When I recently took delivery of my magic mouse I was struck by how aptly it was named. If it were presented to someone only a few decades ago – a smooth pebble-like object which could be used to interact with a computer by moving it or merely brushing one’s fingers across its surface – might it not have appeared magical? Mr. Jobs’ elegant creations brought to life Arthur C Clarke’s maxim that any sufficiently advanced technology is indistinguishable from magic.

Adding to this, the world economy continues to stutter, teetering on the brink of another global recession fuelled this time by not the banks defaulting, but the prospect of entire governments being declared bankrupt. Is this really the time for fancy new technologies?

3D printing

Perhaps the most obvious transformational technology to pick as the one to watch would be 3D printing. It is hard to understate the likely impact of “printers” able to create almost any device object as common as personal computers are today, but we are quite a way from that point. At present they are relatively crude, able only to print a small range of types of plastic and quite expensive.

An interesting area to watch is the open source RepRap, which can be used to make some of the parts for additional copies of itself. The implications of machines that are able to make anything, including copies of themselves, are profound indeed, but I am not convinced that 2012 will be the year of 3D printers and fully automated manufacturing.

The Internet of Things into life

But no, I think the next big revolution will be something called the Internet of Things. So what is it? In this context I’m talking about all the Internet Protocol (IP) connected devices that litter our lives. Why does this matter? Well mainly because there are a lot of them – estimates of between 50 billion and 1 trillion by 2020 are out there. You might be thinking, “Nah, I only have a couple of computers, what are they on about?”. Well, I counted up all the IP devices in my home recently and got a surprise:

• 1 x Mac mini (our media computer – I recently cancelled Sky and we stream all TV)
• 1 x Cable modem with integrated Wireless Access Point
• 1 x ReadyNAS file server (for backups and storing large files such as movies)
• 1 x X-box
• 1 x Wii
• 2 x Mac Air Laptops
• 2 x HTC Desire Android smart phones
• 1 x Amazon Kindle
• 5 x IP CCTV security cameras
• 1 x CCTV system head unit
• 1 x Burgular alarm system
• 2 x Televisions
• 1 x Hi-fi amplifier

A total of twenty IP-connected devices! Now, I’m a well-off technologist so you could argue that I have more devices than most and that most people would not connect all their devices (like the TVs – all mine do is auto-update their firmware at present). However, first that list is for two people (my girlfriend and I) and second we are actually fairly minimalist with our technology and tend to have as few devices as possible; we have one laptop and phone each, only one pad device (the Kindle) between us, and a couple of other computers and consoles. Anyway, call it in round numbers 10 IP-connected devices each and assume there are 1bn people like us in the developed world and you get 10 billion devices in the West. Suddenly 50 billion in 8 years seems very likely, in fact if anything a bit low!

More addresses!

Until recently the potential for this explosion was also hampered by the fact that we were running out of IP addresses. IP addresses are codes like “78.31.108.54″ that are used to address machines on the Internet – that one happens to be my personal virtual machine. The old system is called IPv4 and each of the four parts of the code could be a maximum of 255, so the total possible addresses was about 256^4, 2^32, or about 4 billion (4 * 10^9). Some devices are inside home or office networks so don’t have an Internet address themselves, but if they could it would potentially accelerate the potential of the Internet of Things even more.

Recently new version of IP addressing, IPv6, has been rolled out which gives us vastly more – a mind-boggling 2^128 possible addresses, or about 3.4 * 10^38. As described in a lovely XKCD cartoon, it is unlikely that human society in anything resembling our current state will ever consume that many addresses, but I digress!

The peoples’ revolutions

For something to be a revolution you need a bit more than device proliferation though. Let’s take a step back and look at the last couple of decades and the other recent revolutions. I would like to contend that since the headline technology revolutions of my lifetime (personal computing and personal network connectivity) there have been two further major revolutions and that both of them have been community-driven, albeit reliant on the first two revolutions. As an aside, that is often the way of innovation, as in the words of W. Brian Arthur:

“Novel technologies form from combinations of existing ones, and in turn they become potential components for the construction of further technologies.”

The third technology revolution of my lifetime, and the first driven more by people than by institutions, was the World Wide Web, which grew organically without any central authority and whose content was created by people everywhere, especially in the beginning. I remember being at university and sitting in a tiny bedroom next to my room mate in the wee small hours while we both built our personal Web sites, borrowing bits from others who had gone before. Today the content is being generated by even more people now that the technical knowledge requirements have been reduced with systems like blogging and wikis.

The fourth revolution has been in software development communities. I’m cheating a bit and rolling two revolutions into one; first the open source software movement – generally free community-sourced and managed applications; second the accessible software development ecosystems that have been created for smart phones by companies like Apple and Google realising the awesome power of enabling the community to get creative with their platform. There are further examples as well, such as the popular Linux-Apache-MySQL-PHP (or Python, Perl etc) “stack” which millions of bedroom hackers and professional programmers alike use to rapidly develop their own Web applications; a free development platform created by the open source community.

The benefits of accessible app development platforms is fairly obvious (just look at all the things your smart phone can do), but amazingly some hard-headed business people are still in denial about open source software despite it being responsible for many systems that are now integral to our daily lives. The Linux operating system, to pick but one example, has proven to be massively reliable – more so on our experience than closed source Windows by a long way – and is completely free. Open source is an amazing example of functional communism at work. I’m a particular fan since I have built my entire business on open source technologies and thanks to them I’m able to undercut all my competitors and still make a healthy profit. Everyone wins!

You might be asking, “What about smart phones or social media? Are they not revolutions?”. Back in 2000 I had a Palm Pilot that could do quite a few smart phone type functions and Moore’s law has always predicted that we would have powerful computers in our pockets. Ubiquitous network connectivity is also key to smart phones but that too is a long-term trend. What has made smart phones really work compared to my old Palm Pilot has been the people-power behind the app development. As for social media, again I see that as more an evolution of technology; as far back as 1997 I was using Internet Relay Chat (IRC), usenet news and online forums, all arguably social media. It is the Web that is the revolution, driven people finding cool new ways to use that technology – social media being just a prominent example.

The hackers’ revolution

I believe that the fifth major technology revolution of my time will be the Internet of Things and that like other recent revolutions it will be powered by a community, in this case the hacker community, their innovative drive empowered by cheap open source hardware platforms.

I’m not suggesting that hardware hacking is anything new, but what has changed is the addition of ubiquitous network connectivity into the mix along with some cheap and flexible platforms such as Nanode (an Arduino board with ethernet attached) and Raspberry PI, a Linux computer for $25. Especially exciting is the fact that those innovations are both British.

