Sunday, April 07, 2013

Paying Attention at Cloud Connect 2013 in Santa Clara

The annual Cloud Connect conference in Santa Clara is a can't-miss event on my calendar.  Last week's version for 2013 was no exception.  I only attend the keynote addresses and the expo floor because those are free and I'm extremely cheap.  My readers need to know that I'm not an IT expert, so I attend to expand my knowledge.  As usual, the speaker's summarized comments are in normal text and my own interpretive comments are in italics.

Steve Wylie kicked off his intro with an announcement of Cloud Connect China coming this fall.  Great, another opportunity for Chinese state-sponsored companies to pirate Western technology without attribution.  The conference engaged Everest Group to conduct market research on their audience of cloud users.  One bottom line that emerged is that cloud solutions purchasers expect more from their systems than cost reduction.  Several of the speakers this year addressed the ROI of "cloudonomics" enhancement to an entire enterprise.

Alistair Croll spoke on "End to End Lean IT."  He sees the shift to cloud as part of a view that IT is no longer scarce.  I learned a new term at this conference called "DevOps" and several speakers developed it further.  His interpretation of DevOps is the simultaneous coding of infrastructure, data, and apps all at once so they can expand and contract as the enterprise's agility demands.  Agile coding builds out from the waterfall model, which emphasized sequential completion of development steps.  Concepts like lean, agile, DevOps, and cloud aren't new on their own.  IMHO integrating them is the new "lean" IT gold standard.  Alistair drew an analogy to "holons:"  Our biological components act on their own while we live as integrated human beings, so IT efforts should build organizations into living organisms.  I'll buy that, but an organism can't shut down or upgrade its living systems (organ transplants, hip replacements) without taking the whole organism out of action for a while.  It's a worthwhile analogy if IT systems are self-diagnostic and can schedule their own repair cycles, the way living cells repair themselves with new proteins.  He thinks overnight shippers like FedEx act like logistics "clouds."  I do know something about logistics, and I buy his analogy here.  FedEx's tracking process is like a transparent SaaS providing real-time system diagnostics.  He gave 3D printing a brief mention, implying it enables cloud manufacturing.  Lean IT components can't be built piecemeal but organizations will resist the change from a big integrated solution.  Sounds like IT people need a PMP-qualified change champion who can sell lean IT up the org chart.  He mentioned scale as a durable competitive advantage and touted Daniel McCallum's Civil War-era railroad management technique of assigning one person to monitor every 50 miles of track as the basis for the management of modern organizational scale.  He also noted that the Israeli military optimizes for resiliency, not scale, with a command structure that enables fluid replacement of key positions in combat.  The bottom line is that lean IT must build for resiliency in its components, not scale.  This sea-change in what constitutes a durable competitive advantage will be hard for the largest organizations because it implies that much of their scale will be made redundant once 3D printing, outsourced logistics, and other developments cut out big parts of their operations.  

Lew Tucker is the cloud dude at Cisco.  He said apps are narrowcast and designed for a single purpose, but a network must respond to the needs of apps.  Huh?  I don't know what he means, so I'm glad I don't work in IT.  He named four broad changes driving IT innovation:
1.  Internet of Everything (is it a Cisco trademark? seems like an evolution of the Internet of Things)
2.  Software Defined Network (SDN)
3.  Big Data
4.  Cloud Platform
BTW, if you dislike my heavy use of Wikipedia definitions, you can buzz off.  Wiki sources vary in quality but they are preferable to a branded corporate definition and their links are more or less permanent.  Lew said that SDN allows software to interact dynamically with a network, all on its own.  SDNs now have APIs enabling optimization.  An "app-centric net" merges what were several different IT layers.  This demands integrated policies governing enterprise IT.  Dynamic control of IT parameters and layers aligns supply and demand, not just for internal IT services but for deployment of resources across the whole enterprise.  I interpret this to mean that procurement and deployment of modules for an ERP system architecture require extreme flexibility, and cloud apps augment this flexibility.  There are other interpretations, of course, but the non-IT manager will interface the cloud using whatever ERP API their work group uses.  The PMP change champs will make sure that the API resembles Facebook.  Lew contends that IT pros need to revisit old subject like control theory and statistics; I take this to mean that there are time-tested methods for ensuring APIs and their governing policies are valid for large numbers of cases.  His bottom line is that disrupting the traditional IT cycle with those four numbered changes creates opportunities for startups to add value to this new virtual cycle.

