Archive for October, 2010
Posted: October 29, 2010, 10:46 am
Just having returned from the Gartner IT Symposium, Jim Grogan, senior director at SunGardAS, offered to share a few key points from the conference…CM
IT Management Shifting Viewpoint: from “Output” to “Outcome”
Gartner’s Andrea DiMaio and Mark McDonald pointed to a shift from “output” to “outcome” in how we need to make IT decisions for the future. The real value rests in the outcome, and this is a better way to measure any IT investment. When struggling to demonstrate clear measures of project success, this offers a new opportunity to speak to business leaders and differentiate performance.
Datacenter Expansion: “Buy” or “Build”
Analyst Eric Knipp projected that by 2015, more than half of the organizations surveyed reported they will need to either structurally change or build a new datacenter. Given the lead time needed for such projects, this would suggest that activity will commence in 2011 for this prediction to materialize.
Choosing Technology
Research VP Hung LeHong offered a key approach for IT decision makers to view technology. Hung stated the first question to ask should be: “Is this technology valuable?”, not “How does it work?” This ties back to the perspective of outcome, not output. Whether the technology is valuable to you depends on the potential outcome in your organization.
The Changing Shape of Cloud Adoption
These points offer valuable insight on cloud-technology adoption. Costs are part of every business decision, but cost savings per se are not the first reason to look at cloud computing. As Daryl Plummer stated, cost savings are the side-benefit of cloud computing.
Considering the potential build-out of datacenters, cloud technology has a significant role, either to offset the potential space required within an organization’s own data center, or to ensure that internal cloud deployments consider resilience and the need to fail-over for critical application availability.
When you answer the question that a particular technology is valuable (as Hong LeHong asked), and forge ahead with application deployment, resilience must be part of the architecture to support the new application. For these “valuable applications”, the cloud may become the preferred approach for deployments. The side-benefit of lower costs to deploy new applications on the cloud will help fuel growth strategies .
Mark Benioff, CEO of Salesforce.com, offered this observation during his keynote address: “We need to innovate as an industry; consolidation is not a growth strategy!” For all mission critical applications, that growth will depend on resilience to be sustainable growth. Whether leveraging cloud technology, virtualization or other yet-to-be seen technology, our on-demand, real-time world demands that successful applications remain highly available.
Tags: Cloud Adoption, cloud technology, data center, gartner, loud, resilience
Posted in IT and the Cloud
Add a Comment
Posted: October 28, 2010, 12:42 pm
I’ve asked SunGard’s Chip Childeres to weigh in on the role of IT in the cloud. Chip is a product architect for SunGard’s Enterprise Cloud Services and partners with our product management and product engineering teams to drive the overall solution design of the service…CM
The Role of IT in the Cloud Environment
I find there are three shifts in thinking that CTOs move through when considering a move to the cloud. The first is the way they think about the technical components in the cloud, the second is the way they consume IT services, and the third is the way their business focus can change.
Align IT Technical Components
First and foremost, a CTO has to be satisfied that the cloud will provide an infrastructure stack that supports the company’s custom applications. Obviously, without that capability there can be no cloud. But once that is satisfied, they think “why not put routine software applications in the cloud? Why not email? Wouldn’t that free up some resources in-house to work on more important stuff, like workflow applications or tuning business processes? What else could move to the cloud?”
Change IT Consumption Model
The next thing I see a CTO consider is the impact of the cloud on the budget. They start looking at their applications and asking “What level of stack do we need at normal times and at peak times? If we can buy the right amount of service at the right time, how much can we save?”
Re-Prioritize IT Projects
In most IT departments, the network, systems and database administrators are so burdened with maintenance and production issues they are have little if any time for the business projects that have the most impact on profits. Moving maintenance and production to a cloud lets the CTO re-deploy IT professionals to work at higher levels tuning existing applications and consulting on the design of new applications.
How much time does your IT infrastructure staff spend on maintenance and production issues each day?
