2012 All About the Cloud dates announced: May 8-10, San Francisco
2011 Conference Highlights
- Conference Media: A complete synopsis of the conference...keynote presentations, general sessions, and even intereviews with your colleagues on key cloud related topics.
- Look Who Attended: You'll find an impressive list of 500 senior software industry executives.
- Media/Press Center: Check out our press coverage, as well as all our conference alerts and releases.
- Speaker Roster: We assembled more than 75 seasoned thought-leaders for a jam-packed agenda.
- Sponsors / Industry Partners: We are grateful for the considerable support of our 50 sponsors and industry partners!
- Software CODiE Winners Announced: Congratulations to the companies selected as CODiE winners in business software categories!
- Music Video: Enjoy the first "All About the Cloud" music video!
All About the Cloud Blog 
What is Next for US Federal Cloud Implementation?
Wed, 15 Feb 2012 21:46
By Andras Szakal, vice president and chief technology officer for IBM U.S. Federal
The government is making steady progress in executing the reforms outlined in its 25-Point Plan, delivering many ahead of schedule. At the core of this is the shift to cloud-oriented shared services, which hold great promise for government. Avoiding the redundancy of having each department’s IT shop develop its own software for managing personnel or dealing with public-information requests accounts for nearly half the $932 million in IT savings it has identified through its TechStat program for reviewing IT.
New Federal Risk and Authorization Management Program (FedRAMP) security standards are an important step to make it easy for agencies to purchase cloud and other services from approved vendors. They outline ways to standardize security requirements and contract language for implementing cloud-based IT applications. But they are just that — an outline — rather than a detailed roadmap to cloud implementation.
To be sure, cloud won’t be a one size fits all approach when it comes to government implementation. In most cases, a combination of different approaches — private clouds, hybrid clouds and public clouds — should all be examined to determine which approach makes the most sense for the specific need that is being met.
Applications like e-mail, content management, and back-up have been relatively easy to move to the cloud. But using cloud architectures to improve core functions and make development of processes quicker, while reducing duplication of effort will require careful analysis of each application to determine the best migration path.
Functions that are common to many agencies are natural fits for a traditional cloud model, while unique, dedicated functions are often better managed in dedicated systems that allow the flexibility to adapt to underlying business flows. Law enforcement case management and intelligence analysis systems, for example, require unique capabilities and security needs, which require greater agency control and dedicated systems support.
In cases like these, it often makes sense to use virtualization technologies inside government data centers. Many government programs have security needs that are easier to secure internally. Agencies can achieve some of the cost-cutting benefits of cloud technology by adopting “private clouds,” which are easier to secure because information never moves outside of a dedicated data center.
The coming year is an exciting time for Federal IT, as FedRAMP and the move to shared services — whether in the form of public or private clouds — provide the structure that will help new projects for cost cutting take root, ultimately saving taxpayers money by helping government become more efficient.
Andras Szakal is participating in a panel on the U.S. Government’s efforts to reform and improve the operational efficiency of its massive IT infrastructure tomorrow at CloudGov.
Andras Szakal is responsible for IBM’s industry solution technology strategy in support of the U.S. Federal customer.
Reply to Chertoff: Do Not Let the Perfect be the Enemy of the Good on Privacy and the Cloud
Fri, 10 Feb 2012 18:57
In his recent op-ed (Cloud computing and the looming global privacy battle, February 9, 2012), Michael Chertoff properly worries about privacy in the cloud. But he’s wrong to think that all problems are equally important or that they all must be solved at once.
We shouldn’t wait for harmonized privacy regimes before making progress on cross border data flows. The priority going forward should be a system of clear and simple procedures that allow global companies to comply with substantively different privacy regimes. In the absence of simple compliance procedures, millions of dollars will be spent on unnecessary bureaucratic paper shuffling instead of on productive investments that can generate economic growth and jobs. Eliminating this waste must be a priority, especially given the worldwide economic challenges.
One way forward is through international agreements that put streamlined compliance procedures in place. To accomplish this, countries have to be willing to approve data transfers across borders when companies demonstrate that they are in compliance with local rules. Mechanisms adopted by the Asia Pacific Economic Cooperation group move in this direction. Proposals tabled in the Trans Pacific Partnership trade discussions also contain this key idea. And the European Union’s proposed data protection regulation provides that compliance can be based on contracts, binding corporate rules or codes of conduct approved by single EU member regulator.
