2010 Grail Research Cloud Computing

Cloud Computing: Fact versus Fog
December 2010
Table of Contents Executive Summary Foundations of Cloud Computing Obstacles and Considerations Future of Cloud
December 2010
| Copyright 2010 Grail Research, LLC
Executive Summary
Purpose
Cloud Buzz
This presentation addresses the current state of cloud computing, obstacles to business adoption, and expectations for the future. This is the first in a series of papers written by Grail Research on the topic of cloud computing and the investigation of how businesses are adapting to and taking advantage of Internet-based, on-demand computing
News of Cloud is everywhere, and its predominance in IT is a foregone conclusion. In fact, the push to adopt Cloud has been so strong that risks inherent in this model have largely been ignored The recent economic turmoil and the promise of Cloud leading a renaissance of the tech sector are shaping the perspective and appetite for Cloud rather than the readiness of the technology itself. Cloud is a powerful tool for mobilizing data; however, there are no regulations, standards, or assurances of data protection from a technical perspective Major breaches at Google, Salesforce.com, and Amazon, have exposed the fragility of the Cloud delivery model, and the fundamental issues of data security, privacy, and standards that have yet to be addressed. Though price points gained in Cloud can be significant, businesses should weigh advantages against the hidden costs of compromised data Analyst sentiment seems to be the sole voice of reason. Principal analysts from Forrester, Gartner, and Yankee cite major security concerns with Cloud. Hackers have also highlighted the vulnerabilities of Cloud and issued a manifesto of mayhem against it (Black Hat 2009 Clobbering the Cloud by SensePost) Assessing your organizations readiness for Cloud should include the evaluation of hybrid models, hybrid architectures, integration constraints, and innovative data protection methods, that will offer the best approach for business adoption Consider the direct business benefits of Cloud for your company and your individual business needs, weighing against security and privacy concerns. In the more immediate future, look toward applications focused on innovative data protection methods, enabling organizations to utilize Public Cloud in a private manner
Adoption Haste
Security Risks
Expert Views
Opportunity
Key Takeaways
December 2010
| Copyright 2010 Grail Research, LLC
Foundations of Cloud Computing

Foundations of Cloud Computing Obstacles and Considerations
Obstacles and Considerations
Future of Cloud
Future of Cloud
Cloud is an evolution, merging virtualization, grid, utility, and web standards
Cloud is an evolution. It coalesces grid, utility, virtualization and web standards into a delivery paradigm. The difference is each of these components are building blocks that solve the specific point problems of abstracted, on-demand, distributed processing Tony Bishop (Founder and CEO, Adaptivity) I don't think it's a revolution as much as it's an evolution. If you want to really say what kicked this thing off, virtualization was a big precursor to CloudI think Cloud" is a little bit overused right now. I look at it as the evolution of the data center, to do more scalable processing and computing Ping Li (Partner, Accel Partners)
Source: SysCon Website; Ars Technica Website; CIO Website

December 2010 | Copyright 2010 Grail Research, LLC
Cloud services have shifted from a year ago. We did a focus group around 12 months ago and they pretty much took the mickey out of Cloud. It was seen as unrealistic and CIOs werent considering it. Whats even more of a surprise is that in a short period of 12 months, weve seen Cloud go from a bit of a joke to a number two priority on the plate of CIOs today, and a very serious consideration that they are taking on board Paul Harapin (Director, ComputersOff.org and Ex-MD, Vmware)
Defining Cloud Computing

Definition
Future of Cloud
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Peter Mell and Tim Grance (NIST)
Essential Characteristics
On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity
Service Delivery Models

Cloud Software as a Service Cloud Development as a Service Cloud Platform as a Service Cloud Infrastructure as a Service
Deployment Models
Private Cloud Public Cloud Hybrid Cloud Community Cloud
How Do Experts Define Cloud Computing?
Cloud computing is an evolutionary technology because it doesnt change the computing stack at all. It simply distributes the stacks between the service providers and the users. It is an IT architecture with vertical services Steve Jin (Creator of Vmware vSphere Java API) Applications/functionality delivered via Cloud: Accessible via standard Internet protocols, always available and scaled to demand, programmable interface, pay as you use, full self-service features Chenxi Wang (Ph.D., Principal Analyst, Forrester)
Source: Sysomos Software Tool; SysCon Website; Forrester Research Website; NIST Website
The Cloud model initially has focused on making the hardware layer consumable as on-demand computer and storage capacity. This is an important first step, but for companies to harness the power of Cloud, complete application infrastructure needs to be easily configured, deployed, dynamically-scaled and managed in these virtualized-hardware environments K. Sheynkman (Co-Founder, Elastra Corporation)
Emerging Primary Models for Cloud Deployment

Major Types of Clouds
Public/ Community Cloud Internet
Future of Cloud
Definition and Expert Views

