Cloud Computing

The Evolution of the Web

Whilst trawling for information on Chrome OS and its supporting devices to understand how these might be deployed and managed across a large estate, I stumbled upon this great interactive infographic, built in HTML5, which details the evolution of major web technologies and browsers.

The Evolution of the Web

The benefits of Cloud Hosting for SMEs

Commensus‘ CTO Alex has written an engaging and succinct guide to the benefits of Cloud Hosting for Small to Medium Enterprises. Many of the points raised in his article are clearly relevant to other sectors.
Cloud Computing

“In our increasingly globalised world, small businesses need an operating communications network to span the geographically dispersed parts of the company. But the business applications required to achieve this are an pricey proposition in our current economic climate. This is making it progressively hard for small companies to compete with large corporations who hold seemingly infinite budgets. But we are now seeing the emergence of multi-tenanted business applications based upon a price-per-user model, or in other words, the Public Cloud. This is allowing youthful organisations to enjoy enterprise level services, security and products, at a fraction of the price.

Now is the time to begin “Thinking Big” – and utilizing communications to get there. With Cloud Computing, instead of running Desktops, Applications, Exchange or Voice through physical in-house servers, they are hosted on centralised virtual servers in a data centre. This entire process is instant to setup and easy to use; you just login, customise and begin. Applications are more scalable, more secure and more reliable as you don’t need a copy of an app for every department using it, just one app which is variable enough for everyone to customise for their own particular needs. You can instantly provision applications whenever you need them as the end user directly controls the resources they require. This allows firms striving to adapt to the pace and dynamism of business today to deploy highly resilient virtual machines for their staff, dawning a new era of flexibility.

Managers are beginning to realise a change in the dynamics of their businesses now that staff can be networked more cost-effectively, no matter where in the world they are. Employees can benefit from enhanced mobility with access to their individual desktop user profile from any device – Laptop, Thin Client or iPad – from anywhere in the globe within reach of a 3G network. This makes it easy to connect individuals and offices in one cohesive, responsive unit in which users share and synchronise emails, diaries and files. Small organisations can hire home-based workers, or open small branch offices, or more effectively connect employees on their mobiles to deliver seamless, customer service as easily as a large corporation. Cloud Computing also furthers employee productivity and innovation by offering access to the latest technology without the need for any investment in upgrades so small organisations get first class IT on a global scale without having to spend a penny.

IT executives have raised some concerns about the security of their data in the Cloud. But since all data and applications are centralised in a data centre, it is vastly simpler to enable and enforce processes and procedures to ensure security, privacy and other best practices. No data is stored on a device, so you never have to worry about proprietary data coming into the wrong hands if the device itself is missing, stolen or breaks. This is particularly significant with potentially gigabytes of sensitive corporate data sitting on the desk of each member of staff.

But some executives are still hesitant to take the step: their thought is that they would no longer be able to ‘touch and feel’ the systems which drive their company. Alex Parker, CTO of Commensus PLC is not surprised by this reaction, but feels there is enough experience of remote working to relieve those fears. “Data centres have been on the scene for three decades or more: Cloud computing is simply a logical progression of that service. There has been little evidence of businesses experiencing problems with access to data and with comprehensive service level agreements that specify virtually constant availability, any remaining concerns should be set aside.”

Most businesses are small (over 98% have less than 100 employees) and they like it that way: they value the flexibility, responsiveness and customer interaction. It is clearer than ever that the competitiveness of an organisation is now less based on its size than ever before. By having effective use of today’s communications capabilities, small firms can contend against anyone, anytime, anywhere, of any size. If you think it, you can do it. With the development of cloud technology and the applications and solutions available to small business, the sky really is the limit and size is no longer an issue.”

Follow Alex @WhatistheCloud

Help me with part 4 of “Every cloud has a silicon lining”

Hello!  You may have already read parts 1 to 3 of Every cloud has a silicon lining?  If not check it out at

For part 4 I need your help!  Help needed!  Does Cloud Computing make sense in these times of austerity?  Is it a real green alternative?  And any other thoughts and ideas that you may have – just use the reply option below.

