reduced but at what price? Increased latency? Increased service costs? Reduced control? Doesn't cloud just introduce more potential points of failure that are beyond the control of the enterprise? If the Internet goes down you can continue operating on a local system, albeit with possibly reduced functionality, not so on cloud.
Working for one of the (lower tier) application vendors (hence AC) I can only upvote the comment about convenience for vendors. The desire of our product management to shovel 'Cloudy This' or 'Foggy That' out as fast as Gartner can eat the brochures is staggering.
A conversation with the implementation team some time back revolved around how fantastic the new cloud-based offering would be. The general tone of the discussions went downhill when they were forced to peel back the marketing veneer laid over existing products to explore the complete lack of security in a cloud context. Specifically, by compromising a single administrative account on the operations side, the entire hosted application infrastructure would have been totally and covertly vulnerable.
In general, the pure infrastructure offerings seem reasonably well defined but as soon as the application layer is placed on top of that and handed off to some other entity with a different commercial interest, the lack of transparency is alarming.
The only business case I can think of for this sort of thing is for really small businesses where there is neither the will nor the ability to perform the function in-house. For such small scale players the alternative to google mail (business mail) or 365 is to have your own hosting service provision whereby you face the same possibility of downtime but without any frills on the service - think standard web hosting with email etc. An in-house email server without a guaranteed internet link is also a waste of time for these people.
For these small players such services are likely the best option. For larger, especially medium sized companies, I think you should have grown up and be able to manage your own IT real estate.
The cloud is a great idea put into a terrible concept. It flattens the entrepeneur landscap, obliterates tech savvy system and network administrator jobs, threatens privacy, threatens sanity and empowers the kind of people you don't want in charge of IT anyway ( management )
On top of that it introduces insane ideas such as FULL and omnipresent encryption as a way to security and privacy. The latter may be true but the first it is not, every. UNLESS one can intercept ALL encrypted traffic, putting to question it's use.
Forget the CLOUD, do not empower monolith business models to even further capitalize on the greed and near-sightedness of so called visionary managers and so fort and so forth. Dzjeezes.
The problem most IT people have is that they can only see what they have today! For the most part that isn't really suited for being run in a cloud manner. I'm finding that the people that care (and more importantly have the money) are the developers and line of business folks, IT run the real risk of being made irrelevant by their own ignorance!
Cloud adoption is all about the application and being honest, its something that most IT people are bad at understanding. For example I have zero clue as to why most people are still running Exchange/"Email platform of choice" (or even thinking about building it out). Email is a generic service that is applicable to all companies, you cant run it "better" than anyone else. If you care about security then by all means get it run by a hoster with a "secure" data center rather than Office 365, but to not consider "cloud" because of FUD ................ idiotic.
For the security naysayers there are some serious arguments that most public cloud platforms are WAY more secure than most companies data centers (control does not always equal secure!).
my fiver says that by then you'll see proper quality-of-service guarantees over the Internet as if it were a private WAN
Considering that almost all internet traffic goes via one or more contended links owned by more than one company at some point I also will take that bet. Even a leased line is no guarantee of successful data transmission. You might get an SLA as far as your ISP's servers but if your data leaves your ISP's network you'll struggle to enforce any particular performance.
The only way you're going to come close to a guarantee is on a true end to end dedicated link and there ain't many companies can afford that.
The public internet is one giant game of 'pass the parcel' and the fact it works at all is part of why I find it fascinating. But also why I don't see transmissions guarantees coming any time soon.
"Fair enough, I understand organisations not moving en masse to (say) hosted virtual desktops. But no Office 365? No Google Apps? No DropBox? No AWS for a cheap server for a pilot project?"
Like most industries, we have a case management system which the firm runs on. It needs an on site installation of office, not a hosted one. Office 365 is therefore pointless, as is google apps.
We have no business requirement for dropbox.
AWS for a "cheap" server for a pilot project? Server 2012 comes with Hyper-V, letting us just fire up a virtual server. For free. Why pay for AWS?
"""Like most industries, we have a case management system which the firm runs on. It needs an on site installation of office, not a hosted one. Office 365 is therefore pointless, as is google apps."""
Which can be resumed on: "Not all workloads are good for hosting them on the internet"
""AWS for a "cheap" server for a pilot project? Server 2012 comes with Hyper-V, letting us just fire up a virtual server. For free. Why pay for AWS?""
I see your point and I agree with you, any computer these days (even cheap laptops) can run at least one or two virtual machines.
