Monthly Archives: January 2011

Barack Obama’s State of the Union Speech 2011 Wordled!

Barack Obama's State of the Union Speech 2011

Barack Obama's State of the Union Speech 2011

Every cloud has a silicon lining | Part 2(b)

In this F2MKE.co.uk blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read parts 1 and 2 of Every cloud has a silicon lining head for:

http://www.f2mke.co.uk/2011/01/18/every-cloud-has-a-silicon-lining-part-1/

And

http://www.f2mke.co.uk/2011/01/20/every-cloud-has-a-silicon-lining-part-2a/

So we’ve already taken a look at what the cloud and cloud computing means?  We’ve tackled the issues of security and supplier lock-in.  Part 2(b) of Every cloud has a silicon lining will deal with reliability and capacity, cost and efficiency.

But first this… Your business, or school, does have data that is highly sensitive and must have an added layer of security and control; you have to deliver specialist services or functions that simply don’t have a good fit within existing cloud offerings; maybe you have core infrastructure that nestles in the midst of all of your services, gluing them together?  This is where you should consider a mixed ‘public’ and ‘private’ cloud services delivery.  The ‘private’ cloud will typically be a data centre that supports virtualisation, has Internet connectivity and allows you to host these most valuable assets with complete control whilst delivering flexibility, scalability and high availability.

Reliability is a constant concern.  In the world of cloud delivered services this is less about the availability of the cloud and the services delivered from it.  Instead it is about the perception of fragility often attached to the ability of the end-user, or customer, to connect to the cloud.

At the top of the list is the reliability and even availability of decent broadband connections.  In my experience, where reasonable to decent broadband connectivity is available, the root cause of any failure or degradation of service lies much more often than not, somewhere other than the broadband itself.  Changes to, or poorly thought out Local Area Networks;  Misbehaving, or misconfigured gateway servers – proxies, content filtering, caching, etc;  client PCs, etc., etc., are all too often to blame.

Perception is Reality

But to quote a very well respected colleague, “perception is reality.  So how do we go about changing perception – or reality?

With efficiency very much at the fore – or in the case of this article, my laziness.  My view on the solution sweeps up capacity, cost and efficiency too 😉

The more services that we move into the cloud, the more reliable the client PC becomes.  All I need to be productive is a device with a slim Operating System and a web browser.  No more installing, updating and fixing applications and bloating of registries.  I don’t even need to worry about the amount of storage on my device, whether it’s a Ferrari or second-hand ‘missed the Government’s scrappage deal’ Rover, or even whether it’s the same device I left home with in the morning!  Whoop, whoop!  From a support point of view the client device becomes almost throw-away.  I mean recyclable.

The more services we move to the cloud, the more we should question the need for locally hosted servers.

“What about the security of my local network?  I’ll need a directory server to make sure that trusted people get to trusted services!”

Really?  If everything is online and your customers and end-users have to login when they get to them, do you really need to worry about all of those extra logins – oh and the licences typically associated with them?  There’s a whole other discussion upon identity management, single sign-on and of course, open standards that’s to be had – and probably elsewhere!

So, we’ve moved out much of the hassle and expense of complex support associated with client software and servers, not to mention hardware refresh costs.

We must have made some savings then?  I doubt that I’d be motivated to be writing on this subject if not..?

I have estimated the savings to be substantial dependent upon the size or number of organisations taking part.  And that’s without considering industry estimates of between 20% and a whopping 80% savings associated with the adoption of Software as a Service – pretty much summarised as web-based applications that are paid for on a metered basis.  A bit like gas, electricity, or your telephone bill.  So we might need an Ofcloud then?

And with all of these savings?  ‘Simples’.  We have part 2 of the solution.  We invest some of these savings back into broadband.  We address the broadband ‘not-spots’.  We increase capacity and we improve resilience.

“You indicated that there would be some efficiency savings too”.

And there are…

If your organisation is made-up of many satellite sites, locally to globally, then you immediately reduce the support overhead – often specialist resources available to go out to sites, or be based on-site.  These skills are typically in short supply and can be much better utilised!

Productivity is increased with reduced potential causes of downtime.

Customers and end-users can access services from any device, at anytime and from anywhere.