Every cloud has a silicon lining | Part 3

In this blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read parts 1, 2a and 2b of Every cloud has a silicon lining head for:



Cloud Computing : Top 5 checks

1)   Does your cloud provider offer security appropriate to the service?  For example, ISO/IEC 27001 Information Security and CRB (Criminal Records Bureau) checks where access to data about children is concerned. Where does the service operate from and is it covered by Data Protection Act (DPA)?  This is crucial where personal data is sent outside of the European Economic Area (EEA)!  Safe Harbor is an alternative safeguard

Remember the 8 key DPA principles are:

  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
    (a) at least one of the conditions in Schedule 2 is met, and
    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

2)   What are the stated availability targets for the service and against what timeframes are these measured?  How quickly will the service be recovered in the event of a major incident, or even disaster?  What penalties, or credits, are in place if Service Level Agreement (SLA) targets are not met?

3)   Do you have enough bandwidth capacity?  Remember, you, your colleagues and your customers may be accessing multiple services from differing bandwidths with varying contention ratios.  Whilst most web traffic is efficient over HTTP and HTTPS (ports 80 and 443), other methods for accessing services such as Citrix, or Terminal Services, can be less efficient – even when encapsulated within HTTP/S.

4)   What options are available for offline productivity?  Gears is Google’s way of offering access to some online files offline by adding additional features to your web browser.  However, Google’s strategy is shifting from Gears to online storage and development ceased in February 2010.

Features available in HTML5 offer equivalent alternatives to Gears and can clearly be taken advantage of by all web service providers.  Unfortunately, HTML5 as a ratified World Wide Web Consortium (W3C) standard is some way off!  However, parts of HTML5 are already implemented in browsers including Web Storage and DOM Storage (Document Object Model) – web application software methods and protocols used for storing data in a web browser.

5)   And finally portability!  How easy will it be to move, or share, your data?  Look for open standards for data migration and interoperability.  In the education marketplace the Systems Interoperability Framework (SIF) is your best bet!  You may also consider options to improve your customer experience through standards for Single Sign-on such as OpenID or Shibboleth (SAML 2.0). This will allow you to provide many cloud services from many different providers, whilst maintaining a single set of access credentials with one-time login and increased security.

Every cloud has a silicon lining | Part 2(b)

In this blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read parts 1 and 2 of Every cloud has a silicon lining head for:


So we’ve already taken a look at what the cloud and cloud computing means?  We’ve tackled the issues of security and supplier lock-in.  Part 2(b) of Every cloud has a silicon lining will deal with reliability and capacity, cost and efficiency.

But first this… Your business, or school, does have data that is highly sensitive and must have an added layer of security and control; you have to deliver specialist services or functions that simply don’t have a good fit within existing cloud offerings; maybe you have core infrastructure that nestles in the midst of all of your services, gluing them together?  This is where you should consider a mixed ‘public’ and ‘private’ cloud services delivery.  The ‘private’ cloud will typically be a data centre that supports virtualisation, has Internet connectivity and allows you to host these most valuable assets with complete control whilst delivering flexibility, scalability and high availability.

Reliability is a constant concern.  In the world of cloud delivered services this is less about the availability of the cloud and the services delivered from it.  Instead it is about the perception of fragility often attached to the ability of the end-user, or customer, to connect to the cloud.

At the top of the list is the reliability and even availability of decent broadband connections.  In my experience, where reasonable to decent broadband connectivity is available, the root cause of any failure or degradation of service lies much more often than not, somewhere other than the broadband itself.  Changes to, or poorly thought out Local Area Networks;  Misbehaving, or misconfigured gateway servers – proxies, content filtering, caching, etc;  client PCs, etc., etc., are all too often to blame.

Perception is Reality

But to quote a very well respected colleague, “perception is reality.  So how do we go about changing perception – or reality?

With efficiency very much at the fore – or in the case of this article, my laziness.  My view on the solution sweeps up capacity, cost and efficiency too 😉

The more services that we move into the cloud, the more reliable the client PC becomes.  All I need to be productive is a device with a slim Operating System and a web browser.  No more installing, updating and fixing applications and bloating of registries.  I don’t even need to worry about the amount of storage on my device, whether it’s a Ferrari or second-hand ‘missed the Government’s scrappage deal’ Rover, or even whether it’s the same device I left home with in the morning!  Whoop, whoop!  From a support point of view the client device becomes almost throw-away.  I mean recyclable.

The more services we move to the cloud, the more we should question the need for locally hosted servers.

