Successfully reported this slideshow.

2010 grail research_cloud_computing


Published on

Published in: Technology, Business
  • Be the first to comment

2010 grail research_cloud_computing

  1. 1. Cloud Computing: Fact versus FogDecember 2010
  2. 2. Table of Contents  Executive Summary  Foundations of Cloud Computing  Obstacles and Considerations  Future of CloudDecember 2010 | Copyright © 2010 Grail Research, LLC 2
  3. 3. Executive Summary This presentation addresses the current state of cloud computing, obstacles to business adoption, and expectations for Purpose the future. This is the first in a series of papers written by Grail Research on the topic of cloud computing and the investigation of how businesses are adapting to and taking advantage of Internet-based, on-demand computing News of Cloud is everywhere, and its predominance in IT is a foregone conclusion. In fact, the push to adopt “Cloud” Buzz Cloud has been so strong that risks inherent in this model have largely been ignored The recent economic turmoil and the promise of Cloud leading a renaissance of the tech sector are shaping the perspective and appetite for Cloud rather than the readiness of the technology itself. Cloud is a powerful tool for Adoption Haste mobilizing data; however, there are no regulations, standards, or assurances of data protection from a technical perspective Major breaches at Google,, and Amazon, have exposed the fragility of the Cloud delivery model, and the fundamental issues of data security, privacy, and standards that have yet to be addressed. Though price Security Risks points gained in Cloud can be significant, businesses should weigh advantages against the hidden costs of compromised data Analyst sentiment seems to be the sole voice of reason. Principal analysts from Forrester, Gartner, and Yankee Expert Views cite major security concerns with Cloud. Hackers have also highlighted the vulnerabilities of Cloud and issued a manifesto of mayhem against it (Black Hat 2009 – Clobbering the Cloud by SensePost) Assessing your organization’s readiness for Cloud should include the evaluation of hybrid models, hybrid Opportunity architectures, integration constraints, and innovative data protection methods, that will offer the best approach for business adoption Consider the direct business benefits of Cloud for your company and your individual business needs, weighing Key Takeaways against security and privacy concerns. In the more immediate future, look toward applications focused on innovative data protection methods, enabling organizations to utilize Public Cloud in a private mannerDecember 2010 | Copyright © 2010 Grail Research, LLC 3
  4. 4. Foundations Obstacles and of Cloud Future of Cloud Considerations Foundations of Cloud Computing Computing Foundations of Obstacles and Cloud Computing Considerations Future of Cloud Cloud is an evolution, merging virtualization, grid, utility, and web standards “ Cloud is an evolution. It coalesces grid, utility, virtualization and web standards into a delivery paradigm. The difference is each of these components are building blocks that solve the specific point problems of abstracted, on-demand, distributed processing – Tony Bishop (Founder and CEO, Adaptivity) I dont think its a revolution as much as its an evolution. If you want to really say what kicked this thing off, virtualization was a big precursor to Cloud…I think “Cloud" is a little bit overused right now. I look at it as the evolution of the data center, to do more scalable processing and computing – Ping Li (Partner, Accel Partners) Cloud services have shifted from a year ago. We did a focus group around 12 months ago and they pretty much took the mickey out of Cloud. It was seen as unrealistic and CIOs weren’t considering it. What’s even more of a surprise is that in a short period of 12 months, we’ve seen Cloud go from a bit of a joke to a “ number two priority on the plate of CIOs today, and a very serious consideration that they are taking on board – Paul Harapin (Director, and Ex-MD, Vmware) Source: SysCon Website; Ars Technica Website; CIO WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 4
  5. 5. Foundations Obstacles and of Cloud Future of Cloud Considerations Defining Cloud Computing Computing “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable Definition computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” – Peter Mell and Tim Grance (NIST) Essential Characteristics Service Delivery Models Deployment Models  On-demand Self-Service  Cloud Software as a Service  Private Cloud  Broad Network Access  Cloud Development as a Service  Public Cloud  Resource Pooling  Cloud Platform as a Service  Hybrid Cloud  Rapid Elasticity  Cloud Infrastructure as a Service  Community Cloud How Do Experts Define Cloud Computing? “ Cloud computing is an evolutionary technology because it doesn’t change the computing stack at all. It simply distributes the stacks between the service providers and the users. It is an IT architecture with vertical services – Steve Jin (Creator of Vmware vSphere Java API) Applications/functionality delivered via Cloud: Accessible via standard Internet protocols, always available and scaled to demand, programmable interface, pay as you use, full self-service features – Chenxi Wang (Ph.D., Principal Analyst, Forrester) The ‘Cloud’ model initially has focused on making the hardware layer consumable as on-demand computer and storage capacity. This is an important first step, but for companies to harness the power of Cloud, complete application infrastructure needs to be easily configured, deployed, dynamically-scaled and managed in these virtualized-hardware “ environments – K. Sheynkman (Co-Founder, Elastra Corporation) Source: Sysomos Software Tool; SysCon Website; Forrester Research Website; NIST WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 5
