Stacy Griggs is Sr. Director of Customer Experience for Cbeyond Cloud Services , previously Stacy was the Vice President of Sales for MaximumASP which was acquired by Cbeyond in 2011. Cbeyond (NASD-CBEY) is a publicly traded provider of telecommunication and cloud services, which has been recognized by Microsoft at its 2009 Worldwide Hosting Partner of the Year and 2010 Hyper-V Cloud Provider of the Year. Prior to Cbeyond Stacy held a series of positions at Hosting.com including Chief Sales Officer, Chief Service Officer and General Manager for their flagship Delaware data center.
Stacy has led several information technology services companies over the last 15 years. He was a Managing Director for KForce a $1 Billion publicly traded professional services firm. At KForce Stacy managed 5 business units that collectively generated $18 Million in revenue and had 140 employees. Prior to KForce Stacy was a Vice President and part-owner of Diamond Technologies, an 80 employee custom software development firm. Previously Stacy held management positions at TMP Worldwide, the University of Pennsylvania, and Humana.
Through his theWHIR blog, Stacy will touch upon sales and service in the Web hosting space, web hosting events, cloud computing and industry trends.
There has been a great deal written about Megaupload and its ramifications for cloud computing, I wanted to take a few minutes and weigh in on some of the more important points for the cloud. First, for those that don’t know, Megaupload was a large file sharing site based in Hong Kong – it accounted for 4 percent of all Internet traffic and 50 million visitors per day. It was a big deal and handled many legitimate and not-so-legitimate clients (aka pirated content). Think Napster for video. Because of its harboring of illegal content it was recently shut down.
I have seen a number of recent articles talking about how this is a failure of the Digital Millennium Copyright Act (DMCA). The basic premise of which is that by shutting down Megaupload, many legitimate clients lost their content without warning or recourse. Actually, in this case DMCA worked exactly like it is was supposed to. While I have no doubt there were legitimate clients at Megaupload, it was primarily a rogue site, run by a convicted felon. Over the years this site had received thousands of DMCA warnings. Their default practice was to simply delete links of offending material, leaving the content and clients on the servers. Companies that are serious about complying with DMCA have policies that remove repeat offenders from their network, Megaupload didn’t. The only failure of DMCA was that it took so long to shut them down.
I have also seen a number of articles that say that this incident “hurts the credibility of the cloud” because it suggests people can go down or loose data. Poppycock! Clients should know who they are doing business within the cloud or in person. Even a cursory search on Megaupload would have turned up issues with its founder two-time-convicted-felon Kim Dotcom and the site’s reputation for harboring illegal content. Preforming proper due diligence on a provider is a huge part of selecting the right cloud partner. The only failure here was that customers didn’t ask the right questions about a potential vendor. Additionally, if your business is valuable you should use multiple cloud providers – one as primary and one for Business Continuity / Disaster Recovery (BC/DR). The cloud inherently provides for a high level of redundancy, but relying on a single provider can leave you vulnerable to issues such as bankruptcy, systemic technical problems, political instability or DMCA shut down.
If clients of Megaupload had followed any of the principals above, they would be fine today. Cases like this point to a need to for a receiver or special master to assist legitimate clients with data recovery [Ed: Megaupload's host Carpathia is working with the EFF to help legit clients recover their data]. Similar to what ICANN did when RegisterFly shut down. Additionally, it would be nice if there were a public clearinghouse for DMCA complaints, which provided cloud providers with a reputation and risk score based on compliance. But clients who were harmed by Megaupload shutting down ultimately have no one blame but themselves.
2011 has been another amazing year for all things cloud – it’s now time to start thinking about 2012 and how the cloud will evolve over the next 12 months. Prognostication can be unpredictable, because of the rapidly evolving world we live in. When I made predictions in 2010 50 percent of them happened and I think that is about the success rate we should hope for on these. Here it goes…
1. Complex hosting morphs into Platform-as-a-Service (PAAS). We are already starting to see this trend with the ASP.Net Cloud Sites product we offer at Cbeyond Cloud Services. Technologically advanced companies are looking to simplify their environments and one of the easiest things they can do is leverage the PAAS to do it.
2. Specialization of cloud providers is going to become more important. Instead of selecting a generalist provider and having them host all their applications, customers will be more inclined to select best-of-breed providers (like Engine Yard or Heroku for Ruby on Rails or CFDynamics for Cold Fusion). This trend is being accelerated by a number of providers starting to offer cloud syndication along with the new class of cloud management tools like RightScale and Abiquo.