Finally, it is far easier to ‘join-up’ your systems if they reside in the cloud.  Uh oh!  I’m back on the open standards soapbox again.

Single sign-on is currently far more achievable when all your apps are online.  Your customers and end-users benefit from only having to remember one username and password and it is proven that valuable resources are accessed more frequently as a consequence.

This also has positive resonance from a security point of view…  Most of us will try and use the same username and password combination across as many apps as possible.  If these details are compromised once, they are compromised awkwardly, many times across many apps.  How easy is it to get these credentials quickly changed across every app?  Let alone remember which apps!?  Perhaps there’s a market for the credit and debit card Sentinel equivalent for the web?

Schools and Local Authorities should explore Shibboleth.

Update information once and reuse many times.  This is more achievable in the online, or cloud, world.  Efficiency gains are potentially massive.  And the accuracy of information shared around multiple systems inevitably saves time.

Here I go again…  For schools and Local Authorities in the UK (and US, Australia, Norway, etc…) education sector there is the Systems Interoperability Framework (SIF).  For more information search for SIF at F2MKE.co.uk or visit http://www.sifinfo.org/uk/.

In Part 3 of Every cloud has a silicon lining we’ll look at the essential checks before schools or businesses put their heads into the cloud.

Every cloud has a silicon lining | Part 2(a)

In this F2MKE.co.uk blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read Part 1 of Every cloud has a silicon lining go to http://www.f2mke.co.uk/2011/01/18/every-cloud-has-a-silicon-lining-part-1/

The emergence of Cloud computing posed a threat to some of the largest and most powerful IT businesses in the world… And it may still do so?  It was inevitable that cumuliform clouds would reign before settling into cirrostratus.

And this tempestuous climate was fuelled by arguments about security and supplier lock-in, reliability and capacity, cost and efficiency…  The arguments continue.  Part 2 of Every cloud has a silicon lining aims to distil the key arguments and offer an objective view.  Oh, and perhaps start off a few more debates? 😉

Let’s tackle security first.

Security concerns are an all too familiar first line of defence against change in the IT world.  Often this is to protect current preferred working practices, or a sound profiteering business model, but mostly because change means risk.  Oh and change!  However, security should not be downplayed and should play a key part in any decision-making process.

Trusting all of the important tools and data that you rely upon to deliver your business, or run your school, to a group of masked cherubs sitting on a cloud somewhere in the ether deserves an initial gulp!  But step back for a moment and meditate upon that gulp…

Masked Cherub on a Cloud

The majority of security breaches are caused by humans.  A cloud provider’s business model relies upon massive economies of scale, ergo less humans, ergo less room for human error – be it deliberate or not.

You would typically enter into a contract with a third party – cloud provider or not – with some, at least basic, clauses and penalties around loss of data or service.  Would you have similar reassurances within your own business?   

There are cost implications to consider here too.  When searching for your perfect cloud providing partner you can specify all manner of security standards that must be contractually adhered to.  The likelihood is that they are geared up for this to be able to appeal to as wider market as possible and achieve the aforementioned economies of scale – it’s a core part of their business – but are you?  How much would it cost your organisation to achieve and maintain the ISO/IEC 27001/2 standard?

How much more would it cost to be certain that your hardware, software and the place(s) that it’s all kept stays as secure as possible?  ‘Simple’ patch management alone can be a surprisingly bulky overhead.  Large cloud suppliers will afford better security tools, experts and infrastructure.

The risks to focus upon are browser vulnerabilities – most cloud services are accessed through the web browser and these are a favourite target for hackers.  A large cloud provider may well pose an interesting target for hackers or even terrorists too!  These risks are mitigated by the highly competitive web browser market and the importance that a cloud services provider must attach to their reputation.  In both cases, even if a vulnerability is not exploited, the knowledge that it existed will be damaging.

And what about supplier lock-in?

Moving all of your services and critical data into the cloud could leave you vulnerable should you decide to switch supplier, or wish to share data in your systems with another service provider?   Your supplier may decide to increase costs, or decommission a service that you rely upon?  You may become dissatisfied with the service, or a better alternative could enter the market?  You may wish to pick and choose services from multiple suppliers for a best of breed solution?

