Subscribe
RSS news feed
Add to Technorati FavoritesRecent Posts
- free as in "free spirit"
- Application Distribution in the Cloud
- We don't need social media
- Weekly digest
- Are user stories an alternative to (smart) use cases?
- Twitter: the end of the gossip magazine
- For the sake of being social
- Weekly digest
- Twitter is a competitive sport
- Weekly digest
Navigate
Search the blog
Infrastructure Services / Security
Moving from service to infrastructure
Are you using a certain service? Do not judge it by its cover. Sometimes the medium someone is using for a service will become some kind of personification of the service. Like for some Outlook is equal to email and TweetDeck for Twitter.
For example some weeks ago I was having a conversation with a colleague on Yammer. At a moment in the discussion I referred back to a previous conversation that was related to the subject, she told me that she read that discussion, because she already received my emails of this conversation. At first this was rather surprising for me, especially since I only spoke to her via Yammer and never send her an email before. When I gave it some thought, I realized that you could also Yammer via email (as you by the web interface, SMS, IM and third party tools).
What I also realized that we never get rid of email (even if we really want to) and that some services will move from service to infrastructure. Twitter and Yammer are both moving (or already there) towards being a piece of infrastructure (a protocol) and people can use these protocols to communicate with one another. People can choose which tools they use to use the protocol. It could even go further (especially with the tools that take care of distributed microblogging) and tools could even make the protocol irrelevant (which should be done, since it is about communication and not about data exchange via a specific protocol). This way someone might read the information you posted to Twitter on his TV while accessing Facebook.
It will be just a matter of time till services and protocols become more and more irrelevant to the end users, they will not even be aware of the fact that they are either using Twitter or Yammer or Facebook, the service itself is hard to differentiate on anything other than the network effect. The medium will matter, since every medium has its value. It should be the ultimate goal of every service: moving from being a service to becoming a piece of infrastructure.
If you like this article please retweet it
Rick Mans is Information Architect and a social media evangelist within Capgemini. You can follow and connect with him via Twitter or Delicious
In search for cloud companies in the risk mitigation space
Are you a software company or startup that is focused on delivering products or solutions in the cloud or SaaS space in the field of risk mitigation? Think about Jericho-style security, cloud-VPN, appliance-based solutions, monitoring/administration, etc. Do you have the next big thing (whether or not NDA covered) that will solve difficult issues related to private clouds, infrastructure, data center?
Well, we are searching for you then! :-)
Drop a mail to lee dot provoost at capgemini dot com or even better, contact me on Twitter.
---
Lee Provoost is a Cloud Computing Strategist and ERP+ lead at Capgemini. You can follow his ongoing stream of thoughts on Twitter http://twitter.com/leeprovoost.
Top 5 facts on cloud computing (and why it matters)
Last weeks were cloudy. Microsoft announced a Windows Cloud OS. Amazon announced that Windows will be supported in their Elastic Cloud. The blogosphere was full of comments on the brilliant talk of Larry Ellison at Oracle Expo where he stated that Cloud was something like old fashioned and vaporware. Like an echo, Richard Stallman, the father of the most disruptive innovation of the last 30 years when it comes to software and law, called Cloud Computing just plain stupidity (See Mark post on that). So many buzzwords in PRs. So many lyrical speeches. Is the IT planet going mad when it comes to clouds? Yes. And there is a reason. Cloud computing is going to be huge. Bringing Innovations to Business & IT like the Internet or the Web did in the past.
The cloud is a part of the Invisible Infostructure described in Capgemini’s Technovision 2012. The cloud has emerged in the Infrastructure space, enabling real-time IT resource provisioning. You want 10 servers for a peak on your e-Commerce site? You have them. 20 more? Ok. You’re in the financial services and you want 100 less servers? No problem. That’s the promise. You provision what you need, for the duration you need. And you are billed for that, and only that. The launch by Amazon of such a service in 2006 has created the buzz, and focused the attention on the cloud. Hosting Providers like Joyent, Mediatemple, GoGrid or Gridlayer are paving the way to massive Cloud adoption on the Internet. Many Web 2.0 services all over the net are relying on them. Pure players like Flexiscale, Enomalism or Cohesive are paving the way to corporate use in Fortune2000. And IBM, Microsoft and –yes- Oracle are leveraging their positions to catch the Clouded Infrastructure demand as well.
After the Clouded Infrastructure, as very clearly explained by the RightScale team, the cloud went up to application platform space. Clouded Applications. Google Apps Engine,QuickBase, MOSSO or force.com let you develop your application, send it to the cloud and deploy it for a fraction of the usual costs. Cloud is not Software as a Service, but not far way. SaaS offerings are more and more relying on the Cloud. And some just call SaaS “Clouded Application””. Whatever the definitions are, one thing is sure: SaaS providers are injecting millions of dollars in the Cloud.