In my next post I will describe how I think hacking is making a come back, how it will rocket-boost the Internet of Things revolution and how I believe that together it could be a real boon to our faltering economy.

Why small businesses matter

To my first assertion – my scepticism that this bonds scheme will actually help small businesses. Remember that the “SME” category is actually a very broad church. The usual definition is a business with less than 250 employees. There are 1.17 million such private enterprises in the UK generating about £1.29 trillion per year in turnover¹.

However, 1.02 million of those are micro businesses (under 10 employees), and such businesses tend not to have the best growth prospects; Britain’s fish-and-chip shops and car garages. The real powerhouse of economic growth is the 204,000 small (10-50) and medium (50-250) sized businesses who have already demonstrated their ability to grown beyond the micro stage. The former account for £470 billion per year (bn/y), the latter for £430 bn/y, further demonstrating their status as the “gazelles” of the economy when compared with those million-odd micro businesses who do a paltry £404 bn/y between all of them.

What I expect is that the proposed measures will help the medium-sized businesses, which is all well and good but that is only 30,000 companies. The real boon to the economy would come from supporting the 170,000 small businesses which have the most growth potential. However, speaking as one of those businesses (we employ 25 staff) I can report that there is no appetite among banks to lend to such companies without asking the directors to guarantee the loan – impractical for those of us whose livelihoods is their business – and I cannot see this approach changing that since it would rely on the existing banking systems to do that, and the banks remain entirely risk-averse.

Memset: a case example

To give some context so that you don’t think we have struggled to get finance for good reasons; we are an extremely successful multi-award-winning, multi-million pound company, growing at ~40% compound annual growth rate while simultaneously accumulating significant cash – impressive in any economic climate. We have had steady, profitable growth for 9 years and are ranked 7th in our industry of ~200 for commercial and financial strength². We want to borrow to bolster our own reserves in order to invest in infrastructure and grow even faster with our sights on global exports. The best Barclays could offer, without us guaranteeing the debt with our homes was a £200,000 loan, provided that we left it on account with them. I kid you not.

Cloud: A golden opportunity for Britain

While this might seem self-serving, I passionately believe is is important for the UK information and communications technology (ICT) industry as a whole, and as an extension to that I believe it is important for UK PLC. Following the demise of financial services, retail and construction as previous “engines of growth” for the country, and a recovery in those sectors looking unlikely in the near term, the country should be looking once more to our strengths as innovators. More than any other sector, ICT has the potential to be a real new engine of growth for Britain.

Further, now more than ever the opportunity is enormous, especially in the cloud space. I pick cloud because it is especially suitable as an export, something which we need in the UK, and because it is the fastest growing area of ICT. Gartner have predicted that the infrastructure as a service (IaaS) global market will grow from $3.7 billion in 2011 to $10.5 billion in 2014³. Currently about a third of that is believed to be Amazon Web Services, so there is lots of room for new players.

Gartner also forecast that the global Software as a Service (SaaS) market will be $12.1 billion in 2011, and that market is growing by 21% annually⁴. If that growth continues the global SaaS market will be $26 billion in 2015. Add in IaaS and an estimate for Platform as a Service (PaaS) at $5 billion⁵ and the global cloud services market could easily be worth over $40 billion by 2015.

Western Europe already has $2.7 billion of the SaaS revenue, predicted to grow to $4.8 billion in 2015. At 23.3%, Western Europe’s market share is growing faster than the global market (ie. we are gaining market share), and most excitingly growing faster than America’s at 18.7% (SaaS growth).

These are serious numbers at any scale, and as a country we are uniquely placed, both literally and in terms of economic cycle, to take advantage of the opportunities for global export of cloud services and the rapid revenue growth that would bring. One could easily envisage us within a few years being a major hub of cloud services, serving the American and European markets.

I’ve seen estimates of Britain’s share of the current global cloud market at about 10%. The source was part of a Chattham House rules presentation, so I cannot share it, but that would mean we have 44% of Western Europe’s market which seems plausible with a little squinting. In that case, if we get our act in gear and merely hold on to our share then by 2015 we could have $4 billion of the global cloud market. If we grew our market share as well then perhaps we could get to $6-$8 billion by then, which would be about 0.4% of British GBP (though there are a lot of “if’s” in there)! Given that the Treasury only expects GDP (the entire economy) to grow by 1.2%⁶ in 2012 these are potentially significant numbers. Further, cloud is just one of many exciting technology areas in which we excel, high-tech manufacturing being another. However, that vision will not come to pass unless some things change.

The high-tech brain drain

The problem is that we keep selling our golden geese! I was recently on a UKTI cloud trade mission to Silicon Valley with a bunch of other cloudy entrepreneurs. That illustrious company reminded me that we as a nation are awesome technology innovators; let’s not forget that (despite what VMware’s propaganda would have us believe) server virtualisation was pioneered with the Xen Hypervisor (hypervisors are a key technology underlying compute clouds) under Dr. Ian Pratt at Cambridge University, UK, in the late 90′s.⁷ Today, Xen is owned by Citrix, an American company, and to my dismay many of my fellow cloud missionaries were intent on seeking US investment – yet more great technical innovation being siphoned out of our shores.

The problem is two fold: First, there is a gap in the UK funding market. Fast growing small businesses (as defined above) usually need cash, but in the £2m-£10m range (roughly 10-50 people for most ICT firms) banks are not lending and the companies are too small to float on an exchange (aka “go public”). This means that those companies have to turn to venture capital, and those institutions almost always insist on a sale in 3-5 years to reap their profits. Those sales are almost always to larger, American firms.

The second part of the problem is culture. I am extremely unusual among my British technology entrepreneur peers in that I have my sights firmly on the big game. My ambition is to take Memset to the global market and have us become the next Autonomy or ARM. That means we eschew VC funding since their goals are far too short-term. My fellow entrepreneurs however, almost exclusively, believe that the way one does business is the above – get going, get VC funding, sell for a few £m, rinse and repeat (if they are serial entrepreneurs, otherwise sit on a beach I suppose). We need to challenge that culture as well and reignite our faith in our ability as scientists and technologists with outstanding skills in innovation.

An alternative

What I would like to see is Mr. Osborne using those £billions to set up a government-owned bank with the specific mandate of lending to small businesses with a proven revenue model who could accelerate their growth with additional capital. I foresee such a bank facilitating the development of our own “Mittelstand” – the German-owned SMEs that are the powerhouse of the German economy. Such a bank should not be run by civil servants, whose track record is no better than the bankers’, but by private sector professionals with expertise in high-growth SMEs.

