CLOUD COMPUTING IN CLOSE-UP

Click on the video below to watch our interview with RAIMUND GENES

The ability to move IT infrastructure, applications and storage onto the Internet has sparked curiosity, enthusiasm, scepticism and sometimes panic from Canadian chief information officers. We walk through the adoption process from beginning to end, looking at the skills and strategies you need to be successful. A special report

An IT World Canada Publication PM 40063800

A Supplement to IT World Canada Publications http://itworldcanada.com/hub/cloudcomputing

Now were talking private cloud, not just virtualization. Windows Server is changing the conversation.
The virtualized server is a big deal. It helps businesses, big and small, make IT more efcient. But what comes next? Enter the private clouda way to manage your infrastructure as a pool of computing resources to deliver your applications and best serve the ever-changing needs of your business. Windows Server Hyper-V and System Center put you in control with complete end-to-end service management, as well as the ability to tap into the power of the public cloud. And thats really the whole point of having a private cloud in the rst placecontrol. Its your private cloud. If you want to run different hypervisors and operating systems, that should be your choice to makebecause the technology and vendors you use are there to serve your business needs, not the other way around. IT is no longer just about hardware. Or software. Or maintenance. Its about nding new efciencies and new ways of doing things that help your companys bottom line. So the less company brainpower you devote to xing old things, the more you can dedicate to coming up with new things. More computing power. And more available brainpower. Thats Cloud Power. Microsoft.ca/cloud/privatecloud

TABLE OF CONTENTS

14

RESEARCH THE MARKET

Editors Letter Cloud Computing on camera As CIOs see it: 3 cloud perspectives 4 5 6

Trend Micros CTO was in Toronto recently. Hear his thoughts on building security into your cloud project.

CONNECT WITH YOUR PEERS

Canada Cloud Network eyes procurement changes 8

CHOOSE YOUR APPROACH

Public/private clouds: How do you choose? HP Canada president weighs in on cloud debate 10 12

BUILD IN SECURITY
Trend Micros CTO speaks out 14

10

UNDERSTAND THE CONTRACTS

Legal issues to keep out of the cloud Gartner analyst reveals cloud contract gotchas 16 19

5 20

STAFFING AND SKILLS

ICTC on the clouds labour market impacts 20

TEST YOURSELF
Our cloud computing assessment tool 22

16

C LO U D C O M P U T I N G I N C LO S E- U P

EDITORS LETTER

A hub you hold in your hands

Shane Schick Although we have been writing about cloud computing since it became Editor-in-Chief a catchphrase in the mid-2000s (and even long before that, when it was
called on-demand or utility computing), we realize that a lot of stories simply come and go, particularly if our community is accessing them online. Thats why, early in 2011, we decided to launch a special hub on ITWorldCanada.com that would act as a Cloud Computing Resource Centre a place to aggregate all our related articles, videos and expert advice from vendors, consultants and other IT leaders. Unlike most of our sites, however, I specifically asked this one to be organized according to the typical purchase cycle. This was important because if you start doing any research on cloud computing, youll soon find yourself overwhelmed with information. In many cases, CIOs arent looking for cloud 101-type introductory material. They are looking at practical steps to implementation, and beyond. Our content, therefore, was divided into early-stage research on the technology, a place to keep track of the various cloud offerings from myriad providers, content focused on the actual transactions of moving to and paying for cloud services, and finally managing the assets that sit in the cloud, whether its a private cloud in your own data centre or something thats been handed off to a third party. The Cloud Computing Resource centre will continue to grow, but the area we clearly need to spend more time on are those last two categories: purchasing and managing. For too many CIOs, cloud still means risk, and there has to be proactive ways to prepare and mitigate the worst risks. After months of publishing this content online, it made sense to bring together the best of what weve done into a how-to guide that could be used as a reference tool, either now or six months from now, depending upon the individual reader. Of course this isnt a definitive manual, but that would be impossible to produce, because like any other area of IT, cloud computing is continuing to morph and change depending on customer and market needs. Like the online resource centre, we tried to structure this publication in the way that we expect CIOs will journey to the cloud. We start out with whats happening locally here in Canada to change the purchase process. We face the big public/private question head-on. We explore the security issues, the potential legal pitfalls, and the staffing concerns. We end off with a tool to test your knowledge before you go any further. I cant predict how long well be concentrating on this topic. There was a time when a similar hub and special report about serviceoriented architecture would have made sense. Not long ago, similar resources for virtualization would have been a no-brainer. Its once the conversation dies down and implementations are just a part of life that you know some best practices have been established. In an ideal world, CIOs have successfully mastered a technological transition when the chatter about it disappears in a puff of smoke or maybe I should say goes up into the clouds.

EDITORIAL EDITOR-IN-CHIEF

Shane Schick

Grant Buckler Vawn Himmelsbach Peter Galanis Rafael Ruffolo Sheldon Polowin
ART & PRODUCTION SENIOR GRAPHIC DESIGNER

CONTRIBUTORS

The cloud doesnt really come with an operating manual, but what youre about to read is as close as most CIOs will ever get.

Mel Manasan Jeff Coles

CREATIVE DIRECTOR

CORPORATE

Michael R. Atkins
PRESIDENT & GROUP PUBLISHER

CHAIRMAN

Fawn Annan

IT World Canada is an affiliate of International Data Group (IDG), the worlds largest publisher of computerrelated information and the leading global provider of information services on information technology. IDG publishes over 300 computer publications in 85 countries. Ninety million people read one or more IDG publications each month. CIO Canada is published 6 times per year by IT World Canada Inc., a unit of the Laurentian Media Group, Michael R. Atkins, Chairman, 55 Town Centre Court, Suite 302, Scarborough, Ontario M1P 4X4 Telephone: (416) 290-0240 Fax: (416) 2900238. Publishers of Network World Canada, ComputerWorld Canada, Canadian Dealer News and Direction Informatique. One year subscription rates: Canada $55, US $65 (US) and foreign $95 (US). Single copies $6.00. Please add GST where applicable. Address subscription to CIO Canada Circulation Department, 55 Town Centre Court, Suite 302, Scarborough, Ontario M1P 4X4. When notifying us of a change of address, please include address label to assure continuity of service. All rights reserved. The contents of this publication may not be reproduced either in part or in whole without the consent of the copyright owner. The views expressed in this publication are not necessarily those of the publishers. Requests for missing issues are not accepted after three months from date of publication. Date of publication May 2011. Printed in Canada. GST Registration # R122605769 ISSN: 1195-6097

HOW TO CONTACT CIO Canada Telephone: (416) 290-0240 Fax: (416) 290-0238 Mail: CIO Canada, 55 Town Centre Court, Suite 302, Scarborough, Ontario M1P 4X4 E-mail: cio@itworldcanada.com Also, employees may be reached using a combination of their first initial and last name, for example: sschick@itworldcanada.com Online: www.ITworldcanada.com SUBSCRIPTION INQUIRIES Telephone: (613) 475-3217 or 1-800-565-4007 Fax: (416) 290-0239 or 1-800-565-8148 E-mail: circulation@itworldcanada.com For printed and electronic reprints, please contact Jeff Coles at 416-290-0240 or jcoles@itworldcanada.com

We acknowledge the financial support of the Government of Canada through the Canada Periodical Fund (CPF) for our publishing activities.
PUBLICATIONS MAIL AGREEMENT NO. 40063800 RETURN UNDELIVERABLE CANADIAN ADDRESSES TO CIRCULATION DEPT IT WORLD CANADA INC. 302-55 TOWN CENTRE COURT SCARBOROUGH ON M1P 4X4 E-mail: circulation@itworldcanada.com PAP REGISTRATION NO. 10784

