Utility Computing

In an earlier post on this site, I introduced the idea that Utility Computing was such a great idea that everyone should be doing it. A nice postulation … but one that is not being reflected in the real world. Why? I stand by my praise of Utility Computing in my earlier post – and there’s even a good chance that YOU agree with me (seeing as you are a reader of this blog) – but we are not seeing the adoption of Utility Computing that we would hope for. I would suggest that this is due to a number of factors:

1. Utility Computing is relatively new – and people don’t really know about it. There is a mindshift that needs to take place amongst people who USE technology, and this will take time. Getting people to understand that they DON’T need to have a server in their back room in order to run a business means that they have to rethink their approach to technology.
2. Fear of Change – related to the above point is the fact that because people don’t understand how this works, they (naturally) find it hard to trust it. Surely if they give their applications and data to someone else, they will lose control of them? How will they be able to be flexible when they don’t have their own applications on site? Business people will come to learn that they actually GAIN flexibility and control in a Utility Computing model – but this will take time and education.
3. No one else is doing it – this is a common objection – and its just not true. Google Premier Applications (a great example of Utility Computing) has over 1.75 million businesses using their service! We advocates of Utility Computing need to be more vocal about successes like this – this one is entirely OUR fault, and shows that we need to get better at telling the story, and getting the message out to prospective customers.
4. Traditional technology advisors are against it – The technology advisors for many businesses are hardware and software vendors – and many of them (quite correctly) see Utility Computing as something that will be detrimental to their business. As such, its not a high priority for these vendors to educate their customers on the virtues of Utility Computing
5. Security Concerns – Its strange that the same people who keep their server in the back of their office and perform the occasional untested backup are concerned about the security of their data – but I hear this one a LOT. In a Utility Computing infrastructure, data is encrypted along with being physically and digitally protected. Data is replicated to multiple servers (unless you’re Microsoft) in real time – meaning that you (and only you) ALWAYS have access to your data, no matter what disaster may befall one data center
6. We use specialized software – In fact, most people do. And while this may not be as straightforward as replacing your MS-Exchange with Google Applications, it can definitely be done, and there are plenty of great Utility Computing companies out there (like Hoolipot) who can help customers get their non-hosted software into a Utility Computing infrastructure. Technology has caught up with the “dream” of Utility Computing – and its now something we can ALL do.

So, working on the assumption that readers of this blog are fans of Utility Computing, what should we do? I would suggest that our course of action needs to start with Education. We need to teach people what Utility Computing is all about – to counter the propaganda they are hearing from their hardware salespeople – and to demonstrate to them that this is the safest, most economical route for their business. We need to become “evangelists” for Utility Computing (minus the robes) and infect others (minus the H1N1) with our enthusiasm for it.

Any other ideas? Comment below!!

Another week, another scare … and it seems that this is yet another case of people trusting their data to the wrong people … and those people doing a lousy job of protecting it. For those that haven’t heard about the Sidekick fail, check out articles here, here and here. This recent failure should teach us a number of lessons – but a distrust of Utility or Cloud Computing shouldn’t be amongst them. The two lessons that I would suggest we learn are:

1. Architect your solutions properly – Part of the reason why everything fell in a heap was the very strange design that the Sidekick operating system used. In the event that a Sidekick was powered down/reset, it would reload all its data from the server – with a rule in place that meant that the server would “win” any conflicts. So, when Microsoft lost all the customers’ data, the devices compared their internally stored data to the blank space on the server, assumed the server was right, and overwrote the data with blank space. Nice, huh?
2. Work with the right providers – If you are looking for a Utility Computing or Cloud Computing provider, seek out professional organizations. Whether you love or hate Microsoft, you have to admit that they aren’t a player in this space – and the only reason that they are even involved is because of an acquisition they conducted early last year. Also, you have to remember that Microsoft have their own competing mobile operating system – and some commentators are even suggesting that they may have done this on purpose (of course there is no evidence of that, but you can see the conspiracy theorists going there, can’t you?).

So – what does this mean for Utility Computing? Just that – architect your solutions well, work with the right business partners and keep believing in Utility Computing.

I’m being facetious. Let me just point that out from the start.

Earlier this week, a news article came out about Google and Hotmail (amongst others) email account information being posted online. Not exactly the news you want to hear if you are considering a switch to Utility Computing, right? I mean, if ALL your business applications (not just your email) were online, could people really access them this easily? Possibly.

The account information that was posted was obtained through phishing attacks. People who “phish” pretend to be someone else in order to get access to your information. It’s a classic confidence scam, and would be like someone turning up at your office, telling you they were there to fix the computers, and then walking out the door with them. Unfortunately, that sort of thing happens all the time. In other words, there’s really nothing new about phishing, its just a new word (and some new tools) for something that has been going on since the dawn of time.

