Cloud Computing in Close Up_CIO Magazine

8/2/2019 Cloud Computing in Close Up_CIO Magazine

1/24

CLOUD COMPUTINGIN CLOSE-UPThe ability to move IT inrastructure, applications and storage onto the Internet has sparked

curiosity, enthusiasm, scepticism and sometimes panic rom Canadian chie inormation

ofcers. We walk through the adoption process rom beginning to end, looking at the skills and

strategies you need to be successul. A special report

A Supplement to IT World Canada Publications http://itworldcanada.com/hub/cloudcomputingn IT World Canada Publication PM 40063800

Click on the video below to watch ourinterview with RAIMUND GENES


2/24

Nowweretalkingprivatecloud,notjustvirtualization.

WindowsServerischangingtheconversation.

Thevirtualizedserverisabigdeal.

Ithelpsbusinesses,bigandsmall,makeITmoreefcient.

Butwhatcomesnext?

Entertheprivatecloudawaytomanageyourinfrastructureasapoolofcomputingresourcestodeliveryourapplicationsandbestservetheever-changingneedsofyourbusiness.

WindowsServerHyper-VandSystemCenterputyouincontrolwithcompleteend-to-endservicemanagement,aswellastheabilitytotapintothepowerofthepubliccloud.

Andthatsreallythewholepointofhavingaprivatecloudinthe rstplacecontrol.

Itsyourprivatecloud.Ifyouwanttorundifferenthypervisorsandoperatingsystems,thatshouldbeyourchoicetomakebecausethetechnologyandvendorsyouusearetheretoserveyourbusinessneeds,nottheotherwayaround.

ITisnolongerjustabouthardware.Orsoftware.Ormaintenance.Itsabout ndingnewefcienciesandnewwaysofdoingthingsthathelpyourcompanysbottomline.

Sothelesscompanybrainpoweryoudevotetoxingoldthings,themoreyoucandedicatetocomingupwithnewthings.

Morecomputingpower.Andmoreavailablebrainpower.

ThatsCloudPower.

Microsoft.ca/cloud/privatecloud


3/24

3C L O U D C O M P U T I N G I N C L O S E - U P

TABLE OF CONTENTS

RESEARCH THE MARKET

Editors Letter 4

Cloud Computing on camera 5

As CIOs see it: 3 cloud perspectives 6

CONNECT WITH YOUR PEERS

Canada Cloud Network eyes procurement changes 8

CHOOSE YOUR APPROACHPublic/private clouds: How do you choose? 10

HP Canada president weighs in on cloud debate 12

BUILD IN SECURITY

Trend Micros CTO speaks out 14

UNDERSTAND THE CONTRACTS

Legal issues to keep out o the cloud 16

Gartner analyst reveals cloud contract gotchas 19

STAFFING AND SKILLS

ICTC on the clouds labour market impacts 20

TEST YOURSELF

Our cloud computing assessment tool 22

14Trend Micros CTO wasin Toronto recently.Hear his thoughts onbuilding security intoyour cloud project.

5

10

20

16


4/24

4 C L O U D C O M P U T I N G I N C L O S E - U P

EDITORS LETTER

A hub you hold

in your handsThe cloud doesnt really come with anoperating manual, but what youre about toread is as close as most CIOs will ever get.

Although we have been writing about cloud computing since it became

a catchphrase in the mid-2000s (and even long beore that, when it was

called on-demand or utility computing), we realize that a lot o stories

simply come and go, particularly i our community is accessing them

online. Thats why, early in 2011, we decided to launch a special hub on

ITWorldCanada.com that would act as a Cloud Computing Resource

Centre a place to aggregate all our related articles, videos and expert

advice rom vendors, consultants and other IT leaders.Unlike most o our sites, however, I specifcally asked this one to be

organized according to the typical purchase cycle. This was important

because i you star t doing any research on cloud computing, youll

soon fnd yoursel overwhelmed with inormation. In many cases,

CIOs arent looking or cloud 101-type introductory material. They are

looking at practical steps to implementation, and beyond. Our con-

tent, thereore, was divided into early-stage research on the technol-

ogy, a place to keep track o the various cloud oerings rom myriad

providers, content ocused on the actual transactions o moving to

and paying or cloud services, and fnally managing the assets that sit

in the cloud, whether its a private cloud in your own data centre or

something thats been handed o to a third party.

The Cloud Computing Resource centre will continue to grow, but

the area we clearly need to spend more time on are those last two

categories: purchasing and managing. For too many CIOs, cloud still

means risk, and there has to be proactive ways to prepare and miti-

gate the worst risks.

Ater months o publishing this content online, it made sense to

bring together the best o what weve done into a how-to guide that

could be used as a reerence tool, either now or six months rom now,

depending upon the individual reader. O course this isnt a defnitive

manual, but that would be impossible to produce, because like any

other area o IT, cloud computing is continuing to morph and change

depending on customer and market needs.

Like the online resource centre, we tried to structure this publication

in the way that we expect CIOs will journey to the cloud. We start out

with whats happening locally here in Canada to change the purchase

process. We ace the big public/private question head-on. We explore

the security issues, the potential legal pitalls, and the stang concerns.

We end o with a tool to test your knowledge beore you go any urther.

I cant predict how long well be concentrating on this topic. There

was a time when a similar hub and special report about serv ice-

oriented architecture would have made sense. Not long ago, similar

resources or virtualization would have been a no-brainer. Its once

the conversation dies down and implementations are just a part o lie

that you know some best practices have been established. In an ideal

world, CIOs have successully mastered a technological transition

when the chatter about it disappears in a pu o smoke or maybe I

should say goes up into the clouds.

Shane SchickEditor-in-Chief

ART & PRODUCTION

SENIOR GRAPHIC DESIGNER

Mel Manasan

CREATIVE DIRECTOR

Jeff Coles

EDITORIAL

EDITOR-IN-CHIEF

Shane Schick

CONTRIBUTORS

Grant BucklerVawn Himmelsbach

Peter GalanisRafael Ruffolo

Sheldon Polowin

IT World Canada is an affiliate of International DataGroup (IDG), the worlds largest publisher of computer-related information and the leading global provider ofinformation services on information technology. IDGpublishes over 300 computer publications in 85countries. Ninety million people read one or more IDGpublications each month.

CIO Canada is published 6 times per year by ITWorld Canada Inc., a unit of the Laurentian MediaGroup, Michael R. Atkins, Chairman, 55 TownCentre Court, Suite 302, Scarbo rough, Ontario M1P4X4 Telephone: (416) 290-0240 Fax: (416) 290-0238. Publishers of Network World Canada,ComputerWorld Canada, Canadian Dealer News and Direction Informatique. One year subscriptionrates: Canada $55, US $65 (US) and foreign $95(US). Single copies $6.00. Please add GST whereapplicable. Address subscription to CIO CanadaCirculation Department, 55 Town Centre Court,Suite 302, Scarborough, Ontario M1P 4X4. Whennotifying us of a change of address, please include

address label to assure continuity of service. Allrights reserved. The contents of this publicationmay not be reproduced either in part or in wholewithout the consent of the copyright owner. Theviews expressed in this publication are notnecessarily those of the publishers. Requests formissing issues are not accepted after three monthsfrom date of publication.