C LO U D C O M P U T I N G I N C LO S E- U P

RESEARCH THE MARKET

Cloud Computing on camera

Our video library is filled with useful clips about key vendors, strategies and user success stories. Heres a handful worth watching.
Cloud Computing and the future of the IT department
IBM Canada distinguished engineer Tom Wheatley explores the trend towards cloud computing and imagines how it will change the role of CIOs and IT managers in Canadian enterprises. http://bit.ly/kkCnzN

In Conversation: Jonathan Day-Reiner

The director of IT operations for online marketing firm 80/20 Solutions discusses why his company shifted its infrastructure to the cloud. With ComputerWorld Canada Editor Dave Webb http://bcove.me/llpdht80

Own the podiums path to the cloud

IT manager Jason Cox describes how the cloud helps Canadian Olympic athletes and their coaches win Gold. http://bit.ly/lmrGH5

Microsofts National Technology Officer talks cloud

John Weigelt, national technology officer at Microsoft Canada, highlights the companys cloud strategy and speaks of partner opportunities there as well. http://bit.ly/kHQbvn

The Wire: HP to offer public cloud service

At HP Summit 2011 in San Francisco, CEO Leo Apotheker tells analysts the company is focusing on the cloud. The company will also open a marketplace for applications and cloud-based services for enterprises, small businesses and consumers. http://bcove.me/xp2tyeiz

Centrilogic CEO on the business case for cloud computing

Robert Offley talks to Network World Canada about why customers are turning to his firm for help with setting up ondemand IT infrastructure. http://bcove.me/131jfa1e

C LO U D C O M P U T I N G I N C LO S E- U P

RESEARCH THE MARKET

As CIOs see it: 3 cloud perspectives

Cloud computing for dummies
Actually it was a room full of CIOs and IT decision makers, but what I heard recently at the Midsize Enterprise Summit 2011 keynotes provided one of the better explanations of cloud computing And it came from a major vendor no less! Jordan Chrysafidis, Microsofts VP of SMS&P, outlined cloud computing based on needed outcomes rather than a sales pitch for their products (that came later but the first part of the presentation was pretty product neutral). He presented a breakdown of private vs. public cloud services, from an economies of scale perspective. Apparently the real savings in cloud come at around 10,000 servers, where the TCO per server is reduced to a fraction of the expense of a single server. The average data centre has nowhere near 10,000 servers, and as such, the TCO per server remains higher. Savings can be realized in the following areas: Hardware typically represents 45% of your data centre costs. 30% savings using public cloud data centre can be achieved. Facilities represent 15%. 35% savings are possible. Operations 15%. 70% savings Power 15%. 90% savings All of these numbers are achieved through better utilization: Sharing with people in different time zones, and different industries can result in more efficient utilization patterns He went on to discuss the infrastructure as a service market, (where the focus is on hosting), the Platform as a service market (where the focus is on building), and of course the Software as a service market (SaaS), where the focus is on consumption, three elements of what is now presented as cloud. My real point of the post is that it was refreshing to hear cloud computing put into a context that even a CIO could understand. (Marketing people take note). Kevin Pashuk, CIO, Appleby College
6

Gorilla clouds?
In Geoffrey Moores books (Crossing the Chasm, Gorilla Game, etc) the gorilla is the market-share leader whose position is sustained by proprietary technology that has high switching costs (Wikipedia says so!!). Ive always said owns the architecture and costs too much to change vendors with Cisco being one example, Intel another and Microsoft being the other major case study. Crossing the Chasm also talks about the need to transition from early adopter stage to mass market penetration in order to grow and gain momentum. So, how does this apply to cloud computing? One of the questions that needs to be answered is: Where in the technology adoption curve has cloud computing (or IaaS, PaaS, and SaaS independently if you want) crossed the chasm? Is cloud computing even a single specific market segment or is it really multiple market segments (each with its own chasm)? Another question that begs to be answered (so that we can invest in the winners, not the losrers) is: Who is going to be the Gorilla of cloud computing? Or will there ever be a single gorilla? Is there an architecture for cloud computing that someone owns or controls? How easy is it to switch from one cloud supplier to another? I think that part of the problem these days is thinking that cloud computing is a single product type targetting a single market segment. It is not. That would be equivalent to saying that distributed computing is a single product meeting a single need in the marketplace. Once we can identify the market requirements that cloud computing can meet, then we will be much farther along in developing the solutions, establishing standards and judging success. Only then will we get past the technology hype cycle. Another issue is that most of us are already users of cloud computing (depending on how you define it). For example, Twitter and Facebook sure look like SaaS to me (although the pay-as-you-go part is not relevant). Most of us dont really think of public applications such as Hotmail or Gmail as being cloud computing, but perhaps we should be changing our views. The question is, do you think the ideas Crossing the Chasm ideas apply, that they are relevant, that they predict the future and, perhaps most importantly, that they allow us to pick the winners? Don Sheppard, CIO, ConCon

Contestants from our annual Blogging Idol contest were asked to weigh in on the hottest topic in IT. What they told us
Why should I care?
I was speaking at a Computerworld Canada event in Calgary and Edmonton in 2010. The focus was on Linux as the proper operating system for the cloud. While I brought over a decade of Linux in the enterprise experience to the discussion, my real focus was on the solution for business rather than the fact it was delivered as a cloud application or service. When we think of the cloud it is clear that there are a number of different perspectives on what is a cloud, as well as offerings from the cloud. Basically as rule of thumb cloud offerings fit into these categories: Infrastructure Services Software Storage Storage is the newest type of offering in the cloud. My personal experience has been focused on the most popular category, which is software, more commonly known as SaaS (Software as a Service). We use solutions for Payroll, HR, Sales and Marketing CRM, and our US Core Business suite so I have gone through this discussion multiple times. Th fact is that the solutions we chose were not about the cloud at all; they just happen to be delivered via the cloud. This again reinforces the old axiom that you should select software based upon your business needs and not by the technology. The cloud is after all just an alternate delivery model, not some revolutionary new technology. In fact, without divulging my age, I remember when you bought IT services (because computers cost too much for most business) in time multiplexed models. That was a cloud of sorts based upon the general definition used for a cloud today. The clouds of today, though, are uniquely identified because a key requirement for todays cloud is the use of the Internet as a connection methodology. With cloud solutions today there appears to be over-enthusiasm, that they are the new panacea, when in fact it is just another way to deliver very valuable solutions. Nigel Fortlage, CIO, GHY International

C LO U D C O M P U T I N G I N C LO S E- U P

IM the eMperor of effIcIency.

I control what I want, when I want. prIvately and publIcly.

I can use My exIstIng assets to achIeve My future goals.

I can spend on what I need, not on what I dont.

I can play lIke an optIMIst and pay lIke a realIst.

I have cloud power.