Private Cloud
Dedicated to one customer/company
Key Takeaways
Private Cloud is more suited for organizations that need high-level security. Though most experts believe that private cloud is an oxymoron, others argue that the model offers better resource management to current IT managers
Private Cloud Intranet/VPN1
Hybrid Cloud Intranet/VPN1 + Internet
Public Cloud
Made available to the general public for specific general purposes The Public Cloud model emerged as a great value proposition for SMB4 companies and startups
USERS
Global Share of Online Clouds 1% 12% 52%
2 Discussions4
on Types of
Hybrid Cloud
Integration of two or more types of Clouds (Private, Community, or Public)
Public Cloud 35% Hybrid Cloud Community Cloud N= 49,7813
Community Cloud
Dedicated to a user/industry group that has shared concerns (mission, security requirements, policy, and compliance considerations) The Community Cloud model is expected to address the requirements of governments and their agencies
Note: 1Virtual Private Network; 2Discussions during the period 25-Aug-2009 to 25-Aug-2010; 3N may include some articles/posts more than once, if repeated on different websites; 4Small and Medium Businesses Source: Sysomos Software Tool; CIO Website; SysCon Website; IBM X-Force: Mid-Year Trend and Risk Report
Private Cloud
The hybrid cloud is an attractive way to take advantage of cloud computing, and It also means choice for the customers, and they can determine the adoption speed they want to go at Tim Crawford (CIO, All Covered)
Concerns for those deploying in the public cloud are factors such as the financial stability of the hosting organization and the hosting organizations deployment policies IBM X-Force
CIOs know that what is sometimes dubbed "private cloud" does not meet their goal as it does not give them the benefits of cloud: true elasticity and capex elimination Werner Vogels (VP and CTO, Amazon)
Some experts believe that companies are testing the waters by taking limited services on Cloud before adopting a particular cloud computing model
The Hybrid Cloud model provides more flexibility than the Public Cloud model, and is less capital intensive than the Private Cloud model
Cloud Computing
Market Size and Growth Prospects
Future of Cloud
Insights
The cloud computing market is expected to grow at a double-digit rate in the next 5 years. According to experts, the SaaS delivery model of cloud computing will lead the growth story. They believe that emerging countries such as India have the greatest potential for market growth, including opportunities to support outsourcing of Cloud services
Cloud Market Growth
USD 37.8 Bn
2010 (26% CAGR)
USD 121.1 Bn
2015
Expert Views
Key Takeaways
Experts believe that SaaS will be adopted by most companies in the next few years at some level or the other, especially in content management, collaboration, document management, and customer management applications
The global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest contributor in the Cloud computing services market, accounting for 73% of the market's revenues in 2010 MarketsAndMarkets Report India will not only see a surge in cloud computing services but companies all over the world will look to India to support their transition to cloud computing Steve Ballmer (CEO, Microsoft)
Note: Comment and Views include key snippets Source: IDC reports: Worldwide Enterprise Server Cloud Computing 2010-2014 Forecast; Worldwide Software as a Service 20102014 Forecast: Software Will Never Be the Same; MarketsAndMarkets report: Global Cloud Computing Market 2010 2015 ; EconomicTimes Website
By 2012, nearly 85% of net-new software firms coming to market will be built around SaaS service composition and delivery; by 2014, about 65% of new products from established ISVs will be delivered as SaaS services. SaaS-derived revenue will account for nearly 26% of net new growth in the software market in 2014 IDC Report
The explosive growth in the cloud computing market will mirror greater IT globalization trends, with India leading the market in outsourced support for Cloud services
It is estimated that SaaS is growing at a rate five times faster than the software market as a whole
We are seeing an acceleration of adoption of cloud computing and cloud services among enterprises and an explosion of supply-side activity as technology providers maneuver to exploit the growing commercial opportunity Ben Pring (VP, Gartner)
Traditional IT Delivery Translated to Cloud

Business Value Traditional Delivery
Future of Cloud
Cloud-based Delivery
Consumption
Applications
Software as a Service (SaaS)
Creation
Development Tools
Development as a Service (DaaS)
Orchestration
Middleware
Platform as a Service (PaaS)
Infrastructure
Infrastructure and Hardware
Infrastructure as a Service (IaaS)
Source: R Wang and Insider Associates; A Software Insiders Point of ViewUnderstanding The Many Flavors of Cloud Computing and SaaS ( R "Ray" Wang, Phil Wainewright, Michael Cote, and James Governor); Forrester Report; Grail Research Analysis
Four Service Delivery Models

Business Value Definition Expert Views
Future of Cloud
Service Provider
Application licensed to customers
SaaS is perfect for small businesses, they get the benefits of world-class infrastructure, enterprise-class features, and no capital investment. Frankly, I'd be surprised if the SMB market doesn't shift to a SaaS-dominated sector Bernard Golden (CEO, HyperStratus) The cost of comformity is the lack of flexibility. What will you do 5 years into a True SaaS scenario when you are locked in and the vendor wont add the feature or functionality you need? R 'Ray' Wang (Partner, Altimeter Group) Just as platform as a service provides enterprise IT with a new model for platforms to run applications in the cloud, development as a service provides a new model for development tools, giving developers the power to create applications for the cloud Marc Benioff (CEO, Salesforce.com) I think there are going to be thousands of new platform companies -- you the end user can program it Marc Andreesen (General Partner, Andreessen Horowitz and Cofounder & Chairman at Ning Inc.) The advantages of PaaS are - Complete abstraction; considerable cost savings and faster time to market ; Better security. PaaS makes developers succeed even if they are completely operations blind K. Subramanian (CTO and Advisor, CloudsDirect) There are shortcomings in the platform as a service model as well. The biggest problem with PaaS may be difficulty migrating existing applications from the internal data centre to the cloud Tim O'Brien (Director, Platform Strategy Group, Microsoft) Although it is not the first choice, IaaS has an obviously huge market in the enterprise because there are countless servers sitting in data centers that are prime candidates to move out to IaaS clouds, and countless more that will be needed in the coming years Scott Sanchez (Security and Privacy Officer, ScaleUp Cloud) In short, IaaS and other associated services has enabled startups and other businesses to focus on their core competencies without worrying much about provisioning and management of infrastructure K. Subramanian (CTO and Advisor, CloudsDirect)
SaaS
Access through thin client interface, such as a web browser
Set of tools and APIs provided for creating customized applications
DaaS
Tools provided include code editors, source control systems, and batch scripts Hosting for clientdeveloped applications
PaaS
Applications can be created using programming languages such as Java and .Net Fundamental computing resources (processing, storage, network, etc.) to run full virtual servers Customer has control over operating system, storage, and deployed applications
IaaS
Note: Comments and Views include key snippets Source: NIST Working Definition of Cloud Computing; SysCon Website; The Role of Internal Audit, October 2009 (Ernst & Young); TechWorld Website; SoftwareInsider Website(R "Ray" Wang); Company Websites
Cloud Computing Continues to Evolve

