8/2/2019 Cloud Computing in Close Up_CIO Magazine
1/24
CLOUD COMPUTINGIN CLOSE-UPThe ability to move IT inrastructure, applications and storage onto the Internet has sparked
curiosity, enthusiasm, scepticism and sometimes panic rom Canadian chie inormation
ofcers. We walk through the adoption process rom beginning to end, looking at the skills and
strategies you need to be successul. A special report
A Supplement to IT World Canada Publications http://itworldcanada.com/hub/cloudcomputingn IT World Canada Publication PM 40063800
Click on the video below to watch ourinterview with RAIMUND GENES
8/2/2019 Cloud Computing in Close Up_CIO Magazine
2/24
Nowweretalkingprivatecloud,notjustvirtualization.
WindowsServerischangingtheconversation.
Thevirtualizedserverisabigdeal.
Ithelpsbusinesses,bigandsmall,makeITmoreefcient.
Butwhatcomesnext?
Entertheprivatecloudawaytomanageyourinfrastructureasapoolofcomputingresourcestodeliveryourapplicationsandbestservetheever-changingneedsofyourbusiness.
WindowsServerHyper-VandSystemCenterputyouincontrolwithcompleteend-to-endservicemanagement,aswellastheabilitytotapintothepowerofthepubliccloud.
Andthatsreallythewholepointofhavingaprivatecloudinthe rstplacecontrol.
Itsyourprivatecloud.Ifyouwanttorundifferenthypervisorsandoperatingsystems,thatshouldbeyourchoicetomakebecausethetechnologyandvendorsyouusearetheretoserveyourbusinessneeds,nottheotherwayaround.
ITisnolongerjustabouthardware.Orsoftware.Ormaintenance.Itsabout ndingnewefcienciesandnewwaysofdoingthingsthathelpyourcompanysbottomline.
Sothelesscompanybrainpoweryoudevotetoxingoldthings,themoreyoucandedicatetocomingupwithnewthings.
Morecomputingpower.Andmoreavailablebrainpower.
ThatsCloudPower.
Microsoft.ca/cloud/privatecloud
8/2/2019 Cloud Computing in Close Up_CIO Magazine
3/24
3C L O U D C O M P U T I N G I N C L O S E - U P
TABLE OF CONTENTS
RESEARCH THE MARKET
Editors Letter 4
Cloud Computing on camera 5
As CIOs see it: 3 cloud perspectives 6
CONNECT WITH YOUR PEERS
Canada Cloud Network eyes procurement changes 8
CHOOSE YOUR APPROACHPublic/private clouds: How do you choose? 10
HP Canada president weighs in on cloud debate 12
BUILD IN SECURITY
Trend Micros CTO speaks out 14
UNDERSTAND THE CONTRACTS
Legal issues to keep out o the cloud 16
Gartner analyst reveals cloud contract gotchas 19
STAFFING AND SKILLS
ICTC on the clouds labour market impacts 20
TEST YOURSELF
Our cloud computing assessment tool 22
14Trend Micros CTO wasin Toronto recently.Hear his thoughts onbuilding security intoyour cloud project.
5
10
20
16
8/2/2019 Cloud Computing in Close Up_CIO Magazine
4/24
4 C L O U D C O M P U T I N G I N C L O S E - U P
EDITORS LETTER
A hub you hold
in your handsThe cloud doesnt really come with anoperating manual, but what youre about toread is as close as most CIOs will ever get.
Although we have been writing about cloud computing since it became
a catchphrase in the mid-2000s (and even long beore that, when it was
called on-demand or utility computing), we realize that a lot o stories
simply come and go, particularly i our community is accessing them
online. Thats why, early in 2011, we decided to launch a special hub on
ITWorldCanada.com that would act as a Cloud Computing Resource
Centre a place to aggregate all our related articles, videos and expert
advice rom vendors, consultants and other IT leaders.Unlike most o our sites, however, I specifcally asked this one to be
organized according to the typical purchase cycle. This was important
because i you star t doing any research on cloud computing, youll
soon fnd yoursel overwhelmed with inormation. In many cases,
CIOs arent looking or cloud 101-type introductory material. They are
looking at practical steps to implementation, and beyond. Our con-
tent, thereore, was divided into early-stage research on the technol-
ogy, a place to keep track o the various cloud oerings rom myriad
providers, content ocused on the actual transactions o moving to
and paying or cloud services, and fnally managing the assets that sit
in the cloud, whether its a private cloud in your own data centre or
something thats been handed o to a third party.
The Cloud Computing Resource centre will continue to grow, but
the area we clearly need to spend more time on are those last two
categories: purchasing and managing. For too many CIOs, cloud still
means risk, and there has to be proactive ways to prepare and miti-
gate the worst risks.
Ater months o publishing this content online, it made sense to
bring together the best o what weve done into a how-to guide that
could be used as a reerence tool, either now or six months rom now,
depending upon the individual reader. O course this isnt a defnitive
manual, but that would be impossible to produce, because like any
other area o IT, cloud computing is continuing to morph and change
depending on customer and market needs.
Like the online resource centre, we tried to structure this publication
in the way that we expect CIOs will journey to the cloud. We start out
with whats happening locally here in Canada to change the purchase
process. We ace the big public/private question head-on. We explore
the security issues, the potential legal pitalls, and the stang concerns.
We end o with a tool to test your knowledge beore you go any urther.
I cant predict how long well be concentrating on this topic. There
was a time when a similar hub and special report about serv ice-
oriented architecture would have made sense. Not long ago, similar
resources or virtualization would have been a no-brainer. Its once
the conversation dies down and implementations are just a part o lie
that you know some best practices have been established. In an ideal
world, CIOs have successully mastered a technological transition
when the chatter about it disappears in a pu o smoke or maybe I
should say goes up into the clouds.
Shane SchickEditor-in-Chief
ART & PRODUCTION
SENIOR GRAPHIC DESIGNER
Mel Manasan
CREATIVE DIRECTOR
Jeff Coles
EDITORIAL
EDITOR-IN-CHIEF
Shane Schick
CONTRIBUTORS
Grant BucklerVawn Himmelsbach
Peter GalanisRafael Ruffolo
Sheldon Polowin
IT World Canada is an affiliate of International DataGroup (IDG), the worlds largest publisher of computer-related information and the leading global provider ofinformation services on information technology. IDGpublishes over 300 computer publications in 85countries. Ninety million people read one or more IDGpublications each month.
CIO Canada is published 6 times per year by ITWorld Canada Inc., a unit of the Laurentian MediaGroup, Michael R. Atkins, Chairman, 55 TownCentre Court, Suite 302, Scarbo rough, Ontario M1P4X4 Telephone: (416) 290-0240 Fax: (416) 290-0238. Publishers of Network World Canada,ComputerWorld Canada, Canadian Dealer News and Direction Informatique. One year subscriptionrates: Canada $55, US $65 (US) and foreign $95(US). Single copies $6.00. Please add GST whereapplicable. Address subscription to CIO CanadaCirculation Department, 55 Town Centre Court,Suite 302, Scarborough, Ontario M1P 4X4. Whennotifying us of a change of address, please include
address label to assure continuity of service. Allrights reserved. The contents of this publicationmay not be reproduced either in part or in wholewithout the consent of the copyright owner. Theviews expressed in this publication are notnecessarily those of the publishers. Requests formissing issues are not accepted after three monthsfrom date of publication.
Date of publication May 2011. Printed in Canada.GST Registration # R122605769 ISSN: 1195-6097
HOW TO CONTACT CIO CanadaTelephone: (416) 290-0240Fax: (416) 290-0238Mail:CIO Canada,55 Town Centre Court, Suite 302,Scarborough, Ontario M1P 4X4E-mail: [email protected], employees may be reached using acombination of their first initi al and last name, forexample: [email protected]: www.ITworldcanada.com
SUBSCRIPTION INQUIRIESTelephone: (613) 475-3217 or1-800-565-4007Fax: (416) 290-0239 or 1-800-565-8148E-mail:[email protected]
For printed and electronic reprints,please contact Jeff Colesat 416-290-0240 or
PUBLICATIONS MAIL AGREEMENT NO. 40063800
RETURN UNDELIVERABLE CANADIAN ADDRESSES
TO CIRCULATION DEPT IT WORLD CANADA INC.302-55 TOWN CENTRE COURT
SCARBOROUGH ON M1P 4X4
E-mail: [email protected]
PAP REGISTRATION NO. 10784
We acknowledge the financialsupport of the Government of Canadathrough the Canada Periodical Fund(CPF) for our publishing activities.