The mosT comprehensive soluTions for The cloud. on earTh. Microsoft Office 365 Windows Azure Windows Server Hyper-V Learn more at Microsoft.ca/cloud

CONNECT WITH YOUR PEERS

The Network effect

BY GRANT BUCKLER

If cloud computing is to take off in Canada, we may need to rethink the procurement process. A grassroots effort is launched
n Neil McEvoy wants businesses to get on to his cloud.
exist yet, in order to encourage the research and development necessary to develop it. The founder of Toronto-based Level 5 Its an idea the British government has Consulting has launched a project called the used to promote development of its clean Canada Cloud Network, which he hopes will technology sector, McEvoy says. He isnt help stimulate the growth of cloud computaware of other examples of its use, though ing in Canada. Part of the project is a webhe agrees that the effect might be similar to site, OpenRFP.net, where McEvoy is posting the way the U.S. space program once helped information about Canadian government stimulate development of new technologies contracts. that later found broader use. The idea is to put the procurement process Cloud computing is immature in Canada online and make it openly accestoday, says Darryl Humphrey, sible, McEvoy says. He hopes to a senior manager at Deloitte encourage cloud-related compaand a member of the consulting nies both Canadian and foreign firms global leadership team for to work together to create cloud. In general I would say proposals to address government our market is characterized by needs. cautious buyers and somewhat McEvoy says he aims to put distracted vendors. smaller cloud-related companies Research firm Internain touch with major contractional Data Corp. (Canada) Ltd. tors bidding on big government recently profiled 10 Canadian NEIL MCEVOY has also created a Canada contracts, such as an effort to cloud startups, saying in a Cloud Network move Elections Canadas Web statement that its a good time LinkedIn Group. site to hosting in the cloud. The to be an emerging cloud comwide variations in traffic on that pany in Canada. site quite low except for major peaks during The Canadian cloud market is small and elections makes it a perfect candidate to be has unique needs due to factors such as hosted in the cloud rather than on dedicated privacy laws, Humphrey says, so its tough to in-house servers, McEvoy notes. achieve much scale. That part of McEvoys project goes hand in Government can help with that, he says, hand with another, which is advocating for and one way to do it is through procurement. more use of government procurement as a When you look at the Canadian market, way of stimulating new technology research there are not that many players that can in Canada. provide scale and the federal government is A lot of what Im looking to do is identify one of those. best practices in innovation in general, The Canada Cloud Networks efforts to says McEvoy, who was a business developinfluence government procurement are in ment manager for PricewaterhouseCoopers their very early stages. McEvoy has written for about a year before starting Level 5. He a white paper on the subject entitled Canada previously worked for British Telecom and Cloud 3.0: Building Canadas Digital Economy founded and ran a European application Advantage Through Cloud Computing. As for service provider. approaching government officials about his He thinks one of those best practices ideas, he says, thats really my next phase. is something called forward commitment So what has he done so far? About a halfprocurement. The idea, he says, is for governdozen companies, some Canadian and some ment to state a buying requirement for the U.S. players looking to build their presence type of innovation we want to see in the marin the Canadian market, have signed up for ketplace. In short, the government calls for access to OpenRFP.net, which is free. In proposals to supply technology that doesnt time, McEvoy says, hell be looking to sign up
8

corporate sponsors for the project, and vendors will pay to participate in joint proposals. One of the companies involved today is Kaulkin Information Solutions, the Rockville, Md., maker of kloudtrack, a software as a service tool for governance, risk management and compliance. Kloudtrack forms part of the basis for Canada Clouds OpenRFP platform, says Mike Binko, the companys president and chief executive. By using cloud-based software to run OpenRFP, McEvoy is practising what he preaches, Binko comments. Neil as far as I can tell understands that the cloud is a useful platform or utility if you will to kind of exchange and share data, he says. Binko says there are some projects in the U.S. trying to bring companies together around open access to RFP data, but OpenRFP is the only one he knows of in Canada so far. its an emerging approach, he says. One beneficiary is Esotera Secure Storage Solutions in St. Johns, NL. The company offers secure cloud-based storage systems, and is developing software called VM Aware to help cloud-based applications scale smoothly, says Tom Chalker, Esoteras president and chief technology officer. Through OpenRFP, Chalker is working with Joyent Inc., whose cloud software stack VM Aware will rely on, and with hosting providers. Chalker hopes to get a piece of the Elections Canada project thanks to OpenRFP. Without it, he says, contracts like this are usually out of such a small companys reach. We would have to put a lot of resources together in order to be able to put together a response to an RFP. Chalker says smaller technology companies usually only get a piece of such big contracts when larger prime contractors seek them out to meet specific needs. According to McEvoy, stimulating Canadas nascent cloud computing sector will do more than just help home-grown companies in that business. His white paper refers to much-discussed concerns about the level of innovation in this country, and suggests that part of the cause of this innovation gap is that information technology organizations lack money to spend on innovation because most of their budgets are tied up in keeping their current systems going. Moving more computing into the cloud, he argues, would alleviate that problem. Humphrey says cloud services can make the businesses that use them significantly more efficient. He says some organizations can see cost reductions of 50 to 80 per cent from using large infrastructure-as-a-service providers. Thats a major piece of capital that you can now redeploy into your actual business, he says.

C LO U D C O M P U T I N G I N C LO S E- U P

BROUGHT TO YOU BY

One site. Everything IT.

Instantly nd tech specs, accessories, and compare 350,000 IT products.

www.youndit.ca
NEW!

TECH LEARNING SPACE

CHOOSE YOUR APPROACH

PRIVATE CLOUD DO NOT ENTER

ILLUSTRATION BY: ISTOCKPHOTO.COM/CURVABEZIER

Private cloud: Is it for real?

BY VAWN HIMMELSBACH

n Does the private cloud actually exist? Some public cloud providers and industry analysts say the private cloud is really just a virtualized data centre. Others including large enterprise vendors say its the only real option for Canadians, considering security and privacy issues.

10

C LO U D C O M P U T I N G I N C LO S E- U P

Most, however, wouldnt argue that one of the greatest potential benefits of the cloud is cost savings through scale. Originally, when people started talking about cloud, they didnt make the distinction between public and private, but now its become a rather heated debate. What happened is that many traditional enterprise vendors started to see the cloud as a threat, said Ronald Schmelzer, managing partner with ZapThink. The public cloud threatened to permanently move IT resources outside of organizations, so those vendors jumped on the cloud bandwagon with private cloud. But that, he said, kills the benefit of cost savings. If you own the cloud, youre not going to see any economic advantage. Anyone who says they are doesnt understand it or is being misleading. If organizations want dynamic provisioning or pooled resources that they can bring online or offline as needed, they can take the same architectural approach as the public cloud and apply their own internal resources. When Joe in finance needs some resources, hes going to get it dynamically provisioned by the pool, and maybe get some economic benefit from not having to buy another server, said Schmelzer. But while that borrows some of the architectural components of cloud, its a different concept; in fact, the public cloud becomes competition for these same resources. The whole idea of the cloud should be about economies of scale, he said. The public cloud is a trajectory, since a lot of small companies, especially startups, are simply not buying infrastructure anymore. This goes back to the so-called private cloud strategy. A lot of its going to be a handful of large enterprise vendors working with their own customer groups. One of the essential characteristics of a cloud is that its measured and paid for as a service, so if you build it yourself, its not a cloud, said A.J. Byers, executive vice-president of business services with Primus. Ive had debates around whether a company can build a private cloud and

Right now the auditors are forcing companies into choosing dedicated private cloud environments because of PCI compliance.
A.J. BYERS PRIMUS