Expert Views
Future of Cloud
Key Takeaways
Requires Awareness and Clarity
There is still a strong need for awareness on the part of folks in the cybersecurity area about cloud computing. About 21% of those folks involved in cybersecurity, their agencies are unaware about cloud computing, and 34% of the respondents in total weren't familiar with the cloud. That is the real key-take away that awareness around the cloud as it relates to trust and security needs to continue to be increased Melvin Greer (Chief Strategist, Cloud Computing, Lockheed Martin) the biggest security threat for cloud computing is lack of awareness about cloud security among the IT Pro's Scott C. Sanchez, CISSP (Security and Privacy Officer, ScaleUp Cloud) Public cloud services are generally not providing as much customization as customers want, but the cloud model is gaining popularity both among users who want to sidestep their companies' IT departments, and from small businesses that want to get out of the IT business Tim O'Brien (Director, Platform Strategy Group, Microsoft) "Cloud solutions won't come in a box, nor are traditional internal IT technologies and skills apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far able to provide custom or shrinkwrapped' offerings that conform to a specific enterprise's situation and needs Dana Gardner (President and Principal Analyst, Interarbor Solutions) People are going to want to move data around, they're going to want to ask clouds to do things for them . We don't have any inter-cloud standards. There's a whole raft of research work still to be done and protocols to be designed and standards to be adopted that will allow people to manage assets Vint Cerf (Co-designer of the TCP/IP, VP and Chief Internet Evangelist, Google) When customers are looking to adopt cloud services, they want services that follow highest standards, even though such services may follow better standards than their existing infrastructure Bernard Golden (CEO, HyperStratus)
Awareness and understanding of cloud computing is limited to a small set of IT professionals
B
Requires Customized Solutions Requires Cloud Computing Standards
There is a gap between customer requirements and existing cloud computing solutions in the market
Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website
10
Cloud computing is still evolving in terms of welldefined adoption/integration standards
Interest in Cloud Computing Across Geographies

Share of Discussions1 on Cloud Computing
46%
Future of Cloud
Key Takeaways
Certain geographies are better suited to offer Cloud services (e.g., those with favorable climate conditions to sustain the cooling needs of data centers)
17% 11% 9% 7% 6% 4% Rest of World Cloud technologies are dependent on uninterrupted connection to the Internet, which is not possible in all parts of the world where electricity and Internet connectivity can be sporadic The Patriot Act in the US allows the government to subpoena all data stored within the country. This might not be acceptable to non-US-based organizations Massachusetts Breach Law protects citizens private information, specifying strict compliance guidelines around storage, access, and transmission of personal information which will impact how Cloud service providers handle data The EU Data Protection Directive does not allow the personal information from EU or EEA2 to be transferred to any outside country, which doesnt adhere to the EU specified compliance mechanisms for legal data protection The Safe Harbor certification (developed by the US Department of Commerce and European Commission) enables US vendors to comply with the EU directive through self-certification, thereby eliminating the restriction on data transfer
Expert Views
Developing countries may be in a great position to take advantage of virtualization and cloud computing. During a recent visit to Indonesia, it was clear the government is struggling with the problem of both building a national ICT plan (Information and Communications Technology), as well as consolidating a confusing array of servers, small data centers, and dearth of policies managing the storage and protection of data John Savageau (President, Pacific-Tier Communications) Each country may pass their own laws that govern the provision and use of online environments John Howie (Senior Director, Microsoft) Our European customers want to make sure that their data stays in Europe. Can Amazon guarantee that? Thats never been answered Ranjith Kumaran (Founder and CTO, YouSendIt)
Note: 1Online discussions in English on blogs, forums, news websites, and Twitter from software tool findings across regions during the period 25-Aug-2009 to 25-Aug-2010; 2European Economic Area Source: Sysomos Software Tool; SysCon Website; CloudStorageStrategy Website; InformationLaw Group Website; Official Website of the Commonwealth of Massachusetts; lawpracticestrategy.com
11

Future of Cloud
Future of Cloud
The concept of computing resources as a utility is gaining traction among SMBs; however, the economic model offered by Cloud service providers has yet to prove its strength of scalability to enterprise customers
In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences Paul Otellini (CEO, Intel) Its a big win for smaller companies to leverage the cloud because you are really saving a lotit is really avoiding a large, up-front investment. Five years ago, we would have had to build out a data center and the sheer cost of that would have made it much more difficult to launch our business. In a traditional data center, we would need an IT person to rack the system, maintain the servers, and own the hardware, So rather than hiring someone, we now have software developers that are writing on a very flexible platform that vendor maintains Oliver Friedrichs (CEO, Immunet) Right90 didnt start its business using third-party infrastructure, but the cost savings and flexibility of Cloud services beckoned. Last year, the company moved out of its data centers in Calgary, Ontario and San Francisco, California and adopted Amazon EC2 with backup to servers located at the firms own offices. The lack of servers to manage has freed up Right90s IT management team Arthur Wong (CEO, Right90)
Source: BusinessComputingWorld Website; CIO Website

12
Drivers of Adoption
Expert Views
Future of Cloud
Key Takeaways
A
Economic Downturn
In part, this can be explained by macroeconomic factors, The financial turbulence of the last 18 months has meant every organization has been scrutinizing every expenditure. An IT solution that can deliver functionality less expensively and with more agility (remembering that time is money) is hard to ignore against this backdrop Ben Pring (VP, Gartner Research)
The economic downturn has forced businesses to become leaner, which in turn has fuelled the adoption of cost-effective Cloud service models
B
Technology Advancements
Server technology is in the middle of a renaissance where it is driving Cloud advancements and Cloud is, in turn, changing servers. Cloud-based scale issues will continue to change how servers and software for them are built for years to come Steve Ballmer (CEO, Microsoft)
The success of virtualization and Internet bandwidth availability has positioned Cloud services as a potential market opportunity
Demand Expectation
Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website
13
In technical terms, cloud computing offers elasticity, pay-as-you-go rather than capital-intensive investment, and no long-term resource commitments. In business terms, cloud computing means low cost of opportunity experimentation, high agility to respond to changing business conditions, and the ability to direct capital investment toward core business activities" Bernard Golden (CEO, HyperStratus)
Clouds on-demand model allows companies to scale up (or down) as they rapidly restructure to meet market requirements, with a pay-as-you-go model instead of taking on the capital expenses of traditional IT infrastructure
Barriers to Major Adoption

