This page contains a Flash digital edition of a book.
cloud ICT


terrible results with this aim in mind and is guilty of encouraging the same procurement practices in G-Cloud. It’s inevitable that at the scale NASA is talking about, a multi-tenant cloud would be more cost effective than building and maintaining their own. But at what cost, besides the dollar amount?


Value – that hard-to-define blend of quality and price – should always be the aim, with defined outcomes preceding it. Rarely is one supplier the best and the cheapest. But it is a beautiful thing when you deliver a new technology project that adds value, enhances efficiency, improves competitiveness – in short, makes your organisation better – AND then it also delivers it at a lower price point. But if all you do is change how you deploy tech in order to reduce cost, the business breaks, you break the law, you get sacked, do you still care about the cost saving?


A wiser man than me, Oscar Wilde, once opined that a cynic is one “who knows the price of everything and the value of nothing”. It’s important not to be cynical with IT procurement; it’s too important to be viewed merely as a cost centre to be slashed if possible.


It’s not about technology, it’s about supplier management This is such an under-rated and under-stated area when people talk about cloud. NASA’s litany of mistakes has nothing to do with public clouds being less secure than private/virtual private ones (they are). It’s not even about cloud. It’s barely even about technology. It’s about contracts, expectations and good governance. If you don’t know how to manage a cloud supplier and sort out the contractuals, you shouldn’t be let loose on sensitive data. Indeed, they weren’t allowed – they broke their own rules. It’s not about cloud. IT in a cloud-based world is as much about managing suppliers and SLAs as it is about keeping the tin working.


table that outlined the contractual status of the five cloud deals (presumably from five different providers) they had in place. NONE had defined roles and responsibilities. NONE had service level reporting metrics. NONE had data retention and destruction policies. NONE had data privacy requirements. You really must read the report – it’s a brilliant “what not to do guide”.


By NASA’s own admission, there are only two types of cloud contract: negotiated (like all managed hosting providers offer on a fixed term) and predefined, non-negotiable contracts. In their own words: “Under a predefined contract, the contract terms are prescribed by the cloud provider. As such, these contracts typically do not impose requirements on the provider beyond meeting a base level of service and availability. Nor do they address Federal IT security, privacy, data production, or retention and destruction requirements. Furthermore, the provider is often empowered to modify the contract unilaterally without notifying the customer.” By definition, ALL self-service public clouds fall into this category. After all, the SP isn’t going to allow you to write your own contract terms and SLA so it’s invariably lowest common denominator. Yet it’s these same “users must serve themselves or it’s not real cloud” environments that our governments seem so enamoured with, at the cost of data protection, sovereignty, security and common sense.


Reducing cost is usually a bad driver in isolation


Another personal bête noire is the obsession with reducing costs as an absolute motivator. Our own government has delivered


Good news for wannabe doctor evils NASA may be concerned with their intellectual property falling into the wrong hands – good news if you always wanted a space shuttle or a base on the moon. But anybody outside wealthy rogue governments will have nothing to fear. No patient records, criminal records, tax records or other sensitive information about members of the public have been exposed here, to our knowledge.


However, the object lesson is clear. The UK government has swallowed the NIST definition hook, line and sinker too, so the risk is there. Happily, our civil service with the CESG security regulations – the likes of IL2, IL3, etc – is well on top of things. But caveat emptor – if people are encouraged to serve themselves in a cloud world, then public cloud platforms could give us the new “CD-ROM left on train” or “documents left in park bin” headlines.


Focus on your core competencies It’s particularly interesting that it’s NASA involved. You just can’t get an organisation better qualified than NASA to stand up a cloud project – AT A TECHNICAL LEVEL – but they still got it badly wrong. They should, perhaps, focus on aeronautics and space exploration and let those who wake up every day keeping data safe get on with doing that. One of my most vivid childhood memories is being a small boy back in 1981 watching the first orbital flight of Columbia and I’ve loved NASA and spacecraft ever since. I’d love it if we had a side project at 6DG on “satellite computing” but I suspect we’ll remain on terra firma. Back on Planet Earth, it’s important that people stick to what they’re good at.


Winter 2013 I www.snseurope.info S17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72