Scott Sanchez

First, allow me to introduce myself.  As ScaleUp announced last week – I am the new Privacy and Security Officer responsible for ensuring that our products, services and practices are delivering what our clients need to be safe, comfortable and compliant in the cloud.

My background is a mix of security leadership roles at fortune 500′s like Goldman Sachs, Bristol-Myers Squibb and most recently Unisys and entrepreneur/startup experience that begin with an Internet security consulting company I founded back in the mid 90′s.  One thing my experience has taught me is that there is no such thing as absolute in information security and privacy.  You can have best practices, standards, policies, risk management, and all the cool security technology in the world, but if that technology isn’t making you comfortable, it’s worthless.

The approach that has served me best in security is that of comfort.  It starts by asking the customer (which sometimes is the business, and other times like with ScaleUp is an external client) an important question – “What do you need to feel comfortable?”.  The more I’ve asked that question to people looking at or using cloud computing, the more I’ve heard the answer of “control and transparency”.

Our goal at ScaleUp and the reason I’ve joined the team is to not only guide the ScaleUp team to help them make the right decisions about security and privacy in everything they do, it’s also to be a true partner to our clients.  Feeling comfortable around cloud security and privacy requires more than a SAS-70 or fancy ACL’s.  Clients need a provider that is willing to pull back the curtain and show HOW and WHY you should be comfortable with them.  No one should have to accept the “trust us” approach to cloud security from their provider, regardless of how long they’ve been in the business.

One of the first things I’m proud to announce is that we are forming a Security Advisory Panel where our clients and partners can help us better understand what they need to feel comfortable in the cloud. It will guide our decisions and investments around security and privacy, and will serve as a place where the participants can learn from and collaborate with each other.  Any clients or partners interested in joining should contact your ScaleUp representative for information.

Over the next weeks I will be reaching out to many of our clients and partners to personally introduce myself.  If there is anything urgent I can assist you with or if you just want to brainstorm together about a difficult security or privacy issue, please feel free to e-mail me directly, scott -at- scaleup.it.

(Berlin, Germany) ScaleUp Technologies, Europe’s leader in cloud-based data center infrastructure, today announced it has named Scott Sanchez, a recognized thought leader and frequent speaker on the topic of cloud computing security, as ScaleUp’s Privacy and Security Officer.

Company executives often recognize the business case of cloud computing and understand it can offer significant Return on Investment (ROI). However, companies that are considering moving to cloud-based infrastructure—whether private, public, or hybrid clouds– frequently report security and privacy issues as a major barrier. ScaleUp has addressed this issue by taking a top to bottom view of security across its offerings, which is an approach that will be further enhanced under Mr. Sanchez’ leadership. In addition, ScaleUp will be leveraging input from end users around privacy and security issues with the development of its Security Advisory Council, also led by Mr. Sanchez.Mr. Sanchez brings with him nearly 20 years of IT leadership experience managing global security and architecture programs at Goldman Sachs and Bristol-Myers Squibb. He earned his Certified Information Systems Security Professional (CISSP) certification in 2000 and serves as a member of both the U.S. Secret Service Electronic Crimes Task Force and the FBI InfraGard team.

Most recently, Mr. Sanchez served as director of the global Security Portfolio at Unisys Corporation, developing and delivering secure solutions for cloud and data center transformation.

According to Christoph Streit, CTO and co-founder of ScaleUp Technologies, “Since the adoption of cloud computing in Europe is still rather slow and many companies have doubts about the security of cloud computing, we decided to take the lead and showcase that cloud computing can be secure, if done correctly.” Mr Streit went on to add, “Scott Sanchez is a known thought leader in the area of cloud security and his experience, reputation and credentials are a great addition to the ScaleUp team. We expect he will add tremendous value for our clients and partners.”

As an early leader in cloud computing for growth companies in Europe, ScaleUp is forming a Security Advisory Panel, made up of customers and partners and led by Mr. Sanchez, to help guide the company’s security investments and focus. Mr. Sanchez and his team will also be available to assist customers with their security, privacy and risk concerns around cloud.

“ScaleUp has made security a key component of its product strategy, starting with the decision to use the innovative cloud computing and security features built into the 3Tera® AppLogic® platform from CA Technologies, and following through with additional security features across the entire ScaleUp cloud platform. As a security professional, walking into this type of security-from-the-ground-up environment allows me to focus my energy on supporting the future needs of our customers,” Mr. Sanchez said. “Our goal is for ScaleUp to form strong partnerships with our customers around security and privacy – offering the advice, solutions and transparency they need to safely embrace cloud computing.”