Insights
Future of Cloud
Industry experts believe that there is apprehension among potential Cloud customers about security and data privacy. Other major concerns include complexity in the integration of cloud-based systems and adherence to regulatory/compliance frameworks
Security and Data Privacy
Integration with Cloud-Based Systems Expert Views
Regulatory and Compliance Issues
"Security has been identified as the most significant issue associated with cloud computing adoption" Melvin Greer (Chief Strategist, Cloud Computing for Lockheed Martin) At this initial stage, the applications and data being processed in clouds are predominantly non-sensitive, and the Cloud services offer minimal or only generally available security. The cloud offerings themselves are proprietary computing islands, with few standards and only limited possibilities for interoperability RSA (Security Division of EMC), White paper1
"I am 100 percent responsible and accountable for all technology and every shred of data that moves in and out of my company, and don't want IT to be seen as "the say-no people, but end users may not foresee the difficulties of meshing new products with existing technology. On-premise, we have technology standards. Nothing like that exists in the cloud. If business users adopt these things, we CIOs are challenged in IT to figure out how to integrate [them] with the rest of our world" Don Goin (CIO, Santander Consumer)
In certain cases, compliance will be impossible, It is difficult to take full responsibility for who can access data, who sees it and how it is stored, since the premise of the Cloud is that customers don't necessarily need to know or care where their data is Jim Haskin (SVP, Websense inc) "There is an issue that's looming that hasn't really been discussed or addressed yet. That is the role of governance for companies that are consuming the services versus the role of governance for companies that are providing the services. On some level, companies are going to be both consumers and providers of cloud services Joe McKendrick (Independent Analyst and ZDNet Blogger)
Note: 1The Role of Security in Trustworthy Cloud Computing; Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; ComputerWorld Website
14
Addressing Security Concerns

Insights
Information Security
Secure sensitive or confidential information
Future of Cloud
IT managers dont believe that current cloud computing solutions are at par with on-premise infrastructure solutions. To address this concern, service providers need to offer:
Authentication
Properly identify and authenticate users before granting access to services
Data Location
Identify the exact physical location of information assets
Independent Audits
Conduct independent compliance checks on services provided
Infrastructure Access
Limit access to physical infrastructure where applications are deployed
Data Reliability
Prevent data loss and maintain integrity
Customer Apprehensions and Expert Views
Key Takeaways
There is lack of visibility on legal and compliance standards, and potential customers have limited clarity on where and how the data is stored, and who can access the data
Having core components, such as storage, compute, security, and so on, outsourced to other cloud providers could mean that your data and application processing exists across many different physical providers, and the risk of outages, compliance issues, and data leaks increases dramatically David Linthicum (CTO, Bick Group) (2010 Survey on participants in DEF CON) .belief from the hackers, that cloud vendors are not doing enough to address the security issues of their services; hackers have identified vulnerabilities in current cloud technology Barmak Meftah (Chief Product Officer, Fortify Software) When vulnerabilities are detected they can be managed more rapidly and uniformly. Cloud security is able to respond to attacks more rapidly by reducing the time it takes to install patches on thousands of individual desktops or hundreds of uniquely configured on-premise servers Mike Bradshaw (Director, Google Federal, Google Inc.) Attempts to infiltrate or disrupt online service offerings grow more sophisticated as more commerce and business occurs in this venue John Howie (Senior Director, Microsoft)
Hackers and security experts believe that Cloud vendors are not doing enough to address identified vulnerabilities
Though vendors/service providers create a buzz around their services, they may not be able to match their claims as infiltration techniques outpace readiness of Cloud technologies
Note: Comment and Views include key snippets Source: Ponemon Institute Report; CSA (Cloud Security Alliance); Fortify Software Website; SysCon Website; CIO Website
15
Clobbering the Cloud

Hackers Issue Manifesto of Mayhem
Future of Cloud
Insights
Security analysts and hackers have demonstrated major loopholes in Cloud offerings
Salesforce.com
Hackers demonstrated how they were able to circumvent controls to access restricted resources on the Force.com platform, which supports custom source code upload and execution Loophole: Ways to bypass the controls on free accounts from Force.com in addition to exploiting a bug in the CAPTCHA script It's possible to stitch together the free resources to produce a useable computing platform that can take advantage of the expanded resources without incurring cost to the attacker SensePost
Mobile Me
Hackers arrived at a point where they could read Steve Wozniaks mail and even embed JavaScript for continued access to his account and services (if they were a bit more malicious)
1Amazon
Hackers showed EC2s vulnerability by carrying out three separate attacks: Starting numerous machines Stealing computing time/bandwidth of other users Stealing paid-for 2AMIs Loophole: Resource theft in the Cloud sharing environment a significant concern
Loophole: Weak password reset feature and XSS vulnerability in the application
By piecing together publicly available information, we can generate a profile that is sufficiently complete for a password reset, which points to flaws within the reset process SensePost
We showed attacks against the Amazon EC2 platform that do not target specific weaknesses in technologies; rather the processes by which complex actions took place were abused to our benefit SensePost
With the exploitation of Google BlogSpot and Mobile Me, we are again seeing two common spamming practices converge CAPTCHA breaking techniques and exploitation of free hosted services Mark Sunner (Chief Security Analyst, MessgeLabs)
Note: 1Amazon Machine Instances Source: SensePost Website; Black Hat 2009 - Clobbering the Cloud; Grail Research Analysis
16
Recent Threats Validate Security Concerns
Future of Cloud
The security of these Cloud-based infrastructure services is like Windows in 1999. Its being widely used and nothing tremendously bad has happened yet. But its just in early stages of getting exposed to the Internet, and you know bad things are coming John Pescatore (VP, Gartner Fellow)
Jan 2010: A hacker uses the Google Street View data to stalk victims. The attacker is able to track his victim in few seconds without even using IP address information "The interesting bit is I'm not piggybacking off of the browser's geo-location feature. I simply re-implemented the feature as a server-side tool. This way if I can obtain the user's router's MAC address in any way, regardless of browser, nationality, or age, I can typically determine their location and show up at their place with pizza and beer later that night Samy Kamkar (Co-Founder, Fonality Inc.)
Dec 2009: Zeus botnet was spotted on Amazons Elastic Computing Cloud (EC2) Cloud computing network. It was running an unauthorized command and control center: Zeus botnet enables hackers to steal login credentials, account numbers, and credit card information through the creation of fake HTML forms on banking login pages More than USD100 MM was lost in bank fraud due to Zeus botnet attacks in 2009 The hacker may have stolen the password from the desktop of a user "I think it's more a target of opportunity than a target of choice Don DeBolt (Director, Threat Research, HCL technologies)
July 2009: Twitter corporate and employee information was infiltrated at the top levels of the organization, including the CEO Evan Williams personal email. The individual behind the attacks accessed nearly 310 documents containing confidential information belonging to Twitter. The hacker sent documentation to Tech Crunch, the elite media organization that covers tech trends, to prove the attack "It's a message I wanted to get out to Internet users, to show them that no system is invulnerable Francois Cousteix (Hacker Croll, in his interview with French media on hacking the Twitter account)
Source: CIO Website; Snipe Website; Sean-Barton Website; Dark Reading, Computer World blog; TechCrunch
17
Pros and Cons to Cloud Adoption