CORPORATE
CHAIRMAN
Michael R. Atkins
PRESIDENT & GROUP PUBLISHER
Fawn Annan
8/2/2019 Cloud Computing in Close Up_CIO Magazine
5/24
5C L O U D C O M P U T I N G I N C L O S E - U P
RESEARCH THE MARKET
Cloud Computing on cameraOur video library is lled with useul clips about key vendors,
strategies and user success stories. Heres a handul worth watching.
Cloud Computing and thefuture of the IT departmentIBM Canada distinguished
engineer Tom Wheatley explores
the trend towards cloud
computing and imagines how
it will change the role o CIOs
and IT managers in Canadian
enterprises.
http://bit.ly/kkCnzN
Own the podiumspath to the cloudIT manager Jason Cox describes
how the cloud helps Canadian
Olympic athletes and their
coaches win Gold.
http://bit.ly/lmrGH5
The Wire: HP to oer publiccloud serviceAt HP Summit 2011 in San
Francisco, CEO Leo Apotheker
tells analysts the company
is ocusing on the cloud. The
company will also open a
marketplace or applications
and cloud-based services or
enterprises, small businesses
and consumers.
http://bcove.me/xp2tyeiz
Microsofts NationalTechnology Ocertalks cloudJohn Weigelt, national
technology ocer at Microsot
Canada, highlights the
companys cloud strategy and
speaks o partner opportunities
there as well.
http://bit.ly/kHQbvn
In Conversation:Jonathan Day-ReinerThe director o IT operations
or online marketing frm
80/20 Solutions discusses
why his company shited its
inrastructure to the cloud. With
ComputerWorld Canada Editor
Dave Webb
http://bcove.me/llpdht80
Centrilogic CEO on thebusiness case for cloudcomputingRobert Oey talks to Network
World Canada about why
customers are turning to his
frm or help with setting up on-
demand IT inrastructure.
http://bcove.me/131jfa1e
8/2/2019 Cloud Computing in Close Up_CIO Magazine
6/24
6 C L O U D C O M P U T I N G I N C L O S E - U P
RESEARCH THE MARKET
As CIOs see it:
3 cloud perspectivesCloud computing for dummiesActually it was a room ull o CIOs and IT
decision makers, but what I heard recently
at the Midsize Enterprise Summit 2011
keynotes provided one o the better explana-
tions o cloud computing And it came rom
a major vendor no less!
Jordan Chrysafdis, Microsots VP oSMS&P, outlined cloud computing based on
needed outcomes rather than a sales pitch
or their products (that came later but the
frst part o the presentation was pretty
product neutral).
He presented a breakdown o private vs.
public cloud services, rom an economies o
scale perspective. Apparently the real sav-
ings in cloud come at around 10,000 servers,
where the TCO per server is reduced to a
raction o the expense o a single server.
The average data centre has nowhere near
10,000 servers, and as such, the TCO per
server remains higher.
Savings can be realized in the ollowing
areas:
Hardware typically represents 45% o
your data centre costs. 30% savings using
public cloud data centre can be achieved.
Facilities represent 15%. 35% savings are
possible.
Operations 15%. 70% savings
Power 15%. 90% savings
All o these numbers are achieved through
better utilization: Sharing with people in di-
erent time zones, and dierent industries can
result in more ecient utilization patterns
He went on to discuss the inrastructure
as a service market, (where the ocus is on
hosting), the Platorm as a service market
(where the ocus is on building), and o
course the Sotware as a service market
(SaaS), where the ocus is on consumption,
three elements o what is now presented
as cloud.
My real point o the post is that it was
rereshing to hear cloud computing put into
a context that even a CIO could understand.
(Marketing people take note).
Kevin Pashuk, CIO, Appleby College
Why should I care?I was speaking at a Computerworld Canada
event in Calgary and Edmonton in 2010. The
ocus was on Linux as the proper operating
system or the cloud. While I brought over a
decade o Linux in the enterprise experience
to the discussion, my real ocus was on the so-
lution or business rather than the act it wasdelivered as a cloud application or service.
When we think o the cloud it is clear that
there are a number o dierent perspectives
on what is a cloud, as well as oerings rom
the cloud. Basically as rule o thumb cloud
oerings ft into these categories:
Inrastructure
Services
Sotware
Storage
Storage is the newest type o oering in
the cloud. My personal experience has been
ocused on the most popular category, which
is sotware, more commonly known as SaaS
(Sotware as a Service). We use solutions or
Payroll, HR, Sales and Marketing CRM, and
our US Core Business suite so I have gone
through this discussion multiple times.
Th act is that the solutions we chose were
not about the cloud at all; they just happen
to be delivered via the cloud. This again
reinorces the old axiom that you should
select sotware based upon your business
needs and not by the technology. The cloud
is ater al l just an alternate delivery model,
not some revolutionary new technology. In
act, without divulging my age, I remem-
ber when you bought IT services (because
computers cost too much or most business)
in time multiplexed models. That was a cloud
o sorts based upon the general defnition
used or a cloud today. The clouds o today,
though, are uniquely identifed because a key
requirement or todays cloud is the use o the
Internet as a connection methodology.
With cloud solutions today there appears
to be over-enthusiasm, that they are the new
panacea, when in act it is just another way
to deliver very valuable solutions.
Nigel Fortlage, CIO, GHY International
Contestants rom our annual Blogging Idol contestwere asked to weigh in on the hottest topic in IT.What they told us
Gorilla clouds?In Georey Moores books (Crossing the
Chasm, Gorilla Game, etc) the gorilla is
the market-share leader whose position is
sustained by proprietary technology that has
high switching costs (Wikipedia says so!!).Ive always said owns the architecture and
costs too much to change vendors with
Cisco being one example, Intel another and
Microsot being the other major case study.
Crossing the Chasm also talks about the
need to transition rom early adopter stage
to mass market penetration in order to grow
and gain momentum. So, how does this ap-
ply to cloud computing?
One o the questions that needs to be an-
swered is: Where in the technology adop-
tion curve has cloud computing (or IaaS,
PaaS, and SaaS independently i you want) crossed the chasm? Is cloud computing
even a single specifc market segment or is it
really multiple market segments (each with
its own chasm)?
Another question that begs to be answered
(so that we can invest in the winners, not the
losrers) is: Who is going to be the Gorilla
o cloud computing? Or will there ever be
a single gorilla? Is there an architecture
or cloud computing that someone owns or
controls? How easy is it to switch rom one
cloud supplier to another?
I think that part o the problem these
days is thinking that cloud computing is
a single product type targetting a single
market segment. It is not. That would be
equivalent to saying that distributed com-
puting is a single product meeting a single
need in the marketplace. Once we can
identiy the market requirements that cloud
computing can meet, then we will be much
arther along in developing the solutions,
establishing standards and judging success.
Only then will we get past the technology
hype cycle.
Another issue is that most o us are
already users o cloud computing (depend-
ing on how you defne it). For example,
Twitter and Facebook sure look like SaaS to
me (although the pay-as-you-go part is not
relevant). Most o us dont really think o
public applications such as Hotmail or Gmail
as being cloud computing, but perhaps we
should be changing our views.
The question is, do you think the ideas
Crossing the Chasm ideas apply, that they are
relevant, that they predict the uture and,
perhaps most importantly, that they allow us
to pick the winners?
Don Sheppard, CIO, ConCon
8/2/2019 Cloud Computing in Close Up_CIO Magazine
7/24
ThemosTcomprehensivesoluTionsforThecloud.onearTh. Microsoft
Ofce365 WindowsAzureWindowsServerHyper-VLearnmoreatMi./
IMtheeMperorofeffIcIency.
IcontrolwhatIwant,whenIwant.prIvatelyandpublIcly.
IcanuseMyexIstIngassetstoachIeveMyfuturegoals.
IcanspendonwhatIneed,notonwhatIdont.
IcanplaylIkeanoptIMIstandpaylIkearealIst.
Ihavecloudpower.
8/2/2019 Cloud Computing in Close Up_CIO Magazine
8/24
8 C L O U D C O M P U T I N G I N C L O S E - U P
CONNECT WITH YOUR PEERS
n Neil McEvoy wants businesses toget on to his cloud.
The ounder o Toronto-based Level 5
Consulting has launched a project called the
Canada Cloud Network, which he hopes will
help stimulate the growth o cloud comput-
ing in Canada. Part o the project is a web-
site, OpenRFP.net, where McEvoy is posting
inormation about Canadian government
contracts.The idea is to put the procurement process
online and make it openly acces-
sible, McEvoy says. He hopes to
encourage cloud-related compa-
nies both Canadian and oreign
to work together to create
proposals to address government
needs.
McEvoy says he aims to put
smaller cloud-related companies
in touch with major contrac-
tors bidding on big government
contracts, such as an eort to
move Elections Canadas Web
site to hosting in the cloud. The
wide variations in trac on that
site quite low except or major peaks during
elections makes it a perect candidate to be
hosted in the cloud rather than on dedicated
in-house servers, McEvoy notes.
That part o McEvoys project goes hand in
hand with another, which is advocating or
more use o government procurement as a
way o stimulating new technology research
in Canada.
A lot o what Im looking to do is identiy
best practices in innovation in general,
says McEvoy, who was a business develop-
ment manager or PricewaterhouseCoopers
or about a year beore starting Level 5. He
previously worked or British Telecom and
ounded and ran a European application
service provider.
He thinks one o those best practices
is something called orward commitment
procurement. The idea, he says, is or govern-
ment to state a buying requirement or the
type o innovation we want to see in the mar-
ketplace. In short, the government calls or
proposals to supply technology that doesnt
exist yet, in order to encourage the research
and development necessary to develop it.
Its an idea the British government has
used to promote development o its clean
technology sector, McEvoy says. He isnt
aware o other examples o its use, though
he agrees that the eect might be similar to
the way the U.S. space program once helped
stimulate development o new technologies
that later ound broader use.Cloud computing is immature in Canada
today, says Darryl Humphrey,
a senior manager at Deloitte
and a member o the consulting
frms global leadership team or
cloud. In general I would say
our market is characterized by
cautious buyers and somewhat
distracted vendors.
Research frm Interna-
tional Data Corp. (Canada) Ltd.
recently profled 10 Canadian
cloud startups, saying in a
statement that its a good time
to be an emerging cloud com-
pany in Canada.
The Canadian cloud market is small and
has unique needs due to actors such as
privacy laws, Humphrey says, so its tough to
achieve much scale.
Government can help with that, he says,
and one way to do it is through procurement.
When you look at the Canadian market,
there are not that many players that can
provide scale and the ederal government is
one o those.
The Canada Cloud Networks eorts to
inuence government procurement are in
their very early stages. McEvoy has written
a white paper on the subject entitled Canada
Cloud 3.0: Building Canadas Digital Economy
Advantage Through Cloud Computing. As or
approaching government ocials about his
ideas, he says, thats really my next phase.
So what has he done so ar? About a hal-
dozen companies, some Canadian and some
U.S. players looking to build their presence
in the Canadian market, have signed up or
access to OpenRFP.net, which is ree. In
time, McEvoy says, hell be looking to sign up
The Network effectI cloud computing is to take o in Canada,
we may need to rethink the procurement process.
A grassroots eort is launchedBY GRANT BUCKLER
corporate sponsors or the project, and ven-
dors will pay to participate in joint proposals.
One o the companies involved today is
Kaulkin Inormation Solutions, the Rock-
ville, Md., maker o kloudtrack, a sotware as
a service tool or governance, risk manage-
ment and compliance. Kloudtrack orms
part o the basis or Canada Clouds Open-
RFP platorm, says Mike Binko, the com-
panys president and chie executive.By using cloud-based sotware to run
OpenRFP, McEvoy is practising what he
preaches, Binko comments. Neil as ar as I
can tell understands that the cloud is a use-
ul platorm or utility i you will to kind o
exchange and share data, he says.
Binko says there are some projects in the
U.S. trying to bring companies together
around open access to RFP data, but Open-
RFP is the only one he knows o in Canada so
ar. its an emerging approach, he says.
One benefciary is Esotera Secure Storage
Solutions in St. Johns, NL. The company o-ers secure cloud-based storage systems, and
is developing sotware called VM Aware to
help cloud-based applications scale smoothly,
says Tom Chalker, Esoteras president and
chie technology ocer.
Through OpenRFP, Chalker is working
with Joyent Inc., whose cloud sotware stack
VM Aware will rely on, and with hosting
providers. Chalker hopes to get a piece o
the Elections Canada project thanks to
OpenRFP. Without it, he says, contracts like
this are usually out o such a small com-
panys reach. We would have to put a lot o
resources together in order to be able to put
together a response to an RFP.
Chalker says smaller technology com-
panies usually only get a piece o such big
contracts when larger prime contractors seek
them out to meet specifc needs.
According to McEvoy, stimulating Cana-
das nascent cloud computing sector will do
more than just help home-grown companies
in that business. His white paper reers to
much-discussed concerns about the level o
innovation in this country, and suggests that
part o the cause o this innovation gap is
that inormation technology organizations
lack money to spend on innovation because
most o their budgets are tied up in keeping
their current systems going.
Moving more computing into the cloud, he
argues, would alleviate that problem.
Humphrey says cloud services can make the
businesses that use them signifcantly more
ecient. He says some organizations can see
cost reductions o 50 to 80 per cent rom using
large inrastructure-as-a-service providers.
Thats a major piece o capital that you
can now redeploy into your actual business,
he says.
NEIL MCEVOY hasalso created a Canada
Cloud NetworkLinkedIn Group.
8/2/2019 Cloud Computing in Close Up_CIO Magazine
9/24
One site. Everything IT.Instantly find tech specs, accessories, and compare 350,000 IT products.
BROUGHT TO YOU BY
TECHLEARNINGSPACE
NEW!
www.youfindit.ca
8/2/2019 Cloud Computing in Close Up_CIO Magazine
10/24C L O U D C O M P U T I N G I N C L O S E - U P
CHOOSE YOUR APPROACH
Private cloud:Is it for real?
PRIVATE CLOUD
DO NOT ENTER
nDoes the private cloud actually exist?Some public cloud providers and industryanalysts say the private cloud is really just a
virtualized data centre. Others includinglarge enterprise vendors say its the onlyreal option or Canadians, considering secu-rity and privacy issues.
BY VAWN HIMMELSBACH
10
ILLUSTRATIONBY:ISTOCKPHOTO.C
OM/CURVABEZIER
8/2/2019 Cloud Computing in Close Up_CIO Magazine
11/24
11C L O U D C O M P U T I N G I N C L O S E - U P
Most, however, wouldnt argue
that one o the greatest potential
benefts o the cloud is cost savings
through scale. Originally, when
people started talking about cloud,
they didnt make the distinction be-tween public and private, but now its
become a rather heated debate.
What happened is that many tra-
ditional enterprise vendors started
to see the cloud as a threat, said
Ronald Schmelzer, managing part-
ner with ZapThink. The public cloud
threatened to permanently move IT
resources outside o organizations, so
those vendors jumped on the cloud
bandwagon with private cloud.
But that, he said, kills the beneft
o cost savings. I you own the cloud,youre not going to see any economic
advantage. Anyone who says they
are doesnt understand it or is being
misleading.
