Home » Cloud Computing: Fact vs Fog

Cloud Computing: Fact vs Fog

Cloud Computing: Fact versus Fog December 2010 Table of Contents Executive Summary Foundations of Cloud Computing Obstacles and Considerations Future of Cloud December 2010 | Copyright © 2010 Grail Research, LLC 2 Executive Summary Purpose “Cloud” Buzz This presentation addresses the current state of cloud computing, obstacles to business adoption, and expectations for the future. This is the first in a series of papers written by Grail Research on the topic of cloud computing and the investigation of how businesses are adapting to and taking advantage of Internet-based, on-demand computing

There's a specialist from your university waiting to help you with that essay topic for only $13.90/page Tell us what you need to have done now!


order now

News of Cloud is everywhere, and its predominance in IT is a foregone conclusion. In fact, the push to adopt Cloud has been so strong that risks inherent in this model have largely been ignored The recent economic turmoil and the promise of Cloud leading a renaissance of the tech sector are shaping the perspective and appetite for Cloud rather than the readiness of the technology itself. Cloud is a powerful tool for mobilizing data; however, there are no regulations, standards, or assurances of data protection from a technical perspective Major breaches at Google, Salesforce. om, and Amazon, have exposed the fragility of the Cloud delivery model, and the fundamental issues of data security, privacy, and standards that have yet to be addressed. Though price points gained in Cloud can be significant, businesses should weigh advantages against the hidden costs of compromised data Analyst sentiment seems to be the sole voice of reason. Principal analysts from Forrester, Gartner, and Yankee cite major security concerns with Cloud.

Hackers have also highlighted the vulnerabilities of Cloud and issued a manifesto of mayhem against it (Black Hat 2009 – Clobbering the Cloud by SensePost) Assessing your organization’s readiness for Cloud should include the evaluation of hybrid models, hybrid architectures, integration constraints, and innovative data protection methods, that will offer the best approach for business adoption Consider the direct business benefits of Cloud for your company and your individual business needs, weighing against security and privacy concerns.

In the more immediate future, look toward applications focused on innovative data protection methods, enabling organizations to utilize Public Cloud in a private manner Adoption Haste Security Risks Expert Views Opportunity Key Takeaways December 2010 | Copyright © 2010 Grail Research, LLC 3 Foundations of Cloud Computing Foundations of Cloud Computing Obstacles and Considerations Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Future of Cloud Cloud is an evolution, merging virtualization, grid, utility, and web standards “ Cloud is an evolution.

It coalesces grid, utility, virtualization and web standards into a delivery paradigm. The difference is each of these components are building blocks that solve the specific point problems of abstracted, on-demand, distributed processing – Tony Bishop (Founder and CEO, Adaptivity) I don’t think it’s a revolution as much as it’s an evolution. If you want to really say what kicked this thing off, virtualization was a big precursor to Cloud…I think “Cloud” is a little bit overused right now. I look at it as the evolution of the data center, to do more scalable processing and computing – Ping Li (Partner, Accel Partners)

Source: SysCon Website; Ars Technica Website; CIO Website December 2010 | Copyright © 2010 Grail Research, LLC 4 “ Cloud services have shifted from a year ago. We did a focus group around 12 months ago and they pretty much took the mickey out of Cloud. It was seen as unrealistic and CIOs weren’t considering it. What’s even more of a surprise is that in a short period of 12 months, we’ve seen Cloud go from a bit of a joke to a number two priority on the plate of CIOs today, and a very serious consideration that they are taking on board – Paul Harapin (Director, ComputersOff. rg and Ex-MD, Vmware) Defining Cloud Computing Definition Foundations of Cloud Computing Obstacles and Considerations Future of Cloud “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e. g. , networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. ” – Peter Mell and Tim Grance (NIST) Essential Characteristics

On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Service Delivery Models Cloud Software as a Service Cloud Development as a Service Cloud Platform as a Service Cloud Infrastructure as a Service Deployment Models Private Cloud Public Cloud Hybrid Cloud Community Cloud How Do Experts Define Cloud Computing? “ Cloud computing is an evolutionary technology because it doesn’t change the computing stack at all. It simply distributes the stacks between the service providers and the users.

It is an IT architecture with vertical services – Steve Jin (Creator of Vmware vSphere Java API) Applications/functionality delivered via Cloud: Accessible via standard Internet protocols, always available and scaled to demand, programmable interface, pay as you use, full self-service features – Chenxi Wang (Ph. D. , Principal Analyst, Forrester) Source: Sysomos Software Tool; SysCon Website; Forrester Research Website; NIST Website December 2010 | Copyright © 2010 Grail Research, LLC 5 “ The ‘Cloud’ model initially has focused on making the hardware layer consumable as on-demand computer and storage capacity.

This is an important first step, but for companies to harness the power of Cloud, complete application infrastructure needs to be easily configured, deployed, dynamically-scaled and managed in these virtualized-hardware environments – K. Sheynkman (Co-Founder, Elastra Corporation) Emerging Primary Models for Cloud Deployment Major Types of Clouds Public/ Community Cloud Internet Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Definition and Expert Views Private Cloud Dedicated to one customer/company Key Takeaways Private Cloud is more suited for organizations that need high-level security.