Date of publication May 2011. Printed in Canada.GST Registration # R122605769 ISSN: 1195-6097

HOW TO CONTACT CIO CanadaTelephone: (416) 290-0240Fax: (416) 290-0238Mail:CIO Canada,55 Town Centre Court, Suite 302,Scarborough, Ontario M1P 4X4E-mail: [email protected], employees may be reached using acombination of their first initi al and last name, forexample: [email protected]: www.ITworldcanada.com

SUBSCRIPTION INQUIRIESTelephone: (613) 475-3217 or1-800-565-4007Fax: (416) 290-0239 or 1-800-565-8148E-mail:[email protected]

For printed and electronic reprints,please contact Jeff Colesat 416-290-0240 or

[email protected]

PUBLICATIONS MAIL AGREEMENT NO. 40063800

RETURN UNDELIVERABLE CANADIAN ADDRESSES

TO CIRCULATION DEPT IT WORLD CANADA INC.302-55 TOWN CENTRE COURT

SCARBOROUGH ON M1P 4X4

E-mail: [email protected]

PAP REGISTRATION NO. 10784

We acknowledge the financialsupport of the Government of Canadathrough the Canada Periodical Fund(CPF) for our publishing activities.

CORPORATE

CHAIRMAN

Michael R. Atkins

PRESIDENT & GROUP PUBLISHER

Fawn Annan


5/24


RESEARCH THE MARKET

Cloud Computing on cameraOur video library is lled with useul clips about key vendors,

strategies and user success stories. Heres a handul worth watching.

Cloud Computing and thefuture of the IT departmentIBM Canada distinguished

engineer Tom Wheatley explores

the trend towards cloud

computing and imagines how

it will change the role o CIOs

and IT managers in Canadian

enterprises.

http://bit.ly/kkCnzN

Own the podiumspath to the cloudIT manager Jason Cox describes

how the cloud helps Canadian

Olympic athletes and their

coaches win Gold.

http://bit.ly/lmrGH5

The Wire: HP to oer publiccloud serviceAt HP Summit 2011 in San

Francisco, CEO Leo Apotheker

tells analysts the company

is ocusing on the cloud. The

company will also open a

marketplace or applications

and cloud-based services or

enterprises, small businesses

and consumers.

http://bcove.me/xp2tyeiz

Microsofts NationalTechnology Ocertalks cloudJohn Weigelt, national

technology ocer at Microsot

Canada, highlights the

companys cloud strategy and

speaks o partner opportunities

there as well.

http://bit.ly/kHQbvn

In Conversation:Jonathan Day-ReinerThe director o IT operations

or online marketing frm

80/20 Solutions discusses

why his company shited its

inrastructure to the cloud. With

ComputerWorld Canada Editor

Dave Webb

http://bcove.me/llpdht80

Centrilogic CEO on thebusiness case for cloudcomputingRobert Oey talks to Network

World Canada about why

customers are turning to his

frm or help with setting up on-

demand IT inrastructure.

http://bcove.me/131jfa1e


6/24


RESEARCH THE MARKET

As CIOs see it:

3 cloud perspectivesCloud computing for dummiesActually it was a room ull o CIOs and IT

decision makers, but what I heard recently

at the Midsize Enterprise Summit 2011

keynotes provided one o the better explana-

tions o cloud computing And it came rom

a major vendor no less!

Jordan Chrysafdis, Microsots VP oSMS&P, outlined cloud computing based on

needed outcomes rather than a sales pitch

or their products (that came later but the

frst part o the presentation was pretty

product neutral).

He presented a breakdown o private vs.

public cloud services, rom an economies o

scale perspective. Apparently the real sav-

ings in cloud come at around 10,000 servers,

where the TCO per server is reduced to a

raction o the expense o a single server.

The average data centre has nowhere near

10,000 servers, and as such, the TCO per

server remains higher.

Savings can be realized in the ollowing

areas:

Hardware typically represents 45% o

your data centre costs. 30% savings using

public cloud data centre can be achieved.

Facilities represent 15%. 35% savings are

possible.

Operations 15%. 70% savings

Power 15%. 90% savings

All o these numbers are achieved through

better utilization: Sharing with people in di-

erent time zones, and dierent industries can

result in more ecient utilization patterns

He went on to discuss the inrastructure

as a service market, (where the ocus is on

hosting), the Platorm as a service market

(where the ocus is on building), and o

course the Sotware as a service market

(SaaS), where the ocus is on consumption,

three elements o what is now presented

as cloud.

My real point o the post is that it was

rereshing to hear cloud computing put into

a context that even a CIO could understand.

(Marketing people take note).

Kevin Pashuk, CIO, Appleby College

Why should I care?I was speaking at a Computerworld Canada

event in Calgary and Edmonton in 2010. The

ocus was on Linux as the proper operating

system or the cloud. While I brought over a

decade o Linux in the enterprise experience

to the discussion, my real ocus was on the so-

lution or business rather than the act it wasdelivered as a cloud application or service.

When we think o the cloud it is clear that

there are a number o dierent perspectives

on what is a cloud, as well as oerings rom

the cloud. Basically as rule o thumb cloud

oerings ft into these categories:

Inrastructure

Services

Sotware

Storage

Storage is the newest type o oering in

the cloud. My personal experience has been

ocused on the most popular category, which

is sotware, more commonly known as SaaS

(Sotware as a Service). We use solutions or

Payroll, HR, Sales and Marketing CRM, and

our US Core Business suite so I have gone

through this discussion multiple times.

Th act is that the solutions we chose were

not about the cloud at all; they just happen

to be delivered via the cloud. This again

reinorces the old axiom that you should

select sotware based upon your business

needs and not by the technology. The cloud

is ater al l just an alternate delivery model,

not some revolutionary new technology. In

act, without divulging my age, I remem-

ber when you bought IT services (because

computers cost too much or most business)

in time multiplexed models. That was a cloud

o sorts based upon the general defnition

used or a cloud today. The clouds o today,

though, are uniquely identifed because a key

requirement or todays cloud is the use o the

Internet as a connection methodology.

With cloud solutions today there appears

to be over-enthusiasm, that they are the new

panacea, when in act it is just another way

to deliver very valuable solutions.

Nigel Fortlage, CIO, GHY International

Contestants rom our annual Blogging Idol contestwere asked to weigh in on the hottest topic in IT.What they told us

Gorilla clouds?In Georey Moores books (Crossing the

Chasm, Gorilla Game, etc) the gorilla is

the market-share leader whose position is

sustained by proprietary technology that has

high switching costs (Wikipedia says so!!).Ive always said owns the architecture and

costs too much to change vendors with

Cisco being one example, Intel another and

Microsot being the other major case study.

Crossing the Chasm also talks about the

need to transition rom early adopter stage

to mass market penetration in order to grow

and gain momentum. So, how does this ap-

ply to cloud computing?

One o the questions that needs to be an-

swered is: Where in the technology adop-

tion curve has cloud computing (or IaaS,

PaaS, and SaaS independently i you want) crossed the chasm? Is cloud computing

even a single specifc market segment or is it

really multiple market segments (each with

its own chasm)?

Another question that begs to be answered

(so that we can invest in the winners, not the

losrers) is: Who is going to be the Gorilla

o cloud computing? Or will there ever be

a single gorilla? Is there an architecture

or cloud computing that someone owns or

controls? How easy is it to switch rom one

cloud supplier to another?

I think that part o the problem these

days is thinking that cloud computing is

a single product type targetting a single

market segment. It is not. That would be

equivalent to saying that distributed com-

puting is a single product meeting a single

need in the marketplace. Once we can

identiy the market requirements that cloud

computing can meet, then we will be much

arther along in developing the solutions,

establishing standards and judging success.

Only then will we get past the technology

hype cycle.

Another issue is that most o us are

already users o cloud computing (depend-

ing on how you defne it). For example,

Twitter and Facebook sure look like SaaS to

me (although the pay-as-you-go part is not

relevant). Most o us dont really think o

public applications such as Hotmail or Gmail

as being cloud computing, but perhaps we

should be changing our views.

The question is, do you think the ideas

Crossing the Chasm ideas apply, that they are

relevant, that they predict the uture and,

perhaps most importantly, that they allow us

to pick the winners?

Don Sheppard, CIO, ConCon


7/24

ThemosTcomprehensivesoluTionsforThecloud.onearTh. Microsoft

Ofce365 WindowsAzureWindowsServerHyper-VLearnmoreatMi./

IMtheeMperorofeffIcIency.

IcontrolwhatIwant,whenIwant.prIvatelyandpublIcly.

IcanuseMyexIstIngassetstoachIeveMyfuturegoals.

IcanspendonwhatIneed,notonwhatIdont.

IcanplaylIkeanoptIMIstandpaylIkearealIst.

Ihavecloudpower.


8/24


CONNECT WITH YOUR PEERS

n Neil McEvoy wants businesses toget on to his cloud.

The ounder o Toronto-based Level 5

Consulting has launched a project called the

Canada Cloud Network, which he hopes will

help stimulate the growth o cloud comput-

ing in Canada. Part o the project is a web-

site, OpenRFP.net, where McEvoy is posting

inormation about Canadian government

contracts.The idea is to put the procurement process

online and make it openly acces-

sible, McEvoy says. He hopes to

encourage cloud-related compa-

nies both Canadian and oreign

to work together to create

proposals to address government

needs.

McEvoy says he aims to put

smaller cloud-related companies

in touch with major contrac-

tors bidding on big government

contracts, such as an eort to

move Elections Canadas Web

site to hosting in the cloud. The

wide variations in trac on that

site quite low except or major peaks during

elections makes it a perect candidate to be

hosted in the cloud rather than on dedicated

in-house servers, McEvoy notes.

That part o McEvoys project goes hand in

hand with another, which is advocating or

more use o government procurement as a

way o stimulating new technology research

in Canada.

A lot o what Im looking to do is identiy

best practices in innovation in general,

says McEvoy, who was a business develop-

ment manager or PricewaterhouseCoopers

or about a year beore starting Level 5. He

previously worked or British Telecom and

ounded and ran a European application

service provider.

He thinks one o those best practices

is something called orward commitment

procurement. The idea, he says, is or govern-

ment to state a buying requirement or the

type o innovation we want to see in the mar-

ketplace. In short, the government calls or

proposals to supply technology that doesnt

exist yet, in order to encourage the research

and development necessary to develop it.

Its an idea the British government has

used to promote development o its clean

technology sector, McEvoy says. He isnt

aware o other examples o its use, though

he agrees that the eect might be similar to

the way the U.S. space program once helped

stimulate development o new technologies

that later ound broader use.Cloud computing is immature in Canada

today, says Darryl Humphrey,

a senior manager at Deloitte

and a member o the consulting

frms global leadership team or

cloud. In general I would say

our market is characterized by

cautious buyers and somewhat

distracted vendors.

Research frm Interna-

tional Data Corp. (Canada) Ltd.

recently profled 10 Canadian

cloud startups, saying in a

statement that its a good time

to be an emerging cloud com-

pany in Canada.

The Canadian cloud market is small and

has unique needs due to actors such as

privacy laws, Humphrey says, so its tough to

achieve much scale.

Government can help with that, he says,

and one way to do it is through procurement.

When you look at the Canadian market,

there are not that many players that can

provide scale and the ederal government is

one o those.

The Canada Cloud Networks eorts to

inuence government procurement are in

their very early stages. McEvoy has written

a white paper on the subject entitled Canada

Cloud 3.0: Building Canadas Digital Economy

Advantage Through Cloud Computing. As or

approaching government ocials about his

ideas, he says, thats really my next phase.

So what has he done so ar? About a hal-

dozen companies, some Canadian and some

U.S. players looking to build their presence

in the Canadian market, have signed up or

access to OpenRFP.net, which is ree. In

time, McEvoy says, hell be looking to sign up

The Network effectI cloud computing is to take o in Canada,

we may need to rethink the procurement process.

A grassroots eort is launchedBY GRANT BUCKLER

corporate sponsors or the project, and ven-

dors will pay to participate in joint proposals.

One o the companies involved today is

Kaulkin Inormation Solutions, the Rock-

ville, Md., maker o kloudtrack, a sotware as

a service tool or governance, risk manage-

ment and compliance. Kloudtrack orms

part o the basis or Canada Clouds Open-

RFP platorm, says Mike Binko, the com-

panys president and chie executive.By using cloud-based sotware to run

OpenRFP, McEvoy is practising what he

preaches, Binko comments. Neil as ar as I

can tell understands that the cloud is a use-

ul platorm or utility i you will to kind o

exchange and share data, he says.

Binko says there are some projects in the

U.S. trying to bring companies together

around open access to RFP data, but Open-

RFP is the only one he knows o in Canada so

ar. its an emerging approach, he says.

One benefciary is Esotera Secure Storage

Solutions in St. Johns, NL. The company o-ers secure cloud-based storage systems, and

is developing sotware called VM Aware to

help cloud-based applications scale smoothly,

says Tom Chalker, Esoteras president and

chie technology ocer.

Through OpenRFP, Chalker is working

with Joyent Inc., whose cloud sotware stack

VM Aware will rely on, and with hosting

providers. Chalker hopes to get a piece o

the Elections Canada project thanks to

OpenRFP. Without it, he says, contracts like

this are usually out o such a small com-

panys reach. We would have to put a lot o

resources together in order to be able to put

together a response to an RFP.

Chalker says smaller technology com-

panies usually only get a piece o such big

contracts when larger prime contractors seek

them out to meet specifc needs.

According to McEvoy, stimulating Cana-

das nascent cloud computing sector will do

more than just help home-grown companies

in that business. His white paper reers to

much-discussed concerns about the level o

innovation in this country, and suggests that

part o the cause o this innovation gap is

that inormation technology organizations

lack money to spend on innovation because

most o their budgets are tied up in keeping

their current systems going.

Moving more computing into the cloud, he

argues, would alleviate that problem.

Humphrey says cloud services can make the

businesses that use them signifcantly more

ecient. He says some organizations can see

cost reductions o 50 to 80 per cent rom using

large inrastructure-as-a-service providers.

Thats a major piece o capital that you

can now redeploy into your actual business,

he says.

NEIL MCEVOY hasalso created a Canada

Cloud NetworkLinkedIn Group.


9/24

One site. Everything IT.Instantly find tech specs, accessories, and compare 350,000 IT products.

BROUGHT TO YOU BY

TECHLEARNINGSPACE

NEW!

www.youfindit.ca


10/24C L O U D C O M P U T I N G I N C L O S E - U P

CHOOSE YOUR APPROACH

Private cloud:Is it for real?

PRIVATE CLOUD

DO NOT ENTER

nDoes the private cloud actually exist?Some public cloud providers and industryanalysts say the private cloud is really just a

virtualized data centre. Others includinglarge enterprise vendors say its the onlyreal option or Canadians, considering secu-rity and privacy issues.

BY VAWN HIMMELSBACH

10

ILLUSTRATIONBY:ISTOCKPHOTO.C

OM/CURVABEZIER


11/24


Most, however, wouldnt argue

that one o the greatest potential

benefts o the cloud is cost savings

through scale. Originally, when

people started talking about cloud,

they didnt make the distinction be-tween public and private, but now its

become a rather heated debate.

What happened is that many tra-

ditional enterprise vendors started

to see the cloud as a threat, said

Ronald Schmelzer, managing part-

ner with ZapThink. The public cloud

threatened to permanently move IT

resources outside o organizations, so

those vendors jumped on the cloud

bandwagon with private cloud.

But that, he said, kills the beneft

o cost savings. I you own the cloud,youre not going to see any economic

advantage. Anyone who says they

are doesnt understand it or is being

misleading.

I organizations want dynamic

provisioning or pooled resources

that they can bring online or oine

as needed, they can take the same

architectural approach as the public

cloud and apply their own internal

resources. When Joe in fnance

needs some resources, hes going to

get it dynamically provisioned by the

pool, and maybe get some economic

beneft rom not having to buy an-

other server, said Schmelzer.

But while that borrows some o the

architectural components o cloud, its

a dierent concept; in act, the public

cloud becomes competition or these

same resources. The whole idea o

the cloud should be about economies

o scale, he said. The public cloud

is a trajectory, since a lot o small

companies, especially startups, are

simply not buying inrastructure

anymore. This goes back to the

so-called private cloud strategy. A lot

o its going to be a handul o large

enterprise vendors working with their

own customer groups.

One o the essential characteristics

o a cloud is that its measured and

paid or as a service, so i you build

it yoursel, its not a cloud, said A.J.

Byers, executive vice-president o

business services with Primus.

Ive had debates around whether a

company can build a private cloud and

I would say no, he said. But he does

believe in the private cloud only one

hosted by a third party. As a service

provider we can build public and pri-

vate clouds and hybrids o that as well.

What defnes private cloud, he

said, is that the resources are oered

to a single organization. And the No.

1 reason why customers are choosing

private cloud is because o a percep-

tion that its more secure which is

a huge technology debate right now.

We believe over the next 12 to 24

months we will see security auditors

understanding cloud deployments

better, said Byers. The auditors

orce companies into choosing dedi-

cated private cloud environments

because o PCI compliance.

Today in Canada, he said, you can-

not become a PCI-compliant company

and process credit card transactions

in a public cloud. One o the big rea-

sons why people move into the private

cloud is because they need to process

large numbers o credit card transac-

tions. But we do believe PCI can occur

in the cloud.

Customers are also concerned about

where their data resides. I it sits in

a U.S. data centre, it then becomes

subject to the U.S. Patriot Act, which

could allow the American govern-

ment access to that data. Despite these

concerns, Byers says we need to get

people out o the mindset that there

are security risks in public cloud.

For smaller businesses, the public

cloud is simply the most cost-eec-

tive option. Ultimately, the smaller

the cloud, the less cost-ecient it

is, so a private cloud doesnt see the

same kinds o cost savings that a

public cloud typically does.

In a private cloud you knowexactly what resources are available

to you, but theres not a huge demand

or private cloud except or larger

enterprises or where theyre working

or the government or have unique

security needs, said Byers.

However, some industry players

just dont consider this to be cloud

and, in act , say private cloud is

a matter o cloud-washing by those

who dont beneft rom public cloud,

namely large enterprise vendors.

We absolutely believe that thereare people taking technology thats

existed or years and repackaging

it or cloud, said Andrew Kovacs,

senior manager o communications

and public aairs with Google.

Theres a lot o cloud-washing going

on. Thats why Google has adopted a

new term, called 100 per cent web,

which he says does a better job o

capturing the benefts to customers.

Certainly theres lots o talk about

building clouds with concepts like

virtualization, he said. There can be

some benefts to companies, but we do

not consider that a cloud. The big di-

erentiator, he said, is multi-tenancy.

What that means to end-users is

scale; when an organization is operat-

ing at that scale, end-users can in-

novate aster and the applications are

more secure and reliable. Typically, it

takes an organization 30 to 60 days

to apply a security patch, or example,

whereas in a cloud environment that

can be done almost immediately.

We dont really ta lk about private

clouds, said Kovacs. Theyre usually

reerring to just hosting sotware in

a data centre rather than hosting it

in their own business, or they may

host it with a third party, but its still

single-tenant sotware. The sotware

still requires upgrades and patches

and comes with the additional costs

o managing the sotware yoursel.

And some oerings pitched as

cloud still require customers to

install sotware, he said. With

Microsot, you still need to install

Right now theauditors are forcingcompanies into

choosing dedicatedprivate cloudenvironmentsbecause of PCIcompliance.

A.J. BYERS

PRIMUS


12/24


Oce 2010 to get the most out o the

product, so theyre still locking in

customers to multi-year cycles.

The industry, in general, defnes

a private cloud as a single-tenant

cloud, either on-premises or o-premises. But the debate around

private cloud isnt just about the

defnitions and terminology.

Legacy enterprise vendors are

the primary benefciaries as they

are able to sell many cloud-washed

products in the short term to build

private clouds, said Randy Bias,

CEO o CloudScaling.

Unortunately, since these enter-

prise vendors dont understand the

techniques in use by Amazon and

Google, they are selling very expen-sive private cloud solutions that are

ultimately doomed to ailure. Hope-

ully, as the market matures or well

designed cloud products that solve the

private cloud problem or enterprises,

they will be able to use private cloud

technology to run those IT unctions

core to dierentiating their business.

But he still sees a need or private

clouds. Both private and public clouds

will be required, although the bulk oIT will eventually wind up on public

cloud systems, said Bias. Private

clouds will be required or enterprise

businesses to keep their core-dieren-

tiated IT unctions on cost-optimized

and competitive internal inrastruc-

ture, whereas public clouds will be

used or undierentiated general IT

unctions that can be cost-eectively

delivered by utility providers.

You will never see a prominent f-

nancial trading business move their

trading system to a public cloud,he said, since such trading systems

are core intellectual property and

oer competitive dierentiation.

Yet, eventually they will need some

o the properties o private clouds in

order to increase manageability and

proft margins.

Its pretty much impossible to

achieve the same cost economies with

private clouds as a public cloud, said

Bias. And this means, ultimately,the private cloud ootprint (meaning

the number and size o total private

clouds deployed) will be much smaller

than public clouds. IT departments

will move non-mission-critical

apps that dont provide competi-

tive advantage either to clouds or to

new greenfeld applications already

deployed on clouds to replace existing

internal apps, he said.

While most likely a private cloud

will involve virtualization, its not

just a virtualized data centre, saidMark Thiele, ounder and president o

Data Center Pulse and vice-president

o data center strategy with Ser-

viceMesh. Some key characteristics

o cloud over and above virtualization

The ollowing article was submitted to

CIO Canada through HP Canadas public

relations agency. Although we do not accept

articles rom vendors that promote specifc

products or services, we consider execu-

tive viewpoints on topics o interest to our

readers that ocus on strategy. IT World

Canada does not endorse any particular

vendor or accept payment or editorial

content under any circumstances.

nIn a mobile, connected world, everybody

needs access to everything. They expect

instant results anytime, anywhere. While

this opens up a world of possibilities, it

also places heavy demands on IT. How can

enterprises keep up?

Many Canadian CIOs are considering

cloud technology because it can be rapidly

provisioned and released with minimal

intervention from a service provider. But

should they take advantage of public cloud

services, such as Amazon EC2 or Google

App Engine, or build their own cloud behind

the rewall? The question might miss an es-

sential point: They can have it both ways.

Understanding thecloud modelsAt their core, all cloudspublic and private

consist of shared, standardized services

based on pooled resources. Moving data to

the public cloud means avoiding purchas-

ing and managing certain hardware and

software, but it also means less control over

your data and relying on the security policies

and practices of the service provider. With a

private cloud, you get total control over your

data and the hardware on which it lives if its

hosted on-premise.

An equal-opportunityapproach to the cloudIs public cloud or private cloud right or yourorganization? Its easy and smart to have bothBY PETER GALANIS

CHOOSE YOUR APPROACH

Some organizations will want the aord-

ability and exibility of externally managed

cloud services. Others will see the internal

cloud as the best approach for certain

services. But the vast majority will fall on

the spectrum somewhere between those

two extremes. The most eective way to

run your service portfolio is to nd the right

source for each servicetherefore many

organizations can benet from a hybrid

delivery model using both public cloud and

private cloud resources.

The important thing is to l et your en-

terprise strategy guide your approach to

the cloud. Heres a quick overview of each

delivery model and how it can support an

enterprise strategy.

Cloud services for rapidapplication deploymentEnterprise cloud services oer bundles

of server, storage, network and security

that your organization can consume as

a service. It lets you deploy applications

without confronting the usual obstacles:

the capital outlay for acquiring and

maintaining hardware, the time it takes

to provision new services and the IT

resources to manage it. Cloud services let

you accelerate time to revenue from new


13/24


applications from months to minutes.

For Canadian CIOs in particular, security,

reliability and privacy are top of mind as

they try to balance the need for innovation,

optimization and risk management for the

enterprise. Some organizations, for example

in the public sector, may have additional

regulatory requirements to

consider. Canadian enter-

prises can have very distinct

needs for cloud services so

it is important to ensure that

your service oers these

important features:

Security, governance and

compliance standards, with

the ability to know exactlywhere your data is physically

stored for compliance and

reporting purposes

Open, modular platforms

that dont lock you in

Automation and management for end-to-

end service quality

The ability to ensure availability, quality

and performance levels

The ability to seamlessly interact with

and be managed across a hybrid delivery

service model

Private cloud for self-service resources

For services that require tighter control

over your data, deploy an on-demand

service delivery environment that provides

easy access to self-service resources from a

secure environment.

Building internal cloud services doesnt

mean you have to rip out your current

environment. You can often

extend and protect your current

investments by transforming

legacy and virtualized infra-

structure into fully automated

cloud environments.

A private cloud can require

more IT resources up-front to

build. But a well-designed pri-

vate cloud that takes full advan-tage of its compute resources

can lead to a solid return on your

IT investment. A nely tuned

automated private cloud also

gives your sta the freedom to

focus less on management and more on the

applications that drive the enterprise.

A hybrid delivery modelfor exibilityThe reality is, most organizations will benet

from consuming both public and private

cloud services in addition to services run

from their traditional IT environments. A

hybrid delivery model combines all three

sources into one unied whole. With multiple

sources at your disposal, you can optimize

your service portfolio to provide the right ser-

vice to the right source at the right time.

For example, a nancial services com-

pany might run a new mortgage lending

credit check service from its private cloud,

while simultaneously accessing compute

resources for its developers from an enter-

prise cloud service provider. If use of the

credit check service proves to be highly spo-

radic, the company may decide to move it to

an o-site enterprise cloud that can better

accommodate the service volatility. Using a

hybrid delivery model ensures that the bestoptions are available for each workload.

Finding the model thatsright for youNot sure where to start? Enterprises need

to understand their critical success factors,

benets and challenges so they can make

informed decisions and map a clear and

eective path to the cloud.

Using the best cloud solutions for your

needs, your enterprise can respond in an

instant to todays and tomorrowsrap-

idly changing enterprise needs.

PETER GALANIS isthe president of HPCanada, based inMississauga, Ont.

include additional automation, scale

management, greater portability

and enhanced management o an IT

environment.

And while the private cloud isnt

built to allow or multi-tenancy,most organizations dont need it, he

said. The truth is nobody truly has

infnite scale, but certainly Amazon

comes closer to infnite scale than

the average business, he said, adding

that there are only a ew companies

out there that really need something

approaching infnite scale.

For the vast majority o apps

within a traditional data centre,

when organizations talk about scale,

they typically mean they need to

scale rom 10 machines to 13 or aday or two or maybe a week. Even

i they have an app that requires

something approaching real scale,

thats something they can put in a

public cloud.

Another dierentiator o private

cloud is it allows organizations to

move apps within their own net-

work environment at a time when

theyre comortable with it. While

public cloud may do the job, mostorganizations at least in the near

term are going to struggle with

concerns about security, service-level

agreements and how they actually

measure the cost, said Thiele. I you

move an app into the public cloud,

it may look cheaper on paper, but in

the long run could cost more than

expected, and thats something that

organizations need to sort out.

Almost every time Thiele hears

people saying theres no private

cloud, those people are involved in ordirectly selling public cloud services.

Its not about whether public cloud

can replace private cloud, he said.

Those questions are immaterial. In

some cases, an organization can only

get approval or private cloud, which

gives them 80 or 90 per cent o the

benefts, until they can eventually

move to the public cloud. Over time,

my guess is a majority o apps will be

public cloud, in two to fve years.IT needs to be able to transition in

a moderated, grandathered way, he

said. Taking baby steps means cloud

in all its orms has tremendous value.

In the long-turn, Thiele believes

hybrid cloud has the best chance o

success or major enterprise apps

because it oers the benefts o scale

and geographic dispersion, with some

o the benefts o single-tenancy.

While Thiele disagrees with the

notion that there is no such thing

as a private cloud, he doesnt thinkthats the point. To assume there

is no such thing as private cloud is

to ignore the obvious that every or-

ganization treats their IT a little bit

dierently, whether we like it or not.


14/24


BUILD IN SECURITY

A security CTOstake on the biggestcloud outages (so far)

nJust putting your app into apublic cloud without rethinkinghow it works can open chie inor-mation ocers up to disastrousconsequences, according to Trend

Micro Inc. chie technology ocerRaimund Genes.Speaking at a Trend Micro cloud security

awareness event in Toronto recently, the

companys technology leader said that turn-

ing over control to a third-party vendor or

your cloud inrastructure should compel

you to rethink -- and maybe even redesign

-- your applications.

You have to design your applications so

that theyre more reliant to these outages

in the public cloud, Genes said. When you

design it well, it doesnt matter i the data

centre goes down.He added that the companies that simply

mirrored their apps and put them into Ama-

zons cloud can attest to the outages and data

losses they experienced recently.

But the one high-profle company that

didnt all to the wrath to the massive

outage, Genes said, was NetFlix Inc. Last

December, the movie streaming giant pub-

lished a tech-related blog about what it had

learned while using Amazon Web Services

as its computing platorm.

The best way to avoid ailure, the company

said, is to plan to ail constantly. Internally,

NetFlix reers to its sotware architecture in

AWS as its Rambo Architecture.

Each system has to be able to succeed,

no matter what, even all on its own, wrote

blogger John Ciancutti, who works as a vice-

president o personalization technology at

NetFlix. Were designing each distributed

system to expect and tolerate ailure rom

other systems on which it depends.

I our recommendations system is down,

we degrade the quality o our responses to

our customers, but we still respond.

David Aspey, vice-president o cloud

security or Trend Micro, said that NetFlix

came out o the Amazon outage with ying

colours because they paid or dedicated

servers to run a v irtual private cloud in ad-

dition to a public cloud.

The outage had nearly no eect on them,

he added.

At Trend Micro, its team o architects

have designed its private cloud to actually

sustain outages at two o its fve worldwide

data centres.

Another headline grabbing security disas-

ter in the world o cloud computing occurred

at Sony Corp., ater the companys PlaySta-

Trend Micros Raimund Genes discusses theAmazon incident and othersBY RAFAEL RUFFOLO P H

O T O G R A P H Y B Y : D W

D O R K E N


15/24


Amazon comes clean about cloud outage

tion Network was hacked in mid-April.

The personally identifable inormation

o 77 million PSN accounts were exposed

in the data breach.

This breach, Genes said, garnered

Trend Micros attention ar more thanthe Amazon outage because it involves

cloud data security as opposed to backup

and storage policies. He said that with

Trend Micros SecureCloud technology,

which allows enterprises to encrypt data

on private and public clouds, organiza-

tions can ensure that they encrypt di-

erent portions o their cloud-based data

with dierent encryption keys.

Genes said the PlayStation breach

turned into such a large-scale problem

or Sony because the company only used

one encryption key or all its data as op-posed to a variety o dierent keys.