3Tera® AppLogic® from CA Technologies is an innovative solution for building cloud services and deploying complex enterprise-class applications to public and private clouds using an intuitive graphical user interface (GUI). 3Tera AppLogic enables enterprises and service providers to provision, deploy and scale public and private cloud computing environments while maintaining control, flexibility and reliability. To learn more about cloud offerings from CA Technologies, visit http://www.ca.com/cloud.

About ScaleUp

ScaleUp Technologies is a cloud computing provider offering ultra-flexible public cloud, private cloud and hybrid cloud infrastructures for growth companies. ScaleUp is based in Germany – focusing on the needs of German and European customers – and offers global infrastructure scaling through their ‘federated global cloud’ network. For more information please visit www.scaleupcloud.com

# # #

ScaleUp Technologies is a spin-off of internet4YOU GmbH & Co. KG, a German based Internet service provider offering server and hosting solutions to businesses. 3Tera, the 3Tera logo and AppLogic are registered trademarks of 3Tera, Inc, now a part of CA Technologies, in the United States and other countries. Other company names and marks belong to their respective owners.

Wir können jeden von euch, der Interesse am Thema Cloud Computing hat nur empfehlen, am CloudCamp teilzunehmen. Weitere Details zu dieser Veranstaltung findet Ihr auch in der Pressemitteilung der Organisatoren, die ihr hier abrufen könnt.

Die direkte Anmeldung ist unter http://cloudcamp-hamburg-2010.eventbrite.com möglich.

Wir freuen uns, viele von euch auf dem CloudCamp Hamburg zu sehen!

In the first part you found out why the time is right for Enterprise Cloud Computing. Now we come to an other interesting topic during CloudExpo Europe – the Cloud Computing security.

While finding a definition of Cloud Computing from a security standpoint in just one word, each protagonist covered the exactly point of view. Cloud Computing is a scapegoat.

This definition results in many cases from bad press reports about supposed problems of Cloud Computing. For example the Sidekick disaster last year which did a disservice to Cloud Computing.

However, we are all agreed, the Sidekick disaster was not a Cloud Computing problem. Instead of that it was a problem with a different kind of nature. But as you know the media landscape needs to achieve their readers. And thriller headlines due to cloud security issues gets more readers! Ergo: Check the real background and the author and his expertise behind the article.

If we are honest, is our data in our sphere of influence like the local PC or the data center much more secure than in the Cloud? Do CIO’s really know what’s going on locally at the companies PCs or laptops. I do not mean the data in this case, but rather the software etc. which is installed by the user. Let us face it, how often are mobile devices actually stolen? If we count only these points – and there are still much more – traditional systems or solutions are not more secure than Cloud Computing solutions.

How can Cloud Computing help the CIO or CISO to protect and optimize their IT environment concerning data corruption, theft or loss of sensitive data, unauthorized access, compliance and system availability?

First of all check your business model. It doesn’t makes sense to adopt the Cloud if there is no benefit or support by the Cloud. Cloud Computing technologies using modern architectures with current standards and therefore are very sensitized in terms of traditionell security problems. However, building or adopt a Cloud is not easy and security must come first! A Cloud has to be designed to be compliant with local and global legal and general conditions and must also be strategically distributed. This means, data should be replicated over multiple locations and must not store centralized on a single location.

If you consider these characteristics amongst others while designing or adopting a Cloud, Cloud Computing increases the security holisticly due to it’s reliability and scalability.

Definition Public vs. Private Cloud

---

At the end I would like to pick out a topic which bothered me a little, because everyone discussed that during the hole conference. After defining “What is Cloud Computing” over years, it was about finding the differents between a public and a private cloud. Actually I think that is a good idea, because it must be delimited, but if you hear that during every talk or panel it is pretty tough!

However, I would like to reflect a definition of the CloudExpo which is a well description of the context.

“A Private Cloud is a style of computing that delivers self-provisioned and automated IT capabilities as services to internal users on an immediate andas-needed basis.”

A Private Cloud is thus characterized by the following properties:

• Self-service
• Elasticity & Scalability
• Automation
• Virtualization
• Traditional data center

Conclusion

---

The presentations on the Cloud Expo Europe have shown, the time is right for Enterprise Cloud Computing! Furthermore this was affirmed by the survey concerning the global Cloud Computing interest mentioned above. In what way the Cloud will be adopt – as a Private, Public oder Hybrid Cloud – we will see in the next upcoming months.

From the beginning my opinion was that in 80 – 90% of all cases the concept of a Hybrid Cloud will prevail. So, the fusion of Private and Public Clouds to increase the flexibility and optimize workloads.

About the author

---

René Büst is Cloud Computing Evangelist & Strategist and Founder of CloudUser | Ξxpert

At the CloudExpo Europe 2010 in Praque the main topic focused on Enterprise Cloud Computing and the statement “The Time is Right for Enterprise Cloud Computing”. And exactly this theme was my positive aspect of the conference. After finding the best definition in detail about “What is Cloud Computing” at the last month and years, during the CloudExpo Europe it was passed over to show the real benefits of Cloud Computing for the business and pointing out the best arguments and approaches.