  6. 6. Foundations Obstacles and of Cloud Future of Cloud Considerations Emerging Primary Models for Cloud Deployment Computing Major Types of Clouds Definition and Expert Views Key Takeaways Private Cloud Public/ Dedicated to one customer/company Private Cloud is more suited for Private Hybrid Community organizations that need high-level Cloud Cloud Intranet/VPN1 Cloud Internet Intranet/VPN1 “ CIOs know that what is sometimes dubbed "private cloud" does not meet their goal as it does not give them the benefits of cloud: true elasticity and capex “ security. Though most experts believe that ‘private cloud’ is an oxymoron, others argue that the model offers + Internet elimination – Werner Vogels (VP and CTO, Amazon) better resource management to current IT managers Public Cloud Made available to the general public for specific general purposes The Public Cloud model emerged as a great value proposition for SMB4 USERS “ Concerns for those deploying in the public cloud are factors such as the financial stability of the hosting organization and the hosting organization’s deployment “ companies and startups policies – IBM X-Force Some experts believe that companies Global Share of Online Discussions4 2 on Types of are testing the waters by taking limited Hybrid Cloud services on Cloud before adopting a Clouds Integration of two or more types of Clouds (Private, particular cloud computing model Community, or Public) 1% 12% Private Cloud Public Cloud “ The hybrid cloud is an attractive way to take advantage of cloud computing, and It also means choice for the customers, and they can determine the adoption speed “ The Hybrid Cloud model provides more flexibility than the Public Cloud model, and is less capital intensive they want to go at – Tim Crawford (CIO, All Covered) Hybrid Cloud than the Private Cloud model 35% 52% Community Cloud Community Cloud Dedicated to a user/industry group that has shared The Community Cloud model is N= 49,7813 concerns (mission, security requirements, policy, expected to address the requirements and compliance considerations) of governments and their agencies Note: 1Virtual Private Network; 2Discussions during the period 25-Aug-2009 to 25-Aug-2010; 3N may include some articles/posts more than once, if repeated on different websites; 4Small and Medium Businesses Source: Sysomos Software Tool; CIO Website; SysCon Website; IBM X-Force: Mid-Year Trend and Risk ReportDecember 2010 | Copyright © 2010 Grail Research, LLC 6
  7. 7. Cloud Computing Foundations Obstacles and of Cloud Future of Cloud Considerations Computing Market Size and Growth Prospects The cloud computing market is expected to grow at a double-digit rate in the next 5 years. According to experts, the Insights SaaS delivery model of cloud computing will lead the growth story. They believe that emerging countries such as India have the greatest potential for market growth, including opportunities to support outsourcing of Cloud services Cloud Market Growth USD 37.8 Bn USD 121.1 Bn “ We are seeing an acceleration of adoption of cloud computing and cloud services among enterprises and an explosion of supply-side activity as technology providers maneuver to exploit the growing commercial opportunity “ – Ben Pring (VP, Gartner) 2010 (26% CAGR) 2015 Expert Views Key Takeaways“ The global cloud computing market is expected to grow from $37.8 billion in 2010 to $121.1 billion in 2015 at a CAGR of 26.2% from 2010 to 2015. SaaS is the largest contributor in the Cloud computing services market, accounting for 73% of the markets revenues in 2010 – MarketsAndMarkets Report Experts believe that SaaS will be adopted by most companies in the next few years at some level or the other, especially in content management, collaboration, document management, and customer management applications India will not only see a surge in cloud computing services but companies all over the world will look to India to support their The explosive growth in the cloud computing market will mirror transition to cloud computing – Steve Ballmer (CEO, Microsoft) greater IT globalization trends, with India leading the market in outsourced support for Cloud services By 2012, nearly 85% of net-new software firms coming to market will be built around SaaS service composition and delivery; by 2014, about 65% of new products from established ISVs will be delivered as SaaS services. SaaS-derived revenue will account “ It is estimated that SaaS is growing at a rate five times faster than for nearly 26% of net new growth in the software market in the software market as a whole 2014…– IDC Report Note: Comment and Views include key snippets Source: IDC reports: “Worldwide Enterprise Server Cloud Computing 2010-2014 Forecast”; “Worldwide Software as a Service 2010–2014 Forecast: Software Will Never Be the Same”; MarketsAndMarkets report: “Global Cloud Computing Market 2010 – 2015” ; EconomicTimes WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 7
  8. 8. Foundations Obstacles and of Cloud Future of Cloud Considerations Traditional IT Delivery Translated to Cloud Computing Business Value Traditional Delivery Cloud-based Delivery Consumption Applications Software as a Service (SaaS) Creation Development Tools Development as a Service (DaaS) Orchestration Middleware Platform as a Service (PaaS) Infrastructure Infrastructure and Hardware Infrastructure as a Service (IaaS) Source: R Wang and Insider Associates; A Software Insider’s Point of View–Understanding The Many Flavors of Cloud Computing and SaaS ( R "Ray" Wang, Phil Wainewright, Michael Cote, and James Governor); Forrester Report; Grail Research AnalysisDecember 2010 | Copyright © 2010 Grail Research, LLC 8