Measures to get part-publicly-owned banks to lend (project Merlin) have failed in my view. Further, politicians are still, amazingly, operating under the misapprehension that schemes like the Enterprise Finance Guarantee are working. They are not, and similar complex schemes will just once again allow risk-averse banks to hide behind the mechanisms and not actually do what we need them to do: share a small amount of the risk with us, the golden geese, and in doing so allow us to fulfil our potential as drivers of economic prosperity.

Update: Seems I’m not the only one thinking this: “Credit easing plans ‘must go beyond the banks’” – Telegraph

However, is this new cyber security concern warranted and do we need government and/or academia to get involved with a dedicated centre for tackling the issue? In short, I don’t think so, and this is why.

Just doing our job

As a hosting company we are players in a constant cyber war going on quietly behind the scenes that most people are not aware of. We have been successfully defending ourselves and our customers against hackers, script kiddies and DoSers for as long as I’ve been in the industry (since 1998). The weapons (bot nets and internet connections) have got bigger and the complexity of the systems and hacks has become more sophisticated, but we have evolved too.

We host 20,000 of Britain’s largest and busiest Web sites. In just the last week our automated denial of service (DOS) protection system, affectionately known as the “DOS-squasher”, blocked just over 200 attacks aimed at our clients. None of them even knew that anything untoward had happened.

On my personal server alone in the last week there were over 50 break-in attempts, all automatically deflected by a combination of good password choice, operating system lock down and firewalling. Multiplied up across our entire server estate that amounts to someone trying to compromise one of our customers’ servers every few seconds.

We regularly handle phishing sites and such which have been set up by criminals on compromised customer servers (it should be noted that they are generally only hacked only when we are not managing the security for them and usually as a result of a poor password) as part of the day job. Again, nothing terribly exciting for us and where necessary we liaise with the police.

I am uncertain that a government- or education-run department would add much value here. Instead I would advocate their drawing on the vast experience of the hosting and Internet Service Providers’ businesses in the UK by encouraging or incentivising us to pool our best minds to tackle possible threats to national infrastructure.

People and education

Now, it is true to say that we struggle to find good people with the right skills, but again I don’t think a university programme focussed on cyber security is necessarily the right approach. The soldiers and lieutenants in the silent cyber war are systems administrators and network engineers. They have the skills, but more of the good ones get those skills on the job. What I would like to see is more universities doing courses like those found at Portsmouth.

Half of our recent operations recruits have come straight from their computer network management and design BSc, a course that actually teaches them the skills they need to be a systems administrator. I’d like to see more courses like that, including modules on cyber security training for as standard within them. I do not believe it needs a special skill set since security should be part the curriculum for any IT training.

Serious crime

As well as kids in bedrooms with an axe to grind some cyber threats fall into the category of serious crime. On a consumer level there are the phishing sites, out to steal your credit card or online banking details by pretending to be a trusted brand, and at a business level there are threats and extortion. Take a typical gambling Web site; they could easily be bringing in tens of thousands of pounds per day. They get a major distributed denial of service attach (dDOS) which takes them out for a few minutes. Rattled, they then receive an email demanding thousands of pounds with threats of a much more prolonged dDOS if they don’t pay up. What do they do? Well, they pay. I can’t name names, but I know this has happened.

dDOS attacks are typically launched from “bot nets”, or collections of compromised personal computers and servers. While alone any one of those machines, usually on the end of a home ADSL connection, cannot do much damage, if thousands of them flood a Web site with bogus requests Unfortunately the only real defense against such is to have more bandwidth than an attacker, but with more companies moving to cloud providers with massive pipes like us that means that the attacker would need a bot net of many thousands of machines to cause damage.

This is serious crime and as with any crime should be the domain of the police. A good central authority that was able to track down hackers, phishers and protection racketeers, working with us, would be welcome. At present the police are not especially responsive and often don’t appear to understand the issues at hand.

National threats

When looking at a national level, such as the rumored attacks against Georgia originating from Russia back in 2008, that is something that central intelligence agencies such as CESG should be prepared for. However, again, the people who have the expertise and the means to help are the existing ISPs.

One concept I did quite like, however, was that of being able to “attack back”. One possible way to defend oneself against dDOS attacks is to launch your own attack on the originating sources from a number of ultra-high bandwidth locations. This has the effect of tying up, or even crashing, the bot net computers and making it difficult to control them. The problem here is that the bot net are innocent, zombies if you will that have been infected and are only guilty of having poor security (aka. “running Windows” . The real target should be the command and control servers, but determining where they are is not usually a quick task. Again, here, it should be the job and/or CESG of finding out who the perpetrators are and bringing them to justice.

Regardless, as I said before, the best defence against this sort of real cyber war is to have bigger pipes than your attacker. If we want to ensure our national network is not vulnerable then we need to be investing in it, and in our international connectivity, so that we can stay ahead of developing nations. Last year we were falling behind Eastern Europe, but we may have recovered a little now.

Conclusion

In short, cyber crime and cyber warfare are nothing new – it is just that they have recently entered the public and political consciousness. Government should simply support us, the ISPs, in our existing activities.

As for education, they should a) stop putting off teenagers by teaching them that “ICT” means “Microsoft Office” and b) at a university level actually teach students the skills that the industry needs, not dead operating systems and languages.

Cloud computing can be regarded as essentially the provision of computing resources and/or software as a utility, in the same way that your business uses familiar utilities, such as electricity, water, gas etc. Cloud computing enables you to pay for computing resources as you need them. These services are provided over the internet, on a consumption-based pay-as-you-use model, with short-term contracts and without up-front expenditure.

Whether you realise it or not, you’re probably already using cloud-based services. Facebook and Google are two prominent companies offering cloud-based software as a free online service to billions of users across the world. Google, for example, hosts a set of online productivity tools and applications in the cloud such as email, word processing, calendars, photo sharing, and website creation tools.

Broadly speaking, to be considered “cloud computing” an application’s data and core processing functions would be hosted/stored and managed online or ‘in the cloud’, and accessible from any PC, laptop or mobile device with a network connection in real-time.

In this context, “in the cloud” actually means that the application, along with the data it uses, is installed one or many powerful computers called servers, which are similar to home computers but in a different form factor and without screens, that reside within specially adapted buildings called data centres. Data centres are like warehouses filled with banks of servers in cabinets called racks. Data centres have powerful air conditioning systems to keep the servers cool and highly resilient power and internet connections. A picture of one of ours before being filled up is here.

Three Flavours of Cloud – the “service models”

One of the biggest confusions over cloud comes from the fact that it actually applies to a number of different layers in the “stack”. Don’t worry about what I mean by the stack, but if you’re curious see this post. There are three flavours of cloud, which broadly go down in cost but up in the required level of technical know-how in the order I have listed below:

Software-as-a-Service (SaaS)

These are usually applications or services that you access via a Web browser. Google Mail and Google Docs are examples of this kind of cloud computing. Some companies host an application on the internet that many users sign-up for and use without any concern about where, how, by whom the compute cycles and storage bits are provided.