Besides the technical pros of Cloud Computing comparing to a traditional data center, the financial amenities stood in the foreground as well.

Upfront costs and expenditure type
In a traditional data center an enterprise has to invest in upfront costs for hard- and software and need to assume the capital expenditure (capex) and costs for the operating expense (opex). A Cloud Computing provider however invests well-directed in his infrastructure and offer this as a service. Therefore an enterprise deliver the capital expenditure to the Cloud provider and just pay the operating expense if it’s needed.

Cash Flow and operational costs
As described above, an enterprise has to purchase it’s servers and software in advance. Using services offered by a Cloud provider, costs will only occur when the service is actually used. Regarding the operational costs, an enterprise constantly tries to downsize costs for development, deployment, maintenance etc. This outlay could be dispensed with the service delivery from a Cloud provider. In this case the Cloud provider is responsible for the life cycle of the hardware and software components

Financial risk
At first, investments in an own data center are always made in advance, whereby an enterprise had to assume a huge financial risk without the certainty to get a ROI. Getting services from a Cloud provider, the financial risk is reduced to a time frame of one month, by what the ROI could be measured contemporary as well.

In spite of the recurring discussion – Cloud Value is only about Cost – this myth was invalidated by the statement “Cloud Value is about Business Agility, Opportunities and Investment”. Because Cloud Computing stands for more benefits and possibilities as just convert your costs into variable ones. It allows a company to become more flexible and agile.

The statement “The Time is Right for Enterprise Cloud Computing” mentioned above was affirmed by an independent survey asking multiple CIOs around the world. Find some Q/A below:

Does Your Company uses Cloud Compuiting?

• Yes: 51%
• No: 49%

What level has your company adopted cloud Computing technology?

• Combination of cloud and traditional: 60,58%
• Experimenting: 24,93%
• Solely cloud technology: 13,19%
• don’t know: 1,3%

Was the Cloud Computing project that you undertook successful?

• Yes: 96,18%
• No: 3,82%

For those that didn’t use cloud computing:

• It’s to soon to change from internal systems: 37%
• Cloud Computing is seen a viable technology option: 42%
• Intend to use Cloud Computing in the next 12 month: 21%

Move to the cloud – key issues:

• Security
• Integration
• Reliability
• Privacy
• Costs
• Vendor Lock-In
• Scalability
• Legal / Ethical

Cloud Computing usage scenarios:

• Business Applications
• Infrastructure as a Service
• IT Management
• Productivity applications
• Collaboration Applications
• Development/ Deployment

Do you expect Cloud Computing adoption will introduce new suppliers to your organization?

• Yes: 61,9%
• no: 14,5%
• don’t know: 22,6%

Will Cloud Computing bring additional complexities in overall management of IT resources?

• Yes: 26,9%
• No: 54,9%
• don’t know: 16,7%

Do you consider that Cloud Computing could result in a smaller ICT department?

• Yes: 55,9%
• No: 25,7%
• dont know: 16,9%

In summary the survey shows, over 96% that undertook a cloud project deemed it successfull and 72% that don’t use cloud technology are positive for it’s adoption. Against that over 60% consider privacy, integration and reliability as key issues of Cloud Computing whereat nearly 85% of participants considered security as a key issue in moving to the cloud.

Tomorrow in the second part you will read why Cloud Computing is a scapegoat.

About the author

---

René Büst is Cloud Computing Evangelist & Strategist and Founder of CloudUser | Ξxpert

Im ersten Teil haben Sie erfahren, warum die Zeit für das Enterprise Cloud Computing gekommen ist. Heute kommen wir zu einem weiteren interessanten Thema der CloudExpo, der Cloud Computing Sicherheit.

Wurde Cloud Computing von dem Standpunkt der Sicherheit heraus mit einem einzigen Wort definiert, waren sich alle Protagonisten der CloudExpo einig. Cloud Computing is a scapegoat, zu deutsch Sündenbock, Prügelknabe oder Buhmann.

Zurückzuführen ist diese Definition auf in vielen Fällen schlechte Medienberichte über vermeintliche Probleme aus dem Cloud Computing Bereich. Das Sidekick Disaster im vergangenen Jahr z.B. hat dem Cloud Computing damit einen Bärendienst erwiesen.

Allerdings sind wir uns alle einig, dass es sich bei dem Sidekick Disaster nicht um ein Cloud Computing Problem, sondern Probleme andersartiger Natur gehandelt hat. Aber wie die Medienlandschaft nun einmal funktioniert, geht es darum Leser zu erreichen, und viele Leser erhält man schließlich durch Überschriften die einen Thriller dahinter vermuten lassen. Ergo: Bevor man über Problematiken die mit Cloud Computing in Zusammenhang stehen könnten urteilt, sollte man sich über den tatsächlichen Hintergrund und über den Author und dessen Expertise informieren.