For example, your main cloud provider may offer you an integrated Management Information System and learning platform, library, catering and cashless systems.  However, you want to switch learning platform and integrate with an alternative library system.

The immediate question is, “how do I get my data out?”.

There are some actions that you can take to mitigate these risks.  As well as sensible contractual exit clauses, insist upon services that offer industry, better still open, standards for data interoperability.

In the UK (and US, Australia, Norway, etc…) education sector there is the Systems Interoperability Framework (SIF).  For more information search for SIF at F2MKE.co.uk or visit http://www.sifinfo.org/uk/.

Furthermore, the likelihood is that competing suppliers will be eager to win your business and will already have tools available to migrate your data from competitor systems.

In some ways there are parallel risks where an organisation develops and maintains services in-house.  For example, data can be ‘trapped’ in bespoke systems and require bespoke, often expensive, solutions to migrate the valuable data out.  A key employee may decide to leave the organisation and take their specialist expertise with them – or hold you to ransom!?

In Part 2(b) of Every cloud has a silicon lining we’ll delve deeper into the advantages of Cloud Computing versus the risks.

Every cloud has a silicon lining | Part 1

In this F2MKE.co.uk blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

Cloud’ is certainly shaping up to be this decade’s information communication technology buzzword.  January’s BETT Show 2011 – the biggest UK (and arguably world) trade show of educational technology and resources – signalled this with lots of suppliers, large and small, marketing as many of their services and products as in the ‘Cloud’.

But what does ‘Cloud’ really mean?

There has been 4,403 revisions to Wikipedia's definition of cloud computing since the first entry in March 2007

A Google search reveals countless definitions augmenting the confusion.  Some of this is surely caused by suppliers blurring the definition to ensure that their products or services fit.

Elsewhere industry experts are stammering to reach agreement.  In the first 18 days of 2011 alone the Wikipedia entry for Cloud Computing has been revised no less than 87 times.  That’s nearly 5 revisions per day!  The first entry was on the 3rd March 2007 with a simple link to Utility Computing, described as a metered utility approach to the delivery of computing resources.  Since then there have been 4,403 revisions and counting…

My personal preference is for the following succinctly put definition:

“The term Cloud is a metaphor for the Internet.  Cloud is a different technological approach to the traditional data centre or in-house service where physical hardware and connectivity is purchased as required.

Put simply, hosting services in the Cloud in an infrastructure as a service model reduces the need for detailed capacity planning and management – a subscription model for computing power more aligned to utility services such as gas, electricity, telephone, water, etc.”

Examples of Cloud Computing are many.  From office productivity, collaboration and communication tools like Google Apps or Microsoft Office 365, through to backup, file management and media sharing such as Zmanda, Dropbox, Flickr and YouTube.

If the software that you are using and the files that you are creating are independent of your PC; and you can access them at anytime and from anywhere with an Internet connection, using only a web browser, then you are working in the Cloud.

In fact, there is arguably little that the typical office and home user, student or teacher, can’t do today in the Cloud, that they can using software installed on a local PC or server.

So…  I get what Cloud Computing is.  But what are the advantages and what are the risks?

In Part 2 of Every cloud has a silicon lining we’ll explore the advantages of Cloud Computing versus the risks.

FAO suppliers at BETT 2011

I’m at BETT 2011 all of this week through ’til Saturday.  I’m particularly interested in hosted, or ‘cloud’, open standards solutions.

Are there any solutions providers out there who are interested in discussing access management using biometrics, RFID, etc., that can plug-in to a Shibboleth Single Sign-on (SSo) IdP and support the Systems Interoperability Framework (SIF)?  My thinking is that door entry, access management, cashless and so on, could share the same biometric, RFID, etc., ‘token’ which could also be used for multifactor authentication in a Shibboleth environment…

Twitter @f2mke, email michael@f2mke.co.uk, or reply to this post if you are interested.

I’m also on the SIF stand at BETT INNPOD19 between 1PM and 2.30PM on Friday if you are interested in how SIF can work for you!?

BETT 2011 and SIF

If you are attending the largest ICT Education show in the world this week – BETT 2011 – then come and find out more about SIF by visiting the SIF Association UK’s stand upstairs in the Main Hall Gallery, along the Innovation Avenue. Look for stand reference INNPOD19. See you there 🙂