  9. 9. Foundations Obstacles and of Cloud Future of Cloud Considerations Four Service Delivery Models Computing Business Definition Expert Views Service Provider Value “SaaS is perfect for small businesses, they get the benefits of world-class infrastructure,  Application licensed to enterprise-class features, and no capital investment. Frankly, Id be surprised if the SMB market customers doesnt shift to a SaaS-dominated sector” – Bernard Golden (CEO, HyperStratus) SaaS  Access through “thin “The cost of comformity is the lack of flexibility. What will you do 5 years into a True SaaS scenario client interface”, such when you are locked in and the vendor won’t add the feature or functionality you need?” – R Ray as a web browser Wang (Partner, Altimeter Group)  Set of tools and APIs “Just as platform as a service provides enterprise IT with a new model for platforms to run provided for creating applications in the cloud, development as a service provides a new model for development tools, customized applications giving developers the power to create applications for the cloud” – Marc Benioff (CEO, DaaS  Tools provided include code editors, source “I think there are going to be thousands of new platform companies -- you the end user can control systems, and program it” – Marc Andreesen (General Partner, Andreessen Horowitz and Cofounder & batch scripts Chairman at Ning Inc.) “The advantages of PaaS are - Complete abstraction; considerable cost savings and faster time to  Hosting for client- market ; Better security. PaaS makes developers succeed even if they are completely ‘operations developed applications blind” – K. Subramanian (CTO and Advisor, CloudsDirect) PaaS  Applications can be created using “There are shortcomings in the platform as a service model as well. The biggest problem with programming languages PaaS may be difficulty migrating existing applications from the internal data centre to the cloud” – such as Java and .Net Tim OBrien (Director, Platform Strategy Group, Microsoft)  Fundamental computing “Although it is not the first choice, IaaS has an obviously huge market in the enterprise because resources (processing, there are countless servers sitting in data centers that are prime candidates to move out to IaaS storage, network, etc.) — clouds, and countless more that will be needed in the coming years” – Scott Sanchez (Security IaaS to run full virtual servers and Privacy Officer, ScaleUp Cloud)  Customer has control over operating system, “In short, IaaS and other associated services has enabled startups and other businesses to focus storage, and deployed on their core competencies without worrying much about provisioning and management of applications infrastructure” – K. Subramanian (CTO and Advisor, CloudsDirect) Note: Comments and Views include key snippets Source: NIST Working Definition of Cloud Computing; SysCon Website; The Role of Internal Audit, October 2009 (Ernst & Young); TechWorld Website; SoftwareInsider Website(R "Ray" Wang); Company WebsitesDecember 2010 | Copyright © 2010 Grail Research, LLC 9
  10. 10. Foundations Obstacles and of Cloud Future of Cloud Considerations Cloud Computing Continues to Evolve Computing Expert Views Key Takeaways “ “There is still a strong need for awareness on the part of folks in the cybersecurity area about cloud computing. About 21% of those folks involved in cybersecurity, their agencies A Requires are unaware about cloud computing, and 34% of the respondents in total werent familiar with the cloud. That is the real key-take away that awareness around the cloud as it relates to trust and security needs to continue to be increased” – Melvin Greer (Chief Strategist, Cloud Computing, Lockheed Martin) Awareness and understanding of cloud computing is limited to a small set of IT Awareness professionals “…the biggest security threat for cloud computing is lack of awareness about cloud security and Clarity among the IT Pros” – Scott C. Sanchez, CISSP (Security and Privacy Officer, ScaleUp Cloud) “Public cloud services are generally not providing as much customization as customers B want, but the cloud model is gaining popularity both among users who want to sidestep their companies IT departments, and from small businesses that want to get out of the IT There is a gap between business” – Tim OBrien (Director, Platform Strategy Group, Microsoft) customer requirements and "Cloud solutions wont come in a box, nor are traditional internal IT technologies and skills existing cloud computing Requires apt to seamlessly spin up mission-ready cloud services. Neither are cloud providers so far solutions in the market Customized able to provide custom or ‘shrinkwrapped offerings that conform to a specific enterprises Solutions situation and needs” – Dana Gardner (President and Principal Analyst, Interarbor Solutions) “People are going to want to move data around, theyre going to want to ask clouds to do C Requires Cloud things for them . We dont have any inter-cloud standards. Theres a whole raft of research work still to be done and protocols to be designed and standards to be adopted that will allow people to manage assets” – Vint Cerf (Co-designer of the TCP/IP, VP and Chief Internet Evangelist, Google) “ Cloud computing is still evolving in terms of well- defined adoption/integration “When customers are looking to adopt cloud services, they want services that follow standards Computing highest standards, even though such services may follow better standards than their Standards existing infrastructure” – Bernard Golden (CEO, HyperStratus) Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 10