Sind wir mal ehrlich, sind Daten die sich in unserem Einflussbereich, wie z.B. dem eigenen Rechner oder dem Rechenzentrum wirklich sicherer als in der Cloud? Wissen IT Beauftragte tatsächlich, was sich auf den Firmen PCs/ Laptops lokal befindet? Dabei rede ich nicht von den Daten, sondern von der dort durch den Anwender installierten Software etc.. Und sind wir ehrlich, wie oft werden z.B. mobile Endgeräte gestohlen! Zählen wir allein diese Punkte – und es gibt noch wesentlich mehr – zusammen, sind traditionelle Systeme bzw. Lösungen nicht sicherer als Lösungen auf Basis von Cloud Computing!

Wie kann also Cloud Computing dem IT-Leiter bzw. IT-Sicherheitsbeauftragten dabei helfen ihre Umgebung hinsichtlich der Beschädigung von Daten, dem Diebstahl oder Verlust von sensiblen Daten, vor unberechtigtem Zugriff, der Compliance und der System-Verfügbarkeit schützen?

Zunächst sollte natürlich das Geschäftsmodell überprüft werden. Es macht keinen Sinn die Cloud zu adaptieren, wenn dadurch möglicherweise kein Nutzen entsteht. Bei Cloud Computing Technologien handelt es sich um moderne Architekturen, die den aktuellen Standards entsprechen und somit bzgl. den klassischen Sicherheitsproblemen sensibilisiert sind. Dennoch sollte die Sicherheit beim Aufbau oder der Adaption einer Cloud an erster Stelle stehen! Eine Cloud ist und sollte immer so konstruiert sein, dass sie u.a. den rechtlichen regionalen und globalen Rahmenbedinungen entspricht und weiterhin strategisch verteilt organisiert ist. Das bedeutet, dass die Daten nicht nur an einem einzigen Ort zentral gespeichert sind, sondern über mehrere Standorte hinweg repliziert werden.

Werden u.a. diese Eigenschaften beim Design einer eigenen Cloud bzw. bei der Entscheidung zur Adaption einer Cloud berücksichtigt, erhöht das Cloud Computing durch seine Zuverlässigkeit und Skalierbarkeit ganzheitlich die Sicherheit.

Definition Public vs. Private Cloud

---

Am Ende möchte ich noch auf ein Thema eingehen, was mich ein wenig gestört hat, da dieses während der ganzen Konferenz zu Diskussionen führte. Wurde nun nicht mehr versucht zu definieren, was Cloud Computing ist, hat man sich jetzt das Ziel gesetzt eine Definition bzgl. des Unterschieds zwischen einer Private und einer Public Cloud zu finden. Finde ich auf der einen Seite auch sehr gut, dass muss auch abgerenzt werden. Hört man dieses Thema allerdings während jedes Vortrags und jedes Panels wird ist am Ende sehr zäh!

Dennoch möchte ich hier eine Definition von der CloudExpo wiedergeben, die den Kontext gut beschreibt.

Mit einer Private Cloud werden IT Ressourcen den internen Benutzern als Service automatisiert und unmittelbar bei Bedarf durch die eigene IT-Umgebung bereitgestellt.

Eine Private Cloud zeichnet sich also durch folgende Eigenschaften aus:

• Self Service
• Elastizität & Skalierbarkeit
• Automatisierung
• Virtualisierung
• Eigene Rechenzentren

Fazit

---

Die Vorträge auf der CloudExpo Europe haben gezeigt, dass Cloud Computing reif für den Einsatz im Unternehmen ist. Das wurde weiterhin durch die oben beschriebene Studie bzgl. des globalen Cloud Computing Interesses bekräftigt. In welcher Art und Weise, also als Private, Public oder Hybrid Cloud, das werden die kommenden Monate zeigen.

Ich vertrete von Anfang an die Meinung, dass sich in 80 – 90% aller Fälle der Ansatz der Hybrid Cloud durchsetzen wird. Also die Verschmelzung von Private und Public Clouds, um damit die Flexibilität zu erhöhen und Workloads besser auszunutzen.

Über den Autor

---

René Büst ist Cloud Computing Evangelist & Stratege und Gründer von CloudUser | Ξxpert.

Die CloudExpo Europe 2010 in Prag stand in diesem Jahr ganz im Zeichen des Enterprise Cloud Computing und dem Statement “The Time is Right for Enterprise Cloud Computing”. Und genau diese Thematik war für mich der positive Aspekt dieser Konferenz. Wurde in den vergangenen Monaten und Jahren auf der Definition “What is Cloud Computing” buchstäblich herumgeritten, wurde nun endlich dazu übergegangen den tatsächlichen Nutzen des Cloud Computing für das Business aufzuzeigen und Argumente sowie Lösungsansätze zu präsentieren.