I would say no, he said. But he does believe in the private cloud only one hosted by a third party. As a service provider we can build public and private clouds and hybrids of that as well. What defines private cloud, he said, is that the resources are offered to a single organization. And the No. 1 reason why customers are choosing private cloud is because of a perception that its more secure which is a huge technology debate right now. We believe over the next 12 to 24 months we will see security auditors understanding cloud deployments better, said Byers. The auditors force companies into choosing dedicated private cloud environments because of PCI compliance. Today in Canada, he said, you cannot become a PCI-compliant company and process credit card transactions in a public cloud. One of the big reasons why people move into the private cloud is because they need to process large numbers of credit card transactions. But we do believe PCI can occur in the cloud. Customers are also concerned about where their data resides. If it sits in a U.S. data centre, it then becomes subject to the U.S. Patriot Act, which could allow the American government access to that data. Despite these concerns, Byers says we need to get people out of the mindset that there are security risks in public cloud. For smaller businesses, the public cloud is simply the most cost-effec-

tive option. Ultimately, the smaller the cloud, the less cost-efficient it is, so a private cloud doesnt see the same kinds of cost savings that a public cloud typically does. In a private cloud you know exactly what resources are available to you, but theres not a huge demand for private cloud except for larger enterprises or where theyre working for the government or have unique security needs, said Byers. However, some industry players just dont consider this to be cloud and, in fact, say private cloud is a matter of cloud-washing by those who dont benefit from public cloud, namely large enterprise vendors. We absolutely believe that there are people taking technology thats existed for years and repackaging it for cloud, said Andrew Kovacs, senior manager of communications and public affairs with Google. Theres a lot of cloud-washing going on. Thats why Google has adopted a new term, called 100 per cent web, which he says does a better job of capturing the benefits to customers. Certainly theres lots of talk about building clouds with concepts like virtualization, he said. There can be some benefits to companies, but we do not consider that a cloud. The big differentiator, he said, is multi-tenancy. What that means to end-users is scale; when an organization is operating at that scale, end-users can innovate faster and the applications are more secure and reliable. Typically, it takes an organization 30 to 60 days to apply a security patch, for example, whereas in a cloud environment that can be done almost immediately. We dont really talk about private clouds, said Kovacs. Theyre usually referring to just hosting software in a data centre rather than hosting it in their own business, or they may host it with a third party, but its still single-tenant software. The software still requires upgrades and patches and comes with the additional costs of managing the software yourself. And some offerings pitched as cloud still require customers to install software, he said. With Microsoft, you still need to install

C LO U D C O M P U T I N G I N C LO S E- U P

11

CHOOSE YOUR APPROACH

Office 2010 to get the most out of the product, so theyre still locking in customers to multi-year cycles. The industry, in general, defines a private cloud as a single-tenant cloud, either on-premises or offpremises. But the debate around private cloud isnt just about the definitions and terminology. Legacy enterprise vendors are the primary beneficiaries as they are able to sell many cloud-washed products in the short term to build private clouds, said Randy Bias, CEO of CloudScaling. Unfortunately, since these enterprise vendors dont understand the techniques in use by Amazon and Google, they are selling very expensive private cloud solutions that are ultimately doomed to failure. Hopefully, as the market matures for well designed cloud products that solve the private cloud problem for enterprises, they will be able to use private cloud technology to run those IT functions core to differentiating their business. But he still sees a need for private clouds. Both private and public clouds will be required, although the bulk of IT will eventually wind up on public cloud systems, said Bias. Private clouds will be required for enterprise businesses to keep their core-differentiated IT functions on cost-optimized and competitive internal infrastructure, whereas public clouds will be used for undifferentiated general IT functions that can be cost-effectively delivered by utility providers. You will never see a prominent financial trading business move their trading system to a public cloud, he said, since such trading systems are core intellectual property and offer competitive differentiation. Yet, eventually they will need some of the properties of private clouds in order to increase manageability and profit margins. Its pretty much impossible to achieve the same cost economies with private clouds as a public cloud, said Bias. And this means, ultimately, the private cloud footprint (meaning the number and size of total private clouds deployed) will be much smaller than public clouds. IT departments will move non-mission-critical apps that dont provide competitive advantage either to clouds or to new greenfield applications already deployed on clouds to replace existing internal apps, he said. While most likely a private cloud will involve virtualization, its not just a virtualized data centre, said Mark Thiele, founder and president of Data Center Pulse and vice-president of data center strategy with ServiceMesh. Some key characteristics of cloud over and above virtualization

An equal-opportunity approach to the cloud

BY PETER GALANIS
The following article was submitted to CIO Canada through HP Canadas public relations agency. Although we do not accept articles from vendors that promote specific products or services, we consider executive viewpoints on topics of interest to our readers that focus on strategy. IT World Canada does not endorse any particular vendor or accept payment for editorial content under any circumstances.

Is public cloud or private cloud right for your organization? Its easy and smart to have both
intervention from a service provider. But should they take advantage of public cloud services, such as Amazon EC2 or Google App Engine, or build their own cloud behind the firewall? The question might miss an essential point: They can have it both ways.

Understanding the cloud models

At their core, all cloudspublic and private consist of shared, standardized services based on pooled resources. Moving data to the public cloud means avoiding purchasing and managing certain hardware and software, but it also means less control over your data and relying on the security policies and practices of the service provider. With a private cloud, you get total control over your data and the hardware on which it lives if its hosted on-premise.

Some organizations will want the affordability and flexibility of externally managed cloud services. Others will see the internal cloud as the best approach for certain services. But the vast majority will fall on the spectrum somewhere between those two extremes. The most effective way to run your service portfolio is to find the right source for each servicetherefore many organizations can benefit from a hybrid delivery model using both public cloud and private cloud resources. The important thing is to let your enterprise strategy guide your approach to the cloud. Heres a quick overview of each delivery model and how it can support an enterprise strategy.

Cloud services for rapid application deployment

Enterprise cloud services offer bundles of server, storage, network and security that your organization can consume as a service. It lets you deploy applications without confronting the usual obstacles: the capital outlay for acquiring and maintaining hardware, the time it takes to provision new services and the IT resources to manage it. Cloud services let you accelerate time to revenue from new

n In a mobile, connected world, everybody needs access to everything. They expect instant results anytime, anywhere. While this opens up a world of possibilities, it also places heavy demands on IT. How can enterprises keep up? Many Canadian CIOs are considering cloud technology because it can be rapidly provisioned and released with minimal
12

C LO U D C O M P U T I N G I N C LO S E- U P

include additional automation, scale management, greater portability and enhanced management of an IT environment. And while the private cloud isnt built to allow for multi-tenancy, most organizations dont need it, he said. The truth is nobody truly has infinite scale, but certainly Amazon comes closer to infinite scale than the average business, he said, adding that there are only a few companies out there that really need something approaching infinite scale. For the vast majority of apps within a traditional data centre, when organizations talk about scale, they typically mean they need to scale from 10 machines to 13 for a day or two or maybe a week. Even if they have an app that requires something approaching real scale, thats something they can put in a public cloud.

Another differentiator of private cloud is it allows organizations to move apps within their own network environment at a time when theyre comfortable with it. While public cloud may do the job, most organizations at least in the near term are going to struggle with concerns about security, service-level agreements and how they actually measure the cost, said Thiele. If you move an app into the public cloud, it may look cheaper on paper, but in the long run could cost more than expected, and thats something that organizations need to sort out. Almost every time Thiele hears people saying theres no private cloud, those people are involved in or directly selling public cloud services. Its not about whether public cloud can replace private cloud, he said. Those questions are immaterial. In some cases, an organization can only

get approval for private cloud, which gives them 80 or 90 per cent of the benefits, until they can eventually move to the public cloud. Over time, my guess is a majority of apps will be public cloud, in two to five years. IT needs to be able to transition in a moderated, grandfathered way, he said. Taking baby steps means cloud in all its forms has tremendous value. In the long-turn, Thiele believes hybrid cloud has the best chance of success for major enterprise apps because it offers the benefits of scale and geographic dispersion, with some of the benefits of single-tenancy. While Thiele disagrees with the notion that there is no such thing as a private cloud, he doesnt think thats the point. To assume there is no such thing as private cloud is to ignore the obvious that every organization treats their IT a little bit differently, whether we like it or not.

