Thought Leaders In Cloud Computing: José Almandoz, CIO Of Novell (Part 6)

By guest author Shaloo Shalini

This part of the discussion centers around the impact of clouds on the evolution of IT in a large organization such as Novell, the need to upgrade IT skills to make services more valuable to business, private clouds and data security in the cloud.

SM: Let’s talk about the impact of the cloud on business organizations. How is the organization evolving as you adopt clouds? Do you perceive cloud computing with reference to strategic planning for, say, the rest of the organization vs., say, technology provisioning? How is the people side of the equation evolving?

JA: When I think of cloud computing in the context of IT organization, I believe this is one of the areas where you can expect more changes. Let me tell you why. You are familiar with the desire of all businesses to get more value from their IT organization. Everyone wants their IT to be more aligned with their strategy and business and be an enabler of business transformation.

The majority of organizations are frustrated because IT employees today spend a lot of time on activities such as maintaining the infrastructure, low-level services, and so forth. The more companies adopt cloud computing, the more time there will be for IT people to focus more on the business. So, I see a lot of changes happening. In terms of IT planning, IT organizations will spend less time thinking about data center service capacity and more time thinking, what are the key business needs that I need to fulfill? What in the marketplace can help to fulfill the business needs in an agile and scalable manner? So, this aspect of IT organization is going to change in terms of strategic planning approach for IT.

In terms of the rest of the organization, I see IT finally moving from just being an entity operating the technology and infrastructure to really becoming an organization that is providing IT solutions to enable the business. It will have to spend more time on business aspects and initiatives to adopt new technology to improve business processes. This is what is going to change the requirements in terms of the skills that you need from you IT organization. I see significant changes there. You will see a smaller IT organization with different skills than what it has today with more cloud computing adoption.

The other question concerning technology providers is this: the more you rely on third parties to provide the services as an application, the more vendors you will have. So, IT will spend more time managing the vendors. What is important here is the imminent change in nature of your relationships you have today with some of your vendors which are very transactional.

If I talk to an ISV, it is basically because that vendor is trying to sell me a license. If I talk to a hardware vendor, they are trying to sell me a server. What the vendor is done with this transaction, it will only come again when there is an opportunity to sell something else. As we move to a service model, now there are a lot of SLAs in the middle, and the relationship will change such that you will interact with the vendor on much more of a daily basis.

[Note to readers: An interesting viewpoint from Microsoft’s Bob Muglia on the topic of evolution of IT – cloud computing is the opportunity for evolution of IT in the form of a hybrid model of public utility computing and internal corporate/organizational technology service providers.]

SM: What are your thoughts on private clouds? How is the private cloud viewed at Novell, and what do you plan to do with the trend of private clouds?

JA: Well, the private cloud is an interesting concept. If you really think about it, it doesn’t offer you all the benefits of the cloud computing as we know. You don’t have the same scalability, you don’t have the same flexibility in the full sense that you expect if you an EC2 or any other public cloud vendor setup. What I see happening with private clouds is that they are probably the first step for companies, especially large companies, to move into a cloud. This will allow them to test virtualization. Private clouds will allow large companies to focus on their SLAs. It will also allow them to get comfortable with security in the cloud and test how it really works. So, I see it as first step in that direction. But in reality, private clouds are just the next step in a evolution of your local data center. They are for companies to get comfortable with cloud computing.

Let me now answer your question on what Novell is doing with respect to private clouds. We are migrating our traditional data center, which now is outsourced through ACS. We are moving it to an internal cloud architecture. I was driving a lot of server consolidation and virtualization, and this private cloud is going to allow us to manage all this consolidation and virtualization as a cloud. So we are moving in that direction, and it is going to save us costs, obviously. Private cloud is a step in the right direction when you talk about cloud adoption.

[Note to readers: You may want to look here for Gartner insights on how private cloud helps organizations in cost savings and reduction in delivery time of IT services from months to days.]

SM: What are your focus areas for cloud security? Are there any concerns that Novell has? How do you view data security and vulnerability in the cloud?

JA: When large companies such as Novell start thinking about leveraging the cloud, security is probably their biggest concern. At Novell, we don’t want to think only about security for the cloud. We need to have to a comprehensive security and access framework for my physical environment and cloud environment put together. We are trying to expand our security and access framework to take care of all of these environments including the cloud, virtual and physical environment. By extending this core, we are going to start to feel comfortable that we can now get new cloud services into our IT infrastructure.

The biggest concern for a large company is that you have to comply with the Sarbanes–Oxley Act (SOX) and other security, legal, and compliance issues. So, you need to take a holistic approach and not look at security only from a cloud perspective.

SM: How do you feel about putting your data in the cloud? Is there any kind of bias you have on where your data is located? If your cloud vendor puts your data in China or some other country outside the United States, would you be comfortable or will you have a problem with that?

JA: I see this as security policy that I need to consider and enforce. I expect my security infrastructure would work on that. Whenever we meet to define policies, we need to have the infrastructure in mind. At one point, we don’t want our data to be in one place even if it is through our physical environment or cloud environment for different reasons.

If there is a policy, then we can address security issues within a policy framework, and it can be applied based on the requirement. This is a dynamic thing. Once you start leveraging outsourcing or off-shoring and now cloud computing, it is very difficult to manage such issues on an ad hoc basis. You need to have a framework to handle such evolving requirements with respect to security. For Novell, a comprehensive identity access framework that will give us the peace and assurance that anything that is physical, virtual or cloud environment is properly managed and operated.

SM: What are your thoughts about the vendors that are providing security solutions in a cloud based model today? For example, Qualys or Proofpoint are offering security as a service. What is your perspective on such security solutions?

JA: My answer will be biased on this one because this is an area where Novell itself plays as a company. Security, identity and access management is a very strong area for Novell. It has five Gartner leadership quadrants, so we don’t really look at other vendors. We have our own solutions for these areas.

In the specific case of the cloud, there are a couple of things that we are doing. These are very important, and we just released a new identity manger which is our framework for identity and access management.  This framework now considers the cloud as another environment that you have to manage, and we adopt this solution internally.

Later this year, we are releasing something called Novell Cloud Security Service, which is actually a solution that we are offering to SaaS vendors so they can offer secure access to their customers and will integrate with their existing security frameworks.

For example, take the case of Callidus. We want Callidus to adopt our Novell Cloud Security Service. They will deploy it along with their cloud offering or integrate with their offering. By doing this they can offer it to their customers. If I become a customer of that service and if I have Novell Identity in place, these two services will integrate so I will be able to leverage totally my security framework with this vendor, and it is all  automatic. As I said earlier, my thoughts are very biased as to what Novell is doing because this is an area of focus for us.

This segment is part 6 in the series : Thought Leaders In Cloud Computing: José Almandoz, CIO Of Novell
1 2 3 4 5 6 7