Though most experts believe that ‘private cloud’ is an oxymoron, others argue that the model offers better resource management to current IT managers Private Cloud Intranet/VPN1 Hybrid Cloud Intranet/VPN1 + Internet Public Cloud Made available to the general public for specific general purposes The Public Cloud model emerged as a great value proposition for SMB4 companies and startups USERS Global Share of Online Clouds 1% 12% 52% 2 Discussions4 on Types of Hybrid Cloud Integration of two or more types of Clouds (Private, Community, or Public) Public Cloud 35% Hybrid Cloud Community Cloud N= 49,7813 Community Cloud

Dedicated to a user/industry group that has shared concerns (mission, security requirements, policy, and compliance considerations) The Community Cloud model is expected to address the requirements of governments and their agencies Note: 1Virtual Private Network; 2Discussions during the period 25-Aug-2009 to 25-Aug-2010; 3N may include some articles/posts more than once, if repeated on different websites; 4Small and Medium Businesses Source: Sysomos Software Tool; CIO Website; SysCon Website; IBM X-Force: Mid-Year Trend and Risk Report December 2010 | Copyright © 2010 Grail Research, LLC 6 “ Private Cloud “

The hybrid cloud is an attractive way to take advantage of cloud computing, and It also means choice for the customers, and they can determine the adoption speed they want to go at – Tim Crawford (CIO, All Covered) “ “ Concerns for those deploying in the public cloud are factors such as the financial stability of the hosting organization and the hosting organization’s deployment policies – IBM X-Force “ “ CIOs know that what is sometimes dubbed “private cloud” does not meet their goal as it does not give them the benefits of cloud: true elasticity and capex elimination – Werner Vogels (VP and CTO, Amazon)

Some experts believe that companies are testing the waters by taking limited services on Cloud before adopting a particular cloud computing model The Hybrid Cloud model provides more flexibility than the Public Cloud model, and is less capital intensive than the Private Cloud model Cloud Computing Market Size and Growth Prospects Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Insights The cloud computing market is expected to grow at a double-digit rate in the next 5 years.

According to experts, the SaaS delivery model of cloud computing will lead the growth story. They believe that emerging countries such as India have the greatest potential for market growth, including opportunities to support outsourcing of Cloud services Cloud Market Growth USD 37. 8 Bn 2010 (26% CAGR) USD 121. 1 Bn 2015 Expert Views Key Takeaways Experts believe that SaaS will be adopted by most companies in the next few years at some level or the other, especially in content management, collaboration, document management, and customer management applications The global cloud computing market is expected to grow from $37. 8 billion in 2010 to $121. 1 billion in 2015 at a CAGR of 26. 2% from 2010 to 2015. SaaS is the largest contributor in the Cloud computing services market, accounting for 73% of the market’s revenues in 2010 – MarketsAndMarkets Report India will not only see a surge in cloud computing services but companies all over the world will look to India to support their transition to cloud computing – Steve Ballmer (CEO, Microsoft)

Note: Comment and Views include key snippets Source: IDC reports: “Worldwide Enterprise Server Cloud Computing 2010-2014 Forecast”; “Worldwide Software as a Service 2010–2014 Forecast: Software Will Never Be the Same”; MarketsAndMarkets report: “Global Cloud Computing Market 2010 – 2015” ; EconomicTimes Website December 2010 | Copyright © 2010 Grail Research, LLC “ By 2012, nearly 85% of net-new software firms coming to market will be built around SaaS service composition and delivery; by 2014, about 65% of new products from established ISVs will be delivered as SaaS services.

SaaS-derived revenue will account for nearly 26% of net new growth in the software market in 2014…– IDC Report The explosive growth in the cloud computing market will mirror greater IT globalization trends, with India leading the market in outsourced support for Cloud services It is estimated that SaaS is growing at a rate five times faster than the software market as a whole 7 “ “ We are seeing an acceleration of adoption of cloud computing and cloud services among enterprises and an explosion of supply-side activity as technology providers maneuver to exploit the growing commercial opportunity Ben Pring (VP, Gartner) Traditional IT Delivery Translated to Cloud Business Value Traditional Delivery Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Cloud-based Delivery Consumption Applications Software as a Service (SaaS) Creation Development Tools Development as a Service (DaaS) Orchestration Middleware Platform as a Service (PaaS) Infrastructure Infrastructure and Hardware Infrastructure as a Service (IaaS)

Source: R Wang and Insider Associates; A Software Insider’s Point of View–Understanding The Many Flavors of Cloud Computing and SaaS ( R “Ray” Wang, Phil Wainewright, Michael Cote, and James Governor); Forrester Report; Grail Research Analysis December 2010 | Copyright © 2010 Grail Research, LLC 8 Four Service Delivery Models Business Value Definition Expert Views Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Service Provider Application licensed to customers “SaaS is perfect for small businesses, they get the benefits of world-class infrastructure, enterprise-class features, and no capital investment.

Frankly, I’d be surprised if the SMB market doesn’t shift to a SaaS-dominated sector” – Bernard Golden (CEO, HyperStratus) “The cost of comformity is the lack of flexibility. What will you do 5 years into a True SaaS scenario when you are locked in and the vendor won’t add the feature or functionality you need? ” – R ‘Ray’ Wang (Partner, Altimeter Group) “Just as platform as a service provides enterprise IT with a new model for platforms to run applications in the cloud, development as a service provides a new model for development tools, giving developers the power to create applications for the cloud” – Marc Benioff (CEO, Salesforce. om) “I think there are going to be thousands of new platform companies — you the end user can program it” – Marc Andreesen (General Partner, Andreessen Horowitz and Cofounder & Chairman at Ning Inc. ) “The advantages of PaaS are – Complete abstraction; considerable cost savings and faster time to market ; Better security. PaaS makes developers succeed even if they are completely ‘operations blind” – K. Subramanian (CTO and Advisor, CloudsDirect) “There are shortcomings in the platform as a service model as well.

The biggest problem with PaaS may be difficulty migrating existing applications from the internal data centre to the cloud” – Tim O’Brien (Director, Platform Strategy Group, Microsoft) “Although it is not the first choice, IaaS has an obviously huge market in the enterprise because there are countless servers sitting in data centers that are prime candidates to move out to IaaS clouds, and countless more that will be needed in the coming years” – Scott Sanchez (Security and Privacy Officer, ScaleUp Cloud) “In short, IaaS and other associated services has enabled startups and other businesses to focus on their core competencies without worrying much about provisioning and management of infrastructure” – K. Subramanian (CTO and Advisor, CloudsDirect) SaaS Access through “thin client interface”, such as a web browser Set of tools and APIs provided for creating customized applications DaaS Tools provided include code editors, source control systems, and batch scripts Hosting for clientdeveloped applications PaaS Applications can be created using programming languages such as Java and .

