This week I had a separate discussion with a CIO of a large manufacturing company about Cisco’s Cloud Computing strategy and how we could help them with an upcoming transition in their Data Center equipment and facilities. My their own admission, they are a fairly conservative company and asked me to avoid any hype or hyperbole in this discussion. They just wanted to talk about the current state of IT.
I started the conversation with two pictures that I often use:
I always let customers know that the reality of today is there are many legitimate ways to deliver Cloud Computing services as an IT organization. Some of them can come from your internal systems (“Private Cloud”), some will come from commodity Cloud services (“Public Cloud”), some will come via Service Providers and Hosting Providers, and others may come from the SaaS offerings that Cisco provides (eg. WebEx, ScanSafe, etc.). The key to all of this is to determine what services their users, partners and business need, and then evaluate where to best deliver the IT services from. Some choices will be driven by time-to-market, others by cost, and still others by industry or government regulations. In the long-run, we fully expect that most customers’ IT portfolio will be delivered through a mix of Private and Public services. Cisco plays a critical role in this because of our experience helping customers through IT transitions for the past 20+ years, and because of the critical role the network plays in delivering Highly Available, Secure and Mobility-Aware experiences to users on any device or in any location. Then we talked about the “tipping point” that CIOs must now face, which is that some Public Cloud services are well ahead of internal IT departments in their ability to deliver services at lower costs and with faster response times to a business. So all the discussions about IT goals -- saving money, improved response times, greater business agility -- those now have external benchmarks that IT departments need to measure themselves against. And many CIOs are now asking how they can take the best-practices of those Public Cloud services and leverage them internally, where it makes sense.
After internalizing the first couple of discussions and making various notes, the CIO looked up at me and asked, “If I use a Public Cloud (any of them), what happens to my data?”
- How can I see where it is?
- How can I make localized copies, or peer it with other services/carriers?
- How can I get it back if I decide to leave that service/carrier, or if they go out of business?
- How do I know that it hasn’t been viewed by anyone else?
- How do I know that it’s not being used for analytics and sold (summarized, anonymized or however) to advertisers or other 3rd parties?
- How do I know that my competition, who might also be using the same service, can’t view it?
The rest of the presentation stayed in the bag and we spent the remaining time talking about this single topic.
- We talked about the use of APIs to access data or share it between services.
- We talked about various ways to encrypt data at-rest and in-flight.
- We talked about auditing systems for Cloud services.
- We talked about how legal jurisdiction differs in various parts of the world and how it was important to know where your data was stored.
- We talked about reading the fine print in contracts and SLAs, but also planning for failures within external services and plans to minimize that risk.
- We talked about whose responsibility it was to secure that data (the customers) and how that security changes when data is outside their Data Center.
Needless to say, the conversation could have gone on for quite a while. And I’m the first to admit that I didn’t have all the answers because in many cases there isn’t a clear cut answer. Some of these areas are evolving. At Cisco we’re doing quite a bit in terms of building the technologies to help address these questions, but I’ll again be the first to admit that we could be doing a better job of articulating this to our customers and helping to educate them.
So my questions to you are:
- What have been your experiences with your data when using Public Cloud services?
- How are you addressing the questions above?
- Does your CIO feel comfortable with your answers?
- What unique requirements does your industry have regarding your data and how is it impacted by Public Cloud?
- What unique requirements does your country have regarding your data and how is it impacted by Public Cloud?
- What would you like to see more of from Cisco to help you answer these questions, or questions about your data and Private Cloud (or any Cloud service for that matter)?
We’d love to hear your feedback. Please place it in the comments section below, or if you don’t feel comfortable doing that in the public domain, please send them directly to me via email.