A day doesn't pass by when I don't see an email, article or tweet that says "I'm tired of cloud marketing and cloud hype" or something equally negative. Granted, I spend more time with security greybeards and hard cores but anyone hoping to profit from offering cloud infrastructure or cloud-based services should pay close attention to this signal because it's growing in frequency and strength. Perhaps it's time to ask why.
Clouds are marketed as must-have-now, innovative and secure. Let's look at the problems each of these marketing points create.
Pace of Adoption
Enterprises and large organizations don't always do now very well and they adopt new slowly. Look at the history of wireless LANs. While it's hard to conceive now, wireless LANs actually languished for a very long time while corporate IT pushed back with a litany of excuses to not do wireless: "it's not secure, we can't control who's on it, it's not as fast as wired Ethernet, adapters are finicky..." These are all manifestations of fear: fear that change increases the risk of intrusion, data breach, performance, and increased helpdesk calls. |
Peter Baer |
Clouds are Evolutionary not Revolutionary
Clouds are also marketed as being revolutionary or innovative. Clouds are evolutionary, perhaps eventually they will be disruptive, but they are not overly innovative. Let's test my claim. If you agree that network and location transparency, location independence, high availability, file access transparency, etc. are characteristics of cloud computing, then it may surprise you that these were all implemented in the 1980s in the LOCUS distributed operating system [1,2]. (This is not a recent find, I used LOCUS as a case study in a Bellcore report discussing why telcos needed to deliver broadband in 1989.) If you also agree that virtual machines and in general, the notion of virtualization also antedates cloud computing, then I trust you'll agree that cloud computing isn't new: bandwidth, memory, CPU and storage just caught up to the vision that Walker, Propek, English, Kline, and Thiel shared in 1983. Claiming something is innovative when it is not disrespects the true innovators. This kind of hype is responsible for much of the loathing.
Cloud Security Hasn't Weathered Test of Time
Lastly, clouds are marketed as being more secure. This is a dangerous claim because it is made without qualification. Eventually, at least for large market opportunities, cloud marketeers must meet IT and such meetings are almost always on IT's turf. At that point, the cloud folks have to convince IT that the cloud is more secure than the network that IT administers. That's a tough sell to rock solid IT departments, especially when cloud security is ultimately bounded by the same constraints as the enterprise - expertise, quality of processes and workflows, technology, monitoring, review, testing... - and also subject to the same if not expanded attack surface. Rock solid IT departments have heard these arguments before, ad nauseum (a.k.a., sickness unto death).
None of these marketing ploys are helpful. Instead, I consider a Kierkegaardian leap of faith (you knew it was coming): forego the current marketing mantra and to try something more direct and simple when you discuss clouds with prospective customers.
Three Simple Truths About Clouds
1) Don't be afraid of clouds. Clouds are evolutionary not revolutionary. Clouds leverage innovation and experience accumulated over nearly 20 years of experimentation and implementation. Shed the fear. 2) Clouds have a great pedigree. Share the history of distributed processing and virtualization. Acknowledge past accomplishments, with attribution, as a means to confirm that a cloud is A Good Thing! In so doing, folks will admire you more and loathe you less. |
3) Clouds face security challenges. The last thing anyone responsible for security wants to hear is comforting words or bravado. Marcus Ranum is known for saying "If conventional Internet Security wisdom was working, the rate of systems being compromised would be going down". We all know that if anything, the rate of system compromise is increasing. Don't overpromise; instead, earn trust and confidence by collaborating with security and operations communities to identify and mitigate threats unique to clouds.
"corporate IT pushed back with a litany of excuses to not do wireless: "it's not secure, we can't control who's on it, it's not as fast as wired Ethernet, adapters are finicky"
These are not expressions of fear, they're facts. Wireless is flaky as hell.
Posted by: Alan Bourke | Monday, 18 April 2011 at 12:27 PM