In October last year, Unisphere Research released “Privatizing the Cloud: 2010 IOUG Survey on Cloud Computing”. In light of this past weekend’s Amazon public cloud service interruption, its worth citing one of the study’s key findings:

“Adoption of private cloud solutions for IT workload processing or infrastructure is outpacing use of public platform service providers. About 14 percent use the services of public cloud platform providers, compared with 37 percent using private cloud for parts of their operations. Adoption of software as a service (SaaS) applications is more common, used by close to one out of four respondents. However, security issues continue to be a concern with use of public cloud and online application services, making private clouds a more attractive option to enterprises. IT departments also play a leading role in identifying and managing public cloud and SaaS.”

Add “availability” to the list of concerns with public cloud provision now. Enterprises typically look at three core values when evaluating a solution for mission-critical enterprise computing deployment: Availability, Scalabililty and Security. By this measure we now see external cloud provision raising concerns on availability, as well as the already-present concerns over security. That is two-out-of-three in the “questionable” column in the enterprise-readiness trifecta. And for the old dogs in the market, its starting to feel a little like the state of client-server computing in 1996. Amazon has some serious work ahead of it to get beyond these concerns – not impossible, but its going to need to be demonstrable and definitive.

This will be a defining, limiting moment for external cloud provision – reinforcing a strong trend toward internal cloud deployment.

The recent exposure of hundreds of thousands of government documents by WikiLeaks points to the lack of both adequate procedures and sufficient deployment of automated technology to secure data from abuses by so-called “authorized users.” Currently, the government has arrested and charged Army Pfc. Bradley Manning, who is suspected of giving classified documents to WikiLeaks. Bradley allegedly downloaded the files from classified computers onto CDs while serving in Iraq, according to NBC News. Over the past five years, Unisphere Research has conducted seven different studies documenting the exposure of sensitive, unencrypted data within organizations and the threat this poses to enterprises and, obviously, to our government. Repeated Unisphere Research studies cover the types of data exposure, the breadth of that exposure, the failure to pass audits and a general level of complacency by information managers regarding inside threats, revealing a disturbing Achilles’ heel that remains stubbornly present. Moreover, we have begun to identify the wide gap between IT professionals and enterprise management in understanding the seriousness of the issue – and applying the needed funding to remediate the issues.

The threat presented from within can only intensify further. As organizations select internal cloud provision over outside cloud service providers, many times in the name of “data security,” we are left to wonder at the level of exposure we are likely to see with data increasingly residing outside the database itself, but within the internal cloud. Our experience here at DBTA and research through our Unisphere Research group paint a picture of broadly haphazard, even casual, security practices vis-a-vis the inside threat. Moreover, we continue to see the focus of security budgets and practices on “perimeter” threats. We also observe an ongoing myopia that appears to be broadly present in the analyst and media community serving the IT market about internal security practices.

Perhaps the one positive that can be taken from the WikiLeaks episode that is still unfolding is that the issue of insider abuse can no longer be swept under the rug. WikiLeaks blows the lid off the problems associated with “authorized user” abuse. Where can you start to learn more about internal vulnerabilities and begin to identify how to deal effectively with them? You can download the “2010 IOUG Data Security Study” in full at http://www.oracle.com/go/?&Src=7011681&Act=507&pcode=WWMK10035434MPP008 or download the shorter Executive Summary at http://www.ioug.org/PublicationsResearch/ResearchWireSurveyData/tabid/90/Default.aspx (scroll down the page for the 2010 study). The PASS study “Data in the Dark: Organizational Disconnect Hampers Data Security” can be downloaded in full here http://tinyurl.com/2auoqvq . Both of these are available on a complimentary basis.

