Is Cloud Computing Changing the IT Industry?

Do IT Professionals Need Different Skills?

Much of what IT people “do for a living” within organizations that are moving to the cloud is changing.  One of the most glaring areas is in the realm of vendor management.  With less hands-on technology to manage – particularly when acquiring software-as-a-service (SaaS) and platform-as-a-service (PaaS) cloud offerings – organizations are less reliant on the broad swath of traditional “IT guys” (and gals) who do “IT stuff”: there’s less of a need for in-house people who build and manage physical servers, database administrators (DBAs), developers, and other traditional IT tasks.  In a cloud-centric world, the valuable IT person is one who can define, negotiate, track and hold their cloud vendors accountable through mechanisms such as contract terms and conditions, as well as service level agreements (SLAs).  Of course, this does not mean that the IT function of cloud consumers can be simply handled by other groups such as Legal or Accounting; the contractual components of cloud service management require a fairly deep technical knowledge, to define key performance indicators (KPIs) and other metrics that are critical for ensuring that cloud service providers are held accountable.

For organizations that consume lower-level cloud offerings such as infrastructure-as-a-service (IaaS) or storage-as-a-service (STaaS, such as Amazon’s S3 platform), hands-on, technical IT knowledge is still very much required.  What changes in those cases, however, is the type of IT knowledge that’s most important.  IT personnel need to be able to package systems in a manner that allows their solutions to be deployed and managed effectively to the cloud.  This means understanding how hypervisor-based deployments work (since cloud infrastructures use virtualization to provide elasticity and scalability), and implementing properties such as application partitioning (avoiding monolithic architectures), deployment automation (such as on-demand provisioning), recovery mechanisms, and transportability.

Where is IT Management Happening?

IT management in cloud environments occurs both within the cloud – often provided by the cloud vendor, or a managed service provider – as well as in the corporate IT office.  The fact is internal IT teams still need to manage some infrastructure, even when they have cloud application access.  For the most part, they’re still using traditional IP networks to connect to the cloud, and they’re (usually) using traditional IT technology – desktops, laptops and tablets – to connect to their cloud-deployed applications through these internal networks.  So in that sense, I don’t foresee traditional, technical IT management completely going away, even in organizations which have deep cloud integration.

However, the question of management on the cloud side of the equation will vary greatly.  Some cloud providers are “infrastructure only” – they provide the environment and a simplified, self-service provisioning system, and leave it up to the buyer to determine how the cloud resources are used.  In such cases, management may be done by the customer’s own IT personnel, or it may be handled by a third-party managed services provider who specializes in management of cloud resources.  In other cases – particularly SaaS and PaaS environments – the cloud vendor themselves provides all of the technology management by addressing provisioning, scalability, upgrades and other issues.  Vendors such as SalesForce.com and Microsoft Office Online are examples of this model.

Who Handles Security?

Security is one of the most challenging aspects of cloud deployment, and those challenges fall into two broad categories: security controls, and compliance.  On the security controls side of the equation, cloud consumers often have no knowledge of the underlying architecture of their cloud service provider; they have access to the environment only through a limited user interface, or programmatic interfaces such as RESTful APIs.  Cloud customers don’t – and never will – control hypervisor patching, multi-tenancy configuration (which, if done incorrectly, can allow data “bleed” between customers), aggregate capacity, hardware specifications, power, or other things that can introduce threats to their applications and data.  And unfortunately, the cloud is experiencing the same cycle as every other technology developed since the computer revolution began: “focus on monetizing now… worry about security later”.  So, I don’t expect wide adoption of any security standards anytime soon.

The other side of the equation – compliance – is a bit different.  Organizations worry more about compliance than security, because while there is no guarantee that they will experience a security incident, there is a guarantee that they will be audited against applicable regulations and standards – PCI DSS, FISMA, GLBA/FFIEC, HIPAA, and others – and sanctions will be levied for non-compliance.  To that end, many cloud vendors offer “compliant” versions of their offerings: a PCI DSS version, for example, which implements PCI DSS-mandated physical and logical controls to protect data.  Another example, FedRAMP, is the federal government’s attempt to develop minimum standards for cloud vendors who provide their services to federal government agencies.  In all of these cases, the good news is that the cloud customer can purchase services that are – allegedly – “out-of-box” compliant.  The downside is that, because these compliance efforts require deployment of additional security controls, the cost basis goes up for the cloud provider… and you can rest assured that these costs are passed directly to the cloud consumer.

Comments

  1. Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). I do agree with you Changing the IT Industry, its used in large scale over big organizations.

Trackbacks

  1. […] Is Cloud Computing Changing the IT Industry? […]

  2. […] Is Cloud Computing Changing the IT Industry? (thethreatvector.wordpress.com) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: