Posts Tagged CIO

The one question that every CIO should ask themselves… What are you going to do when (not if) your cloud systems fail?

I’ve deliberately used the word Cloud to grab your attention but the question is equally applicable if you use Cloud systems or in house systems.

This post was prompted following an interesting twitter conversation I had last night with Frank Scavo and Dennis Howlett around yesterday’s outage of the Microsoft Azure cloud platform.

Frank started the conversation with this response to my tweet about Azure:

Frank: “Exactly the type of thing that reinforces CIO fears about cloud…”

Stuart: “working on the assumption that cloud outages are inevitable… I feel it’s how vendors respond that will give CIO’s confidence”

Frank: “No, fewer outages will give confidence…”

Stuart: “I’ll meet you half way… Fewer outages and proper service management around problems when they do happen…”

Frank makes the point that some of his CIO contacts were livid following this outage. And this is where this post really starts, as I challenged Frank as to exactly who they were livid at on the basis that to overall accountability for a company’s IT systems, whether they be on premise or in the cloud lies with the CIO.

Stuart: “as CIO you’re accountable for everything as you choose to use cloud or not!”

Alongside the Azure thread there was a parallel thread running on cloud security that had been started by Dennis Howlett in his Accman blog.

“Anything that connects to a network is vulnerable. That includes EVERY cloud player, regardless of the service they offer. What matters is the extent to which vulnerabilities exist AND are capable of exploitation.”

Let me share my belief here, these two topics are intrinsically linked, i.e. when you’re appointed as a CIO you’re trusted to deliver competitive advantage for your company through IT. Now, it doesn’t take a rocket scientist to work out that if you can’t maintain availability and adequate security of your systems then you’ll only manage to deliver disadvantage, and you probably won’t be around very long.

So, let’s get back to the title of the post… what are you going to do when your systems fail (which is inevitable)?

If you’re running in house, the apps themselves (if they are decent apps) are least likely to fail, more likely failures are from switches, disks, networks, cables and other parts of infrastructure. You protect yourself against this by designing your datacentre(s) around redundancy with zero single points of failure.

If you’re running cloud services, you pick a reputable supplier who works with a reputable hosting partner right? Well, yes but as we saw with Azure yesterday (and previously with Amazon and Rackspace and most other reputable cloud vendors) the same hardware failure points exist in cloud provider datacentres as they do in your own. If you appreciate and accept this this then you’ll also be mindful that you could be introducing a single point of failure in your enterprise platform and that your service availability is now at the mercy of their service availability.

When you running outside of your own bricks and mortar you also need a high bandwidth and high availability WAN, Firewalls and Proxies, etc  that all need to be fault tolerant and designed around redundancy to ensure adequate access and security at all times. Even then you can’t mitigate around someone digging up the cable which has happened to me twice this year and is more common than you might expect.

Is this a story of cloud bashing? No it isn’t, it’s a story of how the CIO needs to take full accountability for managing risk within their platform.

  • If you’re running mission critical systems and your business can’t afford any outage then you simply can’t design a single point of failure into your enterprise platform.
  • If you’re running non mission critical systems, then you may choose to take a little more risk around availability and accept a single point of failure and manage any disruptions that may arise.

What you deem to be mission critical or not is your own decision and it doesn’t have to be one or the other. For my part I run a hybrid platform where some parts are mission critical and some parts less so and the platform design and location of services (in house vs. cloud) reflects this.

Of course from a customer perspective people outside of IT expect things to work 100% of the time and if you’re running either of the above, or a combination, then any outage no matter what damages your credibility with users.

So as an effective CIO, you need to design an effective platform around what your business needs, you need to manage the risk, you need to pick the suppliers that you work with, and you need to take full accountability when things go wrong. Yes you can get livid with your suppliers, but just remember who picked them and remember who chose to introduce a single point of failure into your platform in the first place.

So, what are you going to do when (not if) your cloud systems fail? Make sure you know the answer today.

Footnote: This post relates to large enterprise businesses and the role of the CIO and the point I’m trying to make is you have to plan for failure to guarantee success.

Part of this cross posted here

, , , , , , , ,

Leave a comment

Cloud Computing World Forum 2011 – Insights Part 2

More insights from Cloud Computing World Forum following on from my earlier post

So two sessions down and two more to go. Next up I attended a panel session “Advantages and trends in cloud technology”

This was chaired by Rupert Goodwins @rupertg the Editor ZDNet UK. In Rupert’s opening pitch he made the statement that “negatives make better news stories….” how true is that? Brought a smile to my face as I’m normally on the receiving end of such stories so I’m liking him already.

So this session was a decent discussion involving reps from SymetriQ, Barclays Bank and Onyx Group covering topics such as cloud concerns around security, interoperability and vendor confidence.

