The Red Hat 2013 Cloud Computing Predictions
December 17, 2012
by: Cloud Computing Team
The next entry in our series of 2013 technology and IT trend predictionsfocuses on our perspective for the cloud industry heading into next year.Here’s our take on what’s to come for the cloud.
Security becomes more consumable.
If you pay any attention whatsoever to tech press coverage and IT industryanalyst reports, you know that security concerns about “the cloud” (howeverthat term is being used at the moment) consistently top the list of adoptionconcerns. Even if naïve cloud safe/unsafe arguments have mostly beenretired in favor of more subtle discussions, there's still a lot of complexityand uncertainty.
This is partly because the “security” moniker often serves as a sort ofshorthand for a variety of compliance, audit, regulatory, legal andgovernance issues that are often only indirectly related. It's also because,as an industry, we're dealing often with new approaches to computing anddelivering application services that don't have clear historical antecedentsand established approaches to mitigating associated risk. As a result,dealing with security and associated concerns in the cloud sometimesseem to require true experts in the field, who are almost by definition infairly short supply.
That's why we're encouraged by the efforts of organizations like the CloudSecurity Alliance (CSA), which Red Hat joined back in October. The CSA'smission is to promote the use of best practices for providing securityassurance within cloud computing, and to provide education on the uses ofcloud computing to help secure additional forms of computing. While theCSA's work benefits everyone, its most important role may be“democratizing” the process of securing and running clouds so thatorganizations operating and using clouds don't need security rocketscientists on staff. Expect to see tools for more easily and systematicallysecuring clouds gain more attention in 2013.
But data security and privacy remain vexing, and increasingly high-profile, issues.
At one level, protecting against data breaches in the datacenter is a fairlystraightforward security problem without many new wrinkles relative to thepractices that IT professionals have been following for decades. However,in many respects, we are in a place that's different in kind from times past.
Some of this difference is about connectedness and scale. While securitymodels have been shifting from walled perimeters to defense-in-depthsince the early days of the web and e-commerce, cloud-based applicationsmade up of composable services from multiple sources vastly increasepotential attack surfaces. It's a vastly more complicated security problemthan setting the ports correctly on a firewall.
Perhaps even more problematic, though, is even determining how specificdata and data relationships need to be treated and which laws apply. AsDave Einstein noted in a recent post on Forbes: “Adding to the uncertaintyis piecemeal evolution of regulations governing privacy and data security,which depend largely on where you live and do business. Europe, Australiaand Canada are in the forefront of tackling data protection, while the U.S.lags, leaving a thorny legal landscape for multi-national Internetcompanies.”
We expect the overall data security and privacy situation to get worsebefore it gets better. After all, some of the issues date back to before theInternet went mainstream. The issues have just become more visible andmore complicated. We've already seen big fines imposed for evenrelatively minor medical records breaches. Expect to read about morefines in the coming year but only incremental movement ahead on themacro issues around appropriate uses of data.
Bring-Your-Own-Device doubters reach the fifth step: Acceptance.
BYOD is one of the trends that some like to cite as a key cloud securityissue given that it takes control away from IT and puts it in the hands ofusers. More than once we've read an IT professional opining in thecomments to an article along the lines of “Just you wait. Enterprise ITdepartments are going to come to their senses and take the iPads out ofthose darned kids. And get off my lawn.” (Or something along those lines.)
The thing is that those “darned kids” probably include the CEO and otherexecutives. And look around any organization that's not part of thegovernment or in a highly regulated industry and, chances are, most of thesmartphones you see aren't company-issued and provisioned. And thetablets that you probably spy as well are far more commonly purchased byemployees for some combination of personal and work use—to the degreethat we can even still draw a sharp line between such spheres of activity ingeneral. Bring-your-own-PC is a more complicated issue, for a variety ofreasons, but PCs are being “consumerized” as well.