applications from months to minutes. For services that require tighter control For Canadian CIOs in particular, security, over your data, deploy an on-demand reliability and privacy are top of mind as service delivery environment that provides they try to balance the need for innovation, easy access to self-service resources from a optimization and risk management for the secure environment. enterprise. Some organizations, for example Building internal cloud services doesnt in the public sector, may have additional mean you have to rip out your current regulatory requirements to environment. You can often consider. Canadian enterextend and protect your current prises can have very distinct investments by transforming needs for cloud services so legacy and virtualized infrait is important to ensure that structure into fully automated your service offers these cloud environments. important features: A private cloud can require Security, governance and more IT resources up-front to compliance standards, with build. But a well-designed prithe ability to know exactly vate cloud that takes full advanwhere your data is physically tage of its compute resources PETER GALANIS is stored for compliance and can lead to a solid return on your the president of HP Canada, based in reporting purposes IT investment. A finely tuned Mississauga, Ont. Open, modular platforms automated private cloud also that dont lock you in gives your staff the freedom to Automation and management for end-to- focus less on management and more on the end service quality applications that drive the enterprise. The ability to ensure availability, quality and performance levels A hybrid delivery model The ability to seamlessly interact with for flexibility and be managed across a hybrid delivery The reality is, most organizations will benefit service model from consuming both public and private Private cloud for self-service resources cloud services in addition to services run

from their traditional IT environments. A hybrid delivery model combines all three sources into one unified whole. With multiple sources at your disposal, you can optimize your service portfolio to provide the right service to the right source at the right time. For example, a financial services company might run a new mortgage lending credit check service from its private cloud, while simultaneously accessing compute resources for its developers from an enterprise cloud service provider. If use of the credit check service proves to be highly sporadic, the company may decide to move it to an off-site enterprise cloud that can better accommodate the service volatility. Using a hybrid delivery model ensures that the best options are available for each workload.

Finding the model thats right for you

Not sure where to start? Enterprises need to understand their critical success factors, benefits and challenges so they can make informed decisions and map a clear and effective path to the cloud. Using the best cloud solutions for your needs, your enterprise can respond in an instant to todays and tomorrowsrapidly changing enterprise needs.
13

C LO U D C O M P U T I N G I N C LO S E- U P

BUILD IN SECURITY
n Just putting your app into a public cloud without rethinking how it works can open chief information officers up to disastrous consequences, according to Trend Micro Inc. chief technology officer Raimund Genes.
Speaking at a Trend Micro cloud security awareness event in Toronto recently, the companys technology leader said that turning over control to a third-party vendor for your cloud infrastructure should compel you to rethink -- and maybe even redesign -- your applications. You have to design your applications so that theyre more reliant to these outages in the public cloud, Genes said. When you design it well, it doesnt matter if the data centre goes down. He added that the companies that simply mirrored their apps and put them into Amazons cloud can attest to the outages and data losses they experienced recently. But the one high-profile company that didnt fall to the wrath to the massive outage, Genes said, was NetFlix Inc. Last December, the movie streaming giant published a tech-related blog about what it had learned while using Amazon Web Services as its computing platform. The best way to avoid failure, the company said, is to plan to fail constantly. Internally, NetFlix refers to its software architecture in AWS as its Rambo Architecture. Each system has to be able to succeed, no matter what, even all on its own, wrote blogger John Ciancutti, who works as a vicepresident of personalization technology at NetFlix. Were designing each distributed system to expect and tolerate failure from other systems on which it depends. If our recommendations system is down, we degrade the quality of our responses to our customers, but we still respond. David Aspey, vice-president of cloud security for Trend Micro, said that NetFlix came out of the Amazon outage with flying colours because they paid for dedicated servers to run a virtual private cloud in addition to a public cloud. The outage had nearly no effect on them, he added. At Trend Micro, its team of architects have designed its private cloud to actually sustain outages at two of its five worldwide data centres. Another headline grabbing security disaster in the world of cloud computing occurred at Sony Corp., after the companys PlaySta-

Trend Micros Raimund Genes discusses the Amazon incident and others
BY RAFAEL RUFFOLO
14

C LO U D C O M P U T I N G I N C LO S E- U P

PHOTOGRAPHY BY: DW DORKEN

A security CTOs take on the biggest cloud outages (so far)

tion Network was hacked in mid-April. The personally identifiable information of 77 million PSN accounts were exposed in the data breach. This breach, Genes said, garnered Trend Micros attention far more than the Amazon outage because it involves cloud data security as opposed to backup and storage policies. He said that with Trend Micros SecureCloud technology, which allows enterprises to encrypt data on private and public clouds, organizations can ensure that they encrypt different portions of their cloud-based data with different encryption keys. Genes said the PlayStation breach turned into such a large-scale problem for Sony because the company only used one encryption key for all its data as opposed to a variety of different keys. Genes said that because cloud computing is not cost effective without virtualization, Trend Micro will be investing

heavily into the protection of virtualized machines and cloud-based servers in the future. The companys Deep Security product line, which covers that functionality, is being developed at the recently acquired Third Brigade Inc. offices (now Trend Micro Canada) in Ottawa. Other priorities for Genes include developing better patch capabilities for virtual servers and tackling the growing AV storm issue. In an anti-virus storm, thousands of virtual machines start their manual scanning cycle at the same time, consume too many resources and bring down the network. Genes said Trend Micro is working with VMwares vShield technology to enable one scan on the hypervisor level and have all the virtual machines communicate back for their update. You only have one scan and you dont have to load AV technology on every

virtual machine, he said. To round out his views on cloud security, Genes also talked about mobile devices and the rise of multiple operating systems like Apples iOS4, RIMs BlackBerry OS and Googles Android. He also predicted that the decline of Microsoft Windows as a dominant desktop OS, plus the shift of Web users to mobile devices, will force hackers to broaden their targets over the next five years. Were seeing a diversity of devices that will make it more difficult for the attacker, which has been focused on Windows, Genes said. For CIOs and security vendors, that means the focus will have to shift away from whether the device will be hacked to how to track and manage the devices. What happens if an employee loses a device and leaves it in a cab? Genes said. How can I ensure that no third-party can use it?

Amazon comes clean about cloud outage

n Amazon has released a detailed postmortem and mea culpa about the partial outage of its cloud services platform in April and identified the culprit: A configuration error made during a network upgrade. During this configuration change, a traffic shift was executed incorrectly, Amazon said, noting that traffic that should have gone to a primary network was routed to a lower capacity one instead. The error occurred at 12:47 p.m. on April 21 and led to a partial outage that lingered through last weekend. The outage sent a number of prominent Web sites offline, including Quora, Foursquare and Reddit, and renewed an industry-wide debate over the maturity of cloud services . Amazon posted updates, short and bulletin-like, throughout the outage, but what it offered in its postmortem is entirely different. This nearly 5,700-word document includes a detailed look at what happened, an apology, a credit to affected customers, as well a commitment to improve its customer communications. Amazon didnt say explicitly whether it was human error that touched off the event, but hints at that possibility when it wrote that we will audit our change process and increase the automation to prevent this mistake from happening in the future. The initial mistake, followed by the subsequent increase in network load, exposed a cascading series of issues, including a re-mirroring storm with systems continuously searching for a storage space. Amazon also said in its explanation of the outage that it will work to ensure that it builds software and services that can survive failures. Matt Stevens, the CTO of AppNeta, a cloud performance network performance management company and an Amazon cloud user, praised Amazons postmortem for its transparency. As a technical architect, I thought it was actually amazing how deep they went into it, said Stevens, adding that he wished the company had offered more detail about the initial network change that started the problem. In terms of the overall issue, Stevens said: How does anybody who runs their own private data center know how its going to hold up until you have a massive issue? Jim Damoulakis, CTO of GlassHouse Technologies, an enterprise storage services provider, called it a pretty through postmortem and I think for the most part they are being transparent about it. Damoulakis said that while Amazon will take steps to keep the problem from happening again -- and to make their availability zones more robust -- customers will ultimately be responsible for having a good disaster recovery plan. I think there is blame on both sides , said Justin Alexander, who heads strategic research and development at Hyland Software, an enterprise content management software firm, referring to both Amazon and its customers. Clearly, Amazon needs to take accountability for their services. But at the same time there were a variety of customers who were using the EC2 platform that did not suffer any period of unavailability, said Alexander, citing their disaster recovery plans. ComputerWorld (US)
15