“What about the security of my local network?  I’ll need a directory server to make sure that trusted people get to trusted services!”

Really?  If everything is online and your customers and end-users have to login when they get to them, do you really need to worry about all of those extra logins – oh and the licences typically associated with them?  There’s a whole other discussion upon identity management, single sign-on and of course, open standards that’s to be had – and probably elsewhere!

So, we’ve moved out much of the hassle and expense of complex support associated with client software and servers, not to mention hardware refresh costs.

We must have made some savings then?  I doubt that I’d be motivated to be writing on this subject if not..?

I have estimated the savings to be substantial dependent upon the size or number of organisations taking part.  And that’s without considering industry estimates of between 20% and a whopping 80% savings associated with the adoption of Software as a Service – pretty much summarised as web-based applications that are paid for on a metered basis.  A bit like gas, electricity, or your telephone bill.  So we might need an Ofcloud then?

And with all of these savings?  ‘Simples’.  We have part 2 of the solution.  We invest some of these savings back into broadband.  We address the broadband ‘not-spots’.  We increase capacity and we improve resilience.

“You indicated that there would be some efficiency savings too”.

And there are…

If your organisation is made-up of many satellite sites, locally to globally, then you immediately reduce the support overhead – often specialist resources available to go out to sites, or be based on-site.  These skills are typically in short supply and can be much better utilised!

Productivity is increased with reduced potential causes of downtime.

Customers and end-users can access services from any device, at anytime and from anywhere.

Finally, it is far easier to ‘join-up’ your systems if they reside in the cloud.  Uh oh!  I’m back on the open standards soapbox again.

Single sign-on is currently far more achievable when all your apps are online.  Your customers and end-users benefit from only having to remember one username and password and it is proven that valuable resources are accessed more frequently as a consequence.

This also has positive resonance from a security point of view…  Most of us will try and use the same username and password combination across as many apps as possible.  If these details are compromised once, they are compromised awkwardly, many times across many apps.  How easy is it to get these credentials quickly changed across every app?  Let alone remember which apps!?  Perhaps there’s a market for the credit and debit card Sentinel equivalent for the web?

Schools and Local Authorities should explore Shibboleth.

Update information once and reuse many times.  This is more achievable in the online, or cloud, world.  Efficiency gains are potentially massive.  And the accuracy of information shared around multiple systems inevitably saves time.

Here I go again…  For schools and Local Authorities in the UK (and US, Australia, Norway, etc…) education sector there is the Systems Interoperability Framework (SIF).  For more information search for SIF at or visit

In Part 3 of Every cloud has a silicon lining we’ll look at the essential checks before schools or businesses put their heads into the cloud.

Every cloud has a silicon lining | Part 2(a)

In this blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read Part 1 of Every cloud has a silicon lining go to

The emergence of Cloud computing posed a threat to some of the largest and most powerful IT businesses in the world… And it may still do so?  It was inevitable that cumuliform clouds would reign before settling into cirrostratus.

And this tempestuous climate was fuelled by arguments about security and supplier lock-in, reliability and capacity, cost and efficiency…  The arguments continue.  Part 2 of Every cloud has a silicon lining aims to distil the key arguments and offer an objective view.  Oh, and perhaps start off a few more debates? 😉

Let’s tackle security first.

Security concerns are an all too familiar first line of defence against change in the IT world.  Often this is to protect current preferred working practices, or a sound profiteering business model, but mostly because change means risk.  Oh and change!  However, security should not be downplayed and should play a key part in any decision-making process.

Trusting all of the important tools and data that you rely upon to deliver your business, or run your school, to a group of masked cherubs sitting on a cloud somewhere in the ether deserves an initial gulp!  But step back for a moment and meditate upon that gulp…

Masked Cherub on a Cloud

The majority of security breaches are caused by humans.  A cloud provider’s business model relies upon massive economies of scale, ergo less humans, ergo less room for human error – be it deliberate or not.

You would typically enter into a contract with a third party – cloud provider or not – with some, at least basic, clauses and penalties around loss of data or service.  Would you have similar reassurances within your own business?   

There are cost implications to consider here too.  When searching for your perfect cloud providing partner you can specify all manner of security standards that must be contractually adhered to.  The likelihood is that they are geared up for this to be able to appeal to as wider market as possible and achieve the aforementioned economies of scale – it’s a core part of their business – but are you?  How much would it cost your organisation to achieve and maintain the ISO/IEC 27001/2 standard?