Net Fundamental computing resources (processing, storage, network, etc. ) — to run full virtual servers Customer has control over operating system, storage, and deployed applications IaaS Note: Comments and Views include key snippets Source: NIST Working Definition of Cloud Computing; SysCon Website; The Role of Internal Audit, October 2009 (Ernst & Young); TechWorld Website; SoftwareInsider Website(R “Ray” Wang); Company Websites December 2010 | Copyright © 2010 Grail Research, LLC 9 Cloud Computing Continues to Evolve Expert Views Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Key Takeaways Requires Awareness and Clarity “ A There is still a strong need for awareness on the part of folks in the cybersecurity area about cloud computing. About 21% of those folks involved in cybersecurity, their agencies are unaware about cloud computing, and 34% of the respondents in total weren’t familiar with the cloud. That is the real key-take away that awareness around the cloud as it relates to trust and security needs to continue to be increased” – Melvin Greer (Chief Strategist, Cloud Computing, Lockheed Martin) “…the biggest security threat for cloud computing is lack of awareness about cloud security among the IT Pro’s” – Scott C. Sanchez, CISSP (Security and Privacy Officer, ScaleUp

Cloud) “Public cloud services are generally not providing as much customization as customers want, but the cloud model is gaining popularity both among users who want to sidestep their companies’ IT departments, and from small businesses that want to get out of the IT business” – Tim O’Brien (Director, Platform Strategy Group, Microsoft) “Cloud solutions won’t come in a box, nor are traditional internal IT technologies and skills apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far able to provide custom or ‘shrinkwrapped’ offerings that conform to a specific enterprise’s situation and needs” – Dana Gardner (President and Principal Analyst, Interarbor Solutions) “People are going to want to move data around, they’re going to want to ask clouds to do things for them . We don’t have any inter-cloud standards.

There’s a whole raft of research work still to be done and protocols to be designed and standards to be adopted that will allow people to manage assets” – Vint Cerf (Co-designer of the TCP/IP, VP and Chief Internet Evangelist, Google) “When customers are looking to adopt cloud services, they want services that follow highest standards, even though such services may follow better standards than their existing infrastructure” – Bernard Golden (CEO, HyperStratus) Awareness and understanding of cloud computing is limited to a small set of IT professionals B Requires Customized Solutions Requires Cloud Computing Standards There is a gap between customer requirements and existing cloud computing solutions in the market Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website December 2010 | Copyright © 2010 Grail Research, LLC 10 “ C Cloud computing is still evolving in terms of welldefined adoption/integration standards

Interest in Cloud Computing Across Geographies Share of Discussions1 on Cloud Computing 46% Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Key Takeaways Certain geographies are better suited to offer Cloud services (e. g. , those with favorable climate conditions to sustain the cooling needs of data centers) 17% 11% 9% 7% 6% 4% Rest of World Cloud technologies are dependent on uninterrupted connection to the Internet, which is not possible in all parts of the world where electricity and Internet connectivity can be sporadic The Patriot Act in the US allows the government to subpoena all data stored within the country.

This might not be acceptable to non-US-based organizations Massachusetts Breach Law protects citizens’ private information, specifying strict compliance guidelines around storage, access, and transmission of personal information which will impact how Cloud service providers handle data The EU Data Protection Directive does not allow the personal information from EU or EEA2 to be transferred to any outside country, which doesn’t adhere to the EU specified compliance mechanisms for legal data protection The “Safe Harbor” certification (developed by the US Department of Commerce and European Commission) enables US vendors to comply with the EU directive through self-certification, thereby eliminating the restriction on data transfer Expert Views “ Developing countries may be in a great position to take advantage of virtualization and cloud computing. During a recent visit to Indonesia, it was clear the government is struggling with the problem of both building a national ICT plan (Information and Communications Technology), as well as consolidating a confusing array of servers, small data centers, and dearth of policies managing the storage and protection of data” – John Savageau (President, Pacific-Tier Communications) “Each country may pass their own laws that govern the provision and use of online environments” – John Howie (Senior Director, Microsoft) “Our European customers want to make sure that their data stays in Europe. Can Amazon guarantee that?

That’s never been answered” – Ranjith Kumaran (Founder and CTO, YouSendIt) Note: 1Online discussions in English on blogs, forums, news websites, and Twitter from software tool findings across regions during the period 25-Aug-2009 to 25-Aug-2010; 2European Economic Area Source: Sysomos Software Tool; SysCon Website; CloudStorageStrategy Website; InformationLaw Group Website; Official Website of the Commonwealth of Massachusetts; lawpracticestrategy. com December 2010 | Copyright © 2010 Grail Research, LLC 11 “ Obstacles and Considerations Foundations of Cloud Computing Obstacles and Considerations Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Future of Cloud

The concept of computing resources as a utility is gaining traction among SMBs; however, the economic model offered by Cloud service providers has yet to prove its strength of scalability to enterprise customers “ “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences” – Paul Otellini (CEO, Intel) “It’s a big win for smaller companies to leverage the cloud because you are really saving a lot–it is really avoiding a large, up-front investment. Five years ago, we would have had to build out a data center and the sheer cost of that would have made it much more difficult to launch our business.

In a traditional data center, we would need an IT person to rack the system, maintain the servers, and own the hardware, So rather than hiring someone, we now have software developers that are writing on a very flexible platform that vendor maintains” – Oliver Friedrichs (CEO, Immunet) “Right90 didn’t start its business using third-party infrastructure, but the cost savings and flexibility of Cloud services beckoned. Last year, the company moved out of its data centers in Calgary, Ontario and San Francisco, California and adopted Amazon EC2 with backup to servers located at the firm’s own offices. The lack of servers to manage has freed up Right90’s IT management team” – Arthur Wong (CEO, Right90) Source: BusinessComputingWorld Website; CIO Website December 2010 | Copyright © 2010 Grail Research, LLC 12 “

Drivers of Adoption Expert Views Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Key Takeaways A Economic Downturn “ “In part, this can be explained by macroeconomic factors, The financial turbulence of the last 18 months has meant every organization has been scrutinizing every expenditure. An IT solution that can deliver functionality less expensively and with more agility (remembering that time is money) is hard to ignore against this backdrop” – Ben Pring (VP, Gartner Research) The economic downturn has forced businesses to become leaner, which in turn has fuelled the adoption of cost-effective Cloud service models B