There was some good discussion around compliance and penetration testing, e.g. how often and how do you govern when someone else owns some of the moving parts? I’m not sure I heard a good answer in the end. However, there was also a classic one liner (from the Barclays chap) in :

“I for one wouldn’t put my crown jewels out there” ~ the mind boggles!

Towards the end the session got bogged down a little in the age old ‘what is and what isn’t a cloud’ debate (more on that later)… Many people including myself are now well versed in what the cloud is and continuing to debate this is of little importance anymore.

It also turns out Rupert and myself have something in common from way back in the 90’s… Networking products called Mainlan and Mainlan/386. Turns out that Rupert wrote a multitasking kernel in 386 back then… happy days indeed as he indicated in a later twitter conversation.

My last session of the day saw me head off in the direction of “Cloud computing – more than just virtualisation” by Wes Nolte of Tquila

Wes started by introducing himself as an international award winner, author, and prolific blogger, tweeter and talk giver … my expectations were high indeed!

Wes talked about Crowdsourcing, The internet of Things, and the pending extinction of the IT department. He shared some very interesting statistics. For example, the IT industry uses as much power as the Airline Industry, and did you know that Google  surreptitiously digitises 1billion words per year by crowdsourcing? Makes you wonder how many words there are in the world!

Then I’m not sure how it happened exactly but we got into defining the cloud again… and just when I thought I’d heard them all Wes came out with an absolute cracker…

“Cloud is the virtualisation of computer hardware with the added benefit of geographical decentralisation.”

I have to tell you that this got my attention for all the wrong reasons… sorry Wes but if this was supposed to impress the audience or make things clearer, then it missed the mark by a considerable distance.

We then heard how the IT department was dying and it was all due to excess utilisation. I have to say I was expecting a much stronger argument, and I think this one is borrowed from a presentation I heard from Marc Benioff a while back. I’m sure Wes understands that IT departments are about much more than storage and utilisation, nevertheless I was left disappointed by this session and my expectations weren’t met…. sorry Wes!

If I could offer Wes two pieces of advice they would be… please visit some CIO’s and understand what business problems they really need to solve, and maybe let others decide on the prolific talk giver bit!

So, my detour to Cloud Computing World Forum is almost done but before I leave I manage to grab a few minutes with David Terrar @DT . David is a really nice chap who I follow on Twitter and met up with at the same event last year. We had a short but very good chat around cloud accounting providers, market dynamics, scaling small cloud businesses into big ones and company cultures. Hopefully we’ll get more time to carry on our discussion next time we meet.

And finally my conclusion from the day was summed up by this tweet from Gary Burt @gburt  

“The best sessions were from end users and those actually doing it!”

Very wise words indeed… Isn’t that always the case?

, , , , , ,


The Enterprise Cloud and why saving money isn’t everything

I spent an excellent couple of days this week with a group of CIO’s from some of the largest companies across Europe and one of the hot topics we debated was around adoption of the Cloud… what’s the business case for cloud? who’s driving the cloud agenda? are businesses ready for cloud? which applications are best suited to cloud? and what’s the general feeling around the public and private cloud debate?

It was refreshing to have such an open debate without the hype and cloud washing by cloud vendors, and despite the fact there were a few cloud vendors present, they were politely asked to stop selling and start listening to what businesses really need:

  • The smart business is much more interested in using the cloud to drive business benefits and increase revenue as opposed to saving costs. (the vendor argument that the cloud reduces your operating cost simply doesn’t matter if it doesn’t help business growth).
  • The much publicised CAPEX vs. OPEX argument was also dismissed as a benefit as most felt it easier to secure CAPEX funding as opposed to OPEX.
  • The speed and agility of procuring cloud servers and services and the elasticity of increasing compute and storage capacity around demand peaks were seen as attractive benefits.
  • Getting data (not necessarily applications) to the cloud is seen as a positive move as it opens up a new range of business opportunities around collaboration, e.g. customer/employee self-service and supply chain digitisation (what a fantastic word!).
  • System integration and interoperability has replaced security fears as the biggest concern around cloud adoption… getting disparate systems to work together remains as one of the most difficult businesses issues and it is felt the cloud could complicate this further.
  • Whilst there was a bias towards private cloud, businesses were open to adopting all types of public, private and hybrid cloud on the basis that a “one size fits all” model is unlikely to suit all enterprise business models.
  • It was generally accepted that using the cloud for consumer applications is much more popular than using the cloud for the Enterprise today. The few cloud usage examples shared were all consumer facing operations of the Enterprise as opposed to back office operations.

I was very impressed with the level of knowledge and debate at this session and I have to conclude by saying Enterprise business leaders definitely understand the cloud, they see through the cloud wash, and they are more than capable of deciding how and when to adopt cloud in their business.

, , , , , ,

1 Comment