NASA Flunked Its Cloud Computing Audit: Are You Next?

Renee Murphy

Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. And, as someone who has read NASA’s risk management program (and the 600 pages of supporting documentation), I can say that this wasn’t a failure of risk management policy or procedure effectiveness.  Clearly, this was a failure of third-party risk management’s monitoring and review of cloud services.  

The Cloud Is Nebulous

Back in 2009, NASA pioneered cloud technology with a shipping container-based public cloud technology project named Nebula -- after the stellar cloud formation. (I love nerd humor, don’t you?)

Photo Source: NASA

During 2009, NASA, to determine if current cloud provider service offerings had matured enough to support the Nebula environment, did a study. The study proved that commercial cloud services had, in fact, become cheaper and more reliable than Nebula. NASA, as a result of the study, moved more than 140 applications to the public sector cloud environment.

In October of 2010, Congress had committee hearings on cybersecurity and the risk associated with cloud adoption.  But remember, NASA had already moved its noncritical data (like www.nasa.gov or the daily video feeds from the international space station, that are edited together and packaged as content for the NASA website) to the public cloud in 2009.  Before anyone ever considered the rules for such an adoption of these services.

Audit Recommendations

Read more

Adobe proves that the cloud is good for IT Ops

James Staten

Adobe Systems is a pioneer and fast mover in the public cloud and in so doing is showing that there is nothing for infrastructure & operations professionals (IT Ops) to fear about this move. Instead, as they put it, the cloud gives their systems administrators (sysadmins) super powers ala RoboCop.

RoboCop 2014This insight was provided by Fergus Hammond, a senior manager in Adobe Cloud Services, in an analyst webinar conducted by Amazon Web Services (AWS) last month.  Hammond (no relation to Forrester VP and principal analyst Jeffrey Hammond) said that Adobe was live on AWS in October 2011, just 8 months after its formal internal decision to use the public cloud platform for its Adobe Creative Cloud. Prior to this there were pockets of AWS experience across various product teams but no coordinated, formal effort as large or strategic as this.

Read more

Forget IaaS vs. PaaS: Devs Adopting Cloud Services Now

Jeffrey Hammond

I get a lot of questions about the best way for developers to move to the cloud. That’s a good thing, because trying to forklift your existing applications as is isn’t a recipe for success. Building elastic applications requires a focus on statelessness, atomicity, idempotence, and parallelism — qualities that are not often built into traditional “scale-up” applications. But I also get questions that I think are a bit beside the point, like “Which is better: infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS)?” My answer: "It depends on what you’re trying to accomplish, your teams’ skills, and how you like to consume software from ISVs.” That first question is often followed up by a second: “Who’s the leader in the public cloud space?” It’s like asking, “Who's the leading car maker?” There’s a volume answer and there’s a performance answer. It’s one answer if you like pickups, and it’s a different answer if you want an EV. You have to look at your individual needs and match the capabilities of the car and its “ilities” to those needs. That’s how I think we’re starting to see developer adoption of cloud services evolve, based around the capabilities of individual services — not the *aaS taxonomy that we pundits and vendors apply to what’s out there. This approach to service-based adoption is reflected in data from our Forrsights Developer Survey, Q1 2013, so I've chosen publish some of it today to illustrate the adoption differences we see from service to service. 

Read more

Where BI Falls Short: Taking A Singular Point Of View

James Staten

There is a reason the phrase, “beauty is in the eye of the beholder,” has held significance and power in our society for so many generations. And in that phrase is a lesson for all of us about business analysis. The power of different points of view examining a given set of inputs is key to truly understanding what lies before us and seeing the new possibilities and different threats looming.

Sit silently in a museum listening to the patrons take in just a single painting and within a day you will hear a hundred different insights, many of which you didn’t see before. Insights that show you things in that artwork you never would have seen, such as the way greens and reds are mixed to create hues that don’t invoke their origins, the style of brushstrokes used that convey depth and how a pattern viewed up close can be very different than the whole. So much insight doesn’t stem from the painting but from the varied experiences, backgrounds, cultures and histories the observers bring with them. The same is true in data analysis. It’s through different points of view that something can be fully analyzed. Each person brings their varied experiences (their data) to the analysis.

As businesses we tend not to sit silently and take in what others see about ourselves and our data. We tend not to expose our data at all to our partners, trusted third parties or potential collaborators (like our customers) and by not doing so, they cannot combine their data with ours and uncover things we cannot see. As a result, we cannot see the broader picture. And this leads to bad business decisions based on a myopic point of view.

Read more

You can learn from the clouds but you can’t compete

James Staten

If you want to be the best in data center operations you are right to benchmark yourself against the cloud computing leaders – just don’t delude yourself into thinking you can match them.

In our latest research report, Rich Fichera and I updated a 2007 study that looked at what enterprise infrastructure leaders could learn from the best in the cloud and hosting market. We found that while they may have greater buying power, deeper IT R&D and huge security teams, many of their best practices apply to a standard enterprise data center – or at least part of it.

There are several key differences between you and the cloud leaders, many of which are detailed in the table below. Perhaps the starkest however is that for the clouds, they are the product. And that means they get budgetary priority and R&D attention that I&O leaders in the enterprise can only dream about.