Some SaaS is delivered via customised client applications, for example if you use Twitter or Facebook from an app on your phone. Our own SquirrelSave personal cloud backup product is also an example of SaaS in that sense – you, the user, doesn’t have to worry about where the data is getting stored nor the internal workings of the platform we have developed.

A better term than “software” might be “application”, since the platform part is also really just software, but SaaS has already gained wide acceptance. SaaS is usually the most expensive form of cloud since you are paying for the software as well as the underlying infrastructure and it requires no technical know-how. Examples of paid SaaS include Salesforce.com, though presently the most widely known examples are “free”. Of course, nothing is truly free, and by giving away their services companies like Facebook and Google are getting something – your information and time.

Platform-as-a-Service (PaaS)

This is a set of lower-level services such as an operating system or computer language interpreter or web server offered by a cloud provider to software developers. Developers write their application to a more or less open specification and then upload their code into the cloud where the app is hosted and automagically scalled without the developer having to worry about it overly. Microsoft Windows Azure and Google App Engine are examples of PaaS.

In old-school hosting parlance, a managed hosting service might also be considered PaaS – the developer gives the hosting provider some code, and the provider worry about how many servers, how much bandwidth (internet connectivity), etc. and just give the developer one bill. Because of the auto-scaling and ease-of-use afforded by PaaS, and the abstraction/obfuscation it gives the vendor, it usually costs a premium over renting the underlying infrastructure directly (IaaS).

For the more astute readers: You might hear people say that that Facebook is also a “platform”. This can easily get confusing; yes they provide a platform for developers to make add-ons, like the popular game FarmVille, but in reality they are just being a gateway (FarmVille runs on servers outside Facebook’s data centres) and are not providing any computer resources, so they are not providing PaaS. A similar example is Apple’s iOS platform – they provide tools to developers and a gateway to sell their apps (the app store) but if those applications that have a cloud component will likely be using IaaS or PaaS from elsewhere.

Infrastructure-as-a-Service (IaaS)

IaaS is the provision of virtual servers and storage that organisations use on a pay-as-you-go basis. This is the most powerful type of cloud in that virtually any application and any configuration that is fit for the internet can be mapped to this type of service, but is also the most technically challenging to exploit. Amazon’s Elastic Compute Cloud (EC2) and Simple Storage Service (S3) are examples of IaaS, as are our own Miniserver VM® cloud compute and Memstore™ cloud storage services.

In practice, cloud suppliers often provide additional services alongside IaaS offerings, so the boundary between IaaS and PaaS can become blurred. However in its purest form compute IaaS can be considered as a bunch of unmanaged virtual machines (VMs) for which you provide the operating system image, that can be scaled up and down (by spinning up and tearing down VMs) according to your application’s needs in near-real time (ie. within minutes). IaaS data storage is more simple, working like a giant disk drive where you only get billed for what you are using, usually on an hour-by-hour basis.

A virtual server or virtual machine (VM), is just like a normal server but is smaller in terms of CPU, RAM and disk than a whole physical server, and several sit on each physical host server. We typically put about 15 VMs on each host server, for example. VMs have the advantage that they can be created and destroyed effectively in real-time in dynamic response to demand.

Private vs. Public – “deployment models”

As well as IaaS, PaaS and SaaS (the “service models”), cloud has a number of “deployment models”. The ones I’m going to focus on here are “private” and “public” cloud. There are also “community” and “hybrid” clouds, but I’m going to save that for a later article. Also, here I am just going to briefly cover what public and private cloud means in the IaaS context.

Public cloud means that your virtual machines are sat on the same physical host servers as other clients. A private cloud is where the host servers, and in some cases the physical network or even an entire data centre facility, is dedicated to one client. When most people say “private cloud” what they usually mean is “a company’s own data centre with some virtualisation software”. This is arguably not cloud since you lose the scalability aspect. When we, as a cloud provider, say “private cloud“, we mean infrastructure dedicated to one client that we scale (by adding dedicated host servers into their set from our standby pool) as necessary. Some people would call that a “virtual private cloud”.

Moving To The Cloud?

One of the great things about cloud is that it can be experimented with very cheaply. If you are looking to make use of cloud services then I suggest just dive in! Start small, with one service, and then move more services once you are ready.

Analysts have indicated that future technology leaders will gravitate to cloud-based models as a way to deploy software and to store content, and we are certainly seeing that trend. A lot of customer start using our cloud as their development “sandbox”, costing a few £10s of pounds per month, and as they gain confidence gradually migrate more critical applications across.

I was technical co-lead on phase two of the G-Cloud project. Miles Gray of the NHS (the other lead), the technical team and I proposed a fairly detailed architecture for the G-Cloud (here). There were some core principals that we felt were vital: it would not be a “thing”, but instead a collection of cloud infrastructures, services and applications, probably mostly provided by private sector but with some public sector in there too, all bound together by open standards cloud APIs with an app store and services interchange at the heart. The Public Sector Network (PSN), the Government Secure Intranet’s (GSi) proposed successor, would be the unifying platform.

I am increasingly convinced that G-Cloud will happen. Martin Bellamy,  Ministry of Justice official and previous G-Cloud project leader thinks so, and Chris Chant, now head of the programme, certainly thinks so too! The public sector is already moving to cloud; there are a number of local government initiatives with pooling infrastructure resources and running shared services. A good example is Hampshire, who run infrastructure and services for a number of smaller local authorities, linked together via the Hampshire PSN.

There are two main features that make G-Cloud different to other government ICT projects, and which are why it will work:

1) There is no “big bang” spend. We, the supplier community, are making the up-front investments and then simply offering those services to government on a pay-as-you-go basis, with no requirement for long-term contracts. Therefore, there is little risk to government.

2) The G-Cloud services will be vastly cheaper than what government is used to paying, but will come with a seal of approval from CESG’s new Pan Government Accreditor body so that government customers can have some surety that the services meet requirements.

On the security front, working with the security work stream we proposed multiple G-Clouds, one per Business Impact Level. Applications, data, suppliers and users at similar security levels would be grouped together.

The core commercial tenet would be government not pay anyone up front to build any infrastructure or software, but instead would consume everything on a pay as you go basis, with the app store doing the billing. Suppliers’ service quality record would be shared (a bit like eBay ratings), to enable cost-quality buying decisions, and supplier switching would be straight forward thanks to the disintegrated stack approach and standardized infrastructure and platform as a services (IaaS/PaaS).