Genes said that because cloud comput-

ing is not cost eective without virtual-

ization, Trend Micro will be investing

heavily into the protection o virtualized

machines and cloud-based servers in the

uture. The companys Deep Security

product line, which covers that unction-

ality, is being developed at the recently

acquired Third Brigade Inc. oces (nowTrend Micro Canada) in Ottawa.

Other priorities or Genes include

developing better patch capabilities or

virtual servers and tackling the growing

AV storm issue.

In an anti-virus storm, thousands

o virtual machines start their manual

scanning cycle at the same time,

consume too many resources and

bring down the network. Genes said

Trend Micro is working with V Mwares

vShield technology to enable one scan

on the hyperv isor level and have all thevirtual machines communicate back

or their update.

You only have one scan and you dont

have to load AV technology on every

virtual machine, he said.

To round out his views on cloud

security, Genes also talked about mobile

devices and the r ise o multiple operating

systems like Apples iOS4, RIMs Black-

Berry OS and Googles Android. He alsopredicted that the decline o Microsot

Windows as a dominant desktop OS,

plus the shit o Web users to mobile de-

vices, will orce hackers to broaden their

targets over the next fve years.

Were seeing a diversity o devices

that will make it more dicult or the

attacker, which has been ocused on

Windows, Genes said.

For CIOs and security vendors, that

means the ocus will have to shi t away

rom whether the device will be hacked

to how to track and manage the devices.What happens i an employee loses a

device and leaves it in a cab? Genes said.

How can I ensure that no third-party

can use it?

nAmazon has released a

detailed postmortem and

mea culpa about the partial

outage of its cloud services

platform in April and identi-

ed the culprit: A congura-

tion error made during a

network upgrade.

During this conguration

change, a trac shift was ex-

ecuted incorrectly, Amazon

said, noting that trac that

should have gone to a primary

network was routed to a lower

capacity one instead. The

error occurred at 12:47 p.m.on April 21 and led to a partial

outage that lingered through

last weekend.

The outage sent a number

of prominent Web sites

oine, including Quora,

Foursquare and Reddit, and

renewed an industry-wide

debate over the maturity of

cloud services .

Amazon posted updates,

short and bulletin-like,

throughout the outage, but

what it oered in its postmor-

tem is entirely dierent. This

nearly 5,700-word document

includes a detailed look at

what happened, an apology,

a credit to aected custom-

ers, as well a commitment to

improve its customer com-

munications.

Amazon didnt say explic-

itly whether it was human

error that touched o the

event, but hints at that pos-

sibility when it wrote that we

will audit our change process

and increase the automationto prevent this mistake from

happening in the future.

The initial mistake, fol-

lowed by the subsequent

increase in network load,

exposed a cascading series of

issues, including a re-mir-

roring storm with systems

continuously searching for a

storage space.

Amazon also said in its

explanation of the outage that

it will work to ensure that it

builds software and services

that can survive failures.

Matt Stevens, the CTO of

AppNeta, a cloud perfor-

mance network performance

management company

and an Amazon cloud user,

praised Amazons postmor-

tem for its transparency.

As a technical architect, I

thought it was actually amaz-

ing how deep they went into

it, said Stevens, adding that

he wished the company had

oered more detail about the

initial network change thatstarted the problem.

In terms of the overall is-

sue, Stevens said: How does

anybody who runs their own

private data center know how

its going to hold up until you

have a massive issue?

Jim Damoulakis, CTO of

GlassHouse Technologies, an

enterprise storage services

provider, called it a pretty

through postmortem and I

think for the most part they are

being transparent about it.

Damoulakis said that

while Amazon will take steps

to keep the problem from

happening again -- and to

make their availability zones

more robust -- customers

will ultimately be responsible

for having a good disaster

recovery plan.

I think there is blame on

both sides , said Justin Al-

exander, who heads strategic

research and development

at Hyland Sof tware, an enter-

prise content managementsoftware rm, referring to

both Amazon and its custom-

ers.

Clearly, Amazon needs to

take accountability for their

services. But at the same

time there were a variety of

customers who were using

the EC2 platform that did not

suer any period of unavail-

ability, said Alexander, citing

their disaster recovery plans.

ComputerWorld (US)


16/24


nMore companies in Can-ada are turning to the cloud or, at least, thinking aboutit or exibility, agilityand cost savings. But there isoten the perception that us-ing cloud-computing servicescould compromise corporate

and customer data, or may

even be against the law.But theres no law that prevents

most Canadian businesses rom

exporting personal inormation, said

David Fraser, partner with McInnis

Cooper, president o the Canadian

IT Law Association and chair o the

National Privacy and Access Law Sec-

tion o the Canadian Bar Association.

Once you move into a real cloud

computing model, all o a sudden

you dont know where your data

is where in Canada or where in

the world and weve seen a big

privacy-related backlash against

cloud computing, he said. So a large

part o his job is telling people theyre

wrong, since theres a huge amount o

Clouds in Canada:

The legal issuesBeore you sign on the dotted line, know the risksBY VAWN HIMMELSBACH



17/24


misinormation out there.

Private-sector privacy laws

require that you ensure a compa-

rable level o security or personal

inormation, regardless o whether

you permit it to be managed bya Canadian company or a non-

Canadian company. And some

highly regulated industries, such as

banking, have special rules that may

include additional regulation or

outsourced services.

The Patriot Act is the big thing

that people reak out about, he said,

but we have a Canadian version

o the Patriot Act, which is just as

oensive.

Heres the deal: In 2001, the U.S.

Congress passed the USA PatriotAct, which expanded the powers

o law enorcement and national

security agencies to carry out in-

vestigations and obtain intelligence

in connection with anti-terrorism

investigations.

But the provisions that

have attracted the most

criticism, said Fraser,

have equivalents under

Canadian law. Regard-

less o where inormation

resides, it will always be

subject to lawul disclo-

sure to law enorcement

or national security bod-

ies. In Canada, he said,

this includes search war-

rants under the Criminal

Code o Canada and the

Canadian Security Intel-

ligence Service Act. Many European

countries also permit broader law

enorcement and national security

access to inormation than in both

the U.S. and Canada.

O course, where the data sits

can have an impact on that data. I

its in North Korea or China, its at

high risk, said Fraser. In the U.S.,

it may in some cases be signifcant,

but in most cases it wont be. How

interested would the FBI be in get-

ting their hands on that data and

would they be able to justiy getting

a subpoena? In most cases no, he

said. And i its a person o interest

they can get it in Canada .

Many people are surprised to

learn theres a secret court in the

U.S. where judges hear applications

made by Department o Justice

lawyers or search warra nts (and

other such things) and theres

nobody on the other side to oppose

those applications.We have a secret court in Cana-

da, said Fraser. We have a bunker

in Ottawa where judges hear lawyers

rom the Department o Justice and

CSIS or warrants to do things as

potentially oensive as break into

your house and install wiretap-

ping equipment. These orders can

specifcally provide or authorities to

go back in and change the batter-

ies. So people dont oten think that

Canada is engaged in these types o

cloak and dagger things, and we are.Our defnition o anti-terrorism is as

broad and oensive as the U.S.

Canadian authorities have virtu-

ally identical powers under the

Canadian Security Intelligence

Service Act, he said, which permits

secret court orders

that authorize CSIS

to intercept commu-

nications or to obtain

anything named in

the warrant.

On top o that,

Canada has a mutual

legal assistance treaty

with the U.S. (as well

as inormal agree-

ments), so i the FBI

wants data and its in

the hands o a Cana-

dian company, the FBI

calls the RCMP or CSIS. So when

you dig into it, that cross-border

issue, at least in most cases, really is

not the large issue that many people

are led to believe it is, he said, add-

ing that the Patriot Act has become

shorthand or just saying no.

