Bio not provided
post Daniel. I continue my mission to tell ITO's, CIO's, MSP's the need of the
role orchestrator. You need the glue between tech and biz, someone (1 or a
team, depending on the size) who knows the cloud market, who collects
customer/biz need and translate it into biz solutions (not tech solutions, there's
a lot of people doing that), someone who supports sales, CIO, channel dept, end
user/customers etc, who knows the market and demands change in the org, most
probably working close to the C-level. You might call her/him/them the glue,
biz enabler or what ever. The role should be to orchestrate the offer to
maximize customer experience/effect. Result should be to naturalize shadow IT
to minimize the effect of rogue clouds/services. As you say it’s more or less
impossible to compete with large market budgets and I agree that the one who
talks and collaborates with the customer will be rewarded. I also think that
the one who’s able to collaborate with VAR’s, CSP’s and being pride of it,
(being a multi-vendor in a multi-clouded hybrid market) will have the best
offer and portfolio (and this def include service, governance and customer management) to
win and keep the customer.
3 months, 3 weeks ago on MSP vs Traditional IT Channel – who will win?
...and please excuse my grammar and sentence structure. "to be compliant w market needs" should have been "...a great guidance to be compliant..." I blame your lattes @neilcattermull
4 months, 1 week ago on Compliance: Data Storage in a Regulated World
@marketing2 Sorry for
my very very late reply. My intention was to agree to Neil and your opinion;
that security and compliance should be separated. But they are very close
related to each other. To comply with rules and laws you need a certain amount
of security. To set up an amount of security rules and laws are a great
guidance. Sec and Comp is not the same but it’s difficult to discuss one of
them without mention the other one to be compliant with market needs. I don’t know about rwhosting but I don’t see
the problem you mention. They can tell if they comply with different types of
standards, rules and laws but in the end it’s you who owns the responsibility
to be compliant. My point was that rwhosting, or any other SP, normally/most
probably are great to provide security but often don’t have capability
(knowledge, room and money to host the role, trustworthiness (?)) to truly
advice how you becomes compliant. Instead you have to consult a compliance experts,
like IT lawyers. To finally tell if you are and rwhosting makes you compliant
you have the audit. That part shouldn’t be handled by rwhosting even if they
were allowed to do it, they would most probably be considered as biased.
mentioned, I don’t know anything about rwhosting (maybe I should?!), they only
became an example since you brought them up. :)
@comparethecloud "if your computing is connected to the Internet, then your data is at risk, no matter where it is." Exactly! And I mean the data is at greater risk if it's on prem operated by "your self". Core business for CSP's is to deliver available and secure services. Most on prem have another core.
4 months, 2 weeks ago on Is NSA killing cloud?
@comparethecloud Good point.
4 months, 3 weeks ago on Virtualization versus Cloud – and when to use them
Should we distinguish/discuss them as "two different types of IT" from where you have to choose one or the other, or mix together as hybrids? It's important to separate them; cloud isn't equal to virtualization and vice versa, but; virtualization is fundamental in cloud computing. Virtualization is an operation technique and technique and cloud is a service delivery model/technique?!
this is a great post and subject, something most people don't like to deal
with, it's like explaining a virtual server to my mum: it's a computer (hard enough to explain) but you
can't touch it. I definitely think there's a room for the role at larger vendors
but smaller most probably can't afford to have the dedicated role. The
business most probably isn't big enough. You might be multi-talented and have
other responsibilities but you really have to know what you're talking about
when it comes to laws and regulations. "I think" isn't good
enough. Excellent choice would be to use consultancies niched on quality,
security and compliance. Probably they offer branch specific services too
(care, bank, general privacy etc). Quiet often I see open quality and
compliance positions so the market for these competencies/services seems
to increase fast.
also think we need to divide security and compliance in to two different areas but still
closely related to each other.
7 months ago on Compliance: Data Storage in a Regulated World
Paul. A lot of companies struggle to find its core, or they know their core but
they keep on delivering non-core. Result: both core and non-core becomes
neglected. You have to know your core, do it excellent, know your customer and
bring value...and you really have to know what's valuable for them. Source:
Customer partnership and collaboration. But; even if there's no one size fits
all everyone can't use bespoke services. Ask people around how many bespoke
suits they have in their wardrobe… SaaS and VAR's need to provide customizable
"boxed" services easy to integrate. Large scale, as said, need to
really know its market, competitors, channel etc.