The only parts that we envisaged vital for the government to own and control (to maintain its impartiality) were the app store / services interchange and the proposed “Pan Government Accreditor” – a centralized CESG body that would pre-certify G-Cloud components (IaaS/PaaS/SaaS, stand-alone applications, etc.). Cloud economics expert, Simon Wardley, of CSC’s Leading Edge forum, agrees that it is imperative that any app store remains centralized and government controlled.

I was therefore worried to learn at a briefing on PSN at last week’s Efficient ICT, Greener Government conference that Cable & Wireless are attempting to “do an Apple” and turn PSN into a platform where they offer 3^rd party services, hosted on their infrastructure, to government, taking a slice of every transaction. Such plans should be resisted.

My other big worry about the G-Cloud was that they would only talk to the usual suspects – the large systems integrators that appear to have government ICT sewn up and have done a highly debatable job of delivering value – who I do not believe are capable of delivering the cost benefits of cloud. SMEs are going to be a vital part of the G-Cloud ecosystem, and as part of the technical architecture we envisaged ways to facilitate their entry. For example, by splitting up the stack an innovative software development SME, once they and their application was pre-certified, would not need to invest in List-X data centres to offer a secure solution, they could partner with a pre-certified IaaS or PaaS supplier and get their solution into the app store.

So, what of SMEs? Well, as an SME who has recently been signed up to the IaaS/PaaS foundation delivery partner activities for the G-Cloud project, I am pleased to report that they are staying true to their word of assigning 25% of the contracts to SMEs. The next step is for our Miniserver VM® virtual server and Memstore™ cloud storage services to go through accreditation with CESG’s new pan government accreditor. Some of the commercial aspects also need to be finalised, but the aspiration is to be able to provide IaaS to government via the G-Cloud framework as early as January 2012.

So far, so good, but there are hurdles to enable pre-certification, and thus easy buying of cheap, secure services: i) EU procurement rules remain a problem, though a framework agreement is coming out imminently which will hopefully enable pre-certification; ii) Security responsibility needs to be centralized, but getting SIROs to trust the pan government accreditor would be a major culture shift; iii) The usual suspects have huge vested interests and appear to have convinced government that a 30-40% saving is acceptable. It is not. The government should actually be aiming for a 70-80% savings on their ICT spend from the G-Cloud. If done properly, G-Cloud has the potential to be hugely disruptive and could be saving the government £12bn per year by 2020.

iCloud is a hosted storage service that will seamlessly copy and sync documents, e-mail, calendar, and contact data from a Mac or Windows PC, back and forth to iOS devices like the iPhone and iPad.

Great for those of us who are now much more mobile and face the challenge of making sure the same e-mail, contacts, calendar events, and documents are available whether you are sitting at your desk, using a tablet from home, or working on your smartphone while riding in a taxi.

Businesses, particularly small companies reliant on iOS and Mac OS X hardware, will find iCloud an appealing way to simplify file management and distribution.

However most businesses are unlikely to use iCloud until Apple adopt an open cloud standard.  The fact that iCloud won’t deliver on other platforms like Android smartphones and tablets are going to be a major hurdle for Apple to overcome.

In Apple’s defence they have done a good job with the development tools, always a key area for driving adoption of a platform technology. In a recent Appcelerator and IDC survey 51% of mobile developers said they planned to use Amazon’s cloud services in the next year, and 50% said they planned to use iCloud.

Apple also seems to be the only manufacturer that is edging away from PCs/desktop machines and encouraging greater uptake in the “cloud”. For example, MacBook Airs never came with DVD drives, and the new Mac mini range no longer have an integrated DVD drive either.  Similarly new Sandy Bridge Airs and minis can have OS X reinstalled directly over the internet rather than booting from USB or external hard/DVD drive. Apple’s mobile devices are now getting over the air updates and are no longer going to be tied to iTunes on the desktop.

Our new cloud storage solution, Memstore (in beta, live next week), uses open source software, OpenStack, combined with in-house technologies, to deliver a flexible, scalable and safe way for customers to store their data in the cloud on a pay-as-you-use basis.  The service will also be the cheapest on the market as well, in line with our “costs plus” pricing model, showing that you don’t need mega-scale to achieve low price points. According to Forbes, iCloud will be more expensive than Amazon and Google’s comparable services, which already arguably inflated.

OpenStack’s code base comes principally from Rackspace, and you might wonder why a successful company like them would give away their software? The answer is simple: Amazon. From a standing start 5 years ago Amazon Web Services has grown to an eye-watering $1.4bn in revenue. Rackspace, their leading competitor in the cloud space, is thought to have about one tenth that figure in revenue from cloud. So, Rackspace and the other out-paced cloud providers have clubbed together to create an open, interoperable cloud system. Their hope is of creating an open market for cloud resources, which would be more attractive to business users and promote innovation, and thus get bigger bite of Amazon’s lunch.

Now, last year Apple’s market valuation exceeded Microsoft, and as of this week they exceeded Exxon to become the world’s largest company valued at just over a third of a trillion dollars. So, if anyone was going to try and take on both Amazon’s somewhat open, and certainly cross-platform, cloud as well as the likely future in the form of OpenStack it would be them.

But can they really? Due to being a fairly closed system, iCloud’s success is contingent upon their iOS user base since that is the main demand area at present – personal content distribution and mobile applications. However, Google’s Android mobile operating system has over 40% of the global smartphone market in terms of devices sold/shipped and Apple only has about 15%.

Essentially Apple sees iCloud as a consumer rather than a business service – and Apple have never really been interested in enterprises or business, despite the work they done to support policies and enterprise standards like Microsoft Exchange ActiveSync on the iPhone.

In addition to the closed, proprietary, non-interoperable system being likely to put off serious business users there are two other issues. It does not look like iCloud will not come with a substantial service level agreement, which guarantees iCloud uptime or quality of service, and they don’t seemed to have paid a huge amount of attention to security. CIOs aren’t going to entrust important data to a service that may or may not be available when needed.

Still, even if it is a consumer service, Apple is a quality brand so one would have thought that security would be a priority, and these days consumers are increasingly aware of the need for keeping personal data safe, especially online.

I firmly believe that adoption of open cloud standards is one of the keys to unlock the full and global potential of cloud computing and to breaking down the duopoly of Amazon’s IaaS and Google’s consumer SaaS. Jobs & co may be making astonishing profits, and will likely continue to do so for some time, but unless they either out-landgrab Android in the smartphone and tablet market or open their doors to cross-platform services their success may be short-lived. But maybe that is not a concern. Maybe, with Jobs’ rumoured ill health, he has decided that there are few more golden apples to lay and that he should cash in while the going is good.