by Company Size
SMB Large Enterprises
Future of Cloud
Expert Views
PROS
Innovation flexibility at low operating expense and no capital expenditure On-demand scalability to synchronize with market dynamics Ability to access information regardless of location Allows large enterprises to focus on core business activities instead of IT infrastructure Lower cost of power, space, and data center maintenance by taking non-critical services out of data centers Risk of hardware and software obsolescence transferred to Cloud service provider
Companies such as AllenPort and ARC offer SMEs good software at affordable prices with the flexibility to adjust usage on an as-needed basis. The service model meets the financial needs of SMEs while protecting them from the risks of nongenuine software Charl Everton (Anti-Piracy Manager, Microsoft SA) They (Mid-sized companies) face rapidly changing markets and need to avoid being locked into a capital investment or any particular mode of operations. The call option that cloud computing represents the ability to change in the future without a penalty is critical to a midsized company trying to succeed in a world of giant competitors and disruptive change Bernard Golden (CEO, HyperStratus)
CONS
Security, privacy, and compliance concerns Network latency hinders application performance Cost of hardware rapidly decreasing can be a future concern Complex integration of legacy systems with Cloud systems an obstacle; needs can be greater than current Cloud capabilities Increase in security threats due to adoption of Public Cloud Legal compliance and regulatory issues if operations in multiple countries Highly skilled IT staff and sunk investments in existing hardware infrastructure may also act as a deterrent to move to Cloud
"I would argue, however, that if you have existing IT investment, or you have requirements that push beyond the limits of today's cloud computing technology or business models, you should consider not choosing at all James Urquhart (Blog Network Author, CNET) What holds back large companies is, in a sense, their success with the previous generation of computing. Because they could invest in the old model, they've now got an installed base of hardware and a large, top-notch technical staff on hand. There's pressure on these businesses to justify the sunk cost of their hardware infrastructure, so they tend to more toward a vision of private cloud computing Bernard Golden (CEO, HyperStratus)
Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; ReadWriteWeb Website; PCWorld Website; MyBroadband Website
18
Economic Model and Hidden Cost

Insights
Future of Cloud
Cloud has been positioned as an alternative to on-premise infrastructure; however, experts believe that it is not always the most appropriate IT solution. Other factors that should be considered include cost of Internet bandwidth, third-party support, and barriers to switching Cloud service providers or changing back to a on-premise infrastructure
Expert Views
Economic Model
Risks, such as, hardware and software technological obsolescence, are transferred; although many considerations, including security, interoperability, lock-in, business process governance, and management remain, and need to be properly evaluated Ray DePana (Industry Consultant, NSF1) "I believe that the future of data centers is in the cloud because companies will be drawn toward paying $10 per month on hosted Exchange services instead of spending $10,000 on an in-house implementation of Exchange Server Tim Crawford (CIO, All Covered)
Key Takeaways
Economic evaluation of Cloud adoption vs. on-premise infrastructure setup varies under different business scenarios. There should be a thorough internal due diligence on business requirements There is no widely accepted framework to assess the value proposition of various Cloud services vs. on-premise infrastructure setup The IT community is divided whether Cloud services are a business decision or a technology decision
Hidden Cost
our analysis indicates that once youre sending over 50 gigabytes of data daily (or a terabyte a month costing you $150 on Azure, for example), it may make sense to leave the cloud and buy your own bandwidth to the Internet youll probably save 50 percent of your monthly bandwidth charges Allan Leinwand (CTO-Infrastructure Engineering, Zynga) Bandwidth Cost: Cloud services are delivered over the Internet; Internet bandwidth usage and charges increase as resource utilization rises Third Party Support: Regulatory and compliance guidelines may require a third-party auditor or application, which will lead to additional cost and complexity Cloud Switch: Cloud computing service providers, eager to capture the market, use proprietary mechanisms to deploy applications and store data. This can lock the customer to a provider or increase complexity/cost when switching providers/infrastructures
Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets Source: CIO Website; SysCon Website; GigaOM Website; CloudEco Blog; Linkedin; Do Clouds Compute? A Framework for Estimating the Value of Cloud Computing by Markus Klems, Jens Nimis and Stefan Tai; SmartDataCollective Website
19
How Green is Cloud?