C LO U D C O M P U T I N G I N C LO S E- U P

UNDERSTAND THE CONTRACTS

Clouds in Canada: The legal issues

BY VAWN HIMMELSBACH

Before you sign on the dotted line, know the risks

even be against the law.
But theres no law that prevents most Canadian businesses from exporting personal information, said David Fraser, partner with McInnis Cooper, president of the Canadian IT Law Association and chair of the National Privacy and Access Law Section of the Canadian Bar Association. Once you move into a real cloud computing model, all of a sudden you dont know where your data is where in Canada or where in the world and weve seen a big privacy-related backlash against cloud computing, he said. So a large part of his job is telling people theyre wrong, since theres a huge amount of

n More companies in Canada are turning to the cloud or, at least, thinking about it for flexibility, agility and cost savings. But there is often the perception that using cloud-computing services could compromise corporate and customer data, or may
16

C LO U D C O M P U T I N G I N C LO S E- U P

ILLUSTRATION BY: ISTOCKPHOTO.COM/CURVABEZIER

misinformation out there. U.S. where judges hear applications Private-sector privacy laws made by Department of Justice require that you ensure a compalawyers for search warrants (and rable level of security for personal other such things) and theres information, regardless of whether nobody on the other side to oppose you permit it to be managed by those applications. a Canadian company or a nonWe have a secret court in CanaCanadian company. And some da, said Fraser. We have a bunker highly regulated industries, such as in Ottawa where judges hear lawyers banking, have special rules that may from the Department of Justice and include additional regulation for CSIS for warrants to do things as outsourced services. potentially offensive as break into The Patriot Act is the big thing your house and install wiretapthat people freak out about, he said, ping equipment. These orders can but we have a Canadian version specifically provide for authorities to of the Patriot Act, which is just as go back in and change the batteroffensive. ies. So people dont often think that Heres the deal: In 2001, the U.S. Canada is engaged in these types of Congress passed the USA Patriot cloak and dagger things, and we are. Act, which expanded the powers Our definition of anti-terrorism is as of law enforcement and national broad and offensive as the U.S. security agencies to carry out inCanadian authorities have virtuvestigations and obtain intelligence ally identical powers under the in connection with anti-terrorism Canadian Security Intelligence investigations. Service Act, he said, which permits But the provisions that secret court orders have attracted the most that authorize CSIS criticism, said Fraser, to intercept commuhave equivalents under nications or to obtain Canadian law. Regardanything named in less of where information the warrant. resides, it will always be On top of that, subject to lawful discloCanada has a mutual sure to law enforcement legal assistance treaty or national security bodwith the U.S. (as well WATTIEZ LAROSE: ies. In Canada, he said, as informal agreeIt may be difficult to this includes search warments), so if the FBI customize contracts to make them rants under the Criminal wants data and its in comprehensive. Code of Canada and the the hands of a CanaCanadian Security Inteldian company, the FBI ligence Service Act. Many European calls the RCMP or CSIS. So when countries also permit broader law you dig into it, that cross-border enforcement and national security issue, at least in most cases, really is access to information than in both not the large issue that many people the U.S. and Canada. are led to believe it is, he said, addOf course, where the data sits ing that the Patriot Act has become can have an impact on that data. If shorthand for just saying no. its in North Korea or China, its at Only British Columbia and Nova high risk, said Fraser. In the U.S., Scotia have laws strictly regulating it may in some cases be significant, the export of personal information but in most cases it wont be. How from Canada by public bodies, said interested would the FBI be in getFraser. For all other jurisdictions, ting their hands on that data and including the federal jurisdiction, would they be able to justify getting export is permitted, but the public a subpoena? In most cases no, he body must ensure a comparable said. And if its a person of interest level of security for personal inforthey can get it in Canada. mation, regardless of whether its Many people are surprised to managed by a Canadian or nonlearn theres a secret court in the Canadian company.

The Patriot Act is the big thing people freak out about, but we have a Canadian version of which is just as offensive. We have a secret court in Canada.
DAVID FRASER MACINNIS COOPER

What businesses need to do is benchmark their existing privacy infrastructure and compare it to the privacy infrastructure of the proposed cloud provider. What are the real risks to the data, and to privacy and security? A lot of businesses have significant existing vulnerabilities from insecure desktops, to playing catch-up with security patches, to mobile employees running around with laptops. Or thumb drives. Nothing is more stupid or dangerous, said Fraser. In a cloud model if the computer is lost you lose nothing. Very often, this benchmark leans heavily in favour of the cloud provider that has squadrons of security people. Small businesses, in particular, are vulnerable to power outages and basic continuity issues. A reputable large-scale cloud provider will have multiple data centres, so things will stay up and running. One of the biggest hurdles to widespread adoption of cloud computing is the data concern, said Robert Percival, a partner with Ogilvy Renault. Where is it, what laws govern it, and what obligations do you have under the law? You may have contractual issues with customers or suppliers, for example, or you may have legal statutory obligations, whether thats under PIPEDA privacy legislation or some other applicable statute like health privacy legislation. As a collector of information, a company is responsible under
17

C LO U D C O M P U T I N G I N C LO S E- U P

UNDERSTAND THE CONTRACTS

federal legislation or the provincial equivalent where it exists to make sure that when it outsources or provides a third-party service provider with personal information, that the appropriate security protection measures are in place to protect that information. If youre looking to use the cloud, youve got to make sure that service provider has the security and infrastructure in place for you to live up to your expectations under the law. From a due diligence perspective, he said, that can be challenging to do. Are they using capacity in China or India where the laws may be weaker or there are inherent risks just because of the nature of the jurisdiction or sensitivity of the information? The due diligence aspects of cloud computing and understanding your risks are an important first step, said Percival, and its not as easy as it sounds. Another business concern is performance. What happens if that service isnt available? Cloud contracts are very skinny on commitment in terms of service levels, he said. Instead, they become efforts-based and liability is limited. Right now Im negotiating about 10 different cloud-type agreements on behalf of a large corporation and we expect to negotiate all these terms and conditions, but theyre paying millions of dollars, he said. Another one is much smaller, a couple thousand bucks a month were going to try but Im not optimistic were going to get very far. In order to provide that ubiquitous cost-effective cloud-computing environment you can turn on and off on-demand, what often gets sacrificed is the move to a one-size-fits-all contract, said Percival. Theres a real reluctance by cloud providers to negotiate because it becomes a cost impediment. Theyre either unable or unwilling because of the dollar cost to stray from their template. Everything is ultimately negotiable, but if Im trying to contact Google to negotiate the terms of my Gmail account, its not going to happen, he said. But if its the federal government or a large corporation,
18