Deep integration of privacy regimes is a worthy, but distant goal. Fostering interoperability and cross border data flows are urgent immediate needs. We shouldn’t let the perfect be the enemy of the good.
Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.
SIIA All About the Cloud Video Preview
Fri, 06 Jan 2012 16:35
Check out this video preview of what’s to come at SIIA’s All About the Cloud 2012.
Katie Carlson is Program Manager for the SIIA Software Division.
SIIA Issue Brief: Native App or Web Site?
Mon, 08 Aug 2011 17:48
Native App or Web Site?
Deciding Your Next Step in Mobile
Authored by:
Paul Moceri, Deloitte
David Smud, Deloitte
Daniel Vitulich, Deloitte
Nolan Wright, Appcelerator
The next installment in SIIA’s Issue Brief series discusses the wide variety of options to publish a free mobile app. The following quick reference chart covers a number of factors you should consider when choosing your route.
Download the complete paper for an in-depth review of these factors, along with use cases and more!
Rhianna Collier Announces 2012 CODiE Nominations Now Open
Mon, 08 Aug 2011 16:19
Nominations are now open for the 2012 CODiE Awards – until October 7th. Nominate today and check out the 2012 CODiE website for more information.
SIIA releases guide to cloud computing for policy makers
Tue, 26 Jul 2011 15:33
Today, SIIA released an authoritative guide to cloud computing for policymakers. The white paper provides a roadmap for fostering the development of the cloud and harnessing its full economic potential.
Cloud computing doesn’t require legislation or regulation in order to safely and rapidly grow. In fact, cloud-specific regulations could impede the industry from realizing its full potential as a key economic engine. Policymakers should join with industry to foster best practices and see that they are properly enforced.
Cloud computing already provides a favorable environment for applying many security measures, it provides a strong engine for growth across businesses and regions around the world, and it can lead to greater choice and lower prices for consumers. SIIA encourages policymakers to promote open standards for software and data interoperability and embrace a global approach that allows for the unrestricted transfer of data across borders.
In order to reap the full economic benefits of cloud computing, policymakers should:
1. Avoid cloud-specific rules and policies, in favor of policies that apply broadly to a wide range of technologies and services, and those that maintain a level playing field for cloud computing and all approaches to remote computing and data storage.
2. Promote open standards for software and data interoperability and avoid policies that would favor one particular business model or technology over another.
3. Promote policies that allow to the greatest extent possible, unrestricted transfer of data across borders.
4. Encourage rules governing data to travel with the data in order to adequately recognize varying jurisdictional requirements, and ensure data subjects do not lose protection when their data is stored and processed in the cloud, or in any remote computing environment.
5. Avoid localization mandates, or any policies that would give preference to data processors using only local facilities or operating locally.
6. Seek interoperable privacy regimes in which countries recognize each other’s privacy rules to the greatest extent possible.
7. Embrace a global approach to cybersecurity that recognizes the global nature of interconnected systems and provides for data to be protected regardless of where it is located, and that seeks international consensus standards that avoid fragmented, unpredictable national requirements.
View the full report, or get the highlights in the executive summary.
Check out coverage in Post Tech and PC World.
Debunking the Myths of Cloud Computing: Cloud Computing Is not Secure
Tue, 21 Jun 2011 15:09
Cloud computing myth #1: “It isn’t secure”
In fact, cloud computing can deliver greater security at lower cost. As the Obama Administration recently said, “Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations.” So why does the myth persist?
In cloud computing, a provider houses and processes the data outside of the facilities and administrative control of the enterprise that owns it. Contractual arrangements and guarantees have to substitute for institutional security measures. This puts a premium on the proper selection of the cloud provider, and that can be scary.
But finding the right cloud provider doesn’t create inherently greater security risks. In fact, storing and processing data in the cloud can increase information security, reduce risks of unauthorized access, and save information security resources.
It is true that storing information in a central place creates a greater incentive for hackers–Willie Sutton robbed banks because that’s where the money was. The more money in the bank vault, the more interested Willie would be. The same is true of information gold: large concentrations of valuable information attract thieves.
But precisely for that reason providers of large data centers take extra precautions. For private clouds, there is really no difference between a large amount of data stored on premises and the same amount stored in a remote facility. They both have to be protected and the safeguards are largely the same. In a public cloud where data from several customers are combined in the same facility, special administrative and physical controls are used to provide adequate protection.