3. Governments will move to the cloud in a big way. Governments (specifically the US Federal and State Governments) have spent the last two years talking more about the cloud than actually using it. This will be the year where reality starts to meet the hype. Governments are being forced to find more cost effective ways to provide the same services and the cloud is one of the few easy choices they have.
4. M&A will continue to be big. Many of the small and mid-size hosting assets have been acquired in the last several years. This year also saw the acquisition of several of the larger companies in hosting including Savvis, Navisite and Terremark . There continues to be a number of very large companies that are trying to get traction in the cloud (specifically Infrastructure-as-a-Service) among these companies are Dell, HP and any telecom who is not already in the game. With record amounts of cash on corporate balance sheets and many of the larger private assets in the cloud owned by private equity funds, I expect to see a lot of M&A activity this year.
5. Hypervisor will become important in selecting IAAS. Traditionally clients have selected cloud providers and migrated to the cloud with little regard for hypervisor, largely because most cloud providers relied on proprietary technology stacks. Companies are now bifurcated into those that use VMWare and those that use HyperV. In this paradigm, it is important to either support these technologies in your cloud (VCloud for VMWare and DDC for HyperV) or provide an automated migration path to move VM’s from a client site to the cloud (like EC2’s VMDK Import Tool). 2012 promises to be an exciting year with significant new traction and change for the cloud, just hang on.
A couple of weeks ago, after a bad experience trying to download an app form the Blackberry App Store I tweeted “If my phone is so smart, why is it made by blackberry?” It’s been obvious since the launch of the Android OS by Google that Blackberry was the dead man walking of the technology world. But for some reason earlier this year, I traded in my old Blackberry for a new one.
There were reasons (I like a qwerty keyboard, I had a very positive experience with my previous Blackberry and migration of my contacts was easy). Today, I regret that decision…. delayed emails, missed meetings, no Facebook! It turns out I traded dependability for a qwerty keyboard, which in hindsight isn’t a very good deal.
After a three-day-worldwide-outage for Blackberry users (which fortunately only impacted the United States for about 10 hours) the real question is – how can a big company, with a mission critical product have such fragile infrastructure? Have these guys never heard of the cloud, geo-diversity or high-availability? Why is all Blackberry data routed through Canada? Shouldn’t my data and mail be between me, my phone provider and the Internet? At the end of the day, I feel like I made a bad decision selecting this phone handset. Like all executives, I need a phone that is built like the cloud (redundant and always on).
The key question is what’s next for Blackberry? How will they treat me and the millions of other impacted customers? Where’s my SLA? Will they step-up and make this right? Can they make this right? Will they fully detail and release a root cause analysis for the outage? And most importantly will they get their innovation mojo back? Now that they have an uncool product, with less features that can leave you without service, it makes for a very tough sell to new customers. Their only choice for long-term viability is to learn from and leverage the cloud.
Here are a few notes from the T1R Tuesday Analyst Keynote presented by William Fellows, Vice President of Research for T1R. A lot of stuff you probably already know, the cloud is growing fast. Big players are coming to the table via acquisition. Here are some of the more interesting points:
Amazon – 55%
Rackspace – 8%
Verizon – 6%
- The EU is lagging US adoption rate for public cloud. It looks like the US this time last year, issues mainly cultural around service and balkanization of laws / regulations.
- Cost reduction and time to market are the leading drivers to the public cloud. Change and complexity are the leading reason companies don’t use the public cloud, security ranks a surprising 4th.
You should see some additional quick posts on other sessions as the day rolls along.
I am attending the HCTS in Las Vegas this week and plan to do a couple of quick blog posts about the sessions and the conference in general. So far the trip is not off to a good start; I missed a connecting flight in Charlotte last night and won’t get into Vegas until this evening. Excessive flight delays are an unfortunate byproduct of the reduced capacity on most major airlines. Airlines (US Air in particular) need to do a much better job in these types of situations, but that is a post for different time.
The T1R Summit is one of the two must-attend shows for executives in cloud, colocation and hosting. It’s smaller than HostingCon (the other must-attend show), but aimed at a much higher level executive. As such the sessions are very strategic in nature and the networking is excellent. Additionally, the opportunity to interact with the analyst at T1R is worth the cost of admission by itself. No other research firm understands IaaS as well as they do. It doesn’t matter who you are or how long you have been doing this, you will get fresh ideas and insight by talking with them. Finally the HCTS is overflowing with capital; in fact with an industry growing at 40%+ annually this is a nice vacation from the constant news of recession. With all of this capital running around – if you are looking for investors, financing, investment bankers, private equity firms, venture capitalist, you can’t help but stumble over at least three of them at any black jack table.