Technology Advancements “Server technology is in the middle of a renaissance where it is driving Cloud advancements and Cloud is, in turn, changing servers. Cloud-based ‘scale issues’ will continue to change how servers and software for them are built for years to come” – Steve Ballmer (CEO, Microsoft) The success of virtualization and Internet bandwidth availability has positioned Cloud services as a potential market opportunity Demand Expectation Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod Website December 2010 | Copyright © 2010 Grail Research, LLC 13 “ C In technical terms, cloud computing offers elasticity, pay-as-you-go rather than capital-intensive investment, and no long-term resource commitments. In business terms, cloud computing means low cost of opportunity experimentation, high agility to respond to changing business conditions, and the ability to direct capital investment toward core business activities”– Bernard Golden (CEO, HyperStratus) Cloud’s on-demand model allows companies to scale up (or down) as they rapidly restructure to meet market requirements, with a pay-as-you-go model instead of taking on the capital expenses of traditional IT infrastructure Barriers to Major Adoption Insights Foundations of Cloud Computing Obstacles and Considerations Future of Cloud

Industry experts believe that there is apprehension among potential Cloud customers about security and data privacy. Other major concerns include complexity in the integration of cloud-based systems and adherence to regulatory/compliance frameworks 1 Security and Data Privacy 2 Integration with Cloud-Based Systems Expert Views 3 Regulatory and Compliance Issues “ “Security has been identified as the most significant issue associated with cloud computing adoption” – Melvin Greer (Chief Strategist, Cloud Computing for Lockheed Martin) “At this initial stage, the applications and data being processed in clouds are predominantly non-sensitive, and the Cloud services offer minimal or only generally available security.

The cloud offerings themselves are proprietary computing islands, with few standards and only limited possibilities for interoperability” – RSA (Security Division of EMC), White paper1 “I am 100 percent responsible and accountable for all technology and every shred of data that moves in and out of my company, and don’t want IT to be seen as “the say-no people”, but end users may not foresee the difficulties of meshing new products with existing technology. On-premise, we have technology standards. Nothing like that exists in the cloud. If business users adopt these things, we CIOs are challenged in IT to figure out how to integrate [them] with the rest of our world” – Don Goin (CIO, Santander Consumer) In certain cases, compliance will be impossible, It is difficult to take full responsibility for who can access data, who sees it and how it is stored, since the premise of the Cloud is that customers don’t necessarily need to know or care where their data is” – Jim Haskin (SVP, Websense inc) “There is an issue that’s looming that hasn’t really been discussed or addressed yet. That is the role of governance for companies that are consuming the services versus the role of governance for companies that are providing the services. On some level, companies are going to be both consumers and providers of cloud services” – Joe McKendrick (Independent Analyst and ZDNet Blogger) Note: 1The Role of Security in Trustworthy Cloud Computing; Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; ComputerWorld Website December 2010 | Copyright © 2010 Grail Research, LLC 14 “ Addressing Security Concerns Insights

Information Security Secure sensitive or confidential information Foundations of Cloud Computing Obstacles and Considerations Future of Cloud IT managers don’t believe that current cloud computing solutions are at par with on-premise infrastructure solutions. To address this concern, service providers need to offer: Authentication Properly identify and authenticate users before granting access to services Data Location Identify the exact physical location of information assets Independent Audits Conduct independent compliance checks on services provided Infrastructure Access Limit access to physical infrastructure where applications are deployed

Data Reliability Prevent data loss and maintain integrity Customer Apprehensions and Expert Views Key Takeaways There is lack of visibility on legal and compliance standards, and potential customers have limited clarity on where and how the data is stored, and who can access the data “ “Having core components, such as storage, compute, security, and so on, outsourced to other cloud providers could mean that your data and application processing exists across many different physical providers, and the risk of outages, compliance issues, and data leaks increases dramatically” – David Linthicum (CTO, Bick Group) (2010 Survey on participants in DEF CON) “…. elief from the hackers, that cloud vendors are not doing enough to address the security issues of their services; hackers have identified vulnerabilities in current cloud technology” – Barmak Meftah (Chief Product Officer, Fortify Software) “When vulnerabilities are detected they can be managed more rapidly and uniformly. Cloud security is able to respond to attacks more rapidly by reducing the time it takes to install patches on thousands of individual desktops or hundreds of uniquely configured on-premise servers” – Mike Bradshaw (Director, Google Federal, Google Inc. ) “Attempts to infiltrate or disrupt online service offerings grow more sophisticated as more commerce and business occurs in this venue” – John Howie (Senior Director, Microsoft)

Hackers and security experts believe that Cloud vendors are not doing enough to address identified vulnerabilities Though vendors/service providers create a buzz around their services, they may not be able to match their claims as infiltration techniques outpace readiness of Cloud technologies Note: Comment and Views include key snippets Source: Ponemon Institute Report; CSA (Cloud Security Alliance); Fortify Software Website; SysCon Website; CIO Website December 2010 | Copyright © 2010 Grail Research, LLC 15 “ ‘Clobbering the Cloud’ Hackers Issue Manifesto of Mayhem Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Insights Security analysts and hackers have demonstrated major loopholes in Cloud offerings Salesforce. com

Hackers demonstrated how they were able to circumvent controls to access restricted resources on the Force. com platform, which supports custom source code upload and execution Loophole: Ways to bypass the controls on free accounts from Force. com in addition to exploiting a bug in the CAPTCHA script “It’s possible to stitch together the free resources to produce a useable computing platform that can take advantage of the expanded resources without incurring cost to the attacker…” – SensePost Mobile Me Hackers arrived at a point where they could read Steve Wozniak’s mail and even embed JavaScript for continued access to his account and services (if they were a bit more malicious) 1Amazon