  11. 11. Foundations Obstacles and of Cloud Future of Cloud Considerations Interest in Cloud Computing Across Geographies Computing Share of Discussions1 on Cloud Computing Key Takeaways 46% Certain geographies are better suited to offer Cloud services (e.g., those with favorable climate conditions to sustain the cooling needs of data centers) 17% 11% Cloud technologies are dependent on uninterrupted connection to the 9% 7% 6% 4% Internet, which is not possible in all parts of the world where electricity and Internet connectivity can be sporadic Rest of World The Patriot Act in the US allows the government to subpoena all data stored within the country. This might not be acceptable to non-US-based Expert Views organizations“ “Developing countries may be in a great position to take advantage of virtualization and cloud computing. During a recent visit to Indonesia, it was clear the government is struggling with the problem of both building a national ICT plan (Information and Communications Technology), as well as Massachusetts Breach Law protects citizens’ private information, specifying strict compliance guidelines around storage, access, and transmission of personal information which will impact how Cloud service providers handle data consolidating a confusing array of servers, small data centers, and dearth of policies managing the storage and protection of data” – John Savageau The EU Data Protection Directive does not allow the personal (President, Pacific-Tier Communications) information from EU or EEA2 to be transferred to any outside country, which doesn’t adhere to the EU specified compliance mechanisms for “Each country may pass their own laws that govern the provision and use of legal data protection online environments” – John Howie (Senior Director, Microsoft) “  The “Safe Harbor” certification (developed by the US Department of “Our European customers want to make sure that their data stays in Europe. Commerce and European Commission) enables US vendors to Can Amazon guarantee that? That’s never been answered” – Ranjith comply with the EU directive through self-certification, thereby Kumaran (Founder and CTO, YouSendIt) eliminating the restriction on data transfer Note: 1Online discussions in English on blogs, forums, news websites, and Twitter from software tool findings across regions during the period 25-Aug-2009 to 25-Aug-2010; 2European Economic Area Source: Sysomos Software Tool; SysCon Website; CloudStorageStrategy Website; InformationLaw Group Website; Official Website of the Commonwealth of Massachusetts; lawpracticestrategy.comDecember 2010 | Copyright © 2010 Grail Research, LLC 11
  12. 12. Foundations Obstacles and of Cloud Future of Cloud Considerations Obstacles and Considerations Computing Foundations of Obstacles and Cloud Computing Considerations Future of Cloud The concept of computing resources as a utility is gaining traction among SMBs; however, the economic model offered by Cloud service providers has yet to prove its strength of scalability to enterprise customers “ “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences” – Paul Otellini (CEO, Intel) “It’s a big win for smaller companies to leverage the cloud because you are really saving a lot–it is really avoiding a large, up-front investment. Five years ago, we would have had to build out a data center and the sheer cost of that would have made it much more difficult to launch our business. In a traditional data center, we would need an IT person to rack the system, maintain the servers, and own the hardware, So rather than hiring someone, we now have software developers that are writing on a very flexible platform that vendor maintains” – Oliver Friedrichs (CEO, Immunet) “Right90 didn’t start its business using third-party infrastructure, but the cost savings and flexibility of Cloud services beckoned. Last year, the company moved out of its data centers in Calgary, Ontario and San “ Francisco, California and adopted Amazon EC2 with backup to servers located at the firm’s own offices. The lack of servers to manage has freed up Right90’s IT management team” – Arthur Wong (CEO, Right90) Source: BusinessComputingWorld Website; CIO WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 12
  13. 13. Foundations Obstacles and of Cloud Future of Cloud Considerations Drivers of Adoption Computing Expert Views Key Takeaways “ “In part, this can be explained by macroeconomic factors, The financial turbulence A The economic downturn has of the last 18 months has meant every organization has been scrutinizing every forced businesses to become expenditure. An IT solution that can deliver functionality less expensively and with leaner, which in turn has fuelled more agility (remembering that time is money) is hard to ignore against this the adoption of cost-effective Economic backdrop” – Ben Pring (VP, Gartner Research) Cloud service models Downturn B Technology “Server technology is in the middle of a renaissance where it is driving Cloud advancements and Cloud is, in turn, changing servers. Cloud-based ‘scale issues’ will continue to change how servers and software for them are built for years to come” – Steve Ballmer (CEO, Microsoft) The success of virtualization and Internet bandwidth availability has positioned Cloud services as a potential market opportunity Advancements “In technical terms, cloud computing offers elasticity, pay-as-you-go rather than Cloud’s on-demand model allows capital-intensive investment, and no long-term resource commitments. In business C terms, cloud computing means low cost of opportunity experimentation, high “ agility to respond to changing business conditions, and the ability to direct capital investment toward core business activities"– Bernard Golden (CEO, HyperStratus) companies to scale up (or down) as they rapidly restructure to meet market requirements, with a pay-as-you-go model instead of taking on the capital expenses of Demand traditional IT infrastructure Expectation Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; CloudNod WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 13