7 months ago on Customer Intimacy or Platform Efficiency: Which way will you look in 2014?
Esther and I do think Enterprise App Stores are vital for a successful BYOD
program, even if my POV of BYOD true ROI is quite vague. 25 percent might be too
low as you say since this most truly will thee way apps will be provided to
mobile devices AND PC’s (probably quite a bunch left of them in 2017). This will
also push traditional SW vendors to go the SaaS way and saddle roles like
brokers and aggregators which we can see some vendors and distributors already
are doing/trying to do. One great thing is that SMB’s probably don’t have to
set up MDM systems themselves, they will be able to use customizable app stores
from brokers/aggregators and ITO’s as a service.
thing is to keep a great, user-friendly and attractive store up to date so
users do use it. All too often internal stores and IT are or soon becomes
neglected even if the intention was else, business comes first… It’s a mind-set
companies have to change to become more efficient and productive. Like @DanielSteeves says I think it’s clever to start
with a basic functional “approved” store.
question, when we talk about not approved: do we talk about not allowed or just
not approved like supported? This triggers the privacy question about employer management
software/apps on the personal device.
7 months, 1 week ago on Are Enterprise App Stores a vital ingredient for any successful BYOD strategy?
@SinghBasant Thank you Basant. Great info.
11 months ago on Is Your SaaS Multi-tenant?
post Basant and I agree with the benefits you get from a multi-tenant SaaS,
both as the provider and the customer. It's a Nirvana for tenant or non-cloud SaaS
and Application developers/providers (ISV’s) to reach out with the next version
of their solutions and apps. And we need to support them in this: platforms,
channel etc. Though; my POV is that a SaaS doesn't have to be multi-tenant to
be allowed to be defined as SaaS. SaaS is "bigger" than cloud. It's
when you say you use cloud as a delivery model it should be multi-tenant.
Agree? And it's when you misuse the cloud definition to non-multi-tenant xaaS
customers will be misled - cloud washing... But, if we stick to the Cloud
SaaS and a question (not a POV ;)): is your opinion the DB needs to be
Good points. Outages is part of the game and they will exist, regardless if on-prem, priv or public cloud. It's how you handle them that matters. Yes, it is about marketing and risks and sometimes penalties (money and/or market reputation). No one should promise AND expect 100% if ANY part in the service or product can fail. And if you're still cocky enough to promise or calculate (expect) 100% the harder you fall.
1 year, 3 months ago on Mimecast Email Servers Go Down – 100% Uptime SLA?
@comparethecloud To not change focus from Richard's great post and important subject; would it be a good idea if I post my (a bit long) reply as a separate post?
1 year, 6 months ago on What makes a quality Cloud hosting provider? Part 1
@Andrew Cuthbertson I will reply to this one during the day and try to keep it short. :) It's possible we're discussing different clouds and the complexity and scope of the service.
@comparethecloud Thank you! Sorry, flu one week and now selling the house... Soon be back on track.
Richard, great post and I look forward to the next part. My comment: I agree you should check up on your CSP or reseller but I do think we have a problem if we have to check up on what hardware the service is running on. Of course it depends on what service you adopt and data you put in the service (= how business critical) but don't you think we need to put in more trust on the CSP? We should never be careless, we need to read the T&C (or says on the tin ;)), do the compliance, lock-in, security, compatibility, SLA etc check's, but if checking to deep nitty gritty it will take too much time etc. A reference is good but shouldn't be trusted as fact, though rumor might give you a hint. Couldn't that be somewhere enough? According to me; one part of what you need to let go when adopting cloud services is the detailed control of everything and put trust in you CSP and put more effort on information management. Sometimes you get what you pay for but I really do think that if you adopted a service produced in the bed room or in the cellar you haven't done your basic homework well enough.
Great post Robert!
1 year, 7 months ago on A Quick Guide For Cloud Companies That Don’t Understand Marketing
I realized my comment could be read a bit snooty. I apologize in beforehand; my intention was to salute Abduls post and to add “verified” pros, not to brag. Truly sorry.
1 year, 8 months ago on Is Desktop Virtualization The Way To Go?
Great post Abdul. I end up with a short bio to “verify” my comment, so it’s not a commercial. ;)
In general I agree to your post but I want to add some points/pros.