Michael Barrett is the Chief Information Security Officer guy from PayPal with a British accent.  Maybe he's the only guy there with a British accent.  He predicts the imminent obsolescence of passwords as infosec barriers.  Yes!  I'd welcome that if it means biometrics can make online ID verification more secure.  He advocates considering alternative authentication methods that won't hurt the Internet's growth.  Password cracking is easily scriptable.  Most people use the same password for their email accounts and financial service providers.  Poor passwords and reusing passwords often are dumb.  The IT security manger's "sweet spot" is where high usability meets high security in a matrix that pays homage to a Gartner Magic Quadrant.  Michael leads the FIDO Alliance push for open standards in fully integrated authentication.  Commonplace biometric devices will encourage deployment of new protocols with stronger two-factor authentication.  Cloud adoption, better authentication, and federated identity combine in a perfect storm.  Biometrics should be stored on local devices because that's the user interface; this enhances cloud adoption without risk of putting biometric data into the cloud itself.  I find it difficult to add anything to Michael's vision other than applause.  Biometric devices and protocols have been around for decades and privacy arguments should not stand in the way of implementation.  A biometric print is the ultimate non-counterfeit authentication.  

William "Bill" Ruh from GE spoke on "Clouds, Big Data, and Brilliant Machines."  The coming of the "Industrial Internet" will transform IT with modeling, analytics, and deep signatures.  IMHO this impacts production with 3D printing sourcing designs from everywhere and routing them to production anywhere.  Unlocking value means fundamentally changing data collection and analysis.  Allow me to segue a bit here while paraphrasing one of his salient points.  Selling IT solutions like cloud on their own merits is less effective than linking IT solutions to productivity.  Link IT changes to efficiency gains, cost savings, revenue generated, project NPVs and ROI.  Bill said GE's gas turbines have 20 sensors, and one turbine generates 500 GB of data per day.  This includes predictive analysis of blade failure.  I recall attending a USF business plan competition several years ago where a startup pitched a sensor solution like this to a VC audience.  They made a bunch of sense to me but now it looks like the big firms have their own turbine sensor solutions.  The IT needs of health care and aviation are very different, so their cloud use will be different.  Applications and partner choices are not trivial.  I'm now concerned about whether anyone is considering SCADA vulnerability of cloud-to-machine connections.  Sending data from sensors and controls to the cloud means a hacker who breaks into the cloud can monitor and destroy SCADA, similar to the Stuxnet worm.

Kit Colbert from VMware had stuff to say about "Changing the Mindset of IT."  Apparently, IT still runs on a central planning mentality.  Yeah, especially in the U.S. government.  Try doing BYOD without an explicit exception to policy from three levels up and your personal device will be confiscated, without reimbursement.  Kit wants to virtualize resources behind IT's background interactives.  The app layer can present user with a menu of services and their costs of use.  Sounds like IT a-la-carte.  IT should provision capacity before users arrive, then enable users' requests.  It should work like FedEx's internalization of a self-service logistics model.  There's that FedEx model again.  IT pros envy FedEx's business model and financial analysts consider it to be a bellwether stock.  FedEx is doing something right to earn that much attention.  Is Berkshire Hathaway a FedEx shareholder?  Just sayin'.  Policy governance of user actions should enable user preference for virtualization of services.  Analytical tools give IT pros data on trends, capacity, and user choices that will aid decisions on system growth and governance.  My non-IT interpretation of this stuff is that the new IT mindset must internalize preferences for enabling broad infrastructure choices.  

Dave McCrory from Warner Music told us all about the "Origin of Data Gravity."  He invented the concept of data gravity and blogs about it regularly.  His theory starts with the observation that a spectrum running from lower latency to higher bandwidth offers a tradeoff for closing gaps between apps and data.  There's an accelerative effect as an app moves closer to data due to lower latency.  Terminal velocity is a point of location for data where gravity adds no value.  I believe he's doing innovative work with this theory, but one part of his presentation I disagreed with was when he displayed a linear depiction of what the knowledge management community calls the cognitive hierarchy.  He connected them with cybernetic feedback loops but giving cognition a linear structure becomes chaotic if you don't build it in layers.  The pyramidal cognitive hierarchy's layers imply the use of controls and filters to sift data into understanding.  This IMHO is a more valid model than cybernetic feedback loops.  He moves from one state to another by reducing uncertainty, which is precisely analogous to moving up the cognitive hierarchy.  He matches the OODA loop to each of his four steps and even throws in a concurrent PDSA cycle.  Picture this . . .

Data / Information / Knowledge / Action
Observe / Orient / Decide / Act
Plan / Do / Study / Act

I note that Dave replaces "Understanding" with "Action" in the cognition steps.  That obliterates the need for decision makers to understand before they act, and if you want action there's enough of it in the OODA and PDSA progressions without going for a perfect match in all three schemes.  IMHO matching things like this is too simplistic.  OODA and PDSA are non-linear processes that lead back to their beginnings at the end of a cycle.  I want to develop the proper relationship between OODA and cognition, so watch my special reports page on my main site.