I organizations want dynamic
provisioning or pooled resources
that they can bring online or oine
as needed, they can take the same
architectural approach as the public
cloud and apply their own internal
resources. When Joe in fnance
needs some resources, hes going to
get it dynamically provisioned by the
pool, and maybe get some economic
beneft rom not having to buy an-
other server, said Schmelzer.
But while that borrows some o the
architectural components o cloud, its
a dierent concept; in act, the public
cloud becomes competition or these
same resources. The whole idea o
the cloud should be about economies
o scale, he said. The public cloud
is a trajectory, since a lot o small
companies, especially startups, are
simply not buying inrastructure
anymore. This goes back to the
so-called private cloud strategy. A lot
o its going to be a handul o large
enterprise vendors working with their
own customer groups.
One o the essential characteristics
o a cloud is that its measured and
paid or as a service, so i you build
it yoursel, its not a cloud, said A.J.
Byers, executive vice-president o
business services with Primus.
Ive had debates around whether a
company can build a private cloud and
I would say no, he said. But he does
believe in the private cloud only one
hosted by a third party. As a service
provider we can build public and pri-
vate clouds and hybrids o that as well.
What defnes private cloud, he
said, is that the resources are oered
to a single organization. And the No.
1 reason why customers are choosing
private cloud is because o a percep-
tion that its more secure which is
a huge technology debate right now.
We believe over the next 12 to 24
months we will see security auditors
understanding cloud deployments
better, said Byers. The auditors
orce companies into choosing dedi-
cated private cloud environments
because o PCI compliance.
Today in Canada, he said, you can-
not become a PCI-compliant company
and process credit card transactions
in a public cloud. One o the big rea-
sons why people move into the private
cloud is because they need to process
large numbers o credit card transac-
tions. But we do believe PCI can occur
in the cloud.
Customers are also concerned about
where their data resides. I it sits in
a U.S. data centre, it then becomes
subject to the U.S. Patriot Act, which
could allow the American govern-
ment access to that data. Despite these
concerns, Byers says we need to get
people out o the mindset that there
are security risks in public cloud.
For smaller businesses, the public
cloud is simply the most cost-eec-
tive option. Ultimately, the smaller
the cloud, the less cost-ecient it
is, so a private cloud doesnt see the
same kinds o cost savings that a
public cloud typically does.
In a private cloud you knowexactly what resources are available
to you, but theres not a huge demand
or private cloud except or larger
enterprises or where theyre working
or the government or have unique
security needs, said Byers.
However, some industry players
just dont consider this to be cloud
and, in act , say private cloud is
a matter o cloud-washing by those
who dont beneft rom public cloud,
namely large enterprise vendors.
We absolutely believe that thereare people taking technology thats
existed or years and repackaging
it or cloud, said Andrew Kovacs,
senior manager o communications
and public aairs with Google.
Theres a lot o cloud-washing going
on. Thats why Google has adopted a
new term, called 100 per cent web,
which he says does a better job o
capturing the benefts to customers.
Certainly theres lots o talk about
building clouds with concepts like
virtualization, he said. There can be
some benefts to companies, but we do
not consider that a cloud. The big di-
erentiator, he said, is multi-tenancy.
What that means to end-users is
scale; when an organization is operat-
ing at that scale, end-users can in-
novate aster and the applications are
more secure and reliable. Typically, it
takes an organization 30 to 60 days
to apply a security patch, or example,
whereas in a cloud environment that
can be done almost immediately.
We dont really ta lk about private
clouds, said Kovacs. Theyre usually
reerring to just hosting sotware in
a data centre rather than hosting it
in their own business, or they may
host it with a third party, but its still
single-tenant sotware. The sotware
still requires upgrades and patches
and comes with the additional costs
o managing the sotware yoursel.
And some oerings pitched as
cloud still require customers to
install sotware, he said. With
Microsot, you still need to install
Right now theauditors are forcingcompanies into
choosing dedicatedprivate cloudenvironmentsbecause of PCIcompliance.
A.J. BYERS
PRIMUS
8/2/2019 Cloud Computing in Close Up_CIO Magazine
12/24
12 C L O U D C O M P U T I N G I N C L O S E - U P
Oce 2010 to get the most out o the
product, so theyre still locking in
customers to multi-year cycles.
The industry, in general, defnes
a private cloud as a single-tenant
cloud, either on-premises or o-premises. But the debate around
private cloud isnt just about the
defnitions and terminology.
Legacy enterprise vendors are
the primary benefciaries as they
are able to sell many cloud-washed
products in the short term to build
private clouds, said Randy Bias,
CEO o CloudScaling.
Unortunately, since these enter-
prise vendors dont understand the
techniques in use by Amazon and
Google, they are selling very expen-sive private cloud solutions that are
ultimately doomed to ailure. Hope-
ully, as the market matures or well
designed cloud products that solve the
private cloud problem or enterprises,
they will be able to use private cloud
technology to run those IT unctions
core to dierentiating their business.
But he still sees a need or private
clouds. Both private and public clouds
will be required, although the bulk oIT will eventually wind up on public
cloud systems, said Bias. Private
clouds will be required or enterprise
businesses to keep their core-dieren-
tiated IT unctions on cost-optimized
and competitive internal inrastruc-
ture, whereas public clouds will be
used or undierentiated general IT
unctions that can be cost-eectively
delivered by utility providers.
You will never see a prominent f-
nancial trading business move their
trading system to a public cloud,he said, since such trading systems
are core intellectual property and
oer competitive dierentiation.
Yet, eventually they will need some
o the properties o private clouds in
order to increase manageability and
proft margins.
Its pretty much impossible to
achieve the same cost economies with
private clouds as a public cloud, said
Bias. And this means, ultimately,the private cloud ootprint (meaning
the number and size o total private
clouds deployed) will be much smaller
than public clouds. IT departments
will move non-mission-critical
apps that dont provide competi-
tive advantage either to clouds or to
new greenfeld applications already
deployed on clouds to replace existing
internal apps, he said.
While most likely a private cloud
will involve virtualization, its not
just a virtualized data centre, saidMark Thiele, ounder and president o
Data Center Pulse and vice-president
o data center strategy with Ser-
viceMesh. Some key characteristics
o cloud over and above virtualization
The ollowing article was submitted to
CIO Canada through HP Canadas public
relations agency. Although we do not accept
articles rom vendors that promote specifc
products or services, we consider execu-
tive viewpoints on topics o interest to our
readers that ocus on strategy. IT World
Canada does not endorse any particular
vendor or accept payment or editorial
content under any circumstances.
nIn a mobile, connected world, everybody
needs access to everything. They expect
instant results anytime, anywhere. While
this opens up a world of possibilities, it
also places heavy demands on IT. How can
enterprises keep up?
Many Canadian CIOs are considering
cloud technology because it can be rapidly
provisioned and released with minimal
intervention from a service provider. But
should they take advantage of public cloud
services, such as Amazon EC2 or Google
App Engine, or build their own cloud behind
the rewall? The question might miss an es-
sential point: They can have it both ways.
Understanding thecloud modelsAt their core, all cloudspublic and private
consist of shared, standardized services
based on pooled resources. Moving data to
the public cloud means avoiding purchas-
ing and managing certain hardware and
software, but it also means less control over
your data and relying on the security policies
and practices of the service provider. With a
private cloud, you get total control over your
data and the hardware on which it lives if its
hosted on-premise.
An equal-opportunityapproach to the cloudIs public cloud or private cloud right or yourorganization? Its easy and smart to have bothBY PETER GALANIS
CHOOSE YOUR APPROACH
Some organizations will want the aord-
ability and exibility of externally managed
cloud services. Others will see the internal
cloud as the best approach for certain
services. But the vast majority will fall on
the spectrum somewhere between those
two extremes. The most eective way to
run your service portfolio is to nd the right
source for each servicetherefore many
organizations can benet from a hybrid
delivery model using both public cloud and
private cloud resources.
The important thing is to l et your en-
terprise strategy guide your approach to
the cloud. Heres a quick overview of each
delivery model and how it can support an
enterprise strategy.