- Cost approx. the same as a mid-range computer. But there’s definitely some pro’s like ROI; less power consumption, fewer parts can be broken, longer life cycle
- Minimize theft of the physical device itself
- Low > no noise
- Even if longer life cycles it’s not true they can live forever. It’s a myth that needs to be ripped apart. Multimedia etc demands more power and better techniques = new TC’s
- A perfect start in a BYO-program
- More or less device independent
- As you say you can quickly roll-out upgrades, new apps etc. But you’re also able to easily roll-back if something goes wrong.
- Possibility to provide different OS and app versions to different users
- Possibility to provide two or more apps to a user, apps that normally aren’t compatible with each other.
- DaaS for MSP’s and CSP’s.
- Bandwidth might be a problem if you allow aero UI, audio and video. Today it’s very difficult to tell bandwidth per session. You should restrict this if needed with policies, both written- (staff handbook) and group policies.
- In most of the European countries there’s really not a bandwidth problem anymore.
Short bio: I’ve been working 15 years at a leading Nordic SP of ITaaS and ITO based on a multi-tenant VD platform. In March last year I wrote a post named ‘”Citrix? Whew!” Or?’(http://inmaxmind.blogspot.se/2012/03/citrix-whew-or.html) to “re-release” faith in Citrix and primarily XenApp which the multi-tenant VD platform was based upon. I ended my employment at the SP in September and now more run my own consulting business focusing on advisory in Cloud, ITO and ITaaS.
@RazorthornChloe Certainly agree. Business is not Jeopardy!
1 year, 8 months ago on Interview with James Rees of Razor Thorn Security
@comparethecloud I think my comment to @RazorthornChloe explains a bit what I think. Some adoption, especially public cloud services, won't be practical (or even possible) to DD too much where Next > Next > Next > T&C > Accept is the process. This is why the roles of Trusted Advisors, Brokers and Experts will be very important. They should be able to analyze, advice and support.
@RazorthornChloe Great advices. Of course facts are important, the combination of facts AND reputation. (It is references you shouldn't "trust".) Trusted independent reviews and advices are important in cloud adoption and future IT and I predict it will become even more important the coming years.
James, to explain my question a quote: "The one thing I can see right now with 100% clarity is that at some point in the next year or so one of the larger cloud vendors will have a catastrophic security event that will destroy their brand and reputation. It will be a wakeup call for the survivors..." I often tell customers and the market you have to trust CSP's in security, continuity etc and let go of detailed control. They should focus on compliance, T&C, lock in etc and choose on reputation (not references), value etc. You buy top security etc when you adopt a cloud service is my saying. You shouldn't have to verify and control as you have to with your own on-prem (let go of detailed control). This one of the advantages of cloud computing - to focus on value to your business. I'm also saying you should think and plan well before you act. I know the effect will be devastating (for the CSP and all its customers) if a larger CSP is affected by a larger incident related to security or outages. My Q: Should organizations be afraid of adopting cloud services, even from well-known CSP’s with good reputation? And should organizations NOT let go of detailed control?
A comment from the non-techy guy. Orchestration solutions are really needed. At the same time it's also about orchestrating your customer. As an IT department, ITO, appl operator etc you have to start think as an orchestrator, it's not only about technique, in: service management, governance, partnership etc. Take the possibility to be the trusted advisor and orchestrator to your customer, someone has to and someone will. My old post the Orchestrator from September last year more in detail explain the way I reason. http://inmaxmind.blogspot.com/2011/09/orchestrator.html
1 year, 8 months ago on You Need Cloud Orchestration
Sorry about the formatting....
2 years, 1 month ago on What is Information Security Really?
A lot of really great comments and traffic to a great post in an important matter. First and this is important; I’m not an InfoSec expert, at the most I would call me novice. So my points are in humble respect to all InfoSec experts. And I apologize if I’ve missed comments similar to mine in the thread. But, I will give you my opinion from “my mind of view”. I make it a long one…
Normally I use to say: Don’t worry about security in the cloud. It’s probably better than the one you have today in and around your on-prem solution. And if it’s better “at home” you either:
- Have a specific business that needs to be top secure. Most probably you shouldn’t put this type of service into a public cloud. Maybe a private one.