Neben den viel diskutierten technischen Vorteilen des Cloud Computing gegenüber eines traditionellen Rechenzentrums, standen auf der CloudExpo auch die finanziellen Vorzüge im Vordergrund.

Investitionskosten und die Art der Ausgaben
In einem klassischen Rechenzentrum muss ein Unternehmen bzgl. der Hard- und Software Anschaffungen in Vorleistung gehen und weiterhin die gesamten Kapitalaufwendungen und die Kosten für den Betriebsaufwand übernehmen. Ein Cloud Computing Anbieter hingegen investiert gezielt in seine Infrastruktur, um diese als Dienstleistung anzubieten. Die Kapitalaufwendungen werden hier somit vom Unternehmen an den Cloud Anbieter abgegeben. Das Unternehmen zahlt daher nur die Kosten für den Betriebsaufwand, wenn diese anfallen.

Cash Flow und Operative Kosten
Wie bereits oben beschrieben, muss ein Unternehmen seine Server und die Software im Voraus anschaffen. Werden die Dienstleistungen von einem Anbieter aus der Cloud bezogen, entstehen nur dann Kosten, wenn der Dienst auch tatächlich verwendet wird. Hinsichtlich der operativen Kosten versucht ein Unternehmen ständig die Kosten für die Entwicklung, Bereitstellung, Wartung, etc. zu verringern. Dieser Aufwand entfällt durch den Bezug der Leistungen von einem Cloud Anbieter. In diesem Fall ist der Anbieter für den Lebenszyklus der Hardware-und Softwarekomponenten zuständig.

Finanzielle Risiken
Investitionen in ein eigenes Rechenzentrum werden zunächst immer im Voraus getroffen, wodurch ein Unternehmen allein dafür ein enormes finanzielles Risiko eingehen muss, ohne die Gewissheit zu besitzen, dass ein ROI dabei herauskommt. Werden die Dienste von einem Cloud Anbieter bezogen, verringert sich das finanzielle Risiko auf einen Zeithorizont von einem Monat, wodurch auch der ROI ebenfalls sehr zeitnah gemessen werden kann.

Trotz der immer wiederkehrenden Diskussion, dass es sich bei dem Nutzen von Cloud Computing lediglich um das verringern der Kosten handelt (“Cloud Value is only about Cost.”), wurde dieser Mythos mit dem Statement “Cloud Value is about Business Agility, Opportunities and Investment” entkräftet. Denn Cloud Computing bietet deutlich mehr Vorteile und Möglichkeiten, als nur das Variabilisieren der Kosten, sondern ermöglicht es ein Unternehmen sich deutlich flexibler und agiler aufzustellen.

Das bereits oben genannte Statement “The Time is Right for Enterprise Cloud Computing” wurde mit einer unabhängigen Studie, in der mehrere IT-Entscheider weltweit befragt wurden, weiterhin bekräftigt. Hier ein paar ausgewählte Fragen und Antworten:

Setzt Ihr Unternehmen Cloud Computing ein?

• Ja: 51%
• Nein: 49%

Auf welche Art und Weise setzt Ihr Unternehmen Cloud Computing Technologien ein?

• Kombination von Cloud und Traditionell: 60,58%
• Experimentell: 24,93%
• Ausschließlich Cloud Technologie: 13,19%
• keine Angaben: 1,3%

War das durchgeführte Cloud Computing Projekt erfolgreich?

• Ja: 96,18%
• Nein: 3,82%

Warum Unternehmen derzeit kein Cloud Computing einsetzen.

• Es ist zu früh die internen Systeme abzulösen: 37%
• Cloud Computing wird als eine praktikable Technologie Option gesehen: 42%
• Beabsichtigung, Cloud Computing in den nächsten 12 Monaten einzusetzen: 21%

Top Gründe, warum ein Wechsel in die Cloud nicht in Frage kommt:

• Sicherheit
• Integration
• Zuverlässigkeit
• Datenschutz
• Kosten
• Vendor Lock-In
• Skalierbarkeit
• Rechtlich und Ethisch

Top Cloud Computing Einsatzszenarien:

• Unternehmensanwendungen
• Infrastructure as a Service
• IT Management
• Productivity Anwendungen
• Anwendungen zur Kollaboration
• Entwicklung / Deployment

Erwarten Sie, dass die Adaption von Cloud Computing dazu führt, neue Lieferanten an Ihr Unternehmen anzubinden?

• Ja: 61,9%
• Nein: 14,5%
• keine Angaben: 22,6%

Wird Cloud Computing eine zusätzliche Komplexität in die gesamte Verwaltung von IT-Ressourcen bringen?