Hackers showed EC2’s vulnerability by carrying out three separate attacks: Starting numerous machines Stealing computing time/bandwidth of other users Stealing paid-for 2AMI’s Loophole: Resource theft in the Cloud sharing environment — a significant concern Loophole: Weak password reset feature and XSS vulnerability in the application “By piecing together publicly available information, we can generate a profile that is sufficiently complete for a password reset, which points to flaws within the reset process” – SensePost “We showed attacks against the Amazon EC2 platform that do not target specific weaknesses in technologies; rather the processes by which complex actions took place were abused to our benefit” – SensePost “

With the exploitation of Google BlogSpot and Mobile Me, we are again seeing two common spamming practices converge – CAPTCHA breaking techniques and exploitation of free hosted services – Mark Sunner (Chief Security Analyst, MessgeLabs) Note: 1Amazon Machine Instances Source: SensePost Website; Black Hat 2009 – Clobbering the Cloud; Grail Research Analysis December 2010 | Copyright © 2010 Grail Research, LLC 16 “ Recent Threats Validate Security Concerns Foundations of Cloud Computing Obstacles and Considerations Future of Cloud “ The security of these Cloud-based infrastructure services is like Windows in 1999. It’s being widely used and nothing tremendously bad has happened yet. But it’s just in early stages of getting exposed to the Internet, and you know bad things are coming – John Pescatore (VP, Gartner Fellow)

Jan 2010: A hacker uses the Google Street View data to stalk victims. The attacker is able to track his victim in few seconds without even using IP address information “The interesting bit is I’m not piggybacking off of the browser’s geo-location feature. I simply re-implemented the feature as a server-side tool. This way if I can obtain the user’s router’s MAC address in any way, regardless of browser, nationality, or age, I can typically determine their location and show up at their place with pizza and beer later that night“ – Samy Kamkar (Co-Founder, Fonality Inc. ) Dec 2009: Zeus botnet was spotted on Amazon’s Elastic Computing Cloud (EC2) Cloud computing network.

It was running an unauthorized command and control center: Zeus botnet enables hackers to steal login credentials, account numbers, and credit card information through the creation of fake HTML forms on banking login pages More than USD100 MM was lost in bank fraud due to Zeus botnet attacks in 2009 The hacker may have stolen the password from the desktop of a user “I think it’s more a target of opportunity than a target of choice” – Don DeBolt (Director, Threat Research, HCL technologies) July 2009: Twitter corporate and employee information was infiltrated at the top levels of the organization, including the CEO Evan Williams’ personal email.

The individual behind the attacks accessed nearly 310 documents containing confidential information belonging to Twitter. The hacker sent documentation to Tech Crunch, the elite media organization that covers tech trends, to prove the attack “It’s a message I wanted to get out to Internet users, to show them that no system is invulnerable” – Francois Cousteix (Hacker Croll, in his interview with French media on hacking the Twitter account) Source: CIO Website; Snipe Website; Sean-Barton Website; Dark Reading, Computer World blog; TechCrunch December 2010 | Copyright © 2010 Grail Research, LLC 17 “ Pros and Cons to Cloud Adoption by Company Size SMB Large Enterprises Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Expert Views PROS

Innovation flexibility at low operating expense and no capital expenditure On-demand scalability to synchronize with market dynamics Ability to access information regardless of location Allows large enterprises to focus on core business activities instead of IT infrastructure Lower cost of power, space, and data center maintenance by taking non-critical services out of data centers Risk of hardware and software obsolescence transferred to Cloud service provider “ “Companies such as AllenPort and ARC offer SMEs good software at affordable prices with the flexibility to adjust usage on an as-needed basis. The service model meets the financial needs of SMEs while protecting them from the risks of nongenuine software” – Charl Everton (Anti-Piracy Manager, Microsoft SA) They (Mid-sized companies) face rapidly changing markets and need to avoid being locked into a capital investment or any particular mode of operations.

The call option that cloud computing represents — the ability to change in the future without a penalty — is critical to a midsized company trying to succeed in a world of giant competitors and disruptive change” – Bernard Golden (CEO, HyperStratus) CONS Security, privacy, and compliance concerns Network latency hinders application performance Cost of hardware rapidly decreasing — can be a future concern Complex integration of legacy systems with Cloud systems an obstacle; needs can be greater than current Cloud capabilities Increase in security threats due to adoption of Public Cloud Legal compliance and regulatory issues if operations in multiple countries Highly skilled IT staff and sunk investments in existing hardware infrastructure may also act as a deterrent to move to Cloud I would argue, however, that if you have existing IT investment, or you have requirements that push beyond the limits of today’s cloud computing technology or business models, you should consider not choosing at all” – James Urquhart (Blog Network Author, CNET) “What holds back large companies is, in a sense, their success with the previous generation of computing. Because they could invest in the old model, they’ve now got an installed base of hardware and a large, top-notch technical staff on hand. There’s pressure on these businesses to justify the sunk cost of their hardware infrastructure, so they tend to more toward a vision of private cloud computing” – Bernard Golden (CEO, HyperStratus)

Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; ReadWriteWeb Website; PCWorld Website; MyBroadband Website December 2010 | Copyright © 2010 Grail Research, LLC 18 “ Economic Model and Hidden Cost Insights Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Cloud has been positioned as an alternative to on-premise infrastructure; however, experts believe that it is not always the most appropriate IT solution. Other factors that should be considered include cost of Internet bandwidth, third-party support, and barriers to switching Cloud service providers or changing back to a on-premise infrastructure Expert Views Economic Model Risks, such as, hardware and software technological obsolescence, are transferred; although many considerations, including security, interoperability, lock-in, business process governance, and management remain, and need to be properly evaluated” – Ray DePana (Industry Consultant, NSF1) “I believe that the future of data centers is in the cloud because companies will be drawn toward paying $10 per month on hosted Exchange services instead of spending $10,000 on an in-house implementation of Exchange Server” – Tim Crawford (CIO, All Covered) Key Takeaways Economic evaluation of Cloud adoption vs. on-premise infrastructure setup varies under different business scenarios. There should be a thorough internal due diligence on business requirements There is no widely accepted framework to assess the value proposition of various Cloud services vs. on-premise infrastructure setup The IT community is divided — whether Cloud services are a business decision or a technology decision Hidden Cost …our analysis indicates that once you’re sending over 50 gigabytes of data daily (or a terabyte a month costing you $150 on Azure, for example), it may make sense to leave the cloud and buy your own bandwidth to the Internet –you’ll probably save 50 percent of your monthly bandwidth charges” – Allan Leinwand (CTO-Infrastructure Engineering, Zynga) Bandwidth Cost: Cloud services are delivered over the Internet; Internet bandwidth usage and charges increase as resource utilization rises Third Party Support: Regulatory and compliance guidelines may require a third-party auditor or application, which will lead to additional cost and complexity Cloud Switch: Cloud computing service providers, eager to capture the market, use proprietary mechanisms to deploy applications and store data. This can lock the customer to a provider or increase complexity/cost when switching providers/infrastructures Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets Source: CIO Website; SysCon Website; GigaOM Website; CloudEco Blog; Linkedin; “Do Clouds Compute?