  14. 14. Foundations Obstacles and of Cloud Future of Cloud Considerations Barriers to Major Adoption Computing Industry experts believe that there is apprehension among potential Cloud customers about security and data privacy. Insights Other major concerns include complexity in the integration of cloud-based systems and adherence to regulatory/compliance frameworks Integration with Regulatory and 1 Security and Data Privacy 2 Cloud-Based Systems 3 Compliance Issues Expert Views“ "Security has been identified as the most significant issue associated with cloud computing adoption" – Melvin Greer (Chief Strategist, Cloud Computing for Lockheed Martin) "I am 100 percent responsible and accountable for all technology and every shred of data that moves in and out of my company, and dont want IT to be seen as "the say-no people”, but end users may not foresee the difficulties of “In certain cases, compliance will be impossible, It is difficult to take full responsibility for who can access data, who sees it and how it is stored, since the premise of the Cloud is that customers dont necessarily need to know or care where their data meshing new products with existing technology. is” – Jim Haskin (SVP, Websense inc) “At this initial stage, the applications and On-premise, we have technology standards. "There is an issue thats looming that hasnt really data being processed in clouds are Nothing like that exists in the cloud. If business been discussed or addressed yet. That is the role of predominantly non-sensitive, and the users adopt these things, we CIOs are governance for companies that are consuming the Cloud services offer minimal or only challenged in IT to figure out how to integrate services versus the role of governance for generally available security. The cloud [them] with the rest of our world" – Don Goin companies that are providing the services. On offerings themselves are proprietary (CIO, Santander Consumer) some level, companies are going to be both computing islands, with few standards consumers and providers of cloud services” – Joe and only limited possibilities for interoperability” – RSA (Security Division of EMC), White paper1 McKendrick (Independent Analyst and ZDNet Blogger) “ Note: 1The Role of Security in Trustworthy Cloud Computing; Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; ComputerWorld WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 14
  15. 15. Foundations Obstacles and of Cloud Future of Cloud Considerations Addressing Security Concerns Computing Insights IT managers don’t believe that current cloud computing solutions are at par with on-premise infrastructure solutions. To address this concern, service providers need to offer: Information Authentication Data Independent Infrastructure Data Security Properly identify and Location Audits Access Reliability Secure sensitive or authenticate users Identify the exact Conduct Limit access to Prevent data loss confidential before granting physical location of independent physical and maintain information access to services information assets compliance checks infrastructure where integrity on services provided applications are deployed Customer Apprehensions and Expert Views Key Takeaways“ “Having core components, such as storage, compute, security, and so on, outsourced to other cloud providers could mean that your data and application processing exists across many different physical providers, and the risk of outages, compliance issues, and data leaks increases dramatically” – David Linthicum (CTO, Bick Group) There is lack of visibility on legal and compliance standards, and potential customers have limited clarity on where and how the data is stored, and who can access the data (2010 Survey on participants in DEF CON) “….belief from the hackers, that cloud vendors are not doing enough to address the security issues of their services; hackers have identified vulnerabilities in current cloud technology” – Barmak Meftah (Chief Product Officer, Fortify Hackers and security experts believe that Software) Cloud vendors are not doing enough to “When vulnerabilities are detected they can be managed more rapidly and uniformly. Cloud address identified vulnerabilities security is able to respond to attacks more rapidly by reducing the time it takes to install patches on thousands of individual desktops or hundreds of uniquely configured on-premise servers” – Mike Bradshaw (Director, Google Federal, Google Inc.) Though vendors/service providers create a “Attempts to infiltrate or disrupt online service offerings grow more sophisticated as more “ buzz around their services, they may not be able to match their claims as infiltration commerce and business occurs in this venue” – John Howie (Senior Director, Microsoft) techniques outpace readiness of Cloud technologies Note: Comment and Views include key snippets Source: Ponemon Institute Report; CSA (Cloud Security Alliance); Fortify Software Website; SysCon Website; CIO WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 15
