Saturday, March 27, 2010

Cloud Computing

In my last point I took a big of a nasty pot shot at the vendors of "Cloud Computing".

IMHO Cloud is a huge and valuable technology but a long way from reality. In my view of cloud a user develops or modifies systems using sophisticated software development tools. I do not see new development tools as programming tools but rather business oriented tools that allow users to define rules, graphically view analyze and alter workflows. The tools should let the user add features to their systems, modify existing features, integrate 3rd party components and test what they have done. There would be screen drawing tools to let non-technical people layout and implement the user interface. Included would be tools to test what the user has implemented as well as run simulations to test the business effectiveness of the solution. When they are done, they simply press a deploy button.

"Deploy" sends data, program code, meta data, etc. to the "Cloud". Rules in the cloud manager understand how to deploy the system artifacts. No one on the consumer company's staff need know anything about the cloud.

The cloud's operational manager software should manage performance and response time of all applications. It must insure that applications are replicated across at least two if not more machines at a minimum of two physical locations to eliminate the need for disaster recovery planning. The system in real time may move application artifacts from one location to another as well as replicate artifacts in real time to improve performance and insure that the system is insulated from disaster. The cloud should have disaster managers that can handle anything from taking a machine off line for routine maintenance to the loss of a facility or data center do to catastrophic disaster.

We are a long way from Cloud meeting what I have described above.

Today security, privacy, and administration are perhaps the biggest inhibitor to any vendor's implementation of Cloud computing.

IBM sells both public and private cloud software and services to implement cloud computing. Sam Palmasano saw a vision of a "public" cloud run on IBM owned and operated computers where computers and the cloud operated as a giant utility company.

Security is complex in Cloud. Ownership rights are "cloudy" as are the implementation and granting of rights to system artifacts. If the cloud is operating as I have described above, it is constantly changing thus complicating auditability and making security even more challenging.

Going hand in hand with security is privacy and data protection. Who can access data? How do you audit and prove who can access data? Are the 40 year old database products of the past (i.e DB2, Oracle, Sybase, others) up to the task of managing data in a cloud environment with data replicated in many locations including systems that you may not own?

Can vendors convince their customers that it is ok to put their data or their customer data in a cloud where they have little control over the data and its access as well as auditability? IMHO even if a vendor has tremendous technical tools it will be next to impossible to convince the key decision makers in a customer organization that their data is protected.

Administration of a cloud based system today is a nightmare with people requiring a great deal of special training to the specifics of vendor software. In several vendor scenarios there are multiple layers of software that must be implemented and managed. The tools to manage a cloud simply do not exist. You would envision a control console that displays a world map with all of the notes of the network represented as colored LED's that flash red, yellow, green, and other colors to visually represent the status of the network. These would be connected by lines also color coded to represent status. Administrators in the control center would be able to adjust the system add or remove components around the world with ease. This is far from today's reality.

This command and control center would of course be replicated to handle emergencies. In fact cloud management may become a business of its own for some enterprising vendor with creative management software. The ideal solution would be incredible software and average people.

Until you can deploy artifacts to a cloud (private or public) and know that resources have been properly secured, know exactly who can and has accessed artifacts at any point in time, and insure that data is protected not only from intruders and unauthorized people but from those people who administer and operate the cloud we will not be seeing cloud reach its potential.

As many of you know, I am a key advocate of a modern version of CASE and enterprise modeling that we embraced in the 1980's. CASE and OO which followed (along with UML) never reached its potential and has left business corporations with no path into the future.

The need for enterprise modeling and implementation of the meta data to describe and manage the enterprise is more important today than ever before. Security and privacy as well as simple data protection have been implemented by crude software that requires an administrator grant authority to various people at a physical level. In other words an administrator must define who may add, change, or delete records in files on a computer system.

Security and data ownership should be transparent and implemented via a system of rules and ownership that are a byproduct of defining your enterprise and its organization to a system. I've done this three times in my career in large enterprise systems and it is the only solution to today's out of control technology. What I am talking about integrates security and data access into the rules that govern the business. Managers are responsible for defining jobs which have rights to data and processes that operate on data. People are assigned jobs and can only do or see what their job requires or enables them to see and do. There is built in auditing of everything that happens in the system with comprehensive logs and real time reporting of security incidents (based on violations of business rules).

It is this type of logical meta data description of the business enterprise that is required before a technical implementation like "Cloud" can be implemented. If security and data protection are a part of the application then It is quite simply a part of the cloud and requires no special software or hardware. Note that sophisticated encryption can be invoked via rules in the business application.

No comments:

Post a Comment