A Framework for Estimating the Value of Cloud Computing” by Markus Klems, Jens Nimis and Stefan Tai; SmartDataCollective Website December 2010 | Copyright © 2010 Grail Research, LLC 19 How Green is Cloud? Insights Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Experts see the potential of cloud computing for “Green IT” through efficient power consumption; however, skeptics claim that there is no comprehensive framework to assess the value proposition of “Green Cloud” Green Lining to Cloud Cloud computing providers strive to maximize the performance of their operations and can achieve higher utilization rates than in-house data centers Cloud data centers can be developed at strategic locations, or integrated with renewable sources of energy

Skepticism and Uncertainty According to a survey by Rackspace Hosting1, only 20% believe that hosted solutions play a role in making their firm greener. An additional 34% of those customers are currently trying to evaluate the efficiencies and ‘greenness’ of Cloud. As more and more enterprises opt for Cloud, data centers end up using more electricity to run computers, as well as meet back-up and cooling demands. Experts believe that Cloud companies may choose output over environmental considerations in the future • Hewlett-Packard developed a wind-cooled data center in England • Google’s data center in Saint-Ghislain, Belgium, functions without chillers

Expert Views “In theory, a shared resource like Amazon or Google’s public clouds can have higher utilization and thus greater power efficiency. Locate your cloud data center close to a green power source, like a hydro plant, and you can minimize transmission line power losses and be even greener”– Marc Hamilton (VP of Cloud Computing Sales, Sun) “I’m sure that if you were to compare a traditional data center deployment to a near exact replication in the Cloud you’d find the Cloud to be more efficient, but the problem is there currently is no way to justify this statement without some kind of data to support it” – Reuven Cohen (CTO, Enomaly Inc. “So, in a sense, the “greenness” of Cloud computing is a kind of Schroedinger’s box problem today, in which we won’t know the actual savings to the environment until someone actually observes–or measures–it” – James Urquhart (Product Marketing Manager of Cloud Computing, Cisco Systems) “Cloud doesn’t save power but displaces it. Ultimately, roughly the same power is drawn from the grid, just by different companies. So it’s no greener. Cloud is more about dealing with companyspecific issues than planetary ones” – Andy Lawrence (Research Director, 451 Group) Key Takeaways Experts maintain that Cloud is greener than individual data centers, however, there is a long road ahead in substantiating “

Cloud allows companies to scale down IT resources when demand is low, reducing their carbon footprint significantly Green cloud as a concept depends on the ability of Cloud providers to meet their increasing demands through renewable sources of energy Note: 1 Based on 167 customer responses from email Survey conducted by Rackspace Hosting globally in 2009; Comment and Views include key snippets Source: SysCon Website; ComputerWeekly Website; GreenBiz Website; Rackspace Hosting Survey Report; Greenpeace Report; CIO Website December 2010 | Copyright © 2010 Grail Research, LLC 20 “ Future of Cloud Foundations of Cloud Computing Obstacles and Considerations Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Future of Cloud

Over the last few years, start-ups and small businesses have proposed innovative solutions to mitigate the risks associated with cloud computing, and are competing with leading players in the Cloud space “ “I believe that Cloud computing is a powerful trend – the next platform shift in computing. It will profoundly change the way organizations do their computing. Proof is in the fact that major vendors like IBM, Google, and Microsoft are investing tens of billions of dollars in building out their Cloud infrastructures. Those who characterize Cloud computing as mostly hype have short memories. It was barely a decade ago that many people characterized the Internet as mostly hype” – Bernard Golden (CEO,

HyperStratus) “So, in terms of the first movers and the environment now, it’s going to look very different. Anybody who carved out some space right now and some lead in the market in Cloud shouldn’t feel too comfortable about their position, because there are companies we don’t even know about at this point, that are going to be fairly pervasive and have a lot to say about IT five years from now” – Jim Reavis (Executive Director of Cloud Security Alliance (CSA), and President, Reavis Consulting Group) “Password resetting and other security mechanisms in the Cloud are always going to be a weak link, as long as userfriendliness comes ahead of security in Cloud computing beauty stakes.

Expecting regular joes to whip out a twofactor authentication device for use with a Cloud-driven service just isn’t realistic. It’s not going to happen” – Andy Cordial (MD, Origin Storage) Source: CIO Website; NetworkWorld Website; ReadWriteWeb Website December 2010 | Copyright © 2010 Grail Research, LLC 21 “ Consolidation in the Ecosystem Increasing Cloud Focus Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Insights Established Cloud service providers have switched gears towards consolidating their present offerings due to increasing focus on Cloud in the market place “Customers are increasingly looking for ways to take advantage of the flexibility and new services in the public cloud and want to extend the ecurity and control of their private clouds to this new environment…TriCipher brings to VMware important authentication and identity technologies that will accelerate our delivery of new solutions for hybrid cloud integration and end user computing” – Brian Byun (VP & GM of Cloud Services and Applications, VMware) “TriCipher has been a pioneer in the field of identity and access management as a service, providing secure authentication and seamless single sign on access to over 3,000 public and private Web and SaaS applications…We are excited to join the VMware family and further build on our foundational technology to fulfill VMware’s cloud and end user computing vision” – John De Santis (Chairman & CEO, TriCipher) VMware delivers virtualization and cloud infrastructure solutions that enable IT organizations to energize businesses of all sizes” – VMware Website + “TriCipher offers secure cloud access management with easyto-deploy, powerful identity solutions that address today’s pressing business problems” – TriCipher Website “CA Technologies is an IT management software and solutions company with expertise across all IT environments—from mainframe and physical to virtual and cloud” – CA Website + “Arcot is the Cloud authentication leader. Its fraud prevention, strong authentication and eDocument security solutions are easily deployed, low-cost, and extremely scalable” – Arcot Website “Controlling identities and their access to information is a critical area of security.