Tags: cloud, Cloud Adoption, cloud and business, cloud and IT, cloud computing application
Posted in IT and the Cloud
1 Comment
Posted: October 26, 2010, 5:16 pm
Having just returned from the Gartner IT Symposium, there were several excellent themes that are crossing my mind. In response to multiple sessions on risk and security, I’d offer the following as food for thought: every business decision is about risk management.
GRC and IT Security
We can define programs for Governance, Risk and Compliance (GRC) and make sure that all related policies have executive support. We can (and must) do the same for information security. A colleague at the Symposium posed a question to me: how do you convince corporate executives of the need for risk management and IT security program funding?
The simple answer: remind business leaders that everything they do is risk management.
No matter how much technology changes, business reflects some constants: pricing and order-to-cash remain keys. Long retired, the sales career of my father suggests a case in point; he spent much of his career selling to state and municipal agencies: all public bids, and low bid wins. So the risk every time was where to set the price that delivered value for your product, ideally at one penny less than the next highest competitor.
The Ultimate Business Risk: The Buck Stops (and Starts) Here
Pricing is a business risk every time. Set too high, you lose business; set too low, you leave potential profit on the table. Set too low without understanding costs, and you are leaving not just profit, but the cash needed to keep your organization solvent on the table.
IT security and risk management are part of understanding total costs. The justification for IT projects must be stated in business terms. Gartner’s John Pescatore made the point that IT security, for many, remains an afterthought. This points to where a critical weakness may be introduced into the business case: as Pescatore stated, “Every time IT changes how service is delivered, security has to change.” In speaking about cost savings as a primary justification for many IT projects, John went on to state: “Some of that saving needs to be plowed back into the security program.”
How Not to Rely on Recovery Programs
The same points can be made for risk, and Gartner’s French Caldwell offered some of these same challenges at the IT Symposium. French spoke of “sudden disaster”, and with his background as a submariner, that had a particularly high potential impact. The justification for risk management programs could easily be titled, “How not to rely on your Disaster Recovery Program.” Last week I discussed the Virgin Blue computer failure related to not activating their recovery plan. In striking a balance, keep in mind that your preference should always be an effective risk management program that avoids disasters through carefully designed, implemented and monitored mitigation activities. Caldwell asked whether in the years ahead, would IT security become risk management?
I’d suggest we are already there; IT security decisions are business decisions, and every business decision is, in fact, a risk management decision.
Tags: BC/DR, business continuity, bussiness risk, disaster recovery, French Caldwell, gartner, Gartner IT Symposium, John Pescatore, recovery program, resilience, risk, risk management
Posted in Uncategorized
Add a Comment
Posted: October 26, 2010, 4:18 pm
As director of product management at SunGard Availability Service, Satish Hemachandran focuses on the strategy and direction of the core platform for SunGard’s Enterprise Cloud Services…CM
As more and more businesses look to rise to the cloud, there is a lot of talk not just about the “how” but the “why”. While the cost-savings is definitely a major driver, most organizations see business and technical advantages as well. This list looks at some of the main reasons for cloud adoption.
Cost Savings, of course
Cost Savings. Without a doubt, cost-savings is the number one driver of cloud adoption. Organizations see it as a way to get an enterprise-grade infrastructure without the top-dollar price tag that accompanies such an environment.
Product Advantages:
More Product Focus. Between 70- 75% of an IT budget goes to the upkeep and maintenance of a company’s existing IT environment. That’s a lot of resources to expend on the status quo. Most customers don’t want to be in the IT business. They want to focus on streamlining and growing their own products and services. Having a partner to host, update, secure, back-up and administer their IT needs frees IT to focus on top-line, revenue-generating projects.
More and Better Services. The cloud provides access to more and better IT services then they a business currently haves. Every CTO knows where his or her IT department is weak—whether it is in administration, patch management, or tools for operational support. Within a cloud, a customer shares the costs of expensive tools and applications, so they become affordable.