As we prepare for GOSCON this year, there are a number of key topics that come to mind. When one thinks about “Government” today, undoubtedly we hear discussions around cuts in government services; the need to raise taxes; stopping or reducing deficit spending and the general trend of doing more with less. This is not just at the Federal level, it is also a focus at the state and local government levels, too. In 2007, for the first time in history, the majority of the world’s population—3.3 billion people—lived in cities. By 2050, city dwellers are expected to make up 70% of Earth’s total population, or 6.4 billion people. So isn’t it critical for us to start to understand just how technology fits into this ever-growing clamor for improved government services at reduced costs to the taxpayer?
Well, quite pragmatically, IBM strongly believes that Linux has a key role in “Smarter Government”. Smarter Government isn’t just the day-to-day administration. It’s more expansive than that – it’s evidenced where we work, where we live: it’s Smarter Water; Smarter Traffic; Smarter Energy; Smarter Telecommunications. Smarter Government means helping to promote economic growth by streamlining cumbersome processes and simplifying reporting requirements, which are especially burdensome to small firms.
What we sometimes really don’t think much about in analyzing these “Smarter” solutions is the operating system (OS) on which these “Smarter” solutions run. Numerous studies have shown the Linux Operating System to have a lower Total Cost of Ownership, particularly in virtualized data centers, and that should indeed help the bottom line which affects the services delivered to our communities. (ftp://public.dhe.ibm.com/linux/pdfs/GCG_Virtualization-Linux_vs_MSFT.pdf).
For example, the Dundee City Council IT department standardized on a single operating system, on both mainframes and x86 hardware, which provided a stable, secure, flexible and cost-effective platform for business-critical applications. That single OS? SLES from Novell.
Another example is within our own Department of the Interior’s National Business Center (DOI), which provides shared IT services for federal agencies both within and outside the DOI. They often compete – and win – against other larger service providers because their infrastructure is backed by IBM System z10 mainframes running Linux. The DOI National Business Center can offer shared IT services at a lower cost because the utilization of a mainframe is often between 80-100%.
One last example of Linux I’ll mention here is the City of Burbank, which had a complex, multi-vendor, multi-OS environment. The mixed environment was driving unnecessary complexity and expense, so the City consolidated on IBM BladeCenter and migrated to Red Hat Enterprise Linux (RHEL). As a result, the City achieved better performance, significant space savings, and reduced costs for hardware, power, cooling, maintenance, monitoring and licensing. On top of this, another government agency did the same, and implemented redundant failover between the two IT environments. Not a bad idea when you take into account the number of earthquakes annually (13 in the past month alone, within 30 miles of LA).
So all of these examples focus on providing customers with a strategic choice in their data centers as well as lowering operating costs to the respective government body. Providing savings to the taxpayer, while better serving the overall public is a win/win situation for all concerned. The point is that by using Linux, whether it is RHEL, SLES, Ubuntu, or one of many others, you are enabling your organization to have an open, flexible environment where applications can run on multiple platforms. Flexibility has value, and true cross-platform support means organizations can use the architecture that makes the most sense for a workload while maintaining a single, standard enterprise operating system. Additionally, IBM is one of the leading vendors of middleware, helping organizations build solutions for a Smarter Government. So whether it involves Business Intelligence to improve decision making or Smart Work solutions to implement more effective collaboration and communication, IBM’s total solution enables governments to respond to changes in the environment more rapidly.
So I look forward to GOSCON, where those from Local and State Government, in particular, who face these day-to-day pressures in their communities will be congregating and participating in forward thinking solutions. I hope you will join the discussion as we seek answers to Government’s most pressing problems from a technology solution point of view.

For more information about Healy’s talk at GOSCON, titled Efficiency? Lower Cost? Innovation?: What Does Linux and Open Source Mean to the Public Sector CIO in 2010?, go to http://goscon.org/sessions/efficiency-lower-cost-innovation-what-does-linux-and-open-source-mean-public-sector-cio-20.

Jean Staten Healy, Director of Worldwide Cross IBM Linux Strategy, will be speaking at the Government Open Source Conference (GOSCON) on October 27.