After The Clouds

In the past few years an interesting exchange of opinions has been taking place between Larry Ellison and Marc Benioff, respectively CEOs of Oracle Corporation and

This debate was summarised by Bob Evans writing in Forbes Magazine. (1)
Computerworld and InformationWeek carried at the time good descriptions of the discussion. (2)& (3)

I had in mind this type of discussion when I wrote my previous post about the Cloud ( ) .

The Web is full of exchanges like these, where marketing strategies are forcibly confused with analysis, and the discussion becomes a distraction if not even the cause of more confusion for the business and technical leaders considering Cloud adoption.

Terms like “false cloud” and “real cloud” mobilize underlying subjectivities and commitments but are not rational arguments.

To begin with, there is nothing like a “false cloud” or a “real cloud”. The Cloud is not a coherent, finished, complete thing, that could be defined once and for all. It is not only still in the making, but also it is essentially not a technical phenomenon.

We can see that many discussions about the Cloud (and the Ellison-Benioff debate was no exception) set comparisons around technical capabilities like “virtualization”, “efficiency” or “Java-enablement.” To be fair, in this debate Benioff did make very good points, addressing non-technological qualities of the Cloud, for example that it has to be “democratic” and “economic.”

Technical differentiators are fine, and each technology house will have some technical solutions, hopefully well integrated into their offerings, but Cloud consumers (either companies or individuals) should not get distracted by these functionalities or impressive hardware specifications because the Cloud is above all a social and historical phenomenon.

Certainly, the roots of this phenomenon are economic in nature, and they are global, but none of the technologies and efficiency principles at play are new. These existed since the inception of the electronic computing era and were not invented recently as many experts seem to believe!

It is the global extension, the variety of user types, the diversity of applications and services, and the explosion of business models what really makes the Cloud. Benioff’s Salesforce is not less “true” than Ellison’s database in the Cloud. These are only two modes, perhaps one more innovative than the other, corresponding to two modes of usage of computing resources.

While the Ellison model is perhaps ideal for some organisations, the Benioff model is definitely beneficial for others; and we can see companies using both in different combinations. Who can be confused about the coexistence of various modalities of Cloud solutions?

I am particularly interested in this matter because the Ellison-Benioff debate tends to reappear when we discuss Security requirements and Identity Management projects in the Cloud. Questions arise about the use of Software as a Service or application platforms (SAAS + Infrastructure). Which is more secure and which is more efficient?
The old approach is still the best in these matters: Neither the application nor the platform should be chosen in and by themselves!

It is high time that the IT professions abandon the out-dated if-it-is-new-it-is-good approach. Technology is not always good and it is especially bad if we do not start from a clear concept of the users of technology.
In this respect, I would insist that the Cloud is created, effectively exists only because of the diversification of users and access routes. How you serve these requirements comes second.

So my advice always is to study the access route matrix, i.e. the combination of user types, device types, credentials, assurance levels, locations and application types that are or will be in play. From the Access Route Matrix we can derive the type of Cloud that will be necessary: Private, Hybrid or Public, and the many combinations between these modalities.

We need to accept the Cloud for what it is: a heterogeneous environment with a multitude of offerings. This environment will not become less complex in the future, but actually larger and more complex. It is counterproductive to assume that a particular marketing strategy represents the “true cloud” versus all the rest, or that some clever combination of infrastructure and software will rule over all the others. That thinking is anchored in the past, when companies were supposed to choose “one” provider or “one” solution for their needs.

The Cloud changes this because in the same way that there is no single type of user (e.g. the “enterprise user”) there is also no single type of application or infrastructure platform. It is also the case that different applications can be optimal even if they run on very different platforms. Isn’t it the beauty of the Cloud that market forces will determine adoption, technology mix and mobility? Why should a software capability be linked forever to a specific platform or infrastructure?

One would hope that the offering of choice would have enough efficiency, virtualization, security, redundancy and all the other desirable capabilities, but if you do not face the new landscape of users, partners, third parties, trusted and not trusted environments at a global scale, how “economical” will be your Cloud?

This is particularly relevant for Identity Management solutions, considering that Identity Data is not concentrated around any particular point of the network-of-networks that is the Cloud. Identity data performance becomes more critical than old-style security focused on multiple layers of protection around the applications. How you manage identity data contributes more to security than how deep you bury your application. So if the data is not concentrated in any one point and if the enterprise does not own the majority of the data anymore, where are you going to build your new Chinese Wall?

Some organisations tend to see the Cloud as an extension of the enterprise realm, and some platform vendors contribute to this mirage by “extending” proprietary platforms as Cloud platforms. This is entirely justified during the current transition period, when companies and cloud consumers in general will have various combinations of traditional enterprise, private and public Cloud adoption levels; but we must look beyond this towards a period “after the Cloud”, i.e. a period when the Cloud has ceased to be a novelty, a marketing term or a “challenge”. An era when the Cloud will be our normal space of action, and there will be no more reason for “false” or “true” doctrines.