  16. 16. ‘Clobbering the Cloud’ Foundations Obstacles and of Cloud Future of Cloud Considerations Computing Hackers Issue Manifesto of Mayhem Insights Security analysts and hackers have demonstrated major loopholes in Cloud offerings 1Amazon Mobile Me Hackers showed EC2’s Hackers demonstrated how they Hackers arrived at a point where vulnerability by carrying out three were able to circumvent controls to they could read Steve Wozniak’s separate attacks: access restricted resources on the mail and even embed JavaScript  Starting numerous machines platform, which for continued access to his account  Stealing computing supports custom source code and services (if they were a bit time/bandwidth of other users upload and execution more malicious)  Stealing paid-for 2AMI’s Loophole: Ways to bypass the Loophole: Weak password reset Loophole: Resource theft in the controls on free accounts from feature and XSS vulnerability in the Cloud sharing environment — a in addition to exploiting application significant concern a bug in the CAPTCHA script “Its possible to stitch together the “We showed attacks against the “By piecing together publicly Amazon EC2 platform that do not free resources to produce a available information, we can target specific weaknesses in useable computing platform that generate a profile that is sufficiently technologies; rather the processes can take advantage of the complete for a password reset, by which complex actions took expanded resources without which points to flaws within the place were abused to our benefit” incurring cost to the attacker…” reset process” – SensePost – SensePost – SensePost “ “ With the exploitation of Google BlogSpot and Mobile Me, we are again seeing two common spamming practices converge – CAPTCHA breaking techniques and exploitation of free hosted services – Mark Sunner (Chief Security Analyst, MessgeLabs) Note: 1Amazon Machine Instances Source: SensePost Website; Black Hat 2009 - Clobbering the Cloud; Grail Research AnalysisDecember 2010 | Copyright © 2010 Grail Research, LLC 16
  17. 17. Foundations Obstacles and of Cloud Future of Cloud Considerations Recent Threats Validate Security Concerns Computing “ “ The security of these Cloud-based infrastructure services is like Windows in 1999. It’s being widely used and nothing tremendously bad has happened yet. But it’s just in early stages of getting exposed to the Internet, and you know bad things are coming – John Pescatore (VP, Gartner Fellow) Jan 2010: A hacker uses the Google Street View data to stalk victims. The attacker is able to track his victim in few seconds without even using IP address information "The interesting bit is Im not piggybacking off of the browsers geo-location feature. I simply re-implemented the feature as a server-side tool. This way if I can obtain the users routers MAC address in any way, regardless of browser, nationality, or age, I can typically determine their location and show up at their place with pizza and beer later that night“ – Samy Kamkar (Co-Founder, Fonality Inc.) Dec 2009: Zeus botnet was spotted on Amazon’s Elastic Computing Cloud (EC2) Cloud computing network. It was running an unauthorized command and control center:  Zeus botnet enables hackers to steal login credentials, account numbers, and credit card information through the creation of fake HTML forms on banking login pages  More than USD100 MM was lost in bank fraud due to Zeus botnet attacks in 2009  The hacker may have stolen the password from the desktop of a user "I think its more a target of opportunity than a target of choice” – Don DeBolt (Director, Threat Research, HCL technologies) July 2009: Twitter corporate and employee information was infiltrated at the top levels of the organization, including the CEO Evan Williams’ personal email. The individual behind the attacks accessed nearly 310 documents containing confidential information belonging to Twitter. The hacker sent documentation to Tech Crunch, the elite media organization that covers tech trends, to prove the attack "Its a message I wanted to get out to Internet users, to show them that no system is invulnerable” – Francois Cousteix (Hacker Croll, in his interview with French media on hacking the Twitter account) Source: CIO Website; Snipe Website; Sean-Barton Website; Dark Reading, Computer World blog; TechCrunchDecember 2010 | Copyright © 2010 Grail Research, LLC 17
  18. 18. Pros and Cons to Cloud Adoption Foundations Obstacles and of Cloud Future of Cloud Considerations Computing by Company Size SMB Large Enterprises Expert Views PROS  Innovation flexibility at low operating expense and no capital  Allows large enterprises to focus on core business activities instead “ “Companies such as AllenPort and ARC offer SMEs good software at affordable prices with the flexibility to adjust usage on an as-needed basis. The service model meets the financial expenditure of IT infrastructure needs of SMEs while protecting them from the risks of non- genuine software” – Charl Everton (Anti-Piracy Manager,  On-demand scalability to  Lower cost of power, space, and Microsoft SA) synchronize with market dynamics data center maintenance by taking non-critical services out of data They (Mid-sized companies) face rapidly changing markets and  Ability to access information need to avoid being locked into a capital investment or any centers regardless of location particular mode of operations. The call option that cloud  Risk of hardware and software computing represents — the ability to change in the future obsolescence transferred to Cloud without a penalty — is critical to a midsized company trying to service provider succeed in a world of giant competitors and disruptive change” – Bernard Golden (CEO, HyperStratus) CONS "I would argue, however, that if you have existing IT  Security, privacy, and compliance  Complex integration of legacy investment, or you have requirements that push beyond the concerns systems with Cloud systems an limits of todays cloud computing technology or business  Network latency hinders obstacle; needs can be greater models, you should consider not choosing at all” – James application performance than current Cloud capabilities Urquhart (Blog Network Author, CNET)  Increase in security threats due to “What holds back large companies