How much more would it cost to be certain that your hardware, software and the place(s) that it’s all kept stays as secure as possible?  ‘Simple’ patch management alone can be a surprisingly bulky overhead.  Large cloud suppliers will afford better security tools, experts and infrastructure.

The risks to focus upon are browser vulnerabilities – most cloud services are accessed through the web browser and these are a favourite target for hackers.  A large cloud provider may well pose an interesting target for hackers or even terrorists too!  These risks are mitigated by the highly competitive web browser market and the importance that a cloud services provider must attach to their reputation.  In both cases, even if a vulnerability is not exploited, the knowledge that it existed will be damaging.

And what about supplier lock-in?

Moving all of your services and critical data into the cloud could leave you vulnerable should you decide to switch supplier, or wish to share data in your systems with another service provider?   Your supplier may decide to increase costs, or decommission a service that you rely upon?  You may become dissatisfied with the service, or a better alternative could enter the market?  You may wish to pick and choose services from multiple suppliers for a best of breed solution?

For example, your main cloud provider may offer you an integrated Management Information System and learning platform, library, catering and cashless systems.  However, you want to switch learning platform and integrate with an alternative library system.

The immediate question is, “how do I get my data out?”.

There are some actions that you can take to mitigate these risks.  As well as sensible contractual exit clauses, insist upon services that offer industry, better still open, standards for data interoperability.

In the UK (and US, Australia, Norway, etc…) education sector there is the Systems Interoperability Framework (SIF).  For more information search for SIF at or visit

Furthermore, the likelihood is that competing suppliers will be eager to win your business and will already have tools available to migrate your data from competitor systems.

In some ways there are parallel risks where an organisation develops and maintains services in-house.  For example, data can be ‘trapped’ in bespoke systems and require bespoke, often expensive, solutions to migrate the valuable data out.  A key employee may decide to leave the organisation and take their specialist expertise with them – or hold you to ransom!?

In Part 2(b) of Every cloud has a silicon lining we’ll delve deeper into the advantages of Cloud Computing versus the risks.

Every cloud has a silicon lining | Part 1

In this blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

Cloud’ is certainly shaping up to be this decade’s information communication technology buzzword.  January’s BETT Show 2011 – the biggest UK (and arguably world) trade show of educational technology and resources – signalled this with lots of suppliers, large and small, marketing as many of their services and products as in the ‘Cloud’.

But what does ‘Cloud’ really mean?

There has been 4,403 revisions to Wikipedia's definition of cloud computing since the first entry in March 2007

A Google search reveals countless definitions augmenting the confusion.  Some of this is surely caused by suppliers blurring the definition to ensure that their products or services fit.

Elsewhere industry experts are stammering to reach agreement.  In the first 18 days of 2011 alone the Wikipedia entry for Cloud Computing has been revised no less than 87 times.  That’s nearly 5 revisions per day!  The first entry was on the 3rd March 2007 with a simple link to Utility Computing, described as a metered utility approach to the delivery of computing resources.  Since then there have been 4,403 revisions and counting…

My personal preference is for the following succinctly put definition:

“The term Cloud is a metaphor for the Internet.  Cloud is a different technological approach to the traditional data centre or in-house service where physical hardware and connectivity is purchased as required.

Put simply, hosting services in the Cloud in an infrastructure as a service model reduces the need for detailed capacity planning and management – a subscription model for computing power more aligned to utility services such as gas, electricity, telephone, water, etc.”

Examples of Cloud Computing are many.  From office productivity, collaboration and communication tools like Google Apps or Microsoft Office 365, through to backup, file management and media sharing such as Zmanda, Dropbox, Flickr and YouTube.

If the software that you are using and the files that you are creating are independent of your PC; and you can access them at anytime and from anywhere with an Internet connection, using only a web browser, then you are working in the Cloud.

In fact, there is arguably little that the typical office and home user, student or teacher, can’t do today in the Cloud, that they can using software installed on a local PC or server.

So…  I get what Cloud Computing is.  But what are the advantages and what are the risks?

In Part 2 of Every cloud has a silicon lining we’ll explore the advantages of Cloud Computing versus the risks.