Only British Columbia and Nova

Scotia have laws strictly regulating

the export o personal inormation

rom Canada by public bodies, said

Fraser. For all other jurisdictions,

including the ederal jurisdiction,

export is permitted, but the public

body must ensure a comparable

level o security or personal inor-

mation, regardless o whether its

managed by a Canadian or non-

Canadian company.

What businesses need to do is

benchmark their existing privacy

inrastructure and compare it to the

privacy inrastructure o the pro-

posed cloud provider. What are the

real risks to the data, and to privacy

and security? A lot o businesses have

signifcant existing vulnerabilities

rom insecure desktops, to playing

catch-up with security patches, to

mobile employees running around

with laptops. Or thumb drives.

Nothing is more stupid or danger-

ous, said Fraser. In a cloud model i

the computer is lost you lose nothing.

Very oten, this benchmark leans

heavily in avour o the cloud pro-

vider that has squadrons o security

people. Small businesses, in particu-

lar, are vulnerable to power outages

and basic continuity issues. A repu-

table large-scale cloud provider will

have multiple data centres, so things

will stay up and running.

One o the biggest hurdles to

widespread adoption o cloud

computing is the data concern, said

Robert Percival, a partner with

Ogilvy Renault. Where is it, what

laws govern it, and what obligations

do you have under the law? You

may have contractual issues with

customers or suppliers, or example,

or you may have legal statutory

obligations, whether thats under

PIPEDA privacy legislation or some

other applicable statute like health

privacy legislation.

As a collector o inormation,

a company is responsible under

The Patriot Act isthe big thing peoplefreak out about, but

we have a Canadianversion of which isjust as oensive. Wehave a secret courtin Canada.DAVID FRASER

MACINNIS COOPER

WATTIEZ LAROSE:It may be dicult tocustomize contractsto make themcomprehensive.


18/24



ederal legislation or the provincial

equivalent where it exists to make

sure that when it outsources or pro-

vides a third-party service provider

with personal inormation, that

the appropriate security protectionmeasures are in place to protect that

inormation. I youre looking to use

the cloud, youve got to make sure

that service provider has the security

and inrastructure in place or you

to live up to your expectations

under the law. From a due diligence

perspective, he said, that can be

challenging to do.

Are they using capacity in China

or India where the laws may be

weaker or there are inherent risks

just because o the nature o the ju-risdiction or sensitivity o the inor-

mation? The due diligence aspects

o cloud computing and understand-

ing your risks are an important frst

step, said Percival, and its not as

easy as it sounds.

Another business concern is per-

ormance. What happens i that ser-

vice isnt available? Cloud contracts

are very skinny on commitment

in terms o service levels, he said.

Instead, they become eorts-based

and liability is limited.

Right now Im negotiating about

10 dierent cloud-type agreements

on behal o a large corporation

and we expect to negotiate all these

terms and conditions, but theyre

paying millions o dollars, he said.

Another one is much smaller, a cou-

ple thousand bucks a month were

going to try but Im not optimistic

were going to get very ar.

In order to provide that ubiqui-

tous cost-eective cloud-computing

environment you can turn on and o

on-demand, what oten gets sacri-

fced is the move to a one-size-fts-all

contract, said Percival. Theres a

real reluctance by cloud providers to

negotiate because it becomes a cost

impediment. Theyre either unable or

unwilling because o the dollar cost

to stray rom their template.

Everything is ultimately nego-

tiable, but i Im trying to contact

Google to negotiate the terms o my

Gmail account, its not going to hap-

pen, he said. But i its the ederal

government or a large corporation,

theres an ability to negotiate, or they

might at least have a chance.

For the sake o eciency, cloud

computing service providers oten

impose standard term contracts

that their clients are not at liberty to

negotiate, but which may not prop-

erly address all relevant risks. And

in a feld with little (but growing)

competition, businesses may lack the

leverage to customize their contract

to make it suciently comprehen-

sive, said Vronique Wattiez Larose,

a partner in McCarthy Ttraults

Business Law Group, who negotiates

such contracts.

This is a model thats meant to be

more agile, more exible, but dont

let that ool you rom a legal stand-

point, she said. It doesnt mean you

can orget about the legal provisions

that protect you.

For example, some regions, such

as the European Union, have strin-

gent rules concerning movement o

certain types o data across borders.

Unless they take certain steps,

organizations are prohibited rom

transerring personal inormation

to countries that do not provide the

same level o protection with respect

to personal inormation o EU resi-

dents (including the U.S.). In a cloud-

computing context, it may be dicult

to determine which countries data

will be transerred to and rom.

And this has implications or

businesses in Canada nearly hal

o small businesses here use cloud-

computing services, according to a

survey by Angus Reid and Hewlett-

Packard Co.

The biggest concern with cloud

computing contracts is not how they

address certain issues, but rather

how they ail to address others. Ourconcern as lawyers is that more oten

than not, up until now the cloud

computing contracts that we see are

incomplete in comparison to your

standard long and thick outsourcing

contract, which would be extremely

detailed, said Larose. Thats not

necessarily the case or cloud com-

puting, where at the end o the day

the concerns are quite similar.

Theres a huge element o trust

required, which is no dierent rom a

traditional outsourcing relationship,she said. The biggest dierence is

you wont necessarily be negotiating

in the same room with the guy sitting

across the table rom you. Everything

is done more remotely, so its hard to

build that trust.

Dont take or granted that what

a cloud service provider oers you

will automatically address all o

your concerns, she said, though

that should be part o any normal

due diligence process. I some o

your concerns are not addressed,

understand the risks and evaluate

whether or not you still want to move

orward.

Although the contract terms may

seem commercially reasonable, you

need to make sure that the cloud

service provider is not turning a

blind eye to something that may be

material or your organization. I the

geographical location o an organiza-

tions data is likely to tr igger export

control issues, your contract should

include prohibitions against extra-

territorial storage.

And its important to understand

how and in what ormat the data is

stored, said Larose, and what tools

are available to retrieve it should it

be required or e-discovery purposes.

Find out rom the get-go whether

or not the cloud service provider has

any ability to negotiate the contract.

The answer may be no, depending

on the business application youre

outsourcing, said Larose. You

obviously cant negotiate your Gmail.

But i its a huge contract and a key

Everything isultimately negotiable,but if Im trying to

contact Google tonegotiate the termsof my Gmail account,its not going tohappen.ROBERT PERCIVAL

OGILVY RENAULT


19/24


20/24


TRAIN YOUR STAFF

Create a cloud-ready teamNew computing models

will have a huge impact onoperations, but also on the

labour market. The outlookrom ICTC

BY SHELDON POLOWIN

and templates and create business and techni-

cal workows to automate processes. This

automation could lead to net job losses in areas

such as installation, confguration, administra-

tion and maintenance. It will also, however,

create demand or proessionals trained inautomation and standardized processes.

Impact on Enterprise IT StaffCompanies that migrate services and data to

the cloud will typically require ewer in-house

IT workers to install technology and applica-

tions or link hardware and sotware. There will

also likely be ewer jobs or server and database

administrators, as well as network experts.

That said, the need or technical skills wi ll

remain. As va luable data and applications

are stored and run rom the cloud, remote

monitoring skillsets will be highly prized.And with the growing importance

o sotware as a service integration, in-

house sotware developers will have the

opportunity to evolve their skills.

For many enterprises, moving applica-

tions and data osite wont eliminate the

need or skilled IT workers, says ICTC vice-

president Norm McDevitt. Some companies

are training their IT proessionals on cloud-

based applicationssuch as Microsots

Windows Azure platormto ensure ongoing

competitiveness in the new market.