Everything is ultimately negotiable, but if Im trying to contact Google to negotiate the terms of my Gmail account, its not going to happen.
ROBERT PERCIVAL OGILVY RENAULT

theres an ability to negotiate, or they might at least have a chance. For the sake of efficiency, cloud computing service providers often impose standard term contracts that their clients are not at liberty to negotiate, but which may not properly address all relevant risks. And in a field with little (but growing) competition, businesses may lack the leverage to customize their contract to make it sufficiently comprehensive, said Vronique Wattiez Larose, a partner in McCarthy Ttraults Business Law Group, who negotiates such contracts. This is a model thats meant to be more agile, more flexible, but dont let that fool you from a legal standpoint, she said. It doesnt mean you can forget about the legal provisions that protect you. For example, some regions, such as the European Union, have stringent rules concerning movement of certain types of data across borders. Unless they take certain steps, organizations are prohibited from transferring personal information to countries that do not provide the same level of protection with respect to personal information of EU residents (including the U.S.). In a cloudcomputing context, it may be difficult to determine which countries data will be transferred to and from. And this has implications for businesses in Canada nearly half of small businesses here use cloudcomputing services, according to a

survey by Angus Reid and HewlettPackard Co. The biggest concern with cloud computing contracts is not how they address certain issues, but rather how they fail to address others. Our concern as lawyers is that more often than not, up until now the cloud computing contracts that we see are incomplete in comparison to your standard long and thick outsourcing contract, which would be extremely detailed, said Larose. Thats not necessarily the case for cloud computing, where at the end of the day the concerns are quite similar. Theres a huge element of trust required, which is no different from a traditional outsourcing relationship, she said. The biggest difference is you wont necessarily be negotiating in the same room with the guy sitting across the table from you. Everything is done more remotely, so its hard to build that trust. Dont take for granted that what a cloud service provider offers you will automatically address all of your concerns, she said, though that should be part of any normal due diligence process. If some of your concerns are not addressed, understand the risks and evaluate whether or not you still want to move forward. Although the contract terms may seem commercially reasonable, you need to make sure that the cloud service provider is not turning a blind eye to something that may be material for your organization. If the geographical location of an organizations data is likely to trigger export control issues, your contract should include prohibitions against extraterritorial storage. And its important to understand how and in what format the data is stored, said Larose, and what tools are available to retrieve it should it be required for e-discovery purposes. Find out from the get-go whether or not the cloud service provider has any ability to negotiate the contract. The answer may be no, depending on the business application youre outsourcing, said Larose. You obviously cant negotiate your Gmail. But if its a huge contract and a key

C LO U D C O M P U T I N G I N C LO S E- U P

relationship for the provider, theyre likely to have more flexibility in making everybody happy. However, if you employ contract managers and have to negotiate contracts all the time, it can defeat

the purpose of cloud and you wont be able to achieve the economies of scale that cloud promises, she said. But dont say no to cloud right off the bat, and dont base decisions on false information. Go through the

exercise: See whats there, whats not, evaluate the consequences of any gaps, and make a business decision based on that often, the benefits of flexibility, agility and cost savings will be well worth it.

Gartner: The cloud gotchas CIOs need to avoid

n If CIOs sometimes struggled to successfuly outsource their IT operations, they should prepare themselves now for the potential pitfalls of cloud computing, according to an analyst with one of the industrys biggest market research firms. In the recent Special Report on Cloud Sourcing, Frank Ridder, reserach vice-president of Stamford, CT-based Gartner Inc., describes the cloud computing market as immature and fraught with potential hazards, but potentially offering more flexibility than the lock-in that traditional outsourcing sometimes creates. The report also covers emerging market trends, offerings, contracting, and pricing in the cloud market, and Gartner analysts will be discussing the issues in greater detail at the firms annual Outsourcing and Vendor Management Summit in Orlando this September. CIO Canada discussed some of the key findings in the report with Ridder. CIO CANADA: To what extent do you see cloud computing becoming simply another sourcing option along with traditional outsourcing, and to what extent will the cloud, in fact, displace traditional outsourcing firms with teams of people that take on various enterprise IT functions? FRANK RIDDER: By 2015 30% of the IT services needs will be covered by types of cloud services (including SaaS, PaaS. IaaS, Infrastructure Utilities etc.). There are still difficult management and governance. Are areas to fix to increase adoption there any of these where you think speed. For example, cloud service CIOs may not be spending enough providers often do not provide any time when it comes to the cloud, professional services or where they may be around their solution. most likely to experiServices that would ence pitfalls? help you make the cloud service running FR: The sourcing in your IT stack. Also, strategy phase is organizations still need where organizations to learn how to manage lay a crucial foundathe co-existences of tion for the success of traditional and cloud a sourcing endeavour. FRANK RIDDER is solutions in an IT shop. Here is where risk a Gartner analyst management starts focusing on IT services and sourcing, based in CIO CANADA: Can and here is where Germany. you give any examples the quantitative and of the ways in which qualitative business cloud service providers terms and case gets defined. Organizations conditions need to mature in order often see the very attractive price for more CIOs to feel comfortable points (15ct per GB or $2 per with the potential risks? mailbox) and run fast based on that but the total cost of sourcing FR: Many cloud service providers do is much more than these $2. The not describe terms for pricing, SLAs vendor selection for cloud these or their acceptable use policies days has to be considered diverse: in the main terms and conditions The IaaS area is packed and buyers document, but on separate Web have great choice, but SaaS and pages.They also maintain the right BPaaS provide much less choice, to change the content of those Web and vendor selection has to be pages at any time. This can be probdone differently. Contracting lematic as the new terms may no most cloud providers give standard longer meet the needs of the buying contracts to buyers, and any deviaorganization (for example, if data tion from that has to be negotiated retention after contract cancellation tough the cloud concept is based moves from 60 days to 30 days). on HIGH standardization, therefore any deviation from that standard is CIO CANADA: The services sourchard to accept for vendors. Ongoing life cycle includes four crucial ing management here the market elements: sourcing strategy, has a lot of questions, and not yet vendor selection, contracting, and a sufficient amount of answers.

Key questions are how to manage service hybrids, how to manage a cloud provider next to a traditional provider, how much of the old relationship models work etc. CIO CANADA: How do you think incidents like the recent Amazon outage will affect the comfort level of CIOs who are considering or already moving into the cloud? FR: CIOs often trust cloud they are concerned about security and compliance, but not really about stability and reliability. When a cloud is down, we see it on the front page of the NYT and this is VERY seldom! Statements like that we heard often from CIOs in the past and it can be assumed that now there is a more strong proof point that things can go wrong. As more and more enterprises leverage the cloud more and more enterprises get affected by downtimes, This will force CIOs asking for more commitments and it will force them to look behind the scenes and understand a bit more of the delivery models behind the cloud services. CIO CANADA: Are there any new skills or competencies for managing cloud vendor relationships? FR: Needed! Not there yet! Cloud service providers have a standardized relationship model. The larger players invest more care taking services these days to cope with the enterprise needs, and enterprises increasingly understand that they need to accept more standardization in this area. The new norm will be where these two work streams (vendor invest and client accept) meet. Shane Schick
19

C LO U D C O M P U T I N G I N C LO S E- U P

TRAIN YOUR STAFF

and templates and create business and technical workflows to automate processes. This automation could lead to net job losses in areas such as installation, configuration, administration and maintenance. It will also, however, create demand for professionals trained in automation and standardized processes.

Impact on Enterprise IT Staff

Companies that migrate services and data to the cloud will typically require fewer in-house IT workers to install technology and applications or link hardware and software. There will also likely be fewer jobs for server and database administrators, as well as network experts. That said, the need for technical skills will remain. As valuable data and applications are stored and run from the cloud, remote monitoring skillsets will be highly prized. And with the growing importance of software as a service integration, inhouse software developers will have the opportunity to evolve their skills. For many enterprises, moving applications and data offsite wont eliminate the need for skilled IT workers, says ICTC vicepresident Norm McDevitt. Some companies are training their IT professionals on cloudbased applicationssuch as Microsofts Windows Azure platformto ensure ongoing competitiveness in the new market.