Insights
Future of Cloud
Experts see the potential of cloud computing for Green IT through efficient power consumption; however, skeptics claim that there is no comprehensive framework to assess the value proposition of Green Cloud
Green Lining to Cloud

Cloud computing providers strive to maximize the performance of their operations and can achieve higher utilization rates than in-house data centers Cloud data centers can be developed at strategic locations, or integrated with renewable sources of energy
Skepticism and Uncertainty

According to a survey by Rackspace Hosting1, only 20% believe that hosted solutions play a role in making their firm greener. An additional 34% of those customers are currently trying to evaluate the efficiencies and greenness of Cloud. As more and more enterprises opt for Cloud, data centers end up using more electricity to run computers, as well as meet back-up and cooling demands. Experts believe that Cloud companies may choose output over environmental considerations in the future
Hewlett-Packard developed a wind-cooled data center in England Googles data center in Saint-Ghislain, Belgium, functions without
chillers
Expert Views
In theory, a shared resource like Amazon or Google's public clouds can have higher utilization and thus greater power efficiency. Locate your cloud data center close to a green power source, like a hydro plant, and you can minimize transmission line power losses and be even greener Marc Hamilton (VP of Cloud Computing Sales, Sun) Im sure that if you were to compare a traditional data center deployment to a near exact replication in the Cloud you'd find the Cloud to be more efficient, but the problem is there currently is no way to justify this statement without some kind of data to support it Reuven Cohen (CTO, Enomaly Inc.) So, in a sense, the "greenness" of Cloud computing is a kind of Schroedinger's box problem today, in which we won't know the actual savings to the environment until someone actually observes--or measures--it James Urquhart (Product Marketing Manager of Cloud Computing, Cisco Systems) "Cloud doesn't save power but displaces it. Ultimately, roughly the same power is drawn from the grid, just by different companies. So it's no greener. Cloud is more about dealing with companyspecific issues than planetary ones Andy Lawrence (Research Director, 451 Group)
Key Takeaways
Experts maintain that Cloud is greener than individual data centers, however, there is a long road ahead in substantiating
Cloud allows companies to scale down IT resources when demand is low, reducing their carbon footprint significantly Green cloud as a concept depends on the ability of Cloud providers to meet their increasing demands through renewable sources of energy
Note: 1 Based on 167 customer responses from email Survey conducted by Rackspace Hosting globally in 2009; Comment and Views include key snippets Source: SysCon Website; ComputerWeekly Website; GreenBiz Website; Rackspace Hosting Survey Report; Greenpeace Report; CIO Website
20
Future of Cloud
Future of Cloud
Future of Cloud
Over the last few years, start-ups and small businesses have proposed innovative solutions to mitigate the risks associated with cloud computing, and are competing with leading players in the Cloud space
I believe that Cloud computing is a powerful trend the next platform shift in computing. It will profoundly change the way organizations do their computing. Proof is in the fact that major vendors like IBM, Google, and Microsoft are investing tens of billions of dollars in building out their Cloud infrastructures. Those who characterize Cloud computing as mostly hype have short memories. It was barely a decade ago that many people characterized the Internet as mostly hype Bernard Golden (CEO, HyperStratus) So, in terms of the first movers and the environment now, its going to look very different. Anybody who carved out some space right now and some lead in the market in Cloud shouldnt feel too comfortable about their position, because there are companies we dont even know about at this point, that are going to be fairly pervasive and have a lot to say about IT five years from now Jim Reavis (Executive Director of Cloud Security Alliance (CSA), and President, Reavis Consulting Group) Password resetting and other security mechanisms in the Cloud are always going to be a weak link, as long as userfriendliness comes ahead of security in Cloud computing beauty stakes. Expecting regular joes to whip out a twofactor authentication device for use with a Cloud-driven service just isnt realistic. Its not going to happen Andy Cordial (MD, Origin Storage)
Source: CIO Website; NetworkWorld Website; ReadWriteWeb Website

21
Consolidation in the Ecosystem

Increasing Cloud Focus
Future of Cloud
Insights
Established Cloud service providers have switched gears towards consolidating their present offerings due to increasing focus on Cloud in the market place
Customers are increasingly looking for ways to take advantage of the flexibility and new services in the public cloud and want to extend the security and control of their private clouds to this new environmentTriCipher brings to VMware important authentication and identity technologies that will accelerate our delivery of new solutions for hybrid cloud integration and end user computing Brian Byun (VP & GM of Cloud Services and Applications, VMware) TriCipher has been a pioneer in the field of identity and access management as a service, providing secure authentication and seamless single sign on access to over 3,000 public and private Web and SaaS applicationsWe are excited to join the VMware family and further build on our foundational technology to fulfill VMwares cloud and end user computing vision John De Santis (Chairman & CEO, TriCipher)
VMware delivers virtualization and cloud infrastructure solutions that enable IT organizations to energize businesses of all sizes VMware Website
TriCipher offers secure cloud access management with easyto-deploy, powerful identity solutions that address today's pressing business problems TriCipher Website
CA Technologies is an IT management software and solutions company with expertise across all IT environmentsfrom mainframe and physical to virtual and cloud CA Website
Arcot is the Cloud authentication leader. Its fraud prevention, strong authentication and eDocument security solutions are easily deployed, low-cost, and extremely scalable Arcot Website
"Controlling identities and their access to information is a critical area of security. The combination of Arcot's software-only approach to advanced authentication and fraud prevention and our CA SiteMinder portfolio gives our customers robust and flexible options for reducing risk, supporting regulatory compliance and confidently securing business transactions Dave Hansen (GM, Management Products and Solutions and Security, CA Technologies) Identity is a critical area for security whether youre talking about in-house or the cloud, and with 120 million identities verified by our solutions today, we bring a strong, solid recurring revenue base as well as sources of new growth opportunities for CA Technologies Ram Varadarajan (President & CEO, Arcot Systems)
Note: Comment and Views include key snippets Source: Company Websites
22
Recent Acquisitions
Is Cloud driving acquisitions?
Future of Cloud
Insights
Companies
Microsoft, IBM, and Sun offer security within the operating system Google and Amazon have security features in their apps, but Intels acquisition of McAfee seems to have redefined the security landscape with a potential to embed security within the chip. Some experts believe that this will lead to more secure Cloud offerings in the future
Acquisition
Expert Views
Aug 2010: Instead of running above OS, we have to think about using security at a lower level of the stackI'm looking forward to one year from now when I 'm standing before you all and we're talking about a whole other era Dave DeWalt (CEO, McAfee) The other major shift impacting Intels core market is the trend toward Cloud Computing, . So the acquisition of McAfee could do three things for Intel:It provides the capability for Intel to develop security within a cloud computing infrastructure Pat Clawson (Chairman & CEO, Lumension) Aug 2010: "With Fortifys leadership in static application security analysis combined with HPs expertise in dynamic application security analysis, organizations will have a best-inclass solution to improve the security of their applications and services Bill Veghte (Executive VP of Software and Solutions, HP)
Jul 2010: "With BigFix software integrated with IBM software offerings, IBM clients will be able to more easily manage and secure their PCs and laptops, a complex task as the costs and risks associated with security threats continue to grow Steve Robinson (GM of Security Solutions, IBM) Sep 2006: Information security continues to dominate the spending intentions of CIOs around the world. The battlefront in security has quickly shifted from securing the network perimeter to protecting and securing the information itselfwherever that information lives and wherever it moves Joe Tucci (Chairman, President & CEO, EMC)
Note: Comment and Views include key snippets Source: Gigaom Website; eSecurityPlanet Website; Company Websites
23
Initiatives to Address Security Concerns