Cloud services for rapidapplication deploymentEnterprise cloud services oer bundles
of server, storage, network and security
that your organization can consume as
a service. It lets you deploy applications
without confronting the usual obstacles:
the capital outlay for acquiring and
maintaining hardware, the time it takes
to provision new services and the IT
resources to manage it. Cloud services let
you accelerate time to revenue from new
8/2/2019 Cloud Computing in Close Up_CIO Magazine
13/24
13C L O U D C O M P U T I N G I N C L O S E - U P
applications from months to minutes.
For Canadian CIOs in particular, security,
reliability and privacy are top of mind as
they try to balance the need for innovation,
optimization and risk management for the
enterprise. Some organizations, for example
in the public sector, may have additional
regulatory requirements to
consider. Canadian enter-
prises can have very distinct
needs for cloud services so
it is important to ensure that
your service oers these
important features:
Security, governance and
compliance standards, with
the ability to know exactlywhere your data is physically
stored for compliance and
reporting purposes
Open, modular platforms
that dont lock you in
Automation and management for end-to-
end service quality
The ability to ensure availability, quality
and performance levels
The ability to seamlessly interact with
and be managed across a hybrid delivery
service model
Private cloud for self-service resources
For services that require tighter control
over your data, deploy an on-demand
service delivery environment that provides
easy access to self-service resources from a
secure environment.
Building internal cloud services doesnt
mean you have to rip out your current
environment. You can often
extend and protect your current
investments by transforming
legacy and virtualized infra-
structure into fully automated
cloud environments.
A private cloud can require
more IT resources up-front to
build. But a well-designed pri-
vate cloud that takes full advan-tage of its compute resources
can lead to a solid return on your
IT investment. A nely tuned
automated private cloud also
gives your sta the freedom to
focus less on management and more on the
applications that drive the enterprise.
A hybrid delivery modelfor exibilityThe reality is, most organizations will benet
from consuming both public and private
cloud services in addition to services run
from their traditional IT environments. A
hybrid delivery model combines all three
sources into one unied whole. With multiple
sources at your disposal, you can optimize
your service portfolio to provide the right ser-
vice to the right source at the right time.
For example, a nancial services com-
pany might run a new mortgage lending
credit check service from its private cloud,
while simultaneously accessing compute
resources for its developers from an enter-
prise cloud service provider. If use of the
credit check service proves to be highly spo-
radic, the company may decide to move it to
an o-site enterprise cloud that can better
accommodate the service volatility. Using a
hybrid delivery model ensures that the bestoptions are available for each workload.
Finding the model thatsright for youNot sure where to start? Enterprises need
to understand their critical success factors,
benets and challenges so they can make
informed decisions and map a clear and
eective path to the cloud.
Using the best cloud solutions for your
needs, your enterprise can respond in an
instant to todays and tomorrowsrap-
idly changing enterprise needs.
PETER GALANIS isthe president of HPCanada, based inMississauga, Ont.
include additional automation, scale
management, greater portability
and enhanced management o an IT
environment.
And while the private cloud isnt
built to allow or multi-tenancy,most organizations dont need it, he
said. The truth is nobody truly has
infnite scale, but certainly Amazon
comes closer to infnite scale than
the average business, he said, adding
that there are only a ew companies
out there that really need something
approaching infnite scale.
For the vast majority o apps
within a traditional data centre,
when organizations talk about scale,
they typically mean they need to
scale rom 10 machines to 13 or aday or two or maybe a week. Even
i they have an app that requires
something approaching real scale,
thats something they can put in a
public cloud.
Another dierentiator o private
cloud is it allows organizations to
move apps within their own net-
work environment at a time when
theyre comortable with it. While
public cloud may do the job, mostorganizations at least in the near
term are going to struggle with
concerns about security, service-level
agreements and how they actually
measure the cost, said Thiele. I you
move an app into the public cloud,
it may look cheaper on paper, but in
the long run could cost more than
expected, and thats something that
organizations need to sort out.
Almost every time Thiele hears
people saying theres no private
cloud, those people are involved in ordirectly selling public cloud services.
Its not about whether public cloud
can replace private cloud, he said.
Those questions are immaterial. In
some cases, an organization can only
get approval or private cloud, which
gives them 80 or 90 per cent o the
benefts, until they can eventually
move to the public cloud. Over time,
my guess is a majority o apps will be
public cloud, in two to fve years.IT needs to be able to transition in
a moderated, grandathered way, he
said. Taking baby steps means cloud
in all its orms has tremendous value.
In the long-turn, Thiele believes
hybrid cloud has the best chance o
success or major enterprise apps
because it oers the benefts o scale
and geographic dispersion, with some
o the benefts o single-tenancy.
While Thiele disagrees with the
notion that there is no such thing
as a private cloud, he doesnt thinkthats the point. To assume there
is no such thing as private cloud is
to ignore the obvious that every or-
ganization treats their IT a little bit
dierently, whether we like it or not.
8/2/2019 Cloud Computing in Close Up_CIO Magazine
14/24
14 C L O U D C O M P U T I N G I N C L O S E - U P
BUILD IN SECURITY
A security CTOstake on the biggestcloud outages (so far)
nJust putting your app into apublic cloud without rethinkinghow it works can open chie inor-mation ocers up to disastrousconsequences, according to Trend
Micro Inc. chie technology ocerRaimund Genes.Speaking at a Trend Micro cloud security
awareness event in Toronto recently, the
companys technology leader said that turn-
ing over control to a third-party vendor or
your cloud inrastructure should compel
you to rethink -- and maybe even redesign
-- your applications.
You have to design your applications so
that theyre more reliant to these outages
in the public cloud, Genes said. When you
design it well, it doesnt matter i the data
centre goes down.He added that the companies that simply
mirrored their apps and put them into Ama-
zons cloud can attest to the outages and data
losses they experienced recently.
But the one high-profle company that
didnt all to the wrath to the massive
outage, Genes said, was NetFlix Inc. Last
December, the movie streaming giant pub-
lished a tech-related blog about what it had
learned while using Amazon Web Services
as its computing platorm.
The best way to avoid ailure, the company
said, is to plan to ail constantly. Internally,
NetFlix reers to its sotware architecture in
AWS as its Rambo Architecture.
Each system has to be able to succeed,
no matter what, even all on its own, wrote
blogger John Ciancutti, who works as a vice-
president o personalization technology at
NetFlix. Were designing each distributed
system to expect and tolerate ailure rom
other systems on which it depends.
I our recommendations system is down,
we degrade the quality o our responses to
our customers, but we still respond.
David Aspey, vice-president o cloud
security or Trend Micro, said that NetFlix
came out o the Amazon outage with ying
colours because they paid or dedicated
servers to run a v irtual private cloud in ad-
dition to a public cloud.
The outage had nearly no eect on them,
he added.
At Trend Micro, its team o architects
have designed its private cloud to actually
sustain outages at two o its fve worldwide
data centres.
Another headline grabbing security disas-
ter in the world o cloud computing occurred
at Sony Corp., ater the companys PlaySta-
Trend Micros Raimund Genes discusses theAmazon incident and othersBY RAFAEL RUFFOLO P H
O T O G R A P H Y B Y : D W
D O R K E N
8/2/2019 Cloud Computing in Close Up_CIO Magazine
15/24
15C L O U D C O M P U T I N G I N C L O S E - U P
Amazon comes clean about cloud outage
tion Network was hacked in mid-April.
The personally identifable inormation
o 77 million PSN accounts were exposed
in the data breach.
This breach, Genes said, garnered
Trend Micros attention ar more thanthe Amazon outage because it involves
cloud data security as opposed to backup
and storage policies. He said that with
Trend Micros SecureCloud technology,
which allows enterprises to encrypt data
on private and public clouds, organiza-
tions can ensure that they encrypt di-
erent portions o their cloud-based data
with dierent encryption keys.
Genes said the PlayStation breach
turned into such a large-scale problem
or Sony because the company only used
one encryption key or all its data as op-posed to a variety o dierent keys.