is, in a sense, their success  Cost of hardware rapidly adoption of Public Cloud with the previous generation of computing. Because they could decreasing — can be a future  Legal compliance and regulatory invest in the old model, theyve now got an installed base of concern issues if operations in multiple hardware and a large, top-notch technical staff on hand. countries  Highly skilled IT staff and sunk Theres pressure on these businesses to justify the sunk cost of their hardware infrastructure, so they tend to more toward a “ investments in existing hardware vision of private cloud computing” – Bernard Golden (CEO, infrastructure may also act as a HyperStratus) deterrent to move to Cloud Note: Comment and Views include key snippets Source: Sysomos Software Tool; CIO Website; SysCon Website; Ulitzer Website; ReadWriteWeb Website; PCWorld Website; MyBroadband WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 18
  19. 19. Foundations Obstacles and of Cloud Future of Cloud Considerations Economic Model and Hidden Cost Computing Cloud has been positioned as an alternative to on-premise infrastructure; however, experts believe that it is not always Insights the most appropriate IT solution. Other factors that should be considered include cost of Internet bandwidth, third-party support, and barriers to switching Cloud service providers or changing back to a on-premise infrastructure Expert Views Key Takeaways Economic Model “Risks, such as, hardware and software technological obsolescence, are  Economic evaluation of Cloud adoption vs. on-premise infrastructure setup transferred; although many considerations, including security, interoperability, varies under different business scenarios. There should be a thorough lock-in, business process governance, and management remain, and need to internal due diligence on business requirements be properly evaluated” – Ray DePana (Industry Consultant, NSF1)  There is no widely accepted framework to assess the value proposition of various Cloud services vs. on-premise infrastructure setup "I believe that the future of data centers is in the cloud because companies will be drawn toward paying $10 per month on hosted Exchange services instead  The IT community is divided — whether Cloud services are a business of spending $10,000 on an in-house implementation of Exchange Server” – decision or a technology decision Tim Crawford (CIO, All Covered) Hidden Cost “…our analysis indicates that once you’re sending over 50 gigabytes of data  Bandwidth Cost: Cloud services are delivered over the Internet; Internet daily (or a terabyte a month costing you $150 on Azure, for example), it may bandwidth usage and charges increase as resource utilization rises make sense to leave the cloud and buy your own bandwidth to the Internet –-  Third Party Support: Regulatory and compliance guidelines may require a you’ll probably save 50 percent of your monthly bandwidth charges” – Allan third-party auditor or application, which will lead to additional cost and Leinwand (CTO-Infrastructure Engineering, Zynga) complexity  Cloud Switch: Cloud computing service providers, eager to capture the market, use proprietary mechanisms to deploy applications and store data. This can lock the customer to a provider or increase complexity/cost when switching providers/infrastructures Note: 1National Science Foundation Initiative on Computational Thinking; Comment and Views include key snippets Source: CIO Website; SysCon Website; GigaOM Website; CloudEco Blog; Linkedin; “Do Clouds Compute? A Framework for Estimating the Value of Cloud Computing” by Markus Klems, Jens Nimis and Stefan Tai; SmartDataCollective WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 19
  20. 20. Foundations Obstacles and of Cloud Future of Cloud Considerations How Green is Cloud? Computing Experts see the potential of cloud computing for “Green IT” through efficient power consumption; however, skeptics Insights claim that there is no comprehensive framework to assess the value proposition of “Green Cloud” Green Lining to Cloud Skepticism and Uncertainty  Cloud computing providers strive to maximize the performance of  According to a survey by Rackspace Hosting1, only 20% believe that their operations and can achieve higher utilization rates than in-house hosted solutions play a role in making their firm greener. An data centers additional 34% of those customers are currently trying to evaluate the efficiencies and ‘greenness’ of Cloud.  Cloud data centers can be developed at strategic locations, or integrated with renewable sources of energy  As more and more enterprises opt for Cloud, data centers end up • Hewlett-Packard developed a wind-cooled data center in England using more electricity to run computers, as well as meet back-up and cooling demands. Experts believe that Cloud companies may choose • Google’s data center in Saint-Ghislain, Belgium, functions without output over environmental considerations in the future chillers Expert Views Key Takeaways“ “In theory, a shared resource like Amazon or Googles public clouds can have higher utilization and thus greater power efficiency. Locate your cloud data center close to a green power source, like a hydro plant, and you can minimize transmission line power losses and be even greener”– Marc Hamilton (VP of Cloud Computing Sales, Sun) “I’m sure that if you were to compare a traditional data center deployment to a near exact Experts maintain that Cloud is greener than individual data centers, however, there is a long road ahead in substantiating replication in the Cloud youd find the Cloud to be more efficient, but the problem is there currently is no way to justify this statement without some kind of data to support it” – Reuven Cohen (CTO, Cloud allows