The combination of Arcot’s software-only approach to advanced authentication and fraud prevention and our CA SiteMinder portfolio gives our customers robust and flexible options for reducing risk, supporting regulatory compliance and confidently securing business transactions” – Dave Hansen (GM, Management Products and Solutions and Security, CA Technologies) “Identity is a critical area for security whether you’re talking about in-house or the cloud, and with 120 million identities verified by our solutions today, we bring a strong, solid recurring revenue base as well as sources of new growth opportunities for CA Technologies”– Ram Varadarajan (President & CEO, Arcot Systems)

Note: Comment and Views include key snippets Source: Company Websites December 2010 | Copyright © 2010 Grail Research, LLC 22 Recent Acquisitions Is Cloud driving acquisitions? Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Insights Companies Microsoft, IBM, and Sun offer security within the operating system — Google and Amazon have security features in their apps, but Intel’s acquisition of McAfee seems to have redefined the security landscape with a potential to embed security within the chip. Some experts believe that this will lead to more secure Cloud offerings in the future Acquisition Expert Views Aug 2010: “Instead of running above OS, we have to think about using security t a lower level of the stack…I’m looking forward to one year from now when I ‘m standing before you all and we’re talking about a whole other era” – Dave DeWalt (CEO, McAfee) “The other major shift impacting Intel’s core market is the trend toward Cloud Computing, …. So the acquisition of McAfee could do three things for Intel:…It provides the capability for Intel to develop security within a cloud computing infrastructure” – Pat Clawson (Chairman & CEO, Lumension) Aug 2010: “With Fortify’s leadership in static application security analysis combined with HP’s expertise in dynamic application security analysis, organizations will have a best-inclass solution to improve the security of their applications and services” – Bill Veghte (Executive VP of Software and Solutions, HP)

Jul 2010: “With BigFix software integrated with IBM software offerings, IBM clients will be able to more easily manage and secure their PCs and laptops, a complex task as the costs and risks associated with security threats continue to grow” – Steve Robinson (GM of Security Solutions, IBM) Sep 2006: “Information security continues to dominate the spending intentions of CIO’s around the world. The battlefront in security has quickly shifted from securing the network perimeter to protecting and securing the information itself—wherever that information lives and wherever it moves” – Joe Tucci (Chairman, President & CEO, EMC) Note: Comment and Views include key snippets Source: Gigaom Website; eSecurityPlanet Website; Company Websites December 2010 | Copyright © 2010 Grail Research, LLC 23 Initiatives to Address Security Concerns Microsoft – CloudProof CloudProof has been proposed as a system to secure Cloud storage in a Microsoft Research Paper.

The system will address the issue of security by adding SLA-level guarantees, thus increasing Cloud adoptability IT identifies four key Cloud storage characteristics: confidentiality, integrity, write-serializability (ensuring data is updated in the right order), and read freshness (reads most recently updated data file). The proposed Cloud storage system, CloudProof, can detect and prove security violations to these properties The advantage is that hackers cannot gain information from encrypted data, however, they can still infer information from Cloud access patterns Foundations of Cloud Computing Obstacles and Considerations Future of Cloud

Nippon Telegraph & Telephone Corporation and Mitsubishi – Advanced Encryption Scheme Nippon Telegraph and Telephone Corporation, and Mitsubishi Electric Corporation have developed a new encryption system that provides complex and “fine-grained data transmission/access control” This scheme uses a mathematical approach called “dual pairing vector spaces” to allow confidential information access The encryption scheme is proposed to be used in cloud computing and other advanced network services to attain secure environments CloudProof will detect and prove security violations across four storage characteristics The Advanced Encryption Scheme applies advanced logic in encrypting and decrypting to provide a secure Cloud environment IBM – Homomorphic Encryption Scheme IBM is working on an encryption system that will allow the searching of data in an encrypted format “The point is to allow others to manipulate your encrypted data without revealing it to them. For example, in cloud computing you want to store your encrypted data files out on the cloud, so that you can access it from anywhere.

But you would also like to be able to search your data with some combination of keywords, then just decrypt the query results…” “The usefulness of the scheme is still limited by the fact that, as more operations are performed, successive encrypted answers degrade, becoming ‘dirty’” – Craig Gentry (Researcher, IBM) Trend Micro – SecureCloud Trend Micro has launched an encryption solution called SecureCloud This solution is provided through a single web portal and supports Vmware, Eucalyptus, and Amazon Elastic Compute Cloud SecureCloud uses key management technology and standard encryption services to provide data security and privacy to Cloud users.

Unlike other Cloud security services, the encryption keys remain exclusively with the user “Security has been one of the greatest inhibitors to Cloud Computing adoption. Now, as Cloud Computing takes shape and enterprises are starting to put data in the Cloud, security must evolve to protect and control the data” –Steve Quane (Chief Product Officer, Trend Micro – Cupertino, CA) When operational, the Homomorphic Encryption Scheme will be able to search, sort, and process encrypted data SecureCloud gives enterprises ultimate control over the data Source: Microsoft Website; Mitsubishi Electric Website; SmartTechnology Website; SysCon Website; WorldCadAccess Website; InformationManagement Website; Microsoft Research Paper Abstract (Raluca A.