Some key differences between Clouds, hosters and you

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Read more

The Cost of PRISM Will Be Larger Than ITIF Projects

James Staten

Earlier this month The Information Technology & Innovation Foundation (ITIF) published a prediction that the U.S. cloud computing industry stands to lose up to $35 billion by 2016 thanks to the National Security Agency (NSA) PRISM project, leaked to the media in June. We think this estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe. That is, if you believe the assumption that government spying is more a concern than the business benefits of going cloud.

Having read through the thoughtful analysis by Daniel Castro at ITIF, we commend him and this think tank on their reasoning and cost estimates. However the analysis really limited the impact to the actions of non-US corporations. The high-end figure, assumes US-based cloud computing providers would lose 20% of the potential revenues available from the foreign market. However we believe there are two additional impacts that would further be felt from this revelation:

1. US customers would also bypass US cloud providers for their international and overseas business - costing these cloud providers up to 20% of this business as well.

2. Non-US cloud providers will lose as much as 20% of their available overseas and domestic opportunities due to other governments taking similar actions.

Let's examine these two cases in a bit more detail.

Read more

Are Cloud Developers Really That Different? Yes.

James Staten

To an IT leader a cloud developer can easily look like the enemy. They don't do what you say, they cause havoc by circumventing your IT rules and building new services and capabilities on public cloud platforms and seem to take orders not from you but from the business unit. Are these perceptions reality? Well, according to the 2013 Forrester ForrSights Developer Survey, yes. But they are also some of your most productive, happy and loyal developers too.

The survey shows that less than a quarter of all enterprise developers are using cloud platforms today. Examining the first movers, as self-identified in this survey, we found significant differences in the behavior, attitude and reporting structure of these members of your IT team. Cloud developers are risk takers who are empowered, more comfortable with open source technologies, building the new systems of engagement and tend to be happier in their work. They aren't just experimenting either; they are putting applications into production on the public cloud platforms and are doing so with traditional programming languages via agile, modern application designs. Forrester clients can now download a toolkit report providing a snapshot view of the data from this compelling survey (in Microsoft PowerPoint and PDF formats) that shows what distinguishes these developers from the pack.

Read more

Vendors: Read On To Understand Your Partners' Issues With Cloud

Peter O'Neill

 

Peter O'Neill here with some observations about cloud computing and channel partners. While cloud computing has been a boon for the tech industry in general, for channel partners the story is different. Channel partners have to deal with shrinking product margins, skills shortages, and new competitor types (including tech vendors themselves!). 

And the funny thing is: many vendors still haven’t internalized what predicament their partners are in. How else can you explain Microsoft executives berating their partners that “only 2% of you are in the cloud business” at their recent Worldwide Partner Conference – and then adding insult to injury by suggesting calmly that the partners could host future customer visits in Microsoft Stores, where they can see those MS cloud products (I count the Surface tablet in that list) they cannot even sell!

Forrester Principal Analyst Tim Harmon and myself are discussing these issues almost every day with technology vendors; in fact with B2B vendors in general, because cloud computing is affecting every sector now (including insurance, health care, etc.). Channel partners are changing their business model stripes — in myriad directions, and oftentimes as ungrounded "experiments."

In our new Forrester report, “The Shape-Shifting Tech Industry Channel Ecosystem”, we write about how the successful channel partners of the future will be those that operate under a hybrid business model umbrella, combining on-premises and cloud delivery, and IT and business value.

Read more

What the CIA Cloud Does and Doesn't Tell Us

James Staten

Much has been written about the US Government Central Intelligence Agency's award of its private cloud business to Amazon Web Services and the subsequent protest and government ruling on this award, but much of the coverage leaves out a few pertinent and key facts. Let's look at the key questions being debated about this proposed contract:

Q: Is this a private cloud? AWS said it doesn't believe in private clouds.

A: Yes, despite AWS' protests to the contrary, this is a private cloud. According to the documents that have thus far been made public from this proposal, the CIA is looking for a cloud service (an Infrastructure as a Service) offered on a dedicated set of resources isolated to a specific customer and deployed on CIA-owned resources from within a government owned and operated facility. 

Q: Would this be AWS' first private cloud?

A: Yes and no. Yes, it would be the first implementation of the AWS services atop a customer-owned infrastructure and facility asset base. But no, it would not be the first time AWS has delivered an isolated environment offering its services. AWS's GovCloud is also a private cloud for the greater US Government. FedCloud is operated from an AWS-owned facility on AWS owned assets.

Q: Is this a community cloud? What's the difference between that and a private cloud?

Read more

Intel Lays Out Future Data Center Strategy - Serious Focus on Emerging Opportunities

Richard Fichera

Yesterday Intel had a major press and analyst event in San Francisco to talk about their vision for the future of the data center, anchored on what has become in many eyes the virtuous cycle of future infrastructure demand – mobile devices and “the Internet of things” driving cloud resource consumption, which in turn spews out big data which spawns storage and the requirement for yet more computing to analyze it. As usual with these kinds of events from Intel, it was long on serious vision, and strong on strategic positioning but a bit parsimonious on actual future product information with a couple of interesting exceptions.

Content and Core Topics:

No major surprises on the underlying demand-side drivers. The the proliferation of mobile device, the impending Internet of Things and the mountains of big data that they generate will combine to continue to increase demand for cloud-resident infrastructure, particularly servers and storage, both of which present Intel with an opportunity to sell semiconductors. Needless to say, Intel laced their presentations with frequent reminders about who was the king of semiconductor manufacturingJ

Read more