The definitions of cloud computing have shifted a lot in the past several years, but a few things never change. Whether it’s located in an Amazon data center or a company’s own, whether it’s virtual servers or an entire platform for deploying applications, the cloud is supposed to serve many users, it’s supposed to improve flexibility and it’s supposed to save money. It all sounds great, but these guiding lights don’t always jibe with existing attitudes toward security and compliances and the systems put in place to enforce them.
On this week’s Structure Show podcast, we interviewed Derek Collision (above, left) — founder of a company called Apcera that’s all about making it easy to enforce policies while gaining the benefits of cloud computing — and Jason Hoffman (above, right) — the head of cloud computing at Ericsson (and former founder and CTO of Joyent), which just invested millions of dollars into Apcera. The two talk in depth about how Apcera works and how Ericsson plans to use it to expand its cloud computing capabilities both internally and as a provider of cloud services, and the whole interview is well worth listening to.
Here are some highlights discussing current thinking among IT types that need to change if companies are actually going to reap the full rewards of the cloud, rather than just adding more complexity to their already overwrought data centers. The problem essentially boils down to preconceived notions of what’s possible and what’s ideal.
[soundcloud url=”https://api.soundcloud.com/tracks/169203337″ params=”color=ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false” width=”100%” height=”166″ iframe=”true” /]
“Left is the opposite of right, and up is the opposite of down,” Hoffman said. “Secure is not the opposite of agile and flexible.” Many IT vendors just want users to think that’s the case because they don’t want to tackle those tough technology questions, he added.
Collison, who helped build the Cloud Foundry platform as a service while at VMware, concurred, although he said it’s as much about CIOs’ beliefs as it is about what vendors are pitching. He said Apcera’s approach to building a platform as a service that improves agility but is also centered around governance “fell on deaf ears” despite the fact that the two goals are intrinsically related.
“With Cloud Foundry and some of the predecessor technologies — even the ones that define the market today — they’re really about different layers of abstraction and just going faster, which makes a lot of sense until you realize that the only way you can really go faster and trust that is to be safe,” Collison explained.
Hoffman elaborated on this point, noting that wherever a company’s servers are located or its data stored, they need to know everything is safe, in the shape it should be, and delivering on business and revenue goals. And doing this right isn’t impossible. He thinks Apcera has nailed it so far.
“The act of knowing those things is what governance is,” Hoffman said. “And most importantly, the act of stating what your business requirements are for that infrastructure, and having that infrastructure be intelligent enough to conform to those requirements, is exactly what governance is.”
Colison argued later in the interview that enterprise IT needs a makeover in technologies and in thinking about what they can do. “We saw enterprise IT systems that were not welcoming of change, both on the development and lifecycle management side, as well as the policy, governance, compliance, security side,” he said. “So as one sped up, the other one got more calcified, complex, brittle, and essentially everyone was like ‘Don’t touch the … machinery,’ because it was too complex.”
Hoffman said we can expect to see Ericsson use its large stake in Apcera to push its growing agenda around cloud computing and to address these issues head on.
“We’re not trying to dictate an end-to-end monolithic infrastructure,” he explained. “We’re trying to take the developers in these organizations and say ‘We understand that you’ve already made investments, we understand that you’ve already choices. What we do understand is that, at the end of the day, your CFO and your chief security office does not trust you or your infrastructure. How can we fix that for you?’”