Technical Advantages:
Right-sizing. Clouds are elastic. They expand and contract to meet the changing needs of your business. With an in-house data center, you have to carefully monitor and refresh your capacity projections. You don’t want to under-provision, but if you over-provision, you can’t scale back. In a cloud, you can right-size your environment as it evolves.
Integration. Most in-house data centers are isolated and each new application or capability represents a new project. A cloud is not isolated. Many applications, tools and capabilities are already integrated into the cloud. They are easy to access and add on, and they come with operational management and security already in place.
Download SunGard’s Cloud Computing white paper. Discover what cloud computing is and explore the benefits and challenges that it brings to organizations.
Tags: Cloud Adoption, cloud computing vendor, elastic cloud, loud driver, scalable cloud, security in cloud computing
Posted in Cloud Business Drivers
Add a Comment
Posted: October 26, 2010, 10:38 am
This month, SunGardAS’ new CEO Andy Stern sat down with Jason Stamper of the UK’s Computer Business Review to talk about SunGard’s cloud plans. Within the Q&A, Andy discusses how enterprise-level cloud computing services must support serious, mission-critical applications and that enterprise-level environments require greater compliance and more auditability, security, change control, and certification. Click here to read the article
CM
Tags: cloud, cloud computing, cloud computing leaders, cloud computing security, cloud computing vendors, cloud trends, secure cloud computing
Posted in Cloud Adoption
Add a Comment
Posted: October 21, 2010, 2:30 pm
I invited Janel Ryan, a Solutions Marketing Manager at SunGard Availability Services, to blog about determining the right could solution for your company. Janel has an interesting perspective on business requirements dictating the right cloud or cloud mix for an organization…CM
The “right” cloud computing strategy involves a mix of dedicated and shared resources inside and outside the company. Before you talk with vendors, you need to develop a clear set of business requirements and assess your company’s readiness for cloud. Then you can focus on the vendor(s) who has the range of services you need.
Define Your Needs
Your business requirements should define cost savings, IT efficiencies and other specific outcomes you want to achieve with your cloud solution. Documenting infrastructure, security, usability, compliance, and SLA requirements of each application and business unit is a fundamental first step in defining your cloud strategy. Your analysis should also define requirements for reliability, redundancy, connectivity, interoperability and the integration of legacy equipment and applications.
At this stage, it’s also helpful to identify any need your organization may have for consulting expertise for, say, compliance and “best-of-breed” practices, to help document current state and identify the cloud readiness of your IT environments.
What’s Next? Assess
A cloud readiness assessment compares the desired outcome with your current operations and creates a path for migration for achieving your business goals. Conducted in-house or through an experienced consultant, an assessment helps you determine which applications and services should move to the cloud and which should stay within the current environment. Different scenarios for leveraging cloud computing result in different ROIs, and understanding which scenario is most efficient is critical if you are to get the most for your money.
Together, your business requirements and readiness assessment dictate the right cloud strategy for your organization. Without them, you are much more susceptible to the “hype” of vendors who claim they can do everything.
Janel Ryan can be reached at janel.ryan@sungard.com
Tags: cloud, cloud assessment, cloud computing information, Cloud security, cloud solutions
Posted in Cloud Adoption
Add a Comment
Posted: October 19, 2010, 11:25 am
Joining in the cloud discussion today is Matt Carey, senior director, product marketing, at SunGard Availability Services and one of the Enterprise Cloud team members.
Users in the marketplace seem to be getting a clearer understanding about the different kinds of cloud deployments (private, community, public and hybrid), but one area where I still see peers, customers and industry experts tripping up surrounds the definition of Infrastructure-as-a-Service (IaaS).
What IS IaaS?
IaaS includes all the system services that make up the foundation layer of a cloud—the server, computing, operating system, storage, data back-up and networking services. IaaS supports the Platform-as-a-Service (PaaS) layer, which includes the development tools you use to build, modify and deploy cloud optimized applications, and Software-as-a-Service (SaaS) layer, which includes the business applications.
