Cloud Computing : The Open Group's Activities
At its London conference in April, The Open Group conducted several forums examining different aspects of Cloud Computing. The emphasis of these sessions was to allow customers and vendor participants to present and discuss issues on adoption of Cloud Computing, and to help develop The Open Group's plans for further work on Cloud Computing.
The first session occurred during the Security Practitioners Conference, where a session was held on "Identity in the Cloud". The session included presentations from Stuart Boardman, Director of Consulting, CGI on "Identity in the Fog" and from Marco Casassa Mont, Senior Researcher, Hewlett-Packard on "User Requirements: The Future of Identity in the Cloud". This was followed by a Q&A session; issues discussed included:
- The potential for cost savings, with examples from the Daily Telegraph. A potential enterprise security benefit for cloud is that it can emable affordable business continuity plans.
- The need to distinguish between Information Risk Mgmt vs. Enterprise Risk Mgmt (business impact) when analyzing the security impacts of Cloud, and the need to trade off between cost savings resulting from use of cloud and the need to invest in cloud security
- Usable multi-vendor standards for Identity Management are a fundamental enabler for the cloud
The second session, sponsored by the The Open Group Customer Council, was an open discussion on the customer perspective of Cloud Computing, with the objective of identifying business requirement topics requiring further work by The Open Group and the larger community, and to get sense of priorities for this work. The discussion coalesced around two questions:
- What promises of Cloud are really attracting you?
- What’s your biggest fear in implementing Cloud?
Some of the key points from the resulting discussion were:
- Security will be critical, not only from a technical perspective, but also in terms of enterprise security concerns such as regulatory compliance and discoverability. Security and legal professionals will need to sort issues of data ownership and which jurisdictions apply to data and services in a location-independent Cloud.
- Cloud Computing represents another point on the outsourcing continuum, with the benefits of elasticity, reduced capital expenditure, and the ability to offload IT management concerns, e.g., keeping systems up to date, security enforcement and regulatory compliance on to the Cloud services provider. "Software as a Service" or "Business as a Service" may allow businesses to get specialized expertise on certain business processes on a shared-cost basis
- There will be an offsetting need to hire and train IT practitioners knowledgeable in Cloud outsourcing. Skills needed will include governance, management of Cloud service providers and ability to deal with the complexity, chains of responsibility and "finger pointing" in outsourced services
- Lack of maturity of architectural models of cloud is a barrier to understanding and adoption. Consensus on Cloud models and taxonomies, and a mapping of those taxonomies by use model would help address this need.
The third session took place at the Enterprise Architecture Practitioners Conference. The session included presentations from Jack Hanison of Capgemini on "Inside the Cloud – The Supporting Architecture of Cloud Computing", focusing on addressing the challenges associated with cloud adoption; Mateen Greenway of Hewlett-Packard on "Service-Oriented Cloud Computing Infrastructure"; and David Jackson, Armstrong Process Group who presented his experiences on Growing a Start-up in the Cloud. The session was capped off by Scott Radeztsky from Sun Microsystems and member of The Open Group board, who led a discussion on "Whitebeards and Cloudsters: Is Enterprise Architecture Relevant in the Cloud?". Key points of consensus were that effective deployment of Cloud computing will benefit from the use of good architecture methodologies, but that careful scoping of the architecture effort and "lightweight" application of enterprise architectures such as TOGAF would be needed to keep pace with the rapid development styles prevalent in Cloud deployments.
The Open Group's members continued their work on these topics, with a key activity being the gathering of customer requirements through a combination of Business Scenario workshops, surveys, teleconferences, and/or call for position papers, its next major session occurring at The Open Group conference in Toronto in July.
The outcome of this activity has been the establishment of the Cloud Work Group, the main goal of which is to ensure the effective and secure use of Cloud Computing in enterprise architectures.