- A specific CSP have a lousy security solution – a minimum solution!
- You have probably built a better solution than needed + your owner or the management isn’t informed or don’t understand the actual cost.
CSP’s core business is to deliver services. If a CSP fail in security it’s a bad mistake and the CSP should, in my opinion, ask themselves why they are in the business at all; in the business to make easy money or truly deliver a good service to customers? The business is self-sanitizing but it’s bad for cloud business in general if credulous customers learn the hard way. By saying credulous I don’t mean sloppy. You should read T&C and benchmark but you should be able to trust the facts and results.
On the other hand;
CSP’s struggles with costs since customers demand more than they are willing to pay for (read my post about that customization isn’t the future on outsourcemagazine.co.uk). It might also be a problem when a customer asks for i.e. a SaaS where InfoSec isn’t a selection criterion and several CSP’s compete about the contract; why should the customer choose a more expensive service even if it’s better?! To me this is the biggest problem: Customers choosing the cheapest alternative even if they (know?) needed a better solution - the unaware CFO and CEO putting their businesses at risk because they didn’t understand, nor aren’t aware enough, just thinking about money in short term. To quote a colleague of mine: “When buying quality you only cry once.”
For sure, as in all situations; attacks will happen where it hurts the most. So CSP’s will be more attacked and vulnerable than single on-prem solutions. Therefore, I still say; Security is probably better in the cloud than with a business functional on-prem solution – because the CSP will be “erased” from the market if it fails.
Security shouldn’t be a defense wall only. The only way build “Fort Knox”-security is to use tons of money. Or you can erase all threats by dropping the Internet-connection, use rigorous controls when hiring and when the employees comes to work. But business is about taking risks, not stupid ones but some. You can’t afford “Fort Knox”, you can’t “afford” dropping Internet or setting up rigorous controls and you can’t afford incidents. You have to know threats and what risks you’re taking and try to minimize them, but most important; you have to know what to do if something fails or someone hurts your business. If you put the least acceptable level of effort (=minimum) to fulfill a certification, standard etc you as a customer jeopardize your business or as a CSP jeopardizing both your own and your customer’s business. If you know you’re doing minimum…reconsider if you should be in business at all.
Unfortunately the customers are driving the “minimum”. Let’s hope maximized security bangs aren’t the way to wake customers up from security minimalistic dreams.
Minimum is not ok – for me, you, he, she & it/IT, and none of us can afford a serious incident. Good q's are: What is maximum and what's "enough"?
@sarojkar Yes, I certainly agree. There should be no such thing where CSP’s can get away blaming service outage because of the underlying functions/infrastructure (including bugs – choose another part from another vendor if buggy). It’s the CSP who choose which part’s building their service. If the CSP doesn’t choose great and reliable parts the customer shouldn’t suffer because of bad choices. Unfortunately these might be risks the CSP calculate, where the SLA and penalty becomes just some numbers. Hopefully not but it might be a risk for the customer. Since it’s more accepting T&C’s than negotiating contracts when it comes to cloud. Therefore, as you said earlier; compare/benchmark, check for references and read T&C’s carefully. Also; as a professional business you should always analyze risks, impacts etc. whether cloud, ITO or on-prem and don’t end up with your pants down - outages do happen.