Cloud is moving fast. And here are 5 facts we cannot ignore to help business benefiting from it.
Fact #1: Yes, Cloud computing is trendy.
Is it a reason to ignore it? No. Ignore snobbism. The key is not to be buzzword compliant or to join the trendy game of buzzword bashing. The game is: what the cloud can bring to my business? 
Look at what changes the cloud can make to the economic equation of IT operation, or what it can bring to agility and security. Forget buzzwords, look at facts.
The adoption driver for Cloud adoption is unbeatable: moving IT costs from Capex to Opex. Not investing millions before using, but paying for what you really need, when you need it. Instead of investing in rigidity, you buy agility. Look at the IDC study released last week. Businesses want the clouded infrastructure because of pricing. You can’t beat that.
Fact #2: No, the Cloud is not (that) new. It’s just a…disruptive Innovation.
Is Cloud computing that new? Not really. Will it reshape the way we use and buy IT power? Definitely. Like Ajax and DHTML, two 90's technologies that changed the face of the Web 10 years later, Cloud computing is not new. It is based on virtualization, extended file systems and open source operating system and software. It’s not new but it will change forever a part of the industry. The cloud is an innovation. Like the Internet in the 90’s, the cloud is an aggregation of ideas and solutions that just work…And the cloud will change IT landscape like the Internet changed, well...the world.
Fact #3: Yes, the Cloud is generating security concerns about privacy & reliability.
That’s the case as soon as you put a byte on a disk. Like Mark said, many users (and corporations) can deal with that. And if SaaS is one thing, Clouded Infrastructure is another thing. Many cloud infrastructures are based on open source software: Xen for virtualization, Linux for operating system, MySQL for database. If you thing privacy and security come with open source, you’ll find what you need in the cloud. And yes, Amazon EC2 is not providing –yet- SLAs. But other do. You will see a growing number of Cloud providers with all imaginable SLAs. The market will adapt. In the mid 90’s, IP reliability was supposed to be problem against X.25. Remember who won? :-)
Facts #4 : Software Architects, be prepared
The Cloud will change the way we design and build applications. We’ll go for a stateless world like Jeffrey Birnbaum of Merrill Lynch explained very well al Linux Expo. Ubiquitous storage, strong naming conventions and immediate horizontal scalability. Making software run well on many processors and making them scale linearly when adding horsepower. Look at what Google did with BigTable or Map and Reduce. Look at the BASE design pattern against the more traditional ACID pattern. Some drastic changes are coming in the way we design things. Internet companies like Google, Amazon, YouTube or Twitter do not have the same integration complexity as we have in modern corporate information systems. But learn from them. They scale and serve millions of users. Paypal is a bank. Google is a huge information system mixing mail & office productivity apps. Salesforce.com is a 360° CRM. Look at their architecture, learn from them and reuse when adequate. You can find some details on their architecture on HighScalability.com. It is worth a deep look. Software Architects, be prepared to the Cloud.
Fact #5: IT Architect, be prepared. The cloud effect is coming fast.
You probably already had one of your Business stakeholders coming into the room and saying “Hey, I can’t understand why it takes so long to have our CRM up and running. I can have a full one in minutes with Salesforce.com !”?. The Clouded Infrastructure will generate the same kind of “hey, I can have 100 virtualized OS in a matter of minutes on the Internet, why can’t I have 2 more servers for my ERP system?”. You’ll need to provide answers, explaining that the enterprise must leverage its core backbones, that security and integration issues are important for business, and well… Yes, you are going to provide the same king of agility and provisioning strategies as the cloud does.
Be prepared to the clouded infrastructure. Use it when it reduces the TCO of your infrastructure while increasing your agility. Build your own cloud. Use the outsourced one. Or mix both strategies. Yes, the future is cloudy, and not only because of Wall Street.
Fell free to Digg this post if you liked it. Some performance testing to see if our Cloud is ready :-)
Clouded opinions on The Cloud
The following headline caught my attention a few days ago when I saw my Twitter client pop it up in the corner of my screen (see, microblogging is a good thing):
onsaas HEADLINE: Richard Stallman On Cloud Computing: Stupidity - http://onsaas.info/46jazx
It links to a blog post by Serdar Yegulalp on the Informationweek's Open Source Weblog. In this post Serdar reacts on Stallman's rather strong opinions on Cloud Computing recorded in an interview published in the guardian.co.uk.