Revolution or Opportunity?Large companies need to assess the benefts

and costs o cloud computing relative to the

investments they have already made in IT

inrastructure. For the small- to mid-sized

businesses that account or 99.8 percent

o businesses in Canada and 60 percent o

employment, its the way o the

uture. IDC Canada expects

that domestic cloud computing

expenditures will jump rom

one percent o IT spending to-

day to 33 percent by 2014, with

sales quadrupling to US$758

million.

As the cloud becomes adopted

by more and more organiza-

tions, roles will shit and skills

requirements will evolve. Cloud

computing represents a real

revolution, says Paul Swinwood.

But with the right preparation

and training, IT workers can take advantage

o it and make themselves indispensable to the

ICT industry o the uture.

ICTC is unded in part by the Government o

Canadas Sector Council Program.

nCloud computing is likely tohave a signifcant impact on theICT labour orce. It will create newhuman resource requirements andcompel many workers to acquirenew skills.

Cloud computing requires an understand-

ing o traditional core technologies as well

as comprehensive knowledge spanning

dierent technology platorms. As a result,

many IT workers will likely have to broaden

their knowledge across multiple domains.

The industry is changing quickly, says

Paul Swinwood, president o the Inormation

and Communications Technology Council

(ICTC). Tomorrows IT worker will ully

straddle conventional IT silos such as storage,

networking, virtualization and security.

As with outsourcing and automation,

widespread adoption o cloud computing is

expected to shit some IT workers rom the

technical to the business side o operations.

Demand will increase in areas such as

vendor contract management, cloud inte-

gration, analytics, Internet workorce and

mobile applicationswith the strongest

SHELDON POLOWINis the senior labourmarket analyst withICTC, based in Ottawa.

growth likely occurring in storage unctions

such as archiving and data backup. New

jobs in web-scale development and virtual-

ization will very likely emerge.

Although some IT workers will be

displaced by cloud computing, those who

broaden their skills in business and new cloud

technologies will continue to be in demand.

What is also clear is that the transition to

cloud computing will aect enterprise IT sta

and service provider organizations dierently.

Impact on Service ProvidersWhile the unique attributes and require-

ments o cloud computing will transorm the

occupational structure o the IT

workorce, many current high-

value skills will be transerable to

the cloud.

IT data centre managers, or

example, may evolve into cloud

solution advisors. Proessionals

currently ocused on assem-

bling and managing application

services may become cloud

application managers. And some

practitioners may become cloud

deployment proessionalsde-

signing, deploying and maintain-

ing the technology and sotware

needed to administer the cloud. Testing and

sotware development will occur increasingly

within the cloud.

Traditional data centre workers will have to

learn to design and populate service catalogues I L L U S T R A T I O N B Y : I S T O C K P H O T O C O M / C U R V A B E Z I E R


21/24

MobiBiz is a complimentary interactive one-day

forum that explores strategic questions about

challenges and opportunities in mobile

marketing, channels and enterprise mobility.

Attendees will gain tangible insights and

practical action items to execute in their own

organizations from Canadas most innovative

mobile solutions companies.

Mobility in the enterprise is growing radically, expanding through

mobile devices, with an avalanche of new applications designed to

maximize the utility and accelerate their adoption.

Enterprises are playing catch-up to create mobile policies, extend

business applications, establish remote work policies and provide

training to users.

Organizations are exploring how to utilize marketing and channels

to create new opportunities.

Enterprises are also seeking ways to securely integrate mobileplatforms within their IT infrastructure and business processes with

significant flexibility, speed, and measured results.

USE THE EXPERTISE OF CANADAS HOTTESTMOBILITY FIRMS TO BUILD YOUR MOBILESTRATEGY.

E N T E RP R I S E : What security measures does my organization need to put

in place with increasing mobile tech and app usage?

How do I select an appropriate mobile application devel-

opment strategy?

How does cloud computing impact mobility (and vice

versa)?

C US T O ME RS :

How can I reach new customers/new markets throughmobile?

What different types and vendors of mobile devices

should my organization be considering supporting as we

use mobile as a marketing channel?

How do I measure the success or ROI of mobile tech/app

deployments?

EXPLORE MOBILE INITIATIVES. Wireless Network Outlook: From HSPA to LTE and Beyond

Mobile Payments in Canada: What are the prospects?

Serving Customers Better with Mobile Choices

Mobile Advertising Reaching the Growing Mobile

Customer Base

Mobile OS in the Enterprise: Canadian IT Manager Prefer-

ences & Outlook

Media Tablets in Canadian Business

Mobile Enterprise Application Adoption: Status and

Outlook

Canadian Mobile Worker Forecast

Scan the QR code on

your smartphone to

access the MobiBiz

website. Get the free

mobile app at

www.i-nigma.mobi

PRESENTED BY

JUNE 21, 2011TORONTO BOARD OF TRADE

PRACTICAL ANSWERS TO PROBING MOBILITY QUESTIONS

Register for your

complimentary attendence toda

http://mobibizcanada.ca

Network with Canadas mobile thought leaders. Learn practical insight on how to build

your mobile strategy, minimize challenges and capture the new opportunities.

Register to attend MobiBiz today! http://mobibizcanada.ca

PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSOR


22/24


The Pop Quiz

At The EndBefore you take any next steps, test your

knowledge with this assessment

http://www.keysurvey.com/survey/363049/2fca/

IT WorldCanadas CloudComputingResourceCentreExplore our comprehensive portal ofarticles, videos and expert advice thatcovers every stage of the cloud journey,from research and product/serviceevaluation through to purchasing andmanaging deployments.

http://itworldcanada.com/hub/cloudcomputing

RESOURCES VIDEOS

CLOUD PRODUCTIVITY ON YOUR TERMS

DRIVING THE KNOWLEDGE ECONOMY

CASE STUDY: STEAM WHISTLEBREWING COMPANY


23/24

What is Tech Learning Space?Tech Learning Space is a unique, online resource for busy IT

professionals who demand quality, timely and relevant continu-

ing education in IT management. Available exclusively via the In-

ternet, Tech Learning Space breaks down geographical barriers

to quality education enabling anyone with Web access to benet

from the highest standard of online teaching available.

Courses are designed and facilitated by some the most accom-

plished academics and leaders in business and IT today.

What does course delivery include? Connected learning experience through BlackBoard and Adobe

ConnectPro

Weekly conference calls with professor; available online daily to

answer questions

Practical, real-world instruction -- including business leaders

video roundtables and case studies

True class interaction, disciplined teamwork driven by deadlines

Proven techniques to improve job performance

Management Courses include: IT Strategy, Measurement and Value

Architecture Governance and Organization

Systems and Technology Delivery

Sourcing and Human Resources

Vendor Relationship Management

Project Leadership

If you are serious about improving job performance and career

development visit: www.techlearningspace.com or call877-338-6753

looking fr quality continuingeducation it management?

TECHLEARNINGSPACE

Whether you are an IT professional looking to improve your

skills, or a corporation looking for a superior education

partner Tech Learning Space has what you need

Mention this ad and receive a 10% discount towards enrolMent

springcourses

nowavailable


24/24

IcandevelopapplIcatIons

thatarelImItedonlyby

myImagInatIon.

Ihavecloudpower.

WindowsAzureisaplatformfordeveloping,deploying,andrunningapplicationsinthecloudwithvirtuallyunboundedscalability.Thatmeansnear-infinitecapacitywhenyouneedit.Itsthekindofflexibilitythatcanchangethewayyourunyourbusiness.WithWindowsAzure,inspirationcomeslessfromworst-caseplanningandmorefromyourimagination.ThatsCloudPower.

FindyourCloudPoweratMicrosoft.ca/cloud/azure

Getthefreemobileapp

athttp://gettag.mobi

Documents

Cloud Computing in Close Up_CIO Magazine