Microsoft CloudProof
CloudProof has been proposed as a system to secure Cloud storage in a Microsoft Research Paper. The system will address the issue of security by adding SLA-level guarantees, thus increasing Cloud adoptability IT identifies four key Cloud storage characteristics: confidentiality, integrity, write-serializability (ensuring data is updated in the right order), and read freshness (reads most recently updated data file). The proposed Cloud storage system, CloudProof, can detect and prove security violations to these properties The advantage is that hackers cannot gain information from encrypted data, however, they can still infer information from Cloud access patterns
Future of Cloud
Nippon Telegraph & Telephone Corporation and Mitsubishi Advanced Encryption Scheme
Nippon Telegraph and Telephone Corporation, and Mitsubishi Electric Corporation have developed a new encryption system that provides complex and fine-grained data transmission/access control This scheme uses a mathematical approach called dual pairing vector spaces to allow confidential information access The encryption scheme is proposed to be used in cloud computing and other advanced network services to attain secure environments
CloudProof will detect and prove security violations across four storage characteristics
The Advanced Encryption Scheme applies advanced logic in encrypting and decrypting to provide a secure Cloud environment
IBM Homomorphic Encryption Scheme

IBM is working on an encryption system that will allow the searching of data in an encrypted format "The point is to allow others to manipulate your encrypted data without revealing it to them. For example, in cloud computing you want to store your encrypted data files out on the cloud, so that you can access it from anywhere. But you would also like to be able to search your data with some combination of keywords, then just decrypt the query results The usefulness of the scheme is still limited by the fact that, as more operations are performed, successive encrypted answers degrade, becoming dirty Craig Gentry (Researcher, IBM)
Trend Micro SecureCloud

Trend Micro has launched an encryption solution called SecureCloud This solution is provided through a single web portal and supports Vmware, Eucalyptus, and Amazon Elastic Compute Cloud SecureCloud uses key management technology and standard encryption services to provide data security and privacy to Cloud users. Unlike other Cloud security services, the encryption keys remain exclusively with the user Security has been one of the greatest inhibitors to Cloud Computing adoption. Now, as Cloud Computing takes shape and enterprises are starting to put data in the Cloud, security must evolve to protect and control the data Steve Quane (Chief Product Officer, Trend Micro Cupertino, CA)
When operational, the Homomorphic Encryption Scheme will be able to search, sort, and process encrypted data
SecureCloud gives enterprises ultimate control over the data
Source: Microsoft Website; Mitsubishi Electric Website; SmartTechnology Website; SysCon Website; WorldCadAccess Website; InformationManagement Website; Microsoft Research Paper Abstract (Raluca A. Popa (MIT), Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang (Microsoft Research))
24
Buzzing Startups
Address Cloud Security Issues
Future of Cloud
Insights
Companies
Some startups have adopted a hybrid methodology in their Cloud products to address concerns about security, bandwidth capacity, and reliability. This approach allows them to use various encryption methods and other proprietary ways to secure data stored on Cloud, and it also allows users to work offline with higher performance levels
Product Offering
Cloud-Client
Concept
Data and applications are stored and run locally on the PC while instantaneously mirroring the data to Cloud. Data is encrypted prior to transmission and decrypted only upon call back
CEO
Joel Allen
Cloud File Server
Egnytes hybrid technology leverages the benefits of accessibility and flexibility of Cloud storage integrated with the performance of local storage Direct to vault online technology offers an innovative way to securely store, share, backup, organize, and remotely access digital assets using one integrated solution On-premise policy server and cloud-based scanners are integrated to assure off-premise remote access security adherence The focus is to protect data where it resides. AES encryption is used before data is sent to its online backup destination. In addition, users get an option to encrypt local disk storage
Vineet Jain
Cloud Content Management Program Web Service Hybrid (SWS-H) CTERA Portal and CloudPlug
Dennis J. Cindrich
John Vigouroux
Liran Eshel
Off-Premise
Synchronization
On-Premise
Source: BusinessWeek Website; AllenPort Website; Digi-Data Website; CTERA Website; Egnyte Website; TechcrunchIT Website; M86Security Website; CRN Website
25
Business Models and Offerings will Evolve