In most cases, BYOD is going to require IT departments to do somecombination of rolling out new products, educating users and adopting newprocesses. At the very least, they need to understand potential exposuresand come up with a plan for dealing with them. But just saying “no” isn't arealistic option for the large majority of organizations. And that meansacceptance is the only reasonable path forward.
Hybrid shows up in ever more conversations.
IT consumerization is also one component (though only a component) ofanother cloud computing trend—hybrid cloud computing. Hybrid commonlyrefers to cloud management that spans both on-premise (or dedicatedresources at a hosting provider) and multi-tenant public clouds—althoughclouds can be heterogeneous in other ways as well.
The consumerization angle is that early public cloud usage was oftencharacterized by users gaining access to computing resources with acredit card because their IT department wasn't moving quickly enough.Such usage can also be outside the scope of any IT governance practices.That can be good for flexibility and speed but it can have a stark downsideif there's a data breach or if an application developed using a public cloudcan't be easily put into production on-premise.
The idea behind a hybrid cloud is that resources can be made available tousers as easily as if they were accessing a public cloud while keeping theprocess under centralized policy-based IT management, as you can usingRed Hat's CloudForms’ open, hybrid cloud management. Organizationsare also increasingly looking to hybrid cloud architectures as a way to havea more dynamic computing architecture over time. There are only a modestnumber of hybrid computing architectures in production today, but themovement towards hybrid is clear. That's why industry analysts such asGartner are recommending that organizations “design private clouddeployments with interoperability and future hybrid in mind.”1 Expect tohear even more about hybrid clouds in the coming year.
OpenStack demonstrates the power of community innovation.
Openness is one of the most important enablers of hybrid IT because ithelps users avoid lock-in to vendors and specific ecosystems. And not justopen source but openness across multiple dimensions including APIs,standards and the the requirement that permission to use intellectualproperty, like copyrights and patents, must be granted in ways that makethe technology open and accessible to the user. Openness is also abouthaving vibrant, upstream communities that are at the heart of the innovationthat the open source development model makes possible.
The OpenStack Infrastructure-as-a-Service (IaaS) project is a greatexample of community-driven development. That community is a big part ofthe reason that Red Hat joined the OpenStack Foundation, of which it's aPlatinum Member. Red Hat's a big contributor to OpenStack, the secondlargest by last count, but it's a broad community with more than 180contributing companies and 400 contributing developers.
We believe that 2013 is going to see all that developer involvement lead tocommercial product in the same way that the open source developmentmodel has led to innovative products in operating systems, middlewareand countless other areas. The details of how OpenStack is developed andgoverned have their unique nuances—as is the case with pretty much everymajor open source project—but ultimately the breadth and depth ofcommunity has to be counted as a huge strength.
Private (and hybrid) Platform-as-a-Service (PaaS) goes mainstream.
Like other aspects of cloud computing, PaaS has evolved in response tothe market. The basic idea of PaaS—that many application developersdon't want to be exposed to and have to deal with the underlying operatingsystem and associated plumbing—remains in place. However, PaaSplatforms that limit developers to a specific language on a specific hostingplatform have only seen lukewarm acceptance. And it's telling that anumber of language- and framework-specific PaaSes have shifted towarda more polyglot (multiple languages/frameworks) strategy.
However, for many organizations, moving all of their development into apublic cloud is too big a step even if they can choose their tools.Alternatively, they may simply not want to give up some of the features,such as auto-scaling and application multi-tenancy, that a PaaS canprovide once they move an application into production on-premise. Themanagement tools a PaaS like Red Hat's OpenShift offers to systemadmins can help address these issues and demonstrate that a PaaSneedn't be just a tool for developers.
Thus, as has been the case with IaaS, we expect that PaaS is going toincreasingly be seen not just as a public cloud capability, but as a privateand hybrid one. Perhaps even primarily as private and hybrid, at least asfar as enterprise application development is concerned. There are alreadysome early examples of private PaaS in the market but we predict that thetrend is going to really accelerate in 2013.
1 Source: Design Your Private Cloud With Hybrid in Mind 24 February 2012 #G00230748
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.