INTRODUCTION

As the increasing use of cloud computing and other technologies is changing the world of data management, keeping your data private and secure is an ongoing concern for everyone. As a cloud computing Infrastructure as a Service (IaaS) provider, I’m sharing an insider’s perspective on what you should be doing to keep your data safe.

IS THERE A SECURITY THREAT?

As you move data to the cloud there are many different challenges. Applications have to be designed differently. Security gets pushed further and further away from perimeter-based approaches. Security threats change when data moves to the cloud, with threats from the network or from the provider’s personnel being more pertinent than concerns over physical attack.

However, it need not be a big concern, you just need to apply the same common sense you would to sourcing any other service. Ask questions about your prospective cloud supplier; Are they financially sound? Do they have good security procedures in place? Is the infrastructure your data will be on shared with lots of other users, or will it be in it be segregated by virtualisation or even physically separate dedicated environments?

WHO TO TRUST?

Up until the existence of cloud computing the norm was to trust the IT department internally. Now that the IT department is outsourced people are asking the right questions about IT security. The focus must be on the security processes and procedures rather than the physical perimeter around the data storage devices. In many ways using the cloud can be much safer than hosting data on your own systems in your own building since a putative attacker no longer knows where to look. Even if, somehow, an individual were able to breach the heavy physical security of our data centres, they would be faced with thousands of identical-looking machines and no way of identifying their target.

The most likely source of data theft is always from within an organisation (the people), therefore for data management when it is not on your own systems, it comes down to trust. Just as if it were hosted on a computer in your office, then you need to trust everyone who has access to that machine, so if outsourcing to the cloud you need to trust the organisation that has access to the underlying infrastructure. Look for companies that have appropriate certifications like ISO27001 (as a minimum), and ask them about how they regulate and monitor their systems administrators’ access to servers holding client data.

THREATS FROM THE NETWORK

The other increasingly common source of attacks on cloud-based services is via the network itself. This can be greatly mitigated with good firewall systems, and if your services only need be accessed from a small number of office locations then the firewall should restrict access to only those IP addresses. That can prevent the helpful feature of universal access, however, so it may not be practical, but even then firewalling is important. Talk to the provider and they should be able to advise you.

For public-facing services there is also the danger of Distributed Denial of Service attack (dDoS), where servers are flooded with millions of bogus requests from hacked computers (a “bot-net”). Most providers should have a system for automatically detecting and blocking the source of such attacks, so ask them, but in cases where the attack is massively distributed the only defence is to have more bandwidth than the attackers, which means you need to be using an operator with large scale.

CONFIDENTIALITY

Confidentiality is a major question to ask your cloud hosting provider. Having the right tools in place to ensure that confidentiality is also being maintained is critical. So, some questions would be:

• What mechanism do you have to protect and securely deliver logs?
• What are you actually able to log?
• What activity are you recording within your cloud?
• Can the integrity of those logs be assured?

BACKUPS & DATA RESILIENCE

When entrusting a cloud provider to look after your data it is essential to ensure that there is adequate resilience in their storage systems. At a minimum they should be using RAID (Redundant Array of Independent Disks) systems, but most cloud storage providers will store multiple copies of your data across many independent machines. Memset’s cloud storage solution (currently in beta testing) stores all data in triplicate, for example.

Most providers will offer additional backup services, and these should certainly be considered when operating cloud based applications so that in the event of a serious hardware failure you can roll back to an earlier state. Also ask the provider what their normal restore times are.

Finally, as we have seen with the recent failure of Amazon’s Simple Storage Service, which included irrecoverable loss of some customer data, sometimes it is not enough to trust one provider. To help overcome this problem we will soon be rolling out a service to backup client’s cloud storage accounts with other providers’ onto our storage cloud.

WHERE IS YOUR DATA BEING STORED?

Although pushing data into the cloud is proving increasingly attractive for many organisations, there’s a growing realisation that geographic considerations remain important.

While the overriding concept of cloud involves the decoupling of data and applications from the underlying hardware on which they reside, knowing where that hardware is located can be vitally important.

For reasons of security, legal jurisdiction and privacy, many organisations are obliged to be aware where sensitive data is stored.  For British companies, data may need to be stored within UK borders for data protection purposes. For the majority of UK public sector IT requirements the data absolutely must remain within national boundaries.

THE PATRIOT ACT

Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities.

Microsoft has recently admitted that any EU-stored data, held in their EU-data centres, is subject to the US Patriot Act as Microsoft is a US headquartered company.

If you don’t want your data subject to the PATRIOT Act, then you have to use a non-US based company, in addition to a non-US data centre, for storing your data.

WHO CONTROLS YOUR DATA?

One risk with Software as a Service (SaaS) is that all your eggs are effectively in one basket, and if something goes wrong with that one provider you could face serious challenges. Memset’s approach is to disintegrate the stack enabling you to be able to move your software from one place to another. A typical example of this is using third party open source solutions to deliver hosted software services on their infrastructure. That way if the software provider fails you can still get to the data, and if the hosting company fails (assuming you have good backups) the software company can help you transfer to a new host.

DATA SEGREGATION

Many SaaS providers are essentially running one application for thousands (or many more) client organisations, with their data commingling on the same infrastructure and in the same databases separated only by the software itself. This presents a potential security risk, since if there is a flaw in the provider’s code it could be exploited to allow access to other customers’ data. For some services this may not be a problem, but for critical company or personal data it may be advisable to obtain additional segregation.

Memset’s stack disintegration approach solves this problem also. By using open source solutions (eg. Zimbra for Web email or Trac for integrated project management and Wiki), each hosted on virtual servers or dedicated servers for just that one client, there are additional layers of segregation between the software instances, thus providing greater security. While many SaaS solution’s code bases are not heavily tested, network and virtual machine segregation are very robust.

DATA PORTABILITY

You also need to think about data portability; the ability to be able to reuse your data across interoperable applications.  When weighing up SaaS suppliers, see if they have a “portability policy”. Where a privacy policy discloses what a company can do with your data, a portability policy discloses how a user can access and transfer their own data once it’s stored with that company. For IaaS providers this is normally a given, since they are just providing the infrastructure and you are able to extract the data as and when you wish at a root level.

MIGRATING OUT

Once you’re clear on who has your data, where that data is held, what they are doing with it and how they are protecting it, you also need to establish what procedures are in place to allow you to migrate your data out. Key characteristics to look for include:

• a clearly defined and established procedure for data migration
• low or no cost for migration
• data can be extracted in a meaningful, useful form for immediate re-use

For SaaS providers, look for an API or tools to download your data in a meaningful context. This could be as simple as a widget to download a CSV file (like with Google Contacts), or it might be a fully-fledged XML API. Failing that, and if taking the stack disintegration approach, ensure that the database in which the information is stored is transparent and well-documented. It is frequently not in a SaaS provider’s interest to make data portability easy though, so this can be a difficult item.