companies to scale down IT Enomaly Inc.) resources when demand is low, reducing their “So, in a sense, the "greenness" of Cloud computing is a kind of Schroedingers box problem today, carbon footprint significantly in which we wont know the actual savings to the environment until someone actually observes--or measures--it” – James Urquhart (Product Marketing Manager of Cloud Computing, Cisco Systems) “ Green cloud as a concept depends on the "Cloud doesnt save power but displaces it. Ultimately, roughly the same power is drawn from the ability of Cloud providers to meet their grid, just by different companies. So its no greener. Cloud is more about dealing with company- increasing demands through renewable sources specific issues than planetary ones” – Andy Lawrence (Research Director, 451 Group) of energy Note: 1 Based on 167 customer responses from email Survey conducted by Rackspace Hosting globally in 2009; Comment and Views include key snippets Source: SysCon Website; ComputerWeekly Website; GreenBiz Website; Rackspace Hosting Survey Report; Greenpeace Report; CIO WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 20
  21. 21. Foundations Obstacles and of Cloud Future of Cloud Considerations Future of Cloud Computing Foundations of Obstacles and Cloud Computing Considerations Future of Cloud Over the last few years, start-ups and small businesses have proposed innovative solutions to mitigate the risks associated with cloud computing, and are competing with leading players in the Cloud space “ “I believe that Cloud computing is a powerful trend – the next platform shift in computing. It will profoundly change the way organizations do their computing. Proof is in the fact that major vendors like IBM, Google, and Microsoft are investing tens of billions of dollars in building out their Cloud infrastructures. Those who characterize Cloud computing as mostly hype have short memories. It was barely a decade ago that many people characterized the Internet as mostly hype” – Bernard Golden (CEO, HyperStratus) “So, in terms of the first movers and the environment now, it’s going to look very different. Anybody who carved out some space right now and some lead in the market in Cloud shouldn’t feel too comfortable about their position, because there are companies we don’t even know about at this point, that are going to be fairly pervasive and have a lot to say about IT five years from now” – Jim Reavis (Executive Director of Cloud Security Alliance (CSA), and President, Reavis Consulting Group) “Password resetting and other security mechanisms in the Cloud are always going to be a weak link, as long as user- friendliness comes ahead of security in Cloud computing beauty stakes. Expecting regular joes to whip out a two- factor authentication device for use with a Cloud-driven service just isn’t realistic. It’s not going to happen” – Andy “ Cordial (MD, Origin Storage) Source: CIO Website; NetworkWorld Website; ReadWriteWeb WebsiteDecember 2010 | Copyright © 2010 Grail Research, LLC 21
  22. 22. Consolidation in the Ecosystem Foundations Obstacles and of Cloud Future of Cloud Considerations Computing Increasing Cloud Focus Established Cloud service providers have switched gears towards consolidating their present offerings due to increasing Insights focus on Cloud in the market place “Customers are increasingly looking for ways to take advantage of the flexibility and new services in the public cloud and want to extend the security and control of their private clouds to this new environment…TriCipher brings to VMware important authentication and identity technologies that will accelerate our delivery of new solutions for hybrid cloud integration and end user “VMware delivers “TriCipher offers secure computing” – Brian Byun (VP & GM of Cloud Services and Applications, virtualization and cloud cloud access VMware) infrastructure solutions management with easy- that enable IT organizations to energize + to-deploy, powerful identity solutions that “TriCipher has been a pioneer in the field of identity and access management as a service, providing secure authentication and seamless single sign on businesses of all sizes” – address todays pressing access to over 3,000 public and private Web and SaaS applications…We are VMware Website business problems” – excited to join the VMware family and further build on our foundational TriCipher Website technology to fulfill VMware’s cloud and end user computing vision” – John De Santis (Chairman & CEO, TriCipher) "Controlling identities and their access to information is a critical area of security. The combination of Arcots software-only approach to advanced authentication and fraud prevention and our CA SiteMinder portfolio gives our customers robust and flexible options for reducing risk, supporting regulatory compliance and confidently securing business transactions” “CA Technologies is an IT “Arcot is the Cloud – Dave Hansen (GM, Management Products and Solutions and Security, CA management software authentication leader. Its Technologies) fraud prevention, strong and solutions company with expertise across all IT environments—from + authentication and e- Document security “Identity is a critical area for security whether you’re talking about in-house or the cloud, and with 120 million identities verified by our solutions today, we mainframe and physical solutions are easily bring a strong, solid recurring revenue base as well as sources of new growth to virtual and cloud” – CA deployed, low-cost, and opportunities for CA Technologies”– Ram Varadarajan (President & CEO, Website extremely scalable” – Arcot Systems) Arcot Website Note: Comment and Views include key snippets Source: Company WebsitesDecember 2010 | Copyright © 2010 Grail Research, LLC 22