Expert Views
Future of Cloud
Key Takeaways
An ecosystem of Cloud service evaluators, aggregators, and integrators will emerge to address growing customer concerns and potential business opportunities. Cloud computing presents an opportunity to monetize open source applications/tools
A
Improved Compliance and Service-level Agreements
Some compliance requirements demand that relevant data be encrypted both at rest and in transit. Many of the cloud providers do not support that Chenxi Wang (Ph.D., Principal Analyst, Forrester) Customers will care more about service level agreements than the brand name of technology components. Integration will emerge as the key enabler and choke point R. Ray Wang (Partner, Altimeter Group)
B
Evolving Business Models Integrated/ Customized Service Offerings
IT managers are optimistic about Software as a Service (SaaS) being the key source of future efficiency gains Service providers will compete not just on price, but scalability, efficiency, and SLAs Stephen Fosket (Recipient of Microsoft MVP award) Emerging Cloud based business models like gaming as a service, content driven clouds, cloud computing can help monetize open source software Krishnan Subramanian (Chief Technologist/Advisor, CloudsDirect) Mid-size companies are more likely to adopt Cloud services over the next few years, especially Infrastructure as a Service (IaaS)
Single function clouds will evolve to deliver a suite of service offerings to their clients or be acquired by others providing multiple cloud service offerings, as clients will not want to manage an endless stream of cloud service providers for every workload they outsource Ray DePana (Industry Consultant, NSF1) From a strategic differentiation point of view, organizations must enhance product offerings with services, improve the customer experience with loyalty top of mind, and tailor personalized experiences that support self-service options and mobility R. Ray Wang (Partner, Altimeter Group)
Potential customers will be more concerned about flexibility, control, and growth from cloud computing services, rather than security By 2012, cloud computing is predicted to gain widespread acceptance with corporate data centers as 20% of businesses globally are expected to own no IT assets
Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets Source: SoftwareInsider Website; Ulitzer Website; GestaltIt Website ;Forrester Report; SysCon Website; InfoWorld Website, Gartner Report; LinkedIn
26
Cloud The Way Ahead?
Future of Cloud
The evolution of Cloud marks a fundamental shift in our relationship with electronic assets and our access to that data and information The Cloud offers great promise; however, companies seeking to implement cloud-based applications have concerns about the security and privacy of public cloud providers. Until providers offer sufficient clarity and assurance on these topics, their customers will implement data protection and security methods on their own which enable them to overlay a private cloud functionality on top of the public cloud offering1 Hybrid architectures that offer encryption of data at the local or client level, prior to transmission to the Cloud may offer a path forward for business consumption, thereby combining the best of on-premise functionality with that of hosted solutions for these on-demand services
If you are evaluating a Cloud initiative, always assess your companys readiness, measuring the cost and benefit for your business within the context of the competitive landscape. Consider: What are the direct business benefits of Cloud for my company? Why would I rent rather than own? Will a Cloud solution support my business needs, or am I losing functionality for a perceived price benefit? How does my solution providers roadmap align with my business needs? How are my Cloud solution providers establishing standards and maintaining the security and privacy of my information and by extension, my clients information? What are my competitors doing in this space? Are they pursuing private, public, or hybrid initiatives?
Note: 1Grail interviews with Bernard Golden (CEO, HyperStratus); Chenxi Wang (Ph.D., Principal Analyst, Forrester) Source: Grail Research Analysis
27
For More Information Contact:

Jocelyn DeGance Graham (jdgraham@grailresearch.com)
About the Author Jocelyn DeGance Graham - Named by United Business Medias CRN as one of the 100 most influential women in IT, Jocelyn currently leads the Grail Research Cloud Center of Excellence and Cloud research practice. Jocelyn has deep expertise in the areas of marketing, communications and research and has spent the majority of her career advising Fortune 100 companies including Hewlett-Packard, Intuit, and Arthur Andersen on strategic emerging technology decisions. Prior to joining Grail Research, Jocelyn directed the marketing program for an award winning Cloud startup which was recognized by Gartner as one of the Coolest Emerging Technologies of 2010. She holds a Masters degree in Industrial/Organizational Psychology and a Bachelor's degree from University of California, Santa Barbara.
Copyright 2010 by Grail Research, LLC No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise without the permission of Grail Research, LLC
28

2010 Grail Research Cloud Computing

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

2010 Grail Research Cloud Computing

Hochgeladen von

Copyright:

Verfügbare Formate

Cloud Computing: Fact versus Fog

| Copyright 2010 Grail Research, LLC

| Copyright 2010 Grail Research, LLC

Foundations of Cloud Computing

Foundations of Cloud Computing

Obstacles and Considerations

Cloud is an evolution, merging virtualization, grid, utility, and web standards

Source: SysCon Website; Ars Technica Website; CIO Website

Defining Cloud Computing

Foundations of Cloud Computing

Obstacles and Considerations

Service Delivery Models

How Do Experts Define Cloud Computing?

Emerging Primary Models for Cloud Deployment

Foundations of Cloud Computing

Obstacles and Considerations

Definition and Expert Views

Private Cloud Intranet/VPN1

Hybrid Cloud Intranet/VPN1 + Internet

Global Share of Online Clouds 1% 12% 52%

Public Cloud 35% Hybrid Cloud Community Cloud N= 49,7813

Foundations of Cloud Computing

Obstacles and Considerations

Cloud Market Growth

Traditional IT Delivery Translated to Cloud

Foundations of Cloud Computing

Obstacles and Considerations

Software as a Service (SaaS)

Development as a Service (DaaS)

Platform as a Service (PaaS)

Infrastructure and Hardware

Infrastructure as a Service (IaaS)

Four Service Delivery Models

Foundations of Cloud Computing

Obstacles and Considerations

Application licensed to customers

Access through thin client interface, such as a web browser

Set of tools and APIs provided for creating customized applications

Cloud Computing Continues to Evolve

Foundations of Cloud Computing

Obstacles and Considerations

Requires Awareness and Clarity

Awareness and understanding of cloud computing is limited to a small set of IT professionals

Cloud computing is still evolving in terms of welldefined adoption/integration standards

Interest in Cloud Computing Across Geographies

Foundations of Cloud Computing

Obstacles and Considerations

Obstacles and Considerations

Foundations of Cloud Computing

Obstacles and Considerations

Source: BusinessComputingWorld Website; CIO Website

Foundations of Cloud Computing

Obstacles and Considerations

Barriers to Major Adoption

Foundations of Cloud Computing

Obstacles and Considerations

Security and Data Privacy

Integration with Cloud-Based Systems Expert Views

Regulatory and Compliance Issues

Addressing Security Concerns

Foundations of Cloud Computing

Obstacles and Considerations

Customer Apprehensions and Expert Views