MITIGATE RISK WITH CLEAR SLAs

As with any service provider contract, you should negotiate clear SLAs for your cloud provider.  These should include, but not be limited to, clear metrics around performance (both networking and computing), provisioning, change management, patching and vulnerability remediation.

To ensure your data is safe in the cloud at all times, make sure you think about the following:

• Who has access to your data
• Where your data is held
• What they are doing with it
• How they are protecting it

CONCLUSION

In summary, the cloud is, and will continue to be, a critical part of many companies’ IT strategy so must it therefore be considered in their security policies. This role is likely to grow as a raft of new services are developed and commercialised and users’ level of familiarity and comfort with this approach to service delivery develops and grows. But it is also likely that the most effective network security strategies will be a hybrid model that takes the best that the cloud has to offer and combines it with the skills and focus of experts working on the ground.

For several years now, we’ve been running all our business systems over the ‘net  (including instant messaging, email, document management, project management & collaboration) by using open source software. Both Nick & I are huge fans of open source, so I thought I’d share why and how we use it within Memset.

As of 2008, 85 percent of businesses were using open source software, according to Gartner. That percentage has probably increased since then as more and more businesses find that they consistently get great value – and the desired ROI – from open source software.

We turned to open source for a number of reasons:

• Price. You don’t need to pay licensing to Microsoft anymore, simply download the open source software and install it, and don’t pay a penny. Furthermore, you usually get unrestricted access to the source code enabling you to modify it to suit your requirements.
• Flexibility. Once you have the software installed you are free to host your applications wherever you like. This means you no longer need to put all your information in one basket, say with Google, so instead you’re able to separate the software from the host and own your own data. A good example of how to achieve that would be Zimbra; an open source suite of office applications which can be hosted by any managed hosting provider. We have customers who rent a virtual machine from us and have us install Zimbra on it.
• Improved Productivity. By using open source software and adapting it to suit our needs, with fairly minimal development effort, we’ve been able to build on those foundations to automate a large number of our processes such as account billing, administration, provisioning, maintenance and monitoring activities so that they require very little staff input.
• Desktop Free. Because they are all Web based it makes it really easy for people to work from home, or anywhere for that matter. We have now migrated most of our staff to ‘nix-based systems (mostly Linux, but some of us use MacOS), and all they need is just a browser and an email client. Firefox & Thunderbird are certainly enterprise-strength, for example, and there are plenty of solid open source server-side solutions.
• Increased Security. In my opinion, open source applications tend to be even more secure than their commercial equivalents as open source communities are generally able to find and fix security vulnerabilities much quicker than their corporate counterparts. The very weakness pointed out by software companies like Microsoft (ie. that the source code is visible) is in reality its greatest security strength.

But what if it stops being supported?

Perhaps the biggest objection to open source I hear is, “But what if the solution I’m using stops being supported by the open source community?”. First off, you have this problem with commercial software; what if the supplier fails, or in the case of one like Microsoft what happens when they change version and stop supporting yours.

That is not the real answer though; one of the real beauties of open source software is that it is designed to be, well, open. All the solutions we use (see below) are based on open database architectures (often MySQL) with lots of documentation, so that even in the worst case scenario of the package no longer being supported, all of our business information is available in an open, accessible format, requiring only a little DBA time to extract. Try doing the same with a proprietary software’s internal data base!

Also, because the solutions are self-hosted (ie. you’re getting the software from someone other than the person providing the hosting) you are in total control of your own data. We do not use Google Docs, for example, mainly because I don’t want all my company information to be stored on a random server somewhere in the world with no guarantees of security.

Example: TRAC (Integrated Project Management & Wiki)

We use a mixture of in-house developed system and open source solutions such as Trac (project management & Wiki) and Sugar CRM to deliver an interlinking suite of information management tools which are available to everyone in the company.

Customer information is stored in a master central database, and by using rapid software development platforms like Django we have been able to quickly and cheaply add all the features and tools we need with our own internal development team.

However, the key element in the context of information management is probably our Wiki; it contains all procedural information and the distilled wisdom of the people in the company. You get complete version control and logging for free with the software, and those built-in auditing features helped make getting our ISO9001 accreditation a breeze.

Trac is invaluable for sharing information between teams, keeping track of changes to documents and projects, listing outstanding issues, assigning jobs and creating visibility of each others’ workflow. Being able to have an organised central location where everyone can go is great. It is certainly a lot better then trying to pass around .doc files from one person to the other, or constantly uploading and downloading .doc files to and from Sharepoint and having to worry about out of date versions. And, as its Web-based, you can access your data online from any computer, anywhere, secured and encrypted over HTTPS.

Example: SugarCRM

Sugar OS is an open source CRM application bringing a feature-rich set of business processes that enhance marketing effectiveness, drive sales performance, improve customer satisfaction and provide executive insight into business performance.

At Memset we use SugarCRM to improve productivity and sales effectiveness through the sales lead management functionality.

Example: Request Tracker

RT is an open source issue tracking and workflow platform. We use this software for all our customer technical support. It allows us to keep track of and assign assign tickets and to monitor who is working on which tasks, what’s already been done and when the tasks were completed.

Example: Openfire (chat)

Openfire, is an open source XMPP/Jabber server for instant messaging. Sure, you could use MSN, but we prefer not to have Microsoft listening in on our corporate communcations. We self-host and fully encrypt our internal instant messaging chat.

These are just a small selection of the open source solutions we have implemented at Memset. Also, despite us having a lot of technical know-how, you really do not need to be an expert to use these open source systems.

Even if you do not have the very basic systems administration skills in-house there are plenty of companies like Memset who will happily host and manage these services for you, while still giving you full control and data-ownership. With more and more companies looking to Cloud-based business management services like these, open source really is coming of age, even for the most security-conscious companies; Memset is fully ISO27001 certified and can ensure that your business-critical data remains 100% under your control, within UK borders.

Open source should be considered as a viable option for your business as it provides better value for money, lower costs, increased productivity and improved security.

What is Cloud Computing

Cloud computing can be regarded as essentially the provision of computing resources and/or software as a utility, in the same way that your small business uses familiar utilities, such as electricity, water, gas etc. Cloud computing enables you to pay for computing resources as you need them. These services are provided over the internet, on a consumption-based pay-as-you-use model, with short-term contracts and without up-front expenditure.

Cloud computing enables applications, documents, emails and other information to be hosted/stored and managed online or ‘in the cloud’, making them accessible from any PC, laptop or mobile device, and importantly, in real-time. It also negates the need to download or install dedicated software on your own computer, making home working simpler and reducing the need for powerful PCs (and therefore cost). A more technically detailed definition of cloud computing is here.