• Ja: 26,9%
• Nein: 54,9%
• keine Angaben: 16,7%

Sind Sie der Meinung, dass Cloud Computing zu einer kleineren IT-Abteilung führen könnte?

• Ja: 55,9%
• Nein: 25,7%
• keine Angaben: 16,9%

Zusammenfassend zeigt die Studie, dass über 96% aller Befragten ihre Cloud Computing Projekte erfolgreich umsetzen konnten und 72% die derzeit keine Cloud Technologie einsetzen, dem aber sehr positiv gegenüber eingestellt sind. Dagegen sehen 60% der Befragten Datenschutz, Integration und die Zuverlässigkeit als die zu lösenden Probleme des Cloud Computing, wobei 85% den Punkt Sicherheit derzeit als den Hauptfaktor ansehen, nicht in die Cloud zu wechseln.

Erfahren Sie Morgen im zweiten Teil, warum Cloud Computing der Sündenbock ist.

Über den Autor

---

René Büst ist Cloud Computing Evangelist & Stratege und Gründer von CloudUser | Ξxpert.

Of course there are very good models on the street for data center consolidation, particularly on government levels. In the United States, the National Association of State Chief Information Officers (NASCIO) lists data center consolidation as the second highest priority, immediately after getting better control over managing budget and operational cost.

In March the Australian government announced a (AUD) $1 billion data center consolidation plan, with standardization, solution sharing, and developing opportunities to benefit from “new technology, processes or policy.”

Minister for Finance and Deregulation Lindsay Tanner noted Australia currently has many inefficient data centers, very suitable candidates for consolidation and refresh. The problem of scattered or unstructured data management is “spread across Australia, (with data) located in not just large enterprise data centres, but also in cupboards, converted offices, computer and server rooms, and in commercial and insourced data centers,” said Tanner.

“These are primarily older data centres that are reaching the limits of their electricity supply and floor space. With government demand for data center ICT equipment rising by more than 30 per cent each year, it was clear that we needed to reassess how the government handled its data center activities.”

The UK government also recently published ICT guidance related to data center consolidation, with a plan to cut government operated data center from 130 to around 10~12 facilities. The guidance includes the statement “Over the next three-to-five years, approximately 10-12 highly resilient strategic data centers for the public sector will be established to a high common standard. This will then enable the consolidation of existing public data centers into highly secure and resilient facilities, managed by expert suppliers.”

Indonesia Addresses Data Center Consolidation

Indonesia’s government is in a unique position to take advantage of both introducing new data center and virtualization technology, as well as deploying a consolidated, distributed data center infrastructure that would bring the additional benefit of strong disaster recovery capabilities.

Much like the problems identified by Minister Tanner in Australia, today many Indonesian government organizations – and commercial companies – operate ICT infrastructure without structure or standards. “We cannot add additional services in our data center,” mentioned one IT manager interviewed recently in a data center audit. “If our users need additional applications, we direct them to buy their own server and plug it in under their desk. We don’t have the electricity in our data center to drive new applications and hardware, so our IT organization will now focus only on LAN/WAN connectivity.”

While all IT managers understand disaster recovery planning and business continuity is essential, few have brought DR from PowerPoint to reality, putting much organization data on individual servers, laptops, and desktop computers. All at risk for theft or loss/failure of single disk systems.

That is all changing. Commercial data centers are being built around the country by companies such as PT Indosat, PT Telekom, and other private companies. With the Palapa national fiber ring nearing completion, all main islands within the Indonesian archipelago are connected with diverse fiber optic backbone capacity, and additional international submarine cables are either planned or in progress to Australia, Hong Kong, Singapore, and other communication hubs.

For organizations currently supporting closet data centers, or local servers facing the public Internet for eCommerce or eGovernment applications, data centers such as the Cyber Tower in Jakarta offer both commercial data center space, as well as supporting interconnections for carriers – including the Indonesia Internet Exchange (IIX), in a similar model as One Wilshire, The Westin Building, or 151 Front in Toronto. Ample space for outsourcing data center infrastructure (particularly for companies with Internet-facing applications), as well as power, cooling, and management for internal infrastructure outsourcing.

The challenge, as with most other countries, is to convince ICT managers that it is in their company or organization’s interest to give up the server. Rather than focus their energy on issues such as “control,” “independence (or autonomous operations),” and avoiding the pain of “workforce retraining and reorganization,” ICT managers should consider the benefits outsourcing their physical infrastructure into a data center, and further consider the additional benefits of virtualization and public/enterprise cloud computing.

Companies such as VMWare, AGIT, and Oracle are offering cloud computing consulting and development in Indonesia, and the topic is rapidly gaining momentum in publications and discussions within both the professional IT community, as well as with CFOs and government planning agencies.