The only reason for going to an external provider is when the company lacks the expertise or resources to connect a server to the internet, which is the case of most web servers.
"Why pay for AWS?" ...
"The only reason for going to an external provider is when the company lacks the expertise or resources to connect a server to the internet, which is the case of most web servers."
Also if your pilot project requires more bandwith than you possess. AWS et al have gobs of bandwith.
Lol. Has Vulture really published an article based on "survey" without identifying the survey, when it took place, or who carried it out, what the sample size was ? With no kind of attribution whatsoever, not even a link ?
"I read one recently, though, in which..."
"... questioned in the particular survey I read are of the belief..."
Now that really is cloudy.
Even the most paranoid security officer must surely find it hard to complain about using an Internet-based system to control your internet browsing.
Wow. Just wow. So you're letting some remote git access to all your data (in order to control it you have to be able to -at some level- analyse it) and then control your internet access. I think you'll find that even the most blithe, happy-go-lucky trusting (if such there be) security officer will be able to identify some problems there.
"Security will have kept up with the hackers"
Have you ever read The Register?
Surely, though, the people who say they won't be using the cloud in the future are forgetting that what you can do with it is likely to change radically in the next 24 months.
Doesn't matter; the underlying principles are still going to be the same. Moving 1 app to the cloud turns your attack surface from one perimeter, to two perimeters (one managed by a remote team who will be largely unknown to you) and a pipe between them.
they're thinking: “Hell, I've got so much to do now, and so much on my roadmap for the next 24 months, that I can't even think about cloud as well”
...or they might equally be thinking "fuck the cloud and all it stands for"
"""Because by that time we'll be so used to the idea that we won't have a special name for it: in two years time it'll just be called a product."""
It has a name, it is called managed hosting (being physical or virtual) or managed service, it's been available and popular from many providers since the late 2000's.
What people are all excited is control panels and large suppliers like AWS, Google and MS.
And guess something, all those large hosting suppliers do not care a shit about you or your business.
Most people have not got a clue what it is or how it should be used.....
You can see that when they start loading 'server' and linux images into the cloud.
Ultimately though it is just another way to screw money out of business, by allocating part of a server to you and maybe 200 other people.
"It has a name, it is called managed hosting (being physical or virtual) or managed service, it's been available and popular from many providers since the late 2000's."
In the mid-80s I knew it as Facilities Management (FM). The particular model I came across housed and managed computer systems belonging to clients.
I imagine that not having to deal with BT directly was quite a selling point back then.
it is actually more work and more hassle, because when things go wrong you can do F*** all about it.
Just put everything into the cloud and pay a monkey to masterbate when something breaks,
because you just dumped all your tech... so there is no way you can just throw something together to patch the hole and don't even consider if your data lines go down............
No, that's not what people are saying. There are many IT pros out there, doing their best to look out for their employing company, keeping their best interests at heart (myself included).
What's being said is that the cloud has its place - it is not the solution for everyone.
At the moment, the costs of using the cloud are reasonable and competitive when comparing it to in-house servers. But that's changing with EDPR, which will see significant price rises for cloud users (the cloud salesmen aren't mentioning that one).
Security is also an issue, with a lot of trust being placed (by companies) into the hands of complete strangers or faceless and unaccountable corporations.
It's not that we hate the cloud, we just don't trust it enough to risk everything.
It's already happened with "smart phones": increasingly functionality is dependent on saving your data in a Cloud operated by an organisation with its OWN commercial interest - MS, Apple, Google, etc.. Some smart phones cannot be backed up EXCEPT to the vendor's Cloud.
And those operators are increasingly blurring the boundaries between the customer's rights and their own rights in respect of customers' data held in the Clouds they operate, generally to the detriment of the customer.
And the same is happening with Cloud processing and storage services.
The combined reach and power of the global Cloud providers is becoming truly awesome.
When they talk about security, they mean building security, hardware security and update security
not application & data security.
Ultimately though... you pay in the end, you can no longer enjoy those gig links to your own data servers,
What is better? having an internal email server that pulls emails 24 hours a day over a slow link to have user access at gig speeds OR have an email server in the cloud that has gig links 24 hours a day... only to be accessible to your WHOLE company 8 hours a day at 25M and have to deal with the likes of China who terminate your SSL links randomly....(keeping in mind that M$ is trying to fuck us all over by moving apps to the cloud)
I can assure you, we will NEVER migrate to using cloud or all the rentism that it entails. We've already moved our entire office over to using LibreOffice because we refuse to have our work held to ransom by Microsoft's Office365 "pay whatever we demand per month or lose access to your work"
business theft model. Our art department is also migrating to open-source software very nicely, albeit with some gripes from the old-timers who prefer Photoshop and InDesign over GIMP and Scribus.