Popa (MIT), Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang (Microsoft Research)) December 2010 | Copyright © 2010 Grail Research, LLC 24 Buzzing Startups Address Cloud Security Issues Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Insights Companies Some startups have adopted a hybrid methodology in their Cloud products to address concerns about security, bandwidth capacity, and reliability. This approach allows them to use various encryption methods and other proprietary ways to secure data stored on Cloud, and it also allows users to work offline with higher performance levels Product Offering Cloud-Client Concept

Data and applications are stored and run locally on the PC while instantaneously mirroring the data to Cloud. Data is encrypted prior to transmission and decrypted only upon call back CEO Joel Allen Cloud File Server Egnyte’s hybrid technology leverages the benefits of accessibility and flexibility of Cloud storage integrated with the performance of local storage ‘Direct to vault’ online technology offers an innovative way to securely store, share, backup, organize, and remotely access digital assets using one integrated solution On-premise policy server and cloud-based scanners are integrated to assure off-premise remote access security adherence The focus is to protect data where it resides.

AES encryption is used before data is sent to its online backup destination. In addition, users get an option to encrypt local disk storage Vineet Jain Cloud Content Management Program Web Service Hybrid (SWS-H) CTERA Portal™ and CloudPlug™ Dennis J. Cindrich John Vigouroux Liran Eshel Off-Premise Synchronization On-Premise Source: BusinessWeek Website; AllenPort Website; Digi-Data Website; CTERA Website; Egnyte Website; TechcrunchIT Website; M86Security Website; CRN Website December 2010 | Copyright © 2010 Grail Research, LLC 25 Business Models and Offerings will Evolve Expert Views Foundations of Cloud Computing Obstacles and Considerations Future of Cloud Key Takeaways

An ecosystem of Cloud service evaluators, aggregators, and integrators will emerge to address growing customer concerns and potential business opportunities. Cloud computing presents an opportunity to monetize open source applications/tools A Improved Compliance and Service-level Agreements “ “Some compliance requirements demand that relevant data be encrypted both at rest and in transit. Many of the cloud providers do not support that” – Chenxi Wang (Ph. D. , Principal Analyst, Forrester) “Customers will care more about service level agreements than the brand name of technology components. …Integration will emerge as the key enabler and choke point” – R. ‘Ray’ Wang (Partner, Altimeter Group) B Evolving Business Models Integrated/ Customized Service Offerings

IT managers are optimistic about Software as a Service (SaaS) being the key source of future efficiency gains “Service providers will compete not just on price, but scalability, efficiency, and SLAs” – Stephen Fosket (Recipient of Microsoft MVP award) “…Emerging Cloud based business models like gaming as a service, content driven clouds, cloud computing can help monetize open source software…” – Krishnan Subramanian (Chief Technologist/Advisor, CloudsDirect) Mid-size companies are more likely to adopt Cloud services over the next few years, especially Infrastructure as a Service (IaaS) C “Single function clouds will evolve to deliver a suite of service offerings to their clients or be acquired by others providing multiple cloud service offerings, as clients will not want to manage an endless stream of cloud service providers for every workload they outsource” – Ray DePana (Industry Consultant, NSF1) “From a strategic differentiation point of view, organizations must enhance product offerings with services, improve the customer experience with loyalty top of mind, and tailor personalized experiences that support self-service options and mobility” – R. ‘Ray’ Wang (Partner, Altimeter Group)

Potential customers will be more concerned about flexibility, control, and growth from cloud computing services, rather than security By 2012, cloud computing is predicted to gain widespread acceptance with corporate data centers as 20% of businesses globally are expected to own no IT assets Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets Source: SoftwareInsider Website; Ulitzer Website; GestaltIt Website ;Forrester Report; SysCon Website; InfoWorld Website, Gartner Report; LinkedIn December 2010 | Copyright © 2010 Grail Research, LLC 26 “ Cloud – The Way Ahead? Foundations of Cloud Computing Obstacles and Considerations Future of Cloud

The evolution of Cloud marks a fundamental shift in our relationship with electronic assets and our access to that data and information The Cloud offers great promise; however, companies seeking to implement cloud-based applications have concerns about the security and privacy of public cloud providers. Until providers offer sufficient clarity and assurance on these topics, their customers will implement data protection and security methods on their own which enable them to overlay a private cloud functionality on top of the public cloud offering1 Hybrid architectures that offer encryption of data at the local or client level, prior to transmission to the Cloud may offer a path forward for business consumption, thereby combining the best of on-premise functionality with that of hosted solutions for these on-demand services

If you are evaluating a Cloud initiative, always assess your company’s readiness, measuring the cost and benefit for your business within the context of the competitive landscape. Consider: What are the direct business benefits of Cloud for my company? Why would I ‘rent’ rather than ‘own’? Will a Cloud solution support my business needs, or am I losing functionality for a perceived price benefit? How does my solution provider’s roadmap align with my business needs? How are my Cloud solution providers establishing standards and maintaining the security and privacy of my information and by extension, my clients’ information? What are my competitors doing in this space? Are they pursuing private, public, or hybrid initiatives? Note: 1Grail interviews with Bernard Golden (CEO, HyperStratus); Chenxi Wang (Ph. D. Principal Analyst, Forrester) Source: Grail Research Analysis December 2010 | Copyright © 2010 Grail Research, LLC 27 For More Information Contact: Jocelyn DeGance Graham ([email protected] com) About the Author Jocelyn DeGance Graham – Named by United Business Media’s CRN as one of the 100 most influential women in IT, Jocelyn currently leads the Grail Research Cloud Center of Excellence and Cloud research practice. Jocelyn has deep expertise in the areas of marketing, communications and research and has spent the majority of her career advising Fortune 100 companies including Hewlett-Packard, Intuit, and Arthur Andersen on strategic emerging technology decisions.

Prior to joining Grail Research, Jocelyn directed the marketing program for an award winning Cloud startup which was recognized by Gartner as one of the ‘Coolest Emerging Technologies’ of 2010. She holds a Master’s degree in Industrial/Organizational Psychology and a Bachelor’s degree from University of California, Santa Barbara. December 2010 | Copyright © 2010 Grail Research, LLC Copyright © 2010 by Grail Research, LLC No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means — electronic, mechanical, photocopying, recording, or otherwise — without the permission of Grail Research, LLC 28

x

Hi!
I'm Sophie Gosser!

Would you like to get such a paper? How about receiving a customized one?

Check it out