The advantage of centralized data storage is economies of scale, as Darrell West pointed out at a recent Brookings Institution event on cybersecurity. The combined nature of computing resources in the cloud enables providers to enhance such key security techniques as prediction and detection of threats, and to provide for quick remediation through streamlined installation of solutions. A small company cannot afford to hire the best security experts or keep up with the latest and most expensive control technology. But a large data center can. For this reason, cloud storage for smaller companies is more secure than local storage.
There’s no question that providers of multi-tenant cloud architectures must take special precautions. But that is true in many industries. To meet the special needs of the payment card industry, the card networks developed the Payment Card Industry Data Security Standard (PCI DSS), which put in place specific requirements for those who store process or transmit cardholder data. The same can take place in the cloud industry pursuant to a variety of information security initiatives.
Some have thought that special security needs for an industry should mean special security laws for that industry. But that is a mistake. The payment card industry developed PCI DSS autonomously – with no involvement of regulators or legislators. Moreover, regulators should not be mandating specific standards because it can freeze innovation where it is needed most–in developing new techniques to protect data. For this reason, special security laws applicable only to the cloud environment are not necessary.
Can the cloud be new and scary from the point of view of information security? Yes. But it is important to locate the true source of the fears. It is not an intrinsic riskiness of the cloud environment. The cloud is as safe as or safer than on-premises computing. The real concern should be finding the right provider who can deliver the increased security that the cloud makes possible. The industry needs to develop mechanisms that can help cloud customers make this decision with a greater sense of confidence.
Cloud Computing Localization: The Wrong Way to Go
Fri, 17 Jun 2011 16:39
One of the Obama Administration’s major initiatives is to push a cloud-first policy for US government information and communication technology (ICT) investments. With costs of on-premises data storage, software programs, and computer infrastructure soaring as part of the Federal ICT budget, it only makes sense for the Government to cut costs by taking advantage of the cost efficiencies that result from using remote computing services. Success in this effort might mean that the government will never have to construct a costly new data center ever again.
Unfortunately, the imposition of short-sighted government rules poses a great risk to these benefits. Many countries have passed or are seeking to pass laws that require the construction of local computer facilities or that prevent the free flow of information to remote servers. The rationale is sometimes to foster a local processing industry or to preserve domestic employment – even though the biggest employment gains for a local economy result from the increases in growth made possible by inexpensive computing services. Fears that information in the cloud is insecure contribute to the rationale, even though remote facilities can do a better and cheaper job of keeping information safe and secure.
Regardless of the motivation, these rules have the effect of preventing cloud computing providers from creating the most efficient combination of networks and computer systems. Instead of building one large data center to house and process information from a variety of countries or regions, cloud providers would have to build one data center for each country or region, thereby unnecessarily increasing costs. In some cases, this would mean that the service could not be provided economically at all because the scale would be too small.
For this reason, the US has adopted an international posture in favor of the free flow of information and against requirements for domestic ICT facilities. We even persuaded our partners in the European Union to go along with us. The recently negotiated EU-US ICT trade agreement contains a principle favoring unrestricted cross-border information flows. It says that “Governments should not prevent service suppliers of other countries, or customers of those suppliers, from electronically transferring information internally or across borders, accessing publicly available information, or accessing their own information stored in other countries.”
The agreement also embodies a principle urging governments not to impose local infrastructure requirements: “Governments should not require ICT service suppliers to use local infrastructure, or establish a local presence, as a condition of supplying services.”
In a domestic reflection of this policy, the Obama Administration recently recommended a provision in its proposed cybersecurity legislation that would bar local jurisdictions from requiring the presence of data processing facilities in its local area. It said: “Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations. This new industry should not be crippled by protectionist measures, so the proposal prevents states from requiring companies to build their data centers in that state, except where expressly authorized by federal law.”
The U.S. State Department is engaged with our European partners and with Japan to oppose localization requirements in other countries. The United States Trade Representative is looking to push for bi-lateral trade agreements that incorporate provisions in favor of the unrestricted flow of information and against localization requirements.
What’s sauce for the goose, however, is sauce for the gander. If we want to push these policies successfully abroad, we must abide by them ourselves domestically.