Shades of Gray in the Cloud
While the definition of the IaaS layer is pretty straightforward, there are some gray areas where you need to ask questions: resiliency, restoration, disaster recovery, and security.
- Resiliency refers to the stability of the foundation and whether it is built to enterprise standards;
- Restoration refers to the ability to restore your data quickly after, say, the release of application software updates that damages data;
- Disaster recovery refers to the ability to get your business operations back online following a catastrophic event, whether it is a natural disaster, or an errant backhoe clawing through the power lines somewhere on the electrical grid, and finally
- Security refers to the architecture for monitoring the access, use, disclosure, disruption, modification and destruction of data by users and programs and whether those security capabilities are “baked in.”
Different vendors offer different types and levels of service in these areas, so it is wise to define your needs carefully.
Which of these areas are most important to your company? Give me your unique perspective.
Tags: cloud, Cloud security, IaaS, PaaS, SaaS
Posted in IaaS
Add a Comment
Posted: October 15, 2010, 11:43 am
How often do we take action on our PC which requires us to answer the “Are you sure” question? The simple reason for that verification: it’s a well-known fact that user errors can cause system, application or data problems. This message should serve as a constant reminder to think about resilience and continuity from the people perspective.
Staff Training and Effective Continuity
It cannot be stated often enough that we need to integrate staff training to achieve effective continuity programs. The October issue of CSO magazine included an interesting recap of Malcom Harkins’ thoughts. Harkins is the CISO at Intel, and he was speaking recently at the Forrester Security Forum. Misperception about risk, according to Harkins, is driven by two key points – economics and psychology. Economic impacts guide each of us when we make business decisions. The desired outcome of the decision might be increased sales and revenue – a positive economic impact. What CSO didn’t mention is that it’s important to have the full information on the business impact when making these policy and program decisions.
Harkins’ psychology angle is interesting, too: he spoke of both exaggerating and underestimating risks, either of which can lead to flawed business decisions. I would suggest this scenario which I hear often in conversation: if you have fail-over architecture and high availability for an application, then it would seem to diminish the need for further continuity investments, right?
Single Points-of-Failure
Actually, the fact that you have an application that warrants fail-over protection should raise your sensitivity to making sure that basic recovery is possible; the moment you have a single point of failure event, you are now running exposed for a second failure point. Additionally, testing fail-over capability can be very challenging. Wouldn’t it be comforting to know that should human error enter into the mix at just that critical – sometimes chaotic – moment, you have a recovery capability that has been validated, and even more importantly, that your staff knows what to do?
Crisis Decision Making
Decision making in a crisis is never easy; the potential impact of incorrect choices adds a heavy stress burden. However, that’s why recovery programs are developed; decision trees based on potential disruptive events are created during non-stress-filled times to guide decisions when chaos may reach a peak.
Some of this could be categorized as continuity basics, but real-world events often tell a different story. On September 26th, a computer failure for Virgin Blue airline in Australia caused havoc. Inability for Virgin Blue staff to re-ticket passengers, and for passengers, no ability for self-check-in was the direct impact. A simple disk failure was the root cause. The human response that ensued focused on the effort to repair the disk (which did not go as hoped). Decisions to transfer operations to a recovery configuration – a process that was in place with a 2-hour RTO – were delayed, assuming the repair would be quick. The result: hundreds of disrupted flights, thousands of angry customers, and you can count on many of those customers now having to be categorized as “former customers”. Virgin Blue has offered reimbursement and a free ticket, a costly impact when considering the number of flights disrupted over 24 hours.
When faced with any disruptive event, those making decisions to delay invoking a recovery plan should ask themselves, “Are you sure?”