It makes sense. As in cloud computing initiatives being driven by the US and other governments, not only consolidating data centers, but also consolidating IT compute resources and storage, makes a lot of sense. Particularly if the government has difficulty standardizing or writing web services to share data. Add a distributed cloud processing model, where two or more data centers with cloud infrastructure are interconnected, and we can now start to drive down recovery time and point objectives close to zero.

Not just for government users, but a company located in Jakarta is able to develop a disaster recovery plan, simply backing up critical data in a remote location, such as IDC Batam (part of the IDC Indonesia group). As an example, the IDC Indonesia group operates 4 data centers located in geographically separate parts of the country, and all are interconnected.

While this does not support all zero recovery time objectives, it does allow companies to lease a cabinet or suite in a commercial data center, and at a minimum install disk systems adequate to meet their critical data restoral needs. It also opens up decent data center collocation space for emerging cloud service and infrastructure providers, all without the burden of legacy systems to refresh.

In a land of volcanoes, typhoons, earthquakes, and man-made disasters Indonesia has a special need for good disaster recovery planning. Through an effort to consolidate organization data centers, the introduction of cloud services in commercial and government markets, and high capacity interconnections between carriers and data centers, the basic elements needed to move forward in Indonesia are now in place.

But “cool” does not carry your business goals. A solid ICT strategy encompassing all your business objectives, while enabling rapid development and providing maximum business flexibility will define the leaders of the future.

Cloud computing is a great concept. It is quickly grabbing the attention and imagination of everybody who has accepted the concept of “the network is the computer,” “The Big Switch,” and the “4th Utility.” In short, most who have grown up in the “Internet Age” either understand or fear the idea that compute and storage capacity will soon become as essential, and available, as cell phones and email.

Why Private Clouds?

Why consider a private cloud? If I can put together an email account, online office environment, and group collaboration site in 10 minutes through Microsoft or Google, why should I consider building an internal cloud infrastructure, or leasing infrastructure from a cloud services provider (CSP) to meet my business objectives?

Well, whether you are in the European Union, North America, or Asia, there are compelling reasons to separate your data from a public cloud. Maybe it is related to privacy considerations. Possibly security requirements. Perhaps you need to ensure you have total control over the location and structure of your mission-critical data.

So let’s consider a few of the benefits cloud computing bring to your organization:

The option of outsourcing physical data center infrastructure to a CSP

Usage-based billing
Infrastructure virtualization
Software as a Service (SaaS) applications standardization
Rapid infrastructure expansion/scalability
Physical and application level security
Infrastructure consolidation
And on…

In reality, while costs may be reduced if outsourcing into a public cloud, all of the above characteristics of cloud computing apply equally to a private cloud. The main difference is your internal IT department or CSP is responsible for expanding resources as needed to meet your business objectives through a level of physical provisioning vs. simply expanding further into a public cloud resource.

Some Additional Benefits of a Private Cloud

Within a public cloud infrastructure you have the benefit, and the shortfalls of being able to distribute your applications and virtual data center within a single – or multiple physical data centers. In a public cloud you cannot really put your finger on a single server cluster or disk where you actual data is maintained.

For applications that require little direct management, that is not a problem. For application that contains personal data that is regulated within a country or economic community that demands physical protection of personal or other sensitive data, it is at best a risk, and at worst a violation of security or privacy laws.

Imagine a 3 dimensional checkerboard with your company using 10 squares within the board. The board has a matrix of 10 squares by 10 squares on each plane, and there are 10 planes available – with a grand total of 1000 potential positions. Your square’s position is randomly moved within the 3 dimensional checkerboard every two seconds.

You will never really have a good idea where your squares have been, how long they will stay in a single place, or where they will be moved next. And the rest of the positions are shared among 300 other users whose positions are being changed at the same rate – possibly faster than your squares. That is one potential visualization of shared resources in a public cloud.

Now imagine your own 3 dimensional checkerboard. Your data is moved around at the same rate as the public board, however you do not share the board with anybody else. Thus, if you need to know where your data resides at any point in time, you only have to know it is within your own 3 dimensional checkerboard.

Consider the possibility that disks being removed for maintenance or technology refresh may contain your company’s mission-critical or sensitive data, and the CSP possibly losing positive control over the media – not a comfortable or acceptable situation.

You are also able to maintain better control over some aspects of cloud computing such as access to Internet Service Providers. In a private cloud you should be able to directly manage the relationship with “upstream” ISPs providing either corporate WAN connectivity, or public Internet connectivity without sharing a connection with members of a public cloud community.

This might be particularly important if a public cloud user is hit by a DDOS attack, loses control of a virtual process such as firewall or virtual router. You are able to stay separate from other shared resources – even if you decide to outsource your cloud service to a physical CSP.