Dave's thesis is that data gravity shrinks gaps between each of those four phases, accelerating cycle time and shortening cybernetic feedback loops.  I like the guy's theory and I plan to link it to existing theories.  Like I said, watch this space.

Jim Davies from Mitel had something to say about "Cloud Formations:  A Framework for Cloud Decision Making."  The big hype around cloud transitions hinders rational planning.  He argues for keeping answers independent when answering framework questions; this preserves your flexibility.  He suggests asking three questions:
1.  Does the proposed app meet requirements?  (his most important question)
2.  How do I want to deploy the app?  (not a one-time decision)
3.  How will I pay?
Jim visualized those questions as three axes of a Rubik's cube.  Don't get locked into one block.  Build contracts so you can move from one area to another.  View your IT choices with an engineer's eye to an independent variable problem.  You can't outsource accountability for making these choices even if you outsource execution of cloud components to third-party vendors.

The final Wednesday speaker was a guy introducing Cloud Connect China.  I could tell by his brief topic introductions that cloud philosophies in China are radically different from those in America.  He mentioned that there were five "cloud model cities."  Designation of those cities and articulation of the national cloud plan are all centrally-planned ideas!  Read back up into my synopsis about the shortcomings of centrally planned IT.  The People's Republic of China will never allow fully articulated IT structures to grow in their country because it would weaken the regime's control of information.  That need for control will retard China's competitiveness in everything it does.  The Chinese guy also made a point about China encouraging small and medium enterprises to use public clouds.  I must presume that these public clouds all have back doors installed so the Chinese police state can monitor internal data traffic.  No way would I want to be a medium-sized American business that opens a Chinese subsidiary if surrendering control of IT architecture is the price to pay for market access.  China just doesn't understand the cloud except as another means of social control.  

Now I'll cover the Thursday keynotes, all of which were free of charge once again.  Steve Wylie and Scott Bils discussed the Everest Group research results in more detail.  Users clearly prefer private clouds for all workloads.  Uh-oh, that's bad news for those China central planners who want everything in a public cloud.  Call the Politburo and tell them they won't be getting business from the Fortune 500.  Buyers tend to be unaware of IaaS services in public clouds.  They're also probably unaware of Chinese back doors in those public clouds, if you know what I mean.  You'll have to read the rest of those research results yourself.  My own need for cloud services is very limited anyway.

Thursday's panel was titled "Are Clouds the Gateway Drug to a Quantified Society?"  I had to wonder at the choice of title given some audience snickers.  Is there an unspoken, underground tradition of drug use in the general IT community, and Silicon Valley in particular?  I can see how repeat customer service nightmares can drive an IT pro to drink but harder drugs are a serious matter.  Maybe the title is some inside joke at the expense of Silicon Valley types who cross over into the rave scene or go to Burning Man.  I'm not part of anything like that, so it's a mystery to me.  Whatever.  Ann Winblad from Hummer Winblad moderated this gaggle of tech stars.  Here comes the stream of consciousness version of the panel's insights, without specific attribution.  Business success is increasingly determined by access to real-time data.  There are no API substitutes.  API provides the agility required to turn organizations into organisms.  Fully integrated "cloud of cloud" infrastructure requires certain decisions.  Enterprises must have open sources and open standards to use clouds.  Ouch, more bad news for China!  Open source solutions can solve problems that proprietary systems can't solve, because you can reassemble system components quickly.  IMHO proprietary platforms will only have niche appeal once open source dominates the cloud.  Consumers don't care if a downloaded app is from an open source or not.  It only matters at the enterprise level if the choice of open versus proprietary affects productivity.

Cloudified apps that facilitate data flows from devices (mobile, SCADA, smart grid IMHO) will drive the connection of billions of devices to enterprise clouds.  This implies VCs like Hummer Winblad should buy cloudified startups.  "Elastic" is not as descriptive as "adaptive" when evaluating public versus private infrastructure choices.  System flexibility determines how much an enterprise builds out.  The whole panel was a big fan of Amazon's build out of cloud as "shadow IT."  They admit Amazon's pricing model is a benchmark for competing vendors of cloud solutions.  Amazon's AWS revenues aren't segregated but the panel estimated them at several billion dollars.  I think Amazon can get more future growth from public cloud services than B2C goods transactions.  Security means keeping your "attack face" small.  I can't find a good definition of "attack face."  It sounds similar to what the military might call a vehicle's silhouette or radar signature.  The best practices in cloud security are still undefined.  That's exactly why American-hosted systems will be increasingly vulnerable to Chinese hackers until we get our stuff squared away.  Vendors must design security into systems during development.  Security isn't the only risk in the cloud.  The lack of knowledgeable operators means it's hard to extract full value from quality systems. DevOps is both a cultural movement and a technical shift.  DevOps and IT can benefit from closer alignment.  IMHO fielding a cloud implies a KM effort to ensure whole enterprise knows how to benefit from its components.