The headline of this interview provokingly reads:
Cloud computing is a trap, warns GNU founder Richard Stallman
Web-based programs like Google's Gmail will force people to buy into locked, proprietary systems that will cost more and more over time, according to the free software campaigner
Richard Stallman is the founder of the Free Software Foundation and creator of the GNU Operating System. He basically opposes all proprietary software technology. Another citation from the interview:
It's stupidity. It's worse than stupidity: it's a marketing hype campaign.
With these words, Stallman means that cloud computing is a trap aimed at forcing more people to buy into locked, proprietary systems that will cost them more and more over time.
I am using Google's applications more and more, and I am feeling quite the opposite of trapped. I feel liberated. I am free in choosing when and where I access my documents and e-mail, free in the choice of device that I use, and free of worries about the safety of my documents (backups are a thing of the past).
Sure, I am putting much trust in The Cloud, but trust is a value I am choosing to rely on for anything I do on the web. Without trust, the web wouldn't have evolved into what it is today.
I would definitely and confidently move Carl Bate's slider a good way to the right.
The hyper corrective browser
I just had a discussion via Twitter about the desired behavior of browsers during an endless javascript loop (e.g. while(true){alert("test");}). One of my friends suggested that browsers should correct this kind of code. Browsers should do this in order to prevent endless loops that crash you browser or your operating system.
This really sounds horrible to me. Whenever I write code I would like to see it executed the way I wrote it, not the way I could have probably thought about it that it should work. If I write lousy code, let the browser crash, let my operating system crash and probably I will learn something of it. In the worst case even valid code could be corrected by the browser since it could match a pattern that is used to filter invalided code blocks. That would be a real developers nightmare: hyper correcting browsers that are adjusting valid code blocks combined with all current known specific browser quirks.
However this hyper correcting behavior could make the web even more insecure. Microsoft will probably implement some protection in Internet Explorer 8, at first sight this is pretty nice, however there are quite some (amateur) developers that 'test' their websites in only one browser. After testing it in e.g. Internet Explorer 8 it assumed save and published on the Internet. However when using a different browser XSS is still possible and the visitor can still be harmed by these kind of attacks.
With all these hyper corrections you will be in the end only safe on the Internet depending on what browser you use. This is incorrect you should always be safe on the Internet no matter what browser you use. The developer is responsible for the security /usability of his web page/ application, not the browser! The browser should only be supportive to visit and use this page / application.
A dilemma for Personal Data protection in the digital age
Security breaches involving personal data and the inadequacy of the controls protecting this data in many organisations was brought to the top of the news agenda in late 2007, making it something of a watershed year regarding the security of electronically stored personal information at companies. Many businesses are now in the process of doing the work needed to answer the question: “are we next?” - IT security controls are being examined!
There has been a huge amount written about this; journalists have had a field day! I’ve read a lot of it and have no intention of continuing the feeding frenzy. Instead, I want to hone in on a particular aspect that intrigues me both professionally and personally, so I hope this will provoke some response.
It seems something of a paradox that a cornerstone in the IT security world’s blueprint for providing controlled access to personal data requires … the use of more personal data. I’m talking about Identity & Access Management (IAM) systems and the way that IAM needs strong digital credentials in order to validate online identities.
For most purposes today those credentials take the form of ‘secrets’ - passwords, pass-phrases, my mother’s maiden name, my favourite year etc. The evolution of IAM as a discipline within Information Security is demanding better, more robust online credentials. The result is we all have to offer more personal data, more shared secrets to ‘prove’ who we are when online.
There has been much abuse of this too. Like many people I’m sure, I get annoyed at being asked to provide personal information such as my home address, my age, my occupation and so on in order to make an online purchase. Why is that? If I walk into a shop I don’t have to tell the shopkeeper anything at all, so why should I risk giving it to an organisation that has little incentive to look after it properly? (- yes, I am implying that data protection legislation needs better enforcement!). This rather blatant data harvesting is not only annoying, it potentially puts my personal information at risk (- yes, I am implying that data protection legislation needs better enforcement!).
The demand for better and stronger IAM credentials is a movement, inevitably, towards greater use of biometric information. From an identity credential perspective this is great: here is my credential, a unique, digitised representation of the physical me! This biometric credential is surely much more difficult to subvert than a secret. Unlike a secret, which can be intercepted, stolen or negligently exposed, I can just present the real, unique, physical me to a reader (e.g. fingerprint or iris) and the digitised result is compared to a stored version of … ah, here’s a problem:
There must be a pre-existing, validated copy of my ‘digital body part’ stored electronically somewhere. Where does that information rank in terms of sensitivity of personal data? - Surely there’s no information more personal than this?
And, remember, this is all for the purpose of enforcing secure control on access to personal information. Isn’t that rather circuitous? There’s work to be done here!