On 1st and 2nd of April, I attended to the Cloud Computing World Expo in Paris.
It was a combined expo with the “Solution Datacenter Expo”. It was quite funny to see some datacenter specialists trying to explain (imho, quite unsuccessfully) that you must not trust the public cloud providers and you should continue to buy private servers hosted in their datacenters. Nevertheless, I think your security and compliance cannot be better, nor worse, on the cloud versus on premises.
I attended to several workshops. Here is the summary of interesting quotes.
A « 100% Cloud-based » information system : is it possible or not ?
M Julien SIMON, Viadeo
Yes. It is possible. We have just announced last week that we are “full cloud”.
IaaS: If a company tries to copy-paste the internal infra on the cloud, it will cost more.
PaaS: Advanced technologies available in PaaS (we use AWS, but Azure has a good proposal as well) have no equivalent on premises. Using unique capabilities of a high-end cloud outpace the cost.
SaaS: Obvious for standard support processes. Can you be better than SalesForce?
Reversibility: Yes, leaving the provider could be a problem, but in some years. For us, now, only the business agility counts.
- In term of continuity: the cloud provides high capabilities of backup, of continuity.
- In term of attack: you are the limit, not the cloud, because you can’t be better on cloud than you are on premises
- In term of confidentiality: Could Google or AWS watch your data? Is it a really risk?
M Jean-Michel MOUGEOLLE, Wikit
We are 100% Cloud. In period of real estate crisis, it gave us a real competitive advantage.
We develop a lot of features within SalesForce. The key benefit: AGILITY. We add new features every week.
M Hubert TOURNIER, Intermarché, Les Mousquetaires
We use the public Cloud as an additional capacity, but considering our business constraints, our hundreds applications, being full cloud does not make sense. It is also a question of architecture: If your application is not designed for being distributed, there is a low benefit of hosting it on the cloud.
M Carlos GONCALVES, Société Générale
There are two main use cases for the cloud at Société Générale:
- Expected peak load (heavy computation, special marketing operation, …)
- Agile Infrastructure for application development
Full cloud is clearly not possible in the Banking Sector. Compliance with regulations will allways be a limitation, even in scenario where the cloud could make sense.
CRM, BI, Big Data, ERP, how will evolve specialized clouds?
M Loic SIMON, IBM, ASPAWAY
There is a trend for more vertical cloud SaaS and PaaS, dedicated for one service/industry. By design, the SaaS providers have a need of big volume. This is against the specialization. It leaves room for smaller but highly focused providers.
Here are the factors supporting de development of specialized clouds:
- The competitive pressure of generalist big player: small players must adapt
- The regulation and complexity of some market: healthcare for instance
- The API Economy: cloud-hosted ERP can be extended with plug-and-play specialized modules
- Hybridization: On premises systems can be extended with dedicated specialized services
Key words are: IS Augmentation, Plug and Play, SOA, API, Connectivity, Reversibility
M Antoine JACQUIER, NUAGEO
Netplus (www.netplus.fr) is an example of an IT Outsourcing company which has decided to developed a specialized cloud. It targets university, hospital, healthcare organizations.
Hosting and managing health data have a set of legal constraint. There is a need of common dedicated features. This naturally leads to the emergence of a community cloud
Ask me anything about the “Hybrid cloud”
Not really interesting. Short summary of commercial blah blah.
The question “Is the private cloud really a cloud or just a myth?” is not meaningful.
In 2015, no corporate IT can stay off the public cloud. Virtualization has reached its limits. The IT department becomes a hybrid cloud integrator, at least for one of these basic needs:
- Peak Load
- Prototype and software development
- Resilience (BCP)
- Back up (DRP)
Will the Internal IT Department become a Cloud Broker?
Are the Sovereign Clouds different from others?
M Didier RENARD, CloudWatt
Confidentiality! If you need IaaS cloud capabilities and 100% confidence that your data cannot be accessed by foreign organizations, join CloudWatt, the initiative of French government in response to the Patriot Act. Fully located and operated in France.
Me Alexandre DIEHL, LAWINT
Do not forget that datacenters located in Netherland, United Kingdom and Ireland are also covered by patriot act, by cooperation agreement with the USA.
M Francis Weil, COLT
Localization of data is a secondary question. What is important is the legal framework in use, country by country. In the 28 EC Countries, there are hundreds of more or less shared rules. Few public cloud operators are really multi-local, and can guaranty that local rules are applied where your business is located.
The key questions are:
- First, know your usage
- Next, understand the consequences on security
- Then, decide public cloud or on premises
- Finally, does the cloud provider comply with the local legislation (data confidentiality, data stewardship, ability to operate without international connection)? Data localization can be a consequence, or not.
M Emmanuel OSSOUCAH, Proxis Development
As a biotech and chemical group with an international presence, the specific advantages of a sovereign cloud are not obvious. We need to be compliant to local law, standard security, and flexibility, and low fares. Can a sovereign cloud compete on those criteria?
Zoom on reversibility
Me Alexandre DIEHL, LAWINT
The problem with the big players, Amazon, Microsoft, Google, IBM, … is that you cannot negotiate the rules. You sign a contract of several dozens of web pages that you cannot amend. Take or less. Working with smaller operators make sure that you
Licensing in case of transfer can be an issue.
M Thibault DALLEMAGNE, SFIC
Leaving the provider must be contextualized. You should exercise of data extraction, procedures transfer.
If you can financially, consider running simultaneously on two cloud providers.
M Cyril RUCHE, QUADRIA
Problematic of reversibility in the cloud is the equivalent the problematic of continuity of service in IT outsourced managed services.
You should expect the problems it has not been taken into account by design:
- if not planned early
- if exercises not played
- if not contractual
Reversibility procedures must be applied since day one. Data retrieval and service transfer must be operated on regular basis, not waiting for end of contract.
A mature and professional cloud provider must prepare with you the end of contract before you go live.
M Skander GUETARI, CAPGEMINI FRANCE
Even If your cloud usage is limited to IaaS, leaving your cloud provider IS NOT just a transfer of some VMs. It is the transfer of an fully operated applicative unit, including adherence (active directory, external API consumer and provider, …). Your architecture must be designed for that.
Take a special care about personal data. The Managing Director is criminally liable for compliance with new law. The responsibility cannot be delegated, internally and to a subcontractor. Consider the scenario:
- your payroll is externalized to a cloud SaaS based in UK, data are hosted by the company in UK
- the data archiving is subcontracted to a Germany company, in Germany
- the Germany company has high level of service, and re-archive in Singapore for more security
- the Singaporean provider is acquired by Russian company
- you leave the UK payroll provider
- are the data really deleted by Russian company?
The 3 key roles of a corporate IT migrating to the cloud
M Louis NAUGES, DHASEL innovation
The CIO is not anymore in charge of Information Systems, but of Information Services.
As the Cloud is becoming the new norm, the new standard, a new model appear. SaaS/PaaS/IaaS are often presented as a stack, like the current model Software/Middleware/Hardware.
- SaaS <=> Software
- PaaS <=> Middleware
- IaaS <=> Hardware
Louis proposes another model, 100% public cloud:
- BIS Model = Business Usage + Support Usage / Infrastructure.
- Support Usage, SaaS-based: standard operational capabilities for support processes, based on configured SaaS, like CRM, HR management, Analytics, etc
- Business Usage, PaaS based: business specific capabilities, custom developed on either general purpose PaaS (like Azure, AWS) or vertical specialized PaaS, integrated through public APIs with the SaaS capabilities
- Infrastructure, IaaS based: running the Business and Support above according to business needs and constraints