You also have access to the same library of SaaS applications, utilities, operating systems, server images, firewalls, and any other feature of the public cloud service. You have the same ability to “spool” additional virtual machines, and quickly add or expand applications as needed to meet your business objectives – again the only difference is that your cloud environment is physically located on dedicated hardware, with the only limitation being the “current” resource capacity of your private cloud.

A Hybrid Private Cloud

Now the good news. Depending on your business objectives, it is possible to mix the private and public cloud models. One example might be if your business desires offsite archival storage of data. Nothing will technically prevent your company from using a cloud storage utility offered by a company in a distant location – either within your country or in another country.

This also applies to applications, allowing your organization additional flexibility in planning disaster recovery models and business continuity plans.

Many other possible examples, and if we can now begin to consider compute, storage, application, and network capacity as a basic utility, perhaps the 4th Utility, then our job as IT managers becomes easier. Understand the business objectives, and then configure your cloud-enabled resources to meet those needs.

And it is pretty “cool” afterall…

Government IT managers, particularly those in developing countries, view information and communications technology (ICT) as almost a “black” art. Unlike the US, Europe, Korea, Japan, or other countries where Internet and network-enabled everything has diffused itself into the core of Generation “Y-ers,” Millennials, and Gen “Z-ers.”

The black art gives IT managers in some legacy organizations the power they need to control the efforts of people and groups needing support, as their limited understanding of ICT still sets them slightly above the abilities of their peers.

But, when the “users” suddenly have that right brain flash of comprehension in a complex topic such as cloud computing, the barrier of traditional IT control suddenly becomes a barrier which must be explained and justified. Suddenly everybody from the CFO down to supervisors can become “virtual” data center operators – at the touch of a keyboard. Suddenly cloud computing and ICT becomes a standard tool for work – a utility.

The Changing Role of IT Managers

IT managers normally make marginal business planners. While none of us like to admit it, we usually start an IT refresh project with thoughts like, “what kind of computers should we request budget to buy?” Or “that new “FuzzPort 2000” is a fantastic switch, we need to buy some of those…” And then spend the next fiscal year making excuses why the IT division cannot meet the needs and requests of users.

The time is changing. The IT manager can no longer think about control, but rather must think about capacity and standards. Setting parameters and process, not limitations.

Think about topics such as cloud computing, and how they can build an infrastructure which meets the creativity, processing, management, scaling, and disaster recovery needs of the organization. Think of gaining greater business efficiencies and agility through data center consolidation, education, and breaking down ICT barriers.

The IT manager of the future is not only a person concerned about the basic ICT food groups of concrete, power, air conditioning, and communications, but also concerns himself with capacity planning and thought leadership.

The Changing Role of Users

There is an old story of the astronomer and the programmer. Both are pursuing graduate degrees at a prestigious university, but from different tracks. By the end of their studies (this is a very old story), the computer science major focusing on software development found his FORTRAN skills were actually below the FORTRAN skills of the astronomer.

“How can this be” cried the programmer? “I have been studying software development for years, and you studying the stars?”

The astronomer replied “you have been studying FORTRAN as a major for the past three years. I have needed to learn FORTRAN and apply it in real application to my major, studying the solar system, and needed to learn code better than you just to do my job.”

There will be a point when the Millenials, with their deep-rooted appreciation for all things network and computer, will be able to take our Infrastructure as a Service (IaaS), and use this as their tool for developing great applications driving their business into a globally wired economy and community. Loading a LINUX image and suite of standard applications will give the average person no more intellectual stress than a “Boomer” sending a fax.

Revisiting the “4th“ Utility

Yes, it is possible IT managers may be the road construction and maintenance crews of the Internet age, but that is not a bad thing. We have given the Gen Y-ers the tools they need to be great, and we should be proud of our accomplishments. Now is the time to build better tools to make them even more capable. Tools like the 4th utility which marries broadband communications with on-demand compute and storage utility.

The cloud computing epiphany awakens both IT managers and users. It stimulates an intellectual and organizational freedom that lets creative people and productive people explore more possibilities, with more resources, with little risk of failure (keep in mind with cloud computing your are potentially just renting your space).

If we look at other utilities as a tool, such as a road, water, or electricity – there are far more possibilities to use those utilities than the original intent. As a road may be considered a place to drive a car from point “A” to point “B,” it can also be used for motorcycles, trucks, bicycles, walking, a temporary hard stand, a temporary runway for airplanes, a stick ball field, a street hockey rink – at the end of the day it is a slab of concrete or asphalt that serves an open-ended scope of use – with only structural limitations.

Cloud computing and the 4th utility are the same. Once we have reached that cloud computing epiphany, our next generations of tremendously smart people will find those creative uses for the utility, and we will continue to develop and grow closer as a global community.