Tags: BC/DR, business continuity, computer failure, crisis decision making, crisis planning, CSO Online, disaster recovery, fail-over, Forrester, Forrester Research, recovery, recovery capability, resilience, risk, single point of failure, SunGard, SunGard Availability
Posted in Uncategorized
2 Comments
Posted: October 15, 2010, 9:55 am
Why Cloud Matters
AS the director of solutions design at SunGard Availability Services, I understand why cloud matters. I also know that, depending on your role in an organization, cloud matters for different reasons. Over the coming weeks and months, my SunGard colleagues and I will be talking about cloud—what it is, why cloud matters, and how the cloud evolution is meeting “real world” business needs.
We want you to participate in our conversation – to discuss with us the challenges and questions that come with the adoption of a new technology. So don’t hesitate to post your comments, insights and questions.
Why Cloud Matters? Ask a CFO
As technology executives and practitioners, we often think about cloud as a technology solution. While it is true that clouds are built on cutting-edge technologies, it is the business benefits that have driven the real buzz around cloud. In fact, as cloud has come to the attention of CFOs, who see cloud as an alternative to hefty IT capital investments, many cloud practitioners have been fielding cloud questions and requests directly from the c-level.
From an accounting perspective, the cost of a cloud can be treated as operational expenses, while the cost of an in-house data center has to be treated as a capital expenditure and amortized over time. Being able to treat IT expenses as operating expenses saves lots of corporate tax dollars. CFOs like that.
And cloud doesn’t require the upfront investment that other IT solutions require. The nature of the cloud lets a company “rent” extra capacity for peak periods rather than buy it. CFOs much prefer renting to buying because it saves money earmarked for long-term investment. That not only delays the outlay of cash, it eliminates over-provisioning which lets the CFO keep more cash working for the company for a longer period of time.
Given the cost savings cloud provides, CFOs are getting more and more involved in the cloud discussion. What is your CFO asking? And what unique resource challenges do you face?
Tags: CFO, cloud, cloud computing, cloud solutions
Posted in Uncategorized
3 Comments
Posted: October 5, 2010, 11:45 am
This past week, I had the opportunity to speak with Bob Laliberte of ESG not once, but twice. While considering my weekly blog topic something Bob mentioned both times struck me: one of the driving forces behind cloud computing services is that they can be rapidly deployed, and this especially helps to manage peaks in workload.
From my resilience roots and considering security issues, it occurred to me that something not often discussed in the cloud arena is the potential impact of change management.
Change Management
Many continuity failure events are linked to change management breakdowns. As a colleague at a Fortune 50 company reminded me a few years ago, you can never hope to control change, only manage it. With the rapid deployment capability of cloud computing services, the issue of change management needs to be considered carefully. When it becomes too easy to deploy or modify an application in the cloud, reasonable and essential controls might be overlooked.
Consider as an example data classification: done well, it helps guide an organization to make resilience, corporate governance and continuity management decisions. In the absence of appropriate data classification, how can you even decide if the cloud is where certain information should ever be stored? Change management and governance come into play both for new cloud deployments, as well as for changes – made easily in the cloud – that might inadvertently allow data to be placed in the cloud that is a violation of organization policies.
Cloud Governance
A white paper from ISACA discusses the business value and governance issues with cloud computing, and offers this advice: “…the move to cloud computing essential dictates that a company information security officer or director be included in all further governance and system development life cycle processes.”
When evaluating the adoption of cloud technology, be sure to consider how your organization integrates change control and governance to help ensure compliance with regulations and adherence to your own internal policies and best practices.
Continuity Maturity
Tightly integrating any cloud computing platforms into your existing change management procedures makes good sense, including examining data classification and storage, and regulatory compliance. Business Impact Analysis (BIA) and Risk Assessments are some of the tools of our trade; look carefully at the timing and frequency of the BIA and risk assessment as recommended by ISACA in light of the ease of cloud deployments and changes. This helps ensure that continuity program maturity is maintained or advances with cloud solutions.
Tags: BC/DR, BIA, change management, cloud, cloud computing, continuity, ESG, governance, ISACA, Laliberte, resilience, risk assessment, risk management
Posted in Uncategorized
3 Comments