The Benefits

There are two major benefits of cloud computing. The first is cost saving. Cloud eliminates the need for major IT infrastructure investment, both in the office (less need for powerful PCs) and in the data centre, improving your cash flow. It is also generally much cheaper than the traditional software approach. This is because cloud service providers are operating at massive economies of scale and are able to pool their resources and provide shared services, reducing their costs dramatically, which are in turn passed on to you the user.

Today there are very few organisations that should need to own and manage their own servers in a colocation facility, and it is certainly much more expensive for SMEs to do that themselves. Moving applications to the cloud can enable you to greatly reduce your upfront capital expenditure and slash maintenance costs.

The second is that you and your staff can access your company data, securely, from anywhere in the world. Both of these benefits will result in a major shift in the way that businesses of all sizes use computers. However initially it will be SMEs that benefit the most.

Many businesses are also now turning to cloud computing as a cheaper alternative to using traditional in-house software packages. Many Web-based cloud software services, hosted in a secure data centre, end up costing a lot less in terms of licensing and save the time and hassle involved in downloads and upgrading.

Cloud computing is also energy efficient. Cloud providers are highly motivated to reduce the power and hardware required to supply their services, and are running at sufficient economies of scale to achieve great efficiencies, which in turn reduces the costs to you. When it comes to ICT, saving money and being green are synonymous. Also, having your software Web-based enables home working and can cut down on commuting.

Worries Over Security, Availability, And Performance

The risks, of course, concern the reliability and security of cloud-based systems. With a number of high profile outages last year by providers such as Amazon S3, Google Docs, MobileMe and Twitter, SMEs are right to be cautious.

A major issue with the Cloud at present is security. However, it need not be a big concern, you just need to apply the same common sense you would to sourcing any other service. Ask questions about your prospective cloud supplier; Are they financially sound? Do they have good security procedures in place? Is the infrastructure your data will be on shared with lots of other users, or will it be in its own virtual dedicated environment?

SMEs need to look very carefully at where their data is going and who is responsible for it and they need to know it is well managed. There are plenty of British companies providing secure and cost-effective cloud based services, so just be sure to ask those questions.

If you do need to store documents, I would encourage you to do it yourself. Simply rent a server with suitable software from someone UK-based that has solid service level agreements (SLAs). You certainly don’t pay more; we can help you get setup with open source Wiki software like Trac for central knowledge sharing, document sharing and collaboration, for as little as £60/month, securely hosted on your own dedicated Miniserver VM^® at our data centre in Reading.

Tips for Moving Into the Cloud

Once you’ve weighed the pros and cons, you may be ready to take your first steps into cloud computing. Before you do, consider these tips for making a smooth transition into the cloud computing world.

Do:

• Think Big. Cloud computing is inherently scalable, which means that you can select your own level of engagement and upgrade at your own pace. Make sure your service provider will enable you to scale up your computing resource as your business grows.

• Read the agreement closely. You’ll most likely be shown an electronic contract at the outset. Read it carefully to ensure that you know what you’re paying for, what the service provider’s privacy policy is, what the availability guarantee is and so on.

• Listen to peers. Seek to learn from the experience of other organisations within your business community who have already achieved successes with cloud computing.

• Think strategically about your applications. You should decide which cloud applications will deliver the best ROI and prioritise these.

• Assess security. Ask direct questions about where your data will be stored and who will have access to it. Some providers also have 3rd party security accreditations which can give you additional reassurance.

• Make use of the subscription model. When applications run in the cloud, services are ‘rolled up’ into a predictable monthly subscription, so make sure you are not being lumbered with up-front costs.

• Consider open-source solutions. Look for ways to use free or low-cost cloud tools instead of more-expensive ones. For example, we use Postfix with Thunderbird for email, Trac integrated project management and Wiki, Sugar CRM for customer interaction and Jabber for secure individual and group instant messaging. By self-hosting these apps we’re not getting locked into paying ‘per-seat’.

Don’t:

• Not know where your data is. Users who do not know where their information is held at any given time, especially when its being stored on virtualisation systems and multi-tenancy storage area networks are making themselves vulnerable to security breaches.

• Get locked in. One of the main benefits of cloud services is that they come with little or no contract term which means you can change should the provider prove unreliable. If you are being asked to sign up for more than a few months at a time, something is wrong.

• Forget to ask for detailed security programs. Avoid any vendors that refuse to provide detailed information on security programs.

• Give in too soon. To realise the cost savings that cloud computing can deliver, you do need to be thinking about using it on a long-term basis. By significantly reducing upfront capital expenditure and management overheads, cloud computing allows SMEs to make IT investment plans, which deliver value and success over the long-term. Sometimes there will be transition pains, but it will be worth it in the long-term.

• Go with the first provider you find. Most services offer a free trial or a short term contract, and you can usually figure out quickly whether the user interface will drive you mad or is easy to use. Evaluate more than one service before deciding.

Now is an ideal time for SMEs across the UK to switch to cloud computing. The traditional software approach of installing local applications without built-in scalability and mobility is becoming out dated, and will increasingly hold back your business by depriving you of the flexibilities and cost savings afforded by cloud solutions. Further, this period of austerity where everyone is seeking to make cuts can be an ideal time to make the case for change to reticent colleagues.

The role of cloud computing in government IT – an introduction to the large G-Cloud and App Store project under way in the UK; what the UK public sector hopes to gain from a cloud approach, an overview of the proposed technical architecture, and how to deliver the benefits of cloud while still meeting government’s stringent security requirements.

To watch the video of my presentation, click here:
[See post to watch Flash video]
© http://oscon.com Kate Craig-Wood (Memset), “The Government and Cloud” under a Creative Commons license

Following my presentation I joined the panel to debate ‘A Cloudy Feature Or Can We See Trends?’

The panel of experts, including  Dion Hinchcliffe (Dachis Group), Tim O’Reilly (O’Reilly Media, Inc.) and JP Rangaswami (BT Design) discussed what’s next for cloud computing, what implications cloud creates, the role of government and what changes are we likely to see?

Questions

• Is cloud inevitable?
• Will anyone win the cloud?
• What national impacts will cloud have, will there be government regulation?
• Are we heading towards a permission based web?
• Are there any dangers you forsee?
• What’s next?

To see the video, click here:
[See post to watch Flash video]
© http://oscon.com Kate Craig-Wood (Memset), Dion Hinchcliffe (Dachis Group), Tim O’Reilly (O’Reilly Media, Inc.), JP Rangaswami (BT Design), “A Cloudy Future or Can We See Trends?” under a Creative Commons license