Our work will never be held to ransom by cloud service providers, and I'm certain we're not alone in thinking this whole rentism bullshit is completely unacceptable. No amount of propaganda-spewing cloud salesmen will ever convince me otherwise, no matter what psychological manipulation shenanigans they try to pull. NO MEANS NO.
Why? Because the cloud provider says so. Because the Boss has heard that everyone is doing it, so they should too. Because its sooo much cheaper. And so on.......
Sorry, but it's all crap spouted by snake-oil salesmen. Yes, the cloud has its place, but handing your entire companies data to someone you don't know AND get charged for it? Would you run up to a stranger in the street and hand your company books to him/her and ask that person to look after them? Oh, and by the way, give them loads of money for their trouble?
The security of the cloud will always be an issue. A company that has everything in-house is much less of a target for hackers than, say, Microsoft's O365 or Amazon's servers.
Downtime. I build and install systems for SMB's. With one customer, for example, their data and mail servers have had less than 12 hours downtime in 6+ years (and 9 hours of that was due to a relocation). Compare that with Adobe last year - http://www.theregister.co.uk/2014/05/15/graphics_pros_left_hanging_as_adobe_creative_cloud_outage_nears_24_hours/.
The new European Data Protection Regulation. Have you read it? Before you sing the praises of cloud providers, why not ask them just how much their prices are going to have to go up by, when they (and your company) are legally forced to be compliant. Remember, if your company is processing more than 3000 records in the cloud, hiring of Data Protection Officer is mandatory (which has just added at least £30,000 to your wages bill). Plus all the new risk assessments that your company (and the cloud provider) are going to have to do to be compliant (how many man hours are going to be consumed with that one?). The cloud is about to become one very expensive place. As it is, the cost crossover between an in-house server and the cloud is around 3.5 to 4 years (where the in-house server starts to become cost-effective). I doubt that after EDPR compliance, any cloud provider (except the very largest) could compete with a in-house system from day one, let alone for 4 years. This will force may smaller cloud providers out of business, so where will your data go, if you have been using one of these?
Data links. If someone puts a jack hammer through a cable (it's happened), lightning strike, cable theft etc, you lose your broadband. Ah. Huston we have a problem. At least in-house you only lose (new) email and people unable to update their Facebook profiles.
So why should people go into the cloud?
Cloud computing is a very effective solution to a very specific set of problems.
It is not a solution to a whole bunch of other problems where it is currently being sold. Take Office 365 as a good example of all the things wrong with current cloud marketing efforts. Office is used to write and maintain company internal and external documents. They do not require significant computing or storage resources, but would cause significant difficulties if inappropriatly accessed. What is the benefit of putting them in some one else's hands that is so great that I am willing to accept that they could deny me access to my own documents? Or expose them to all and sundry and I could do nothing about it, not even sue them? Where is the 'win' in this situation?
Almost two decades ago I used to work for a company in a country, which processed about 1/3 of the workforce's wages receipts on a big ibm mainframe, which was located in another country with a dedicated connection. I guess nowadays we'd call that *cough* *puke*... "cloud".
Sometimes I harken back to the days of dumb terminals and complete user control and lock in. I think trends like these bring us closer to sysadmin heaven. ;-) It still often is a load of crap though.
I'm really sick of every last fad being touted as the solution to every problem that it can even vaguely tackle. Yes, I can see usage cases for cloud computing - if I owned a company needing lots of fluid dynamics computing done, for instance, I'd certainly consider buying compute time from the cloud rather than building my own supercomputer. What I absolutely would NOT do though is put business-critical data in the cloud in any way shape or form. It makes more sense all round to have your data on-site, with backups at a different location, both from a security and a legal stance.
IMO it's mainly top management in companies not understanding the implications of 'the cloud' that are driving coud adaptation. Just as they used to not understand the point of having off-site backups and spare servers (or any backups at all, in some cases), until the day Bad Things Happened when they suddenly start wailing that their terrible minions can't make the bad situation not happen. The same minions that were warning them about the implications well beforehand.
Biting the hand that feeds IT © 1998–2019