2 years, 2 months ago on Working On A Cloud Software Service Level Agreement
I'm not sure whether you mean adoption or the quantity of euro CSP's/euro CSP seats but I assume it's the adoption of cloud in general. There is definitely a problem with EU and cloud adoption. And this is according to me quite difficult to both explain and solve and definitely to comment in a comment :). One easy way is to say that the problem might be the lack of well-known CSP's (exception does exist) in the euro area and the "problem" with EU laws vs US great cloud services and well-known US CSP's, which for sure dominate both the cloud and the on-prem market. I think many EU companies look at the possibility to adopt US cloud services but laws sometimes say it's not possible, so; there's a problem. But I think we should dig deeper in to the history of Europe. Sometimes it's referred to as a unit or country (like the US with several states). Some people in Brussels and in EU also seem to have that same kind of Nirvana thinking. But it's not. After WWII a co-op between some European countries started and in mid-90's EU was a fact. Today EU has 27 member nations, as you say; a lot of nations. I would say these 27 nations talk about 20 different languages. These countries all have a long history incl wars (often against each other), epidemics, rise & fall etc. They have their own culture and laws as you say. Since EU is quite "young" it takes time to tweak (CloudTweak!) laws. The fact that countries have own agendas and different history etc etc - it's not making anything easier. It's a prob. When a Swedish (I'm Swede) company want to adopt an international cloud service they have to look at Swedish laws AND EU laws. Plus, they think like Swedes, exactly like Germans think like Germans. Companies either stay within their country by adopting a domestic cloud service or traditional SaaS or they start to look at services delivered from well-known CSP's around the world = US CSP's. Seldom would an EU country look at other EU countries CSP's. Swedes might look at UK because of the language but a French company would possibly not look at what a German CSP offer, and not only because of the language... I really think that many of the "ifs" is in the history and the fundamental misinterpretation that everyone in EU can play with each other. A lot of people still think they are “Swedes” and not Europeans. But I really hope and think EU companies will start to catch up, not because to catch up or compete with US, because EU countries need cloud services. As said; this is hard to "just comment" but I hope you understand the basic point - it's not as easy as you might think, it's not only slow bureaucracy and sometimes stupid laws creating the problem, but we will catch up. I will try to convince people in my coming post on KYC: The Multiculti Cloud.
2 years, 2 months ago on US to Europe: “Eat My Cloud Dust”
@sarojkar Do you mean like a complete chain with several services included in a "full" ITaaS/XaaS? Or do you mean net, servers etc within the DC included in a SaaS? (Then it definitely should be included in the SLA) If ITaaS; it's definitely cool to deliver the chain of services from DC to user. It's a risk but definitely cool, you will certainly differ from many other SP's. As long as you can control services and functions in the chain + secure important and sensitive functions with redundant or hq components + not to forget; deliver top notch stable IT services, I would take the chance – you differ on the market. The weak part, according to me, because it's normally out of your control, is the carrier. A cloud service should normally be available from I-net and I wouldn't guarantee the whole chain when I-net is a part of it (which you of course could disclaim in the terms & cond). To me the chain delivery model is more applicable in an ITO model than in cloud, maybe in a private cloud.
I agree: you should compare.
One thing I would like to add; non claim based penalties. The CSP should without a claim from the customer either pay a penalty or give a discount when the service doesn't meet the SLA. The customer shouldn't need to claim it.
I agree with you. The 2-5 are pretty much known but the first one isn't well known but maybe the most important since it's more of a feeling than a pretty well defined threat as lock-in. The first one is a jungle more than a fog. The good thing is that jungles can we do something about. Not desolate but disforest. It's easy to start a business in the cloud but it's more difficult to keep it alive. A lot of gold diggers to watch out for. That's why I think trusted brokers, aggregators and advisors are absolutely necessary to consult when adopting cloud - they can help customers disforest the cloud jungle. SLA in general should be taken seriously but I think most reliable CSP's do their job and it's more a problem for a specific CSP than the market.
2 years, 3 months ago on The Top Five Threats To Cloud Computing
I think some of the scenarios are quite ”aggressive” and most probably quite rare. Even if cloud tempts “gold diggers” like the Wild Wild West (www? Ooops! ;)) most CSP’s won’t go bankrupt. And most companies won’t store data that violate laws. More common is the scenario you mention where you want to adopt another similar (?) service for some reason. Regardless; it’s very important you know how to walk away and to what conditions. You should ALWAYS read and understand terms and conditions carefully, also look for references. Before you even adopt a cloud service you should know why you do it, what need it fulfills and prepare your organization to use IT services. No such thing as negligence should exist – its business we’re talking about.
The CIO-post is great, which I also commented. These posts are about devastating lock ins. If you want to discuss this more with me please do, either in this post or on my KnowYourCloud post The Devastating Cloud Lock in. In a couple of days my post The Successful Cloud Lock-in will be published on KnowYourCloud.
Sorry for my “commercial” attitude. I think this is one of the most important things to discuss in Cloud and ITaaS. It’s not good for anyone if you quite easily can’t move between service providers. Cloud should more or less be like before the Wild Wild West… (Nomad-era). Note! This doesn’t mean we should go back to the Stone Age, even if it feels like that when customers get locked in – Stone Age thinking.
Thanks for a good read in an important matter.
2 years, 3 months ago on Can You Retrieve Your Data After Terminating Your Contract?