Create a cloud-ready team

New computing models will have a huge impact on operations, but also on the labour market. The outlook from ICTC
BY SHELDON POLOWIN
growth likely occurring in storage functions such as archiving and data backup. New jobs in web-scale development and virtualization will very likely emerge. Although some IT workers will be displaced by cloud computing, those who broaden their skills in business and new cloud technologies will continue to be in demand. What is also clear is that the transition to cloud computing will affect enterprise IT staff and service provider organizations differently.

n Cloud computing is likely to have a significant impact on the ICT labour force. It will create new human resource requirements and compel many workers to acquire new skills.
Cloud computing requires an understanding of traditional core technologies as well as comprehensive knowledge spanning different technology platforms. As a result, many IT workers will likely have to broaden their knowledge across multiple domains. The industry is changing quickly, says Paul Swinwood, president of the Information and Communications Technology Council (ICTC). Tomorrows IT worker will fully straddle conventional IT silos such as storage, networking, virtualization and security. As with outsourcing and automation, widespread adoption of cloud computing is expected to shift some IT workers from the technical to the business side of operations. Demand will increase in areas such as vendor contract management, cloud integration, analytics, Internet workforce and mobile applicationswith the strongest
20

Revolution or Opportunity?

C LO U D C O M P U T I N G I N C LO S E- U P

ILLUSTRATION BY: ISTOCKPHOTO.COM/CURVABEZIER

Large companies need to assess the benefits and costs of cloud computing relative to the investments they have already made in IT Impact on Service Providers infrastructure. For the small- to mid-sized While the unique attributes and requirebusinesses that account for 99.8 percent ments of cloud computing will transform the of businesses in Canada and 60 percent of occupational structure of the IT employment, its the way of the workforce, many current highfuture. IDC Canada expects value skills will be transferable to that domestic cloud computing the cloud. expenditures will jump from IT data centre managers, for one percent of IT spending toexample, may evolve into cloud day to 33 percent by 2014, with solution advisors. Professionals sales quadrupling to US$758 currently focused on assemmillion. bling and managing application As the cloud becomes adopted services may become cloud by more and more organizaapplication managers. And some tions, roles will shift and skills SHELDON POLOWIN is the senior labour practitioners may become cloud requirements will evolve. Cloud market analyst with deployment professionalsdecomputing represents a real ICTC, based in Ottawa. signing, deploying and maintainrevolution, says Paul Swinwood. ing the technology and software But with the right preparation needed to administer the cloud. Testing and and training, IT workers can take advantage software development will occur increasingly of it and make themselves indispensable to the within the cloud. ICT industry of the future. Traditional data centre workers will have to ICTC is funded in part by the Government of learn to design and populate service catalogues Canadas Sector Council Program.

Scan the QR code on your smartphone to access the MobiBiz website. Get the free mobile app at www.i-nigma.mobi

JUNE 21, 2011

PRESENTED BY

TORONTO BOARD OF TRADE

Register for your complimentary attendence today http://mobibizcanada.ca

PRACTICAL ANSWERS TO PROBING MOBILITY QUESTIONS

MobiBiz is a complimentary interactive one-day forum that explores strategic questions about challenges and opportunities in mobile marketing, channels and enterprise mobility. Attendees will gain tangible insights and practical action items to execute in their own organizations from Canadas most innovative mobile solutions companies.
Mobility in the enterprise is growing radically, expanding through mobile devices, with an avalanche of new applications designed to maximize the utility and accelerate their adoption. Enterprises are playing catch-up to create mobile policies, extend business applications, establish remote work policies and provide training to users. Organizations are exploring how to utilize marketing and channels to create new opportunities. Enterprises are also seeking ways to securely integrate mobile platforms within their IT infrastructure and business processes with signicant exibility, speed, and measured results.
USE THE EXPERTISE OF CANADAS HOTTEST MOBILITY FIRMS TO BUILD YOUR MOBILE STRATEGY. ENTERPRISE:
What security measures does my organization need to put in place with increasing mobile tech and app usage? How do I select an appropriate mobile application development strategy? How does cloud computing impact mobility (and vice versa)?

CUSTOMERS:
How can I reach new customers/new markets through mobile? What different types and vendors of mobile devices should my organization be considering supporting as we use mobile as a marketing channel? How do I measure the success or ROI of mobile tech/app deployments?

EXPLORE MOBILE INITIATIVES.

Wireless Network Outlook: From HSPA to LTE and Beyond Mobile Payments in Canada: What are the prospects? Serving Customers Better with Mobile Choices Mobile Advertising Reaching the Growing Mobile Customer Base Mobile OS in the Enterprise: Canadian IT Manager Preferences & Outlook Media Tablets in Canadian Business Mobile Enterprise Application Adoption: Status and Outlook Canadian Mobile Worker Forecast

Network with Canadas mobile thought leaders. Learn practical insight on how to build your mobile strategy, minimize challenges and capture the new opportunities. Register to attend MobiBiz today! http://mobibizcanada.ca
PLATINUM SPONSOR S GOLD SPONSORS S I LV E R S P O N SOR

RESOURCES

VIDEOS
CLOUD PRODUCTIVITY ON YOUR TERMS

The Pop Quiz At The End

http://www.keysurvey.com/survey/363049/2fca/

Before you take any next steps, test your knowledge with this assessment

IT World Canadas Cloud Computing Resource Centre

Explore our comprehensive portal of articles, videos and expert advice that covers every stage of the cloud journey, from research and product/service evaluation through to purchasing and managing deployments.
http://itworldcanada.com/hub/cloudcomputing

DRIVING THE KNOWLEDGE ECONOMY

CASE STUDY: STEAM WHISTLE BREWING COMPANY

22

C LO U D C O M P U T I N G I N C LO S E- U P

looking for quality continuing education in it management?

M e n t i o n t h i s a d a n d r e c e i v e a 1 0 % d i s c o u n t t o wa r d s e n r o l M e n t

Whether you are an IT professional looking to improve your skills, or a corporation looking for a superior education partner Tech Learning Space has what you need
What is Tech Learning Space?
Tech Learning Space is a unique, online resource for busy IT professionals who demand quality, timely and relevant continuing education in IT management. Available exclusively via the Internet, Tech Learning Space breaks down geographical barriers to quality education enabling anyone with Web access to benefit from the highest standard of online teaching available. Courses are designed and facilitated by some the most accomplished academics and leaders in business and IT today.

s se e ur bl c o il a ng va ri a sp ow n

Management Courses include:

IT Strategy, Measurement and Value Architecture Governance and Organization Systems and Technology Delivery Sourcing and Human Resources Vendor Relationship Management Project Leadership

What does course delivery include?

Connected learning experience through BlackBoard and Adobe ConnectPro Weekly conference calls with professor; available online daily to answer questions Practical, real-world instruction -- including business leaders video roundtables and case studies True class interaction, disciplined teamwork driven by deadlines Proven techniques to improve job performance

If you are serious about improving job performance and career development visit: www.techlearningspace.com or call

877-338-6753

TECH LEARNING SPACE

Get the free mobile app at http://gettag.mobi

I can develop applIcatIons that are lImIted only by my ImagInatIon. I have cloud power.
Windows Azure is a platform for developing, deploying, and running applications in the cloud with virtually unbounded scalability. That means near-infinite capacity when you need it. Its the kind of flexibility that can change the way you run your business. With Windows Azure, inspiration comes less from worst-case planning and more from your imagination. Thats Cloud Power. Find your Cloud Power at Microsoft.ca/cloud/azure