Nathan Day from SoftLayer told us that "Performance is Not a Commodity."  Automobile performance depends on speed, miles per gallon, cost, etc.  Performance means different things to different people.  Think about what matters to your organization.  "Bare metal" pure horsepower isn't possible in virtualization.  Tradeoffs are inevitable.  Don't trust vendors' claimed benchmarks.  Hire third party testing, or test against your own existing benchmarks.  Use standard deviations to assess consistency of performance when scaling up potential system build-outs by size.  Virtualization is a tool, not a requirement for cloud.  I don't have much to add here, so this stuff is published for the sake of completion.

Margaret Dawson is the VP of public cloud stuff at HP.  She asked us all to stand up and yell "Grizzly!"  I sat and remained silent.  I don't mind watching other people display enthusiasm for life but don't expect any enthusiasm from me.  Margaret wanted to tell us about "Fear and Loathing in Corporate IT."  The era of "Gonzo IT" blurs the lines between enterprise-wide IT strategy and the shadow IT of multiple services.  She gave us some options:  Ignore it, tolerate it, police it, or  . . . take control.  IT must control cloud utilization in partnership with business' larger strategy.  You know, after attending enough of these enterprise and cloud conventions over the years, I get the distinct impression that IT pros need to be hectored over and over again that they need to be an integral part of a for-profit strategy.  I wonder what the cultural imperatives are among IT people that inhibit so many of them from thinking like business people.  The same could probably be said about other professions in back-office functions.  She has an eight-step model for IT folks.  Good for her; I had an eight-step model in the Army to plan training events.  Know what data you already have and decide how much of it is mission-critical.  Shut down processes that don't matter.  Review non-IT departments' key performance indicators (like marketing's lead conversion ratio) and adapt them to IT processes.  IT people should own the ROIs of shared KPIs.  She peppered her talk with references to what's hot at HP, like open stack architecture.  Cool.  HP will be around for a while because people like Margaret can talk about business metrics in an IT vocabulary.

Lisa Larson from Rackspace was up next.  She said IT pros' jobs are jeopardized when other business units go out and buy their own solutions as shadow IT not governed by enterprise policy.  IT pros are passionate about playing with leading edge tech but their time is consumed with managing existing infrastructure.  Good infrastructure empowers an enterprise's users with self-service tools so they don't have to buy their own shadow IT.  The IT pros are then freed from daily system management routines and can spend time innovating.  CIOs should not have to build new data centers if they adapt to clouds.

Joe Weinman was the final keynoter.  He is the author of Cloudonomics, the first comprehensive study of how the cloud delivers real business metrics.  He asked us rhetorically why we're doing all of this cloud stuff and where we think it's headed.  I know where I'm headed; straight to the public library to check out a free copy of his book.  Hard metrics are indispensable.  Cloud benefits include a capex to opex translation, and the reduction of unit costs through scale.  The correct IT strategy is cost optimization because IT is now a commodified service.  Cloud combines a pay-per-use, on-demand model with scalable enterprise IT services that have heretofore existed separately.  He mentioned that the Jevons paradox really mean the price inelasticity of demand; I won't spoil the explanation here, so I need to go read his book.  He referred to Nicholas Carr's book, Does IT Matter?, and answered it with NO because it's non-strategic and non-differentiated.  That's why the correct strategy is cost optimization.  He referred to fixed effects models of firm profitability that show the ROI of IT investment.  This is heady stuff!  Now we're getting somewhere serious.  Goldcorp crowdsourced its mining data, which amazes me because I didn't think miners understood IT except as a repository for geographic modeling tools.  I really think Joe's CLOUD acronym and its supporting equations are brilliant.  He finished by arguing that a hybrid cloud is the optimal solution.

The expo floor was full, for the first time in a couple of years.  That's anecdotal evidence of the enterprise IT sector's financial health.  I scored some free T-shirts but didn't win any of the giveaway prizes.  I didn't score any phone numbers of attractive women, but frankly I wasn't trying.  Cloud Connect is a nice break from my normal routine on the circuits for the natural resource sector and financial community.  See you next year, cloud people.