Hidden costs that enterprises may fail to anticipate when moving quickly to cloud-based services include the cost of bringing services back in-house due to regulatory change; unexpected expenses involved in the initial migration of systems; and lock-in with a specific provider or proprietary service model, according to ISACA.
To calculate investments needed to move a service back in-house -- if new regulations or economic problems render the cloud impractical -- enterprises have to take several factors into account. They include paying for extracting and validating data and the cost for recruiting IT resources needed to do the job.
Migrating to cloud-based applications and services also includes a number of different costs that need to be taken into consideration. Enterprises have to rewrite applications to operate in a virtualized environment and reformat data to suit software-as-a-service (SaaS) provider formats.
Chris: Is Cloud Foundry on its way to become the de facto PaaS standard of the Industry?
Between 2008 and 2012, PaaS was associated with Google (App Engine), Microsoft (Windows Azure), Salesfore.com (Force.com / Heroku) and Engine Yard. But in the last one year, there are half-a-dozen new players that entered the niche PaaS market. And, one thing that is common among these new entrants is that all of them are powered by Cloud Foundry. Whether it is ActiveState, AppFog, Tier 3, Uhuru Software, PaaS.io or VMware’s own CloudFoundry.com, all of them use the same set of APIs and tools based on Cloud Foundry.
An average hoster or even a mature Cloud service provider cannot match the reliable PaaS architecture that Windows Azure or App Engine offer. But by adopting Cloud Foundry, any hoster can claim to be a PaaS player. They can offer popular languages, runtimes, frameworks and services without reengineering the complex packaging for the Cloud. This commoditizes PaaS by empowering many service providers to turn into a PaaS provider overnight.
I was on the phone with Dan Costello just a few days ago, who is the Director of Operations for Google’s Compute Engine. Google Compute handles the Virtual Infrastructure Management and some of the Cloud Management Platform for network, compute, and storage that Google’s App Engine can now run on top of. Dan is one of the few people in the world who truly understands the most efficient way to move your business toward an agile infrastructure, it doesn’t start with building a beautiful infrastructure - it starts with understanding your business applications and getting away from the traditional stovepipe vendors. To really be able to provision business capability on demand you need to fully understand the roles, processes, applications, and underlying systems from a recipe-and-ingredient perspective.
The difficulty rises in being able to support the mid-game, this is where Google, and Microsoft, and everyone including Cloud Foundry come in short. If you have an existing infrastructure, and most everyone does, and you can’t afford to greenfield your application layer (few can) then you need to support some legacy apps while you’re factoring your legacy applications away. This means having to support Vblock or Flexpod or PureSystem or CloudSystem Matrix - these are all really powerful configurations from some of the best vendors in the industry. Problem is, they are also extremely expensive and will reduce your ability to bend the cost curve, if cost matters, by a factor of 3 or so. So who do you go to to do that? I have a list on Pinterest, so I’ll save time on the podcast and just say go check it out: http://ow.ly/cJYuM
Final thought: Supporting private PaaS to cloud-enable your business use cases and rationalize your applications, and providing public PaaS to cloud-enable your public-facing applications, shoiuld be harmonized if possible as well or you end up with an unsustainable cloud. More PaaS for you to consider: Cumulogic, Jelastic, and Parse (mobile focus).
JP: <No story, right?>
Jeff: Does NoSQL Equal No Security?
Big data and the tools to manage it have become an almost constant topic of discussion, and NoSQL, a general category of non-relational data storage tools designed to store large volumes of loosely structured data, is frequently at the center of these conversations. However, not everyone is enamored with NoSQL. A recent report by Information Week, “Why NoSQL Equals No Security,” suggests that security is barely an afterthought in NoSQL repositories.
While the report concedes that many big data and NoSQL technologies support some form of authentication, it continues with its condemnation of state of security in the market.
The big data show is being run by developers, not architects or even system administrators. These developers clearly don’t realize that 14% of all 2011 breaches were caused by compromised database servers.”
Omer Trajman, Vice President Technology Solutions, Cloudera, evaluated the report, saying,
It [the report] was very convoluted. It treated NoSql and big data processing tools like Hadoop as the same thing. Both are new ways to manage data, but they are at different stages in security requirements and maturity. Hadoop is much further along than portrayed.”
Eric Baldeschwieler, CTO, Hortonworks, told us that big data infrastructure is not inherently insecure. Baldeschwieler went on to say, With care and use of best practices, Apache Hadoop can be used securely. Hadoop can be deployed using Kerberos for user and service authentication and it has a posix-like user & group authorization model for HDFS. Combined with access logging and other features, this has allowed Hadoop HDFS deployments to pass SOX compliance data audits. As the Big Data ecosystem matures I expect to see more complete security features added to all of the major big data storage players."
David Gorbet, Vice President Product Strategy, MarkLogic, had a similar view. Gorbet explained,
It’s an overgeneralization to say that NoSQL Databases are inherently insecure. MarkLogic, for example, is a non-relational database that meets the highest grade of government security standards and is used in mission-critical Big Data Applications across the commercial and public sectors. The best advice we can give is for organizations to do their due diligence when looking at security and NoSQL solutions. Organizations should map out specific questions regarding security, high-availability, performance, and transactional guarantees to make sure the potential solution is a good fit.”