Genes said that because cloud comput-
ing is not cost eective without virtual-
ization, Trend Micro will be investing
heavily into the protection o virtualized
machines and cloud-based servers in the
uture. The companys Deep Security
product line, which covers that unction-
ality, is being developed at the recently
acquired Third Brigade Inc. oces (nowTrend Micro Canada) in Ottawa.
Other priorities or Genes include
developing better patch capabilities or
virtual servers and tackling the growing
AV storm issue.
In an anti-virus storm, thousands
o virtual machines start their manual
scanning cycle at the same time,
consume too many resources and
bring down the network. Genes said
Trend Micro is working with V Mwares
vShield technology to enable one scan
on the hyperv isor level and have all thevirtual machines communicate back
or their update.
You only have one scan and you dont
have to load AV technology on every
virtual machine, he said.
To round out his views on cloud
security, Genes also talked about mobile
devices and the r ise o multiple operating
systems like Apples iOS4, RIMs Black-
Berry OS and Googles Android. He alsopredicted that the decline o Microsot
Windows as a dominant desktop OS,
plus the shit o Web users to mobile de-
vices, will orce hackers to broaden their
targets over the next fve years.
Were seeing a diversity o devices
that will make it more dicult or the
attacker, which has been ocused on
Windows, Genes said.
For CIOs and security vendors, that
means the ocus will have to shi t away
rom whether the device will be hacked
to how to track and manage the devices.What happens i an employee loses a
device and leaves it in a cab? Genes said.
How can I ensure that no third-party
can use it?
nAmazon has released a
detailed postmortem and
mea culpa about the partial
outage of its cloud services
platform in April and identi-
ed the culprit: A congura-
tion error made during a
network upgrade.
During this conguration
change, a trac shift was ex-
ecuted incorrectly, Amazon
said, noting that trac that
should have gone to a primary
network was routed to a lower
capacity one instead. The
error occurred at 12:47 p.m.on April 21 and led to a partial
outage that lingered through
last weekend.
The outage sent a number
of prominent Web sites
oine, including Quora,
Foursquare and Reddit, and
renewed an industry-wide
debate over the maturity of
cloud services .
Amazon posted updates,
short and bulletin-like,
throughout the outage, but
what it oered in its postmor-
tem is entirely dierent. This
nearly 5,700-word document
includes a detailed look at
what happened, an apology,
a credit to aected custom-
ers, as well a commitment to
improve its customer com-
munications.
Amazon didnt say explic-
itly whether it was human
error that touched o the
event, but hints at that pos-
sibility when it wrote that we
will audit our change process
and increase the automationto prevent this mistake from
happening in the future.
The initial mistake, fol-
lowed by the subsequent
increase in network load,
exposed a cascading series of
issues, including a re-mir-
roring storm with systems
continuously searching for a
storage space.
Amazon also said in its
explanation of the outage that
it will work to ensure that it
builds software and services
that can survive failures.
Matt Stevens, the CTO of
AppNeta, a cloud perfor-
mance network performance
management company
and an Amazon cloud user,
praised Amazons postmor-
tem for its transparency.
As a technical architect, I
thought it was actually amaz-
ing how deep they went into
it, said Stevens, adding that
he wished the company had
oered more detail about the
initial network change thatstarted the problem.
In terms of the overall is-
sue, Stevens said: How does
anybody who runs their own
private data center know how
its going to hold up until you
have a massive issue?
Jim Damoulakis, CTO of
GlassHouse Technologies, an
enterprise storage services
provider, called it a pretty
through postmortem and I
think for the most part they are
being transparent about it.
Damoulakis said that
while Amazon will take steps
to keep the problem from
happening again -- and to
make their availability zones
more robust -- customers
will ultimately be responsible
for having a good disaster
recovery plan.
I think there is blame on
both sides , said Justin Al-
exander, who heads strategic
research and development
at Hyland Sof tware, an enter-
prise content managementsoftware rm, referring to
both Amazon and its custom-
ers.
Clearly, Amazon needs to
take accountability for their
services. But at the same
time there were a variety of
customers who were using
the EC2 platform that did not
suer any period of unavail-
ability, said Alexander, citing
their disaster recovery plans.
ComputerWorld (US)
8/2/2019 Cloud Computing in Close Up_CIO Magazine
16/24
16 C L O U D C O M P U T I N G I N C L O S E - U P
nMore companies in Can-ada are turning to the cloud or, at least, thinking aboutit or exibility, agilityand cost savings. But there isoten the perception that us-ing cloud-computing servicescould compromise corporate
and customer data, or may
even be against the law.But theres no law that prevents
most Canadian businesses rom
exporting personal inormation, said
David Fraser, partner with McInnis
Cooper, president o the Canadian
IT Law Association and chair o the
National Privacy and Access Law Sec-
tion o the Canadian Bar Association.
Once you move into a real cloud
computing model, all o a sudden
you dont know where your data
is where in Canada or where in
the world and weve seen a big
privacy-related backlash against
cloud computing, he said. So a large
part o his job is telling people theyre
wrong, since theres a huge amount o
Clouds in Canada:
The legal issuesBeore you sign on the dotted line, know the risksBY VAWN HIMMELSBACH
UNDERSTAND THE CONTRACTS
8/2/2019 Cloud Computing in Close Up_CIO Magazine
17/24
17C L O U D C O M P U T I N G I N C L O S E - U P
misinormation out there.
Private-sector privacy laws
require that you ensure a compa-
rable level o security or personal
inormation, regardless o whether
you permit it to be managed bya Canadian company or a non-
Canadian company. And some
highly regulated industries, such as
banking, have special rules that may
include additional regulation or
outsourced services.
The Patriot Act is the big thing
that people reak out about, he said,
but we have a Canadian version
o the Patriot Act, which is just as
oensive.
Heres the deal: In 2001, the U.S.
Congress passed the USA PatriotAct, which expanded the powers
o law enorcement and national
security agencies to carry out in-
vestigations and obtain intelligence
in connection with anti-terrorism
investigations.
But the provisions that
have attracted the most
criticism, said Fraser,
have equivalents under
Canadian law. Regard-
less o where inormation
resides, it will always be
subject to lawul disclo-
sure to law enorcement
or national security bod-
ies. In Canada, he said,
this includes search war-
rants under the Criminal
Code o Canada and the
Canadian Security Intel-
ligence Service Act. Many European
countries also permit broader law
enorcement and national security
access to inormation than in both
the U.S. and Canada.
O course, where the data sits
can have an impact on that data. I
its in North Korea or China, its at
high risk, said Fraser. In the U.S.,
it may in some cases be signifcant,
but in most cases it wont be. How
interested would the FBI be in get-
ting their hands on that data and
would they be able to justiy getting
a subpoena? In most cases no, he
said. And i its a person o interest
they can get it in Canada .
Many people are surprised to
learn theres a secret court in the
U.S. where judges hear applications
made by Department o Justice
lawyers or search warra nts (and
other such things) and theres
nobody on the other side to oppose
those applications.We have a secret court in Cana-
da, said Fraser. We have a bunker
in Ottawa where judges hear lawyers
rom the Department o Justice and
CSIS or warrants to do things as
potentially oensive as break into
your house and install wiretap-
ping equipment. These orders can
specifcally provide or authorities to
go back in and change the batter-
ies. So people dont oten think that
Canada is engaged in these types o
cloak and dagger things, and we are.Our defnition o anti-terrorism is as
broad and oensive as the U.S.
Canadian authorities have virtu-
ally identical powers under the
Canadian Security Intelligence
Service Act, he said, which permits
secret court orders
that authorize CSIS
to intercept commu-
nications or to obtain
anything named in
the warrant.
On top o that,
Canada has a mutual
legal assistance treaty
with the U.S. (as well
as inormal agree-
ments), so i the FBI
wants data and its in
the hands o a Cana-
dian company, the FBI
calls the RCMP or CSIS. So when
you dig into it, that cross-border
issue, at least in most cases, really is
not the large issue that many people
are led to believe it is, he said, add-
ing that the Patriot Act has become
shorthand or just saying no.