But here’s the problem – the internet is the great multiplier. Instead of the bad guy turning up at a single office under the guise of being a computer repairman, he can sit at home and send emails to tens of millions of people with just a few clicks. Even if only a fraction of a percent of the people who get the email “fall for it”, the bad guy now has thousands of pieces of data that he can use to commit further fraud. So, instead of hitting 3 offices a day, he can hit millions of people with less effort, and probably less risk. Its the same multiplier that the spam emailers use – even if only 0.001% of people they email actually decide they need a little Viagra, they have been successful. And they have done all this at virtually no cost. The internet has made life easier for all of us – INCLUDING the bad guys.

So – does this mean that Utility Computing applications are unsafe? Well, it depends on whether you would let someone into your office without checking their ID. It depends on whether your colleagues would give out confidential information without being sure of who was getting it. In other words, this COULD happen to you … and that’s why you need to be careful. Follow all the standard security advice – change your passwords regularly, don’t use passwords that are easy to guess, ensure that you are accessing secure sites … and (unfortunately) be less trusting. Technology alone won’t prevent these con-artists from continuing their efforts – threat models can reinvent themselves in less than a month while technology standards can take up to 10 years to catch up.

But to answer the question posed by the title of this post – does this mean that Utility Computing won’t work? No. This is not a reflection on Utility Computing – it is a reflection on the fact that the bad guys can now reach more people than ever before, and we all have to be more careful – and less trusting – than even before.

I was talking to someone this morning about online financial applications. They made a comment that online versions of financial management software tend to have fewer “bells and whistles” than locally-installed versions … and that the only reason that people would consider an online version would be if they had multiple locations that all needed to access common information. I’m sure that this is a pretty common perspective when it comes to online applications – after all, why would you NOT have something as important as your financial data installed where you could control it best – in your own office? Let me answer that – in two parts:

Fewer Bells and Whistles
I worked for a software company for over 12 years. For most of that time, I worked in Product Management and Strategy – determining future direction of the software products, and deciding which features would be included in the upcoming releases. We always said that product features were determined by studying the market and listening to our customers’ requests … but in reality, that’s not what happened at all. In most cases, WE would (internally) come up with the features that we thought would work in the product, and THEN look for customer requests that supported our decisions. We put in features that WE thought would be cool, or the Engineering team thought would be cool, or the VP of Engineering thought would be cool … and sometimes, that would match customer demand too. After working in this environment for so many years, I would estimate that the average user of our software regularly used about 20% of the functionality that was actually there – because that was all he/she needed. More often than not, the bells and whistles included in a software product are not really there for any good reason at all – its just more code that can contain bugs and more configuration options that can confuse users. So why not keep it simple?

Install Locally as Default
Up until recently, there really was no option. Network bandwidth limitations, security concerns and data storage were all good reasons why local installs were the only way that software was implemented. But let’s look at the facts/fallacies associated with this now:

• Fallacy: Your data is more secure if its on your own computer equipment. Actually, the big data leaks that have made the news recently have happened when people have “lost” laptops containing sensitive data. Companies providing hosting services understand the importance of data security, and spend a lot of money and time making sure that they have the best protection systems in place – after all, its their business. Compare that to the server you have sitting under a desk in the back of your office – which do you think is more safe?
• Fact: The bandwidth limitations of yesterday are gone – network bandwidth is now far cheaper, and more available than it has ever been in the past. This means that applications can now run across the internet at similar speeds to locally installed applications. Look at Amazon.com, Travelocity.com or Hotmail.com as examples.
• Fallacy: You will lose control of your applications if they are hosted . Actually, you will have more ability to control your applications if they are hosted because you are not concerned with software and hardware upgrades, backups and the like. Nicholas Carr¹ made the point that “Ironically, even as many smaller companies are embracing hardware hosting, software-as-aservice, and other forms of utility computing, many others are currently building up their IT assets, drawn by low component costs. I think those companies are going to end up regretting a lot of the investments they’re making. They’ll soon find that the highest IT costs aren’t component costs but labor costs, maintenance costs, electricity costs, and other secondary expenses – and that owning your own gear ends up reducing your flexibility rather than increasing it”.
• Fact: Hosted applications are much cheaper to operate than locally installed ones. Even just considering the basic “office” applications, Forrester Research has estimated that these applications cost the average business $300 per user per year. Once you include labor costs, that estimate becomes even worse – in fact, for a 10 person company, the cost per employee per year for Microsoft Exhange 2007 is in excess of $4500! Compare this to $426 per employee per year (including all labor costs) for a better online solution! That’s a 90% cost saving!
• Fallacy: Your backups will work for you in the case of a disaster. Have you ever tried restoring from a backup and operating your business from it?In around 95% of cases, it doesn’t work. Applications and configurations change over time, and backups are rarely reconfigured to keep up with these changes. Online applications have backup built in – data is automatically replicated so that even if a meteor took out a whole data center, another one containing the same information would be instantly online – without even a blip.

So I guess, my response to the person I was talking to was predictable. Keep applications simple … and use hosted applications wherever possible … especially in small businesses!

¹ “An IT Sea Change for Smaller Companies” – http://www.roughtype.com/archives/2006/09/an_it_sea_chang.php