Only British Columbia and Nova
Scotia have laws strictly regulating
the export o personal inormation
rom Canada by public bodies, said
Fraser. For all other jurisdictions,
including the ederal jurisdiction,
export is permitted, but the public
body must ensure a comparable
level o security or personal inor-
mation, regardless o whether its
managed by a Canadian or non-
Canadian company.
What businesses need to do is
benchmark their existing privacy
inrastructure and compare it to the
privacy inrastructure o the pro-
posed cloud provider. What are the
real risks to the data, and to privacy
and security? A lot o businesses have
signifcant existing vulnerabilities
rom insecure desktops, to playing
catch-up with security patches, to
mobile employees running around
with laptops. Or thumb drives.
Nothing is more stupid or danger-
ous, said Fraser. In a cloud model i
the computer is lost you lose nothing.
Very oten, this benchmark leans
heavily in avour o the cloud pro-
vider that has squadrons o security
people. Small businesses, in particu-
lar, are vulnerable to power outages
and basic continuity issues. A repu-
table large-scale cloud provider will
have multiple data centres, so things
will stay up and running.
One o the biggest hurdles to
widespread adoption o cloud
computing is the data concern, said
Robert Percival, a partner with
Ogilvy Renault. Where is it, what
laws govern it, and what obligations
do you have under the law? You
may have contractual issues with
customers or suppliers, or example,
or you may have legal statutory
obligations, whether thats under
PIPEDA privacy legislation or some
other applicable statute like health
privacy legislation.
As a collector o inormation,
a company is responsible under
The Patriot Act isthe big thing peoplefreak out about, but
we have a Canadianversion of which isjust as oensive. Wehave a secret courtin Canada.DAVID FRASER
MACINNIS COOPER
WATTIEZ LAROSE:It may be dicult tocustomize contractsto make themcomprehensive.
8/2/2019 Cloud Computing in Close Up_CIO Magazine
18/24
18 C L O U D C O M P U T I N G I N C L O S E - U P
UNDERSTAND THE CONTRACTS
ederal legislation or the provincial
equivalent where it exists to make
sure that when it outsources or pro-
vides a third-party service provider
with personal inormation, that
the appropriate security protectionmeasures are in place to protect that
inormation. I youre looking to use
the cloud, youve got to make sure
that service provider has the security
and inrastructure in place or you
to live up to your expectations
under the law. From a due diligence
perspective, he said, that can be
challenging to do.
Are they using capacity in China
or India where the laws may be
weaker or there are inherent risks
just because o the nature o the ju-risdiction or sensitivity o the inor-
mation? The due diligence aspects
o cloud computing and understand-
ing your risks are an important frst
step, said Percival, and its not as
easy as it sounds.
Another business concern is per-
ormance. What happens i that ser-
vice isnt available? Cloud contracts
are very skinny on commitment
in terms o service levels, he said.
Instead, they become eorts-based
and liability is limited.
Right now Im negotiating about
10 dierent cloud-type agreements
on behal o a large corporation
and we expect to negotiate all these
terms and conditions, but theyre
paying millions o dollars, he said.
Another one is much smaller, a cou-
ple thousand bucks a month were
going to try but Im not optimistic
were going to get very ar.
In order to provide that ubiqui-
tous cost-eective cloud-computing
environment you can turn on and o
on-demand, what oten gets sacri-
fced is the move to a one-size-fts-all
contract, said Percival. Theres a
real reluctance by cloud providers to
negotiate because it becomes a cost
impediment. Theyre either unable or
unwilling because o the dollar cost
to stray rom their template.
Everything is ultimately nego-
tiable, but i Im trying to contact
Google to negotiate the terms o my
Gmail account, its not going to hap-
pen, he said. But i its the ederal
government or a large corporation,
theres an ability to negotiate, or they
might at least have a chance.
For the sake o eciency, cloud
computing service providers oten
impose standard term contracts
that their clients are not at liberty to
negotiate, but which may not prop-
erly address all relevant risks. And
in a feld with little (but growing)
competition, businesses may lack the
leverage to customize their contract
to make it suciently comprehen-
sive, said Vronique Wattiez Larose,
a partner in McCarthy Ttraults
Business Law Group, who negotiates
such contracts.
This is a model thats meant to be
more agile, more exible, but dont
let that ool you rom a legal stand-
point, she said. It doesnt mean you
can orget about the legal provisions
that protect you.
For example, some regions, such
as the European Union, have strin-
gent rules concerning movement o
certain types o data across borders.
Unless they take certain steps,
organizations are prohibited rom
transerring personal inormation
to countries that do not provide the
same level o protection with respect
to personal inormation o EU resi-
dents (including the U.S.). In a cloud-
computing context, it may be dicult
to determine which countries data
will be transerred to and rom.
And this has implications or
businesses in Canada nearly hal
o small businesses here use cloud-
computing services, according to a
survey by Angus Reid and Hewlett-
Packard Co.
The biggest concern with cloud
computing contracts is not how they
address certain issues, but rather
how they ail to address others. Ourconcern as lawyers is that more oten
than not, up until now the cloud
computing contracts that we see are
incomplete in comparison to your
standard long and thick outsourcing
contract, which would be extremely
detailed, said Larose. Thats not
necessarily the case or cloud com-
puting, where at the end o the day
the concerns are quite similar.
Theres a huge element o trust
required, which is no dierent rom a
traditional outsourcing relationship,she said. The biggest dierence is
you wont necessarily be negotiating
in the same room with the guy sitting
across the table rom you. Everything
is done more remotely, so its hard to
build that trust.
Dont take or granted that what
a cloud service provider oers you
will automatically address all o
your concerns, she said, though
that should be part o any normal
due diligence process. I some o
your concerns are not addressed,
understand the risks and evaluate
whether or not you still want to move
orward.
Although the contract terms may
seem commercially reasonable, you
need to make sure that the cloud
service provider is not turning a
blind eye to something that may be
material or your organization. I the
geographical location o an organiza-
tions data is likely to tr igger export
control issues, your contract should
include prohibitions against extra-
territorial storage.
And its important to understand
how and in what ormat the data is
stored, said Larose, and what tools
are available to retrieve it should it
be required or e-discovery purposes.
Find out rom the get-go whether
or not the cloud service provider has
any ability to negotiate the contract.
The answer may be no, depending
on the business application youre
outsourcing, said Larose. You
obviously cant negotiate your Gmail.
But i its a huge contract and a key
Everything isultimately negotiable,but if Im trying to
contact Google tonegotiate the termsof my Gmail account,its not going tohappen.ROBERT PERCIVAL
OGILVY RENAULT
8/2/2019 Cloud Computing in Close Up_CIO Magazine
19/24
8/2/2019 Cloud Computing in Close Up_CIO Magazine
20/24
20 C L O U D C O M P U T I N G I N C L O S E - U P
TRAIN YOUR STAFF
Create a cloud-ready teamNew computing models
will have a huge impact onoperations, but also on the
labour market. The outlookrom ICTC
BY SHELDON POLOWIN
and templates and create business and techni-
cal workows to automate processes. This
automation could lead to net job losses in areas
such as installation, confguration, administra-
tion and maintenance. It will also, however,
create demand or proessionals trained inautomation and standardized processes.
Impact on Enterprise IT StaffCompanies that migrate services and data to
the cloud will typically require ewer in-house
IT workers to install technology and applica-
tions or link hardware and sotware. There will
also likely be ewer jobs or server and database
administrators, as well as network experts.
That said, the need or technical skills wi ll
remain. As va luable data and applications
are stored and run rom the cloud, remote
monitoring skillsets will be highly prized.And with the growing importance
o sotware as a service integration, in-
house sotware developers will have the
opportunity to evolve their skills.
For many enterprises, moving applica-
tions and data osite wont eliminate the
need or skilled IT workers, says ICTC vice-
president Norm McDevitt. Some companies
are training their IT proessionals on cloud-
based applicationssuch as Microsots
Windows Azure platormto ensure ongoing
competitiveness in the new market.
Revolution or Opportunity?Large companies need to assess the benefts
and costs o cloud computing relative to the
investments they have already made in IT
inrastructure. For the small- to mid-sized
businesses that account or 99.8 percent
o businesses in Canada and 60 percent o
employment, its the way o the
uture. IDC Canada expects
that domestic cloud computing
expenditures will jump rom
one percent o IT spending to-
day to 33 percent by 2014, with
sales quadrupling to US$758
million.
As the cloud becomes adopted
by more and more organiza-
tions, roles will shit and skills
requirements will evolve. Cloud
computing represents a real
revolution, says Paul Swinwood.
But with the right preparation
and training, IT workers can take advantage
o it and make themselves indispensable to the
ICT industry o the uture.
ICTC is unded in part by the Government o
Canadas Sector Council Program.
nCloud computing is likely tohave a signifcant impact on theICT labour orce. It will create newhuman resource requirements andcompel many workers to acquirenew skills.
Cloud computing requires an understand-
ing o traditional core technologies as well
as comprehensive knowledge spanning
dierent technology platorms. As a result,
many IT workers will likely have to broaden
their knowledge across multiple domains.
The industry is changing quickly, says
Paul Swinwood, president o the Inormation
and Communications Technology Council
(ICTC). Tomorrows IT worker will ully
straddle conventional IT silos such as storage,
networking, virtualization and security.
As with outsourcing and automation,
widespread adoption o cloud computing is
expected to shit some IT workers rom the
technical to the business side o operations.
Demand will increase in areas such as
vendor contract management, cloud inte-
gration, analytics, Internet workorce and
mobile applicationswith the strongest
SHELDON POLOWINis the senior labourmarket analyst withICTC, based in Ottawa.
growth likely occurring in storage unctions
such as archiving and data backup. New
jobs in web-scale development and virtual-
ization will very likely emerge.
Although some IT workers will be
displaced by cloud computing, those who
broaden their skills in business and new cloud
technologies will continue to be in demand.
What is also clear is that the transition to
cloud computing will aect enterprise IT sta
and service provider organizations dierently.
Impact on Service ProvidersWhile the unique attributes and require-
ments o cloud computing will transorm the
occupational structure o the IT
workorce, many current high-
value skills will be transerable to
the cloud.
IT data centre managers, or
example, may evolve into cloud
solution advisors. Proessionals
currently ocused on assem-
bling and managing application
services may become cloud
application managers. And some
practitioners may become cloud
deployment proessionalsde-
signing, deploying and maintain-
ing the technology and sotware
needed to administer the cloud. Testing and
sotware development will occur increasingly
within the cloud.
Traditional data centre workers will have to
learn to design and populate service catalogues I L L U S T R A T I O N B Y : I S T O C K P H O T O C O M / C U R V A B E Z I E R
8/2/2019 Cloud Computing in Close Up_CIO Magazine
21/24
MobiBiz is a complimentary interactive one-day
forum that explores strategic questions about
challenges and opportunities in mobile
marketing, channels and enterprise mobility.
Attendees will gain tangible insights and
practical action items to execute in their own
organizations from Canadas most innovative
mobile solutions companies.
Mobility in the enterprise is growing radically, expanding through
mobile devices, with an avalanche of new applications designed to
maximize the utility and accelerate their adoption.
Enterprises are playing catch-up to create mobile policies, extend
business applications, establish remote work policies and provide
training to users.
Organizations are exploring how to utilize marketing and channels
to create new opportunities.
Enterprises are also seeking ways to securely integrate mobileplatforms within their IT infrastructure and business processes with
significant flexibility, speed, and measured results.
USE THE EXPERTISE OF CANADAS HOTTESTMOBILITY FIRMS TO BUILD YOUR MOBILESTRATEGY.
E N T E RP R I S E : What security measures does my organization need to put
in place with increasing mobile tech and app usage?
How do I select an appropriate mobile application devel-
opment strategy?
How does cloud computing impact mobility (and vice
versa)?
C US T O ME RS :
How can I reach new customers/new markets throughmobile?
What different types and vendors of mobile devices
should my organization be considering supporting as we
use mobile as a marketing channel?
How do I measure the success or ROI of mobile tech/app
deployments?
EXPLORE MOBILE INITIATIVES. Wireless Network Outlook: From HSPA to LTE and Beyond
Mobile Payments in Canada: What are the prospects?
Serving Customers Better with Mobile Choices
Mobile Advertising Reaching the Growing Mobile
Customer Base
Mobile OS in the Enterprise: Canadian IT Manager Prefer-
ences & Outlook
Media Tablets in Canadian Business
Mobile Enterprise Application Adoption: Status and
Outlook
Canadian Mobile Worker Forecast
Scan the QR code on
your smartphone to
access the MobiBiz
website. Get the free
mobile app at
www.i-nigma.mobi
PRESENTED BY
JUNE 21, 2011TORONTO BOARD OF TRADE
PRACTICAL ANSWERS TO PROBING MOBILITY QUESTIONS
Register for your
complimentary attendence toda
http://mobibizcanada.ca
Network with Canadas mobile thought leaders. Learn practical insight on how to build
your mobile strategy, minimize challenges and capture the new opportunities.
Register to attend MobiBiz today! http://mobibizcanada.ca
PLATINUM SPONSORS GOLD SPONSORS SILVER SPONSOR
8/2/2019 Cloud Computing in Close Up_CIO Magazine
22/24
22 C L O U D C O M P U T I N G I N C L O S E - U P
The Pop Quiz
At The EndBefore you take any next steps, test your
knowledge with this assessment
http://www.keysurvey.com/survey/363049/2fca/
IT WorldCanadas CloudComputingResourceCentreExplore our comprehensive portal ofarticles, videos and expert advice thatcovers every stage of the cloud journey,from research and product/serviceevaluation through to purchasing andmanaging deployments.
http://itworldcanada.com/hub/cloudcomputing
RESOURCES VIDEOS
CLOUD PRODUCTIVITY ON YOUR TERMS
DRIVING THE KNOWLEDGE ECONOMY
CASE STUDY: STEAM WHISTLEBREWING COMPANY
8/2/2019 Cloud Computing in Close Up_CIO Magazine
23/24
What is Tech Learning Space?Tech Learning Space is a unique, online resource for busy IT
professionals who demand quality, timely and relevant continu-
ing education in IT management. Available exclusively via the In-
ternet, Tech Learning Space breaks down geographical barriers
to quality education enabling anyone with Web access to benet
from the highest standard of online teaching available.
Courses are designed and facilitated by some the most accom-
plished academics and leaders in business and IT today.
What does course delivery include? Connected learning experience through BlackBoard and Adobe
ConnectPro
Weekly conference calls with professor; available online daily to
answer questions
Practical, real-world instruction -- including business leaders
video roundtables and case studies
True class interaction, disciplined teamwork driven by deadlines
Proven techniques to improve job performance
Management Courses include: IT Strategy, Measurement and Value
Architecture Governance and Organization
Systems and Technology Delivery
Sourcing and Human Resources
Vendor Relationship Management
Project Leadership
If you are serious about improving job performance and career
development visit: www.techlearningspace.com or call877-338-6753
looking fr quality continuingeducation it management?
TECHLEARNINGSPACE
Whether you are an IT professional looking to improve your
skills, or a corporation looking for a superior education
partner Tech Learning Space has what you need
Mention this ad and receive a 10% discount towards enrolMent
springcourses
nowavailable
8/2/2019 Cloud Computing in Close Up_CIO Magazine
24/24
IcandevelopapplIcatIons
thatarelImItedonlyby
myImagInatIon.
Ihavecloudpower.
WindowsAzureisaplatformfordeveloping,deploying,andrunningapplicationsinthecloudwithvirtuallyunboundedscalability.Thatmeansnear-infinitecapacitywhenyouneedit.Itsthekindofflexibilitythatcanchangethewayyourunyourbusiness.WithWindowsAzure,inspirationcomeslessfromworst-caseplanningandmorefromyourimagination.ThatsCloudPower.
FindyourCloudPoweratMicrosoft.ca/cloud/azure
Getthefreemobileapp
athttp://gettag.mobi