Stay tuned, for additional posts about the show and content that I find interesting.
I came a cross an intersting infographic (below) from Mozy that discusses the amount of data stored worldwide, there are a couple of intersting tidbits and conculsions that can be drawn for this.
- First there are 600 Exabytes of digital data stored worldwide and this number is doubling every three years. This means there will be a Zettabyte of digital data in the world within the next three years. Wow!
- Second, the United States and United Kingdom dominate the worldwide datacenter market with 100% of the 10 largest facilities located in these two countries.
- Finally, old technologies die hard; 11 percent of all data is still stored on tape. With this level of continued data growth, hosting and cloud computing will only become more pervasive.
Just a little data (about a lot of data) to get you thinking.
Good day at HostingCon, the weather is beautiful, the sessions informative and the networking great. I had a couple of quick observations, I wanted to pass along to the readers of this blog.
- First, there is an incredible wealth of information on sessions and events being passed along on Twitter with the #HostingCon hash tag. If you aren’t following these tweets, you should start. It will significantly enhance your overall experience.
- Second the real-time reporting of sessions by the WHIR is excellent, it gives you the ability to see what happened an every session if you were in it or not.
- Finally what would a HostingCon post (from me) be without mentioning of a party? While as usual there are a number of parties each night, the top event is the CPanel / Softlayer / Resell.biz, “Geeks Gone Wild” party tomorrow night. The Dan Band from Old School and The Hangover fame is playing. Consider this one a can’t miss, you still have time to register at http://hostingconparty.com/
I plan to provide another report from the trenches tomorrow, until then in the words of Ron Burgundy stay classy San Diego.
It seems like an odd question, since I generally don’t associate evil intent with a company. But I saw an interview with Scott Cleland, author of “Search & Destroy, Why You Can’t Trust Google Inc.” where he claims that Google can’t be trusted. Additionally, Google has an unofficial motto which is “don’t be evil” so Google has made good and evil part of the conversation. I’m not sure a company can be evil, at least intentionally. I am sure companies can be intentionally good, like Ben and Jerry’s developing a market for hormone free dairy or Starbucks, developing a market for fair trade coffee. So if companies can be good, it only makes sense that they can be evil. Although I can’t think of any examples where a company has intentionally tried to be evil, I only have examples like BP where it occurred through carelessness or neglect.
So back to the main question, is Google evil? Mr. Cleland states that the primary issues are with privacy, antitrust and conflicts of interest. As for privacy, Google has a lot of information on me – all of it information I agreed to give Google. Arguably, Microsoft has as much information on users of Office365 and Bing. And Facebook has the mother-load of data on me and half a billion other people. Simply amassing a lot of data about your customers can’t be evil. Evil has to include using the data for nefarious purposes. Google, Facebook or Microsoft do not meet that test. Looking at antitrust regulations, what dominant technology company doesn’t have this issue? In Social Media it’s Facebook (when was the last time you used MySpace?), in desktop OS it’s Microsoft and in practically everything cool it’s Apple. Is Apple evil for using the hegemonic power of iTunes to make the iPhone a better product, is it antitrust, is it a conflict of interest? I don’t think so.
Finally, why is it important to the hosting industry? With its vast SaaS offerings Google already is a major player in hosted applications, before long they will have a full suite of cloud offerings including a public cloud. Good or evil, what people think of Google they will invariably think of us. With all of the data contained in the typical cloud computing facility, it’s only a matter of time until someone calls all of us evil.
Last week’s outage at Amazon’s Northern Virginia datacenter is the topic de jour for the tech industry this week. There seems to be two major categories of blog posts, those that blame the customers for not constructing a geo-redundant, high-availability environment and posts that blame Amazon for the failure. The truth is somewhere in middle, I concur with Lou Honick that customers have a responsibility to purchase and configure a highly available environment. Additionally, O’Reilly called it the “the cloud’s shining moment” and put the blame squarely on customers. There is however ample evidence that customers who tried to architect a HA environment based on Amazons recommended best practices (configuring redundant services in multiple availability zones) discovered that the service didn’t work as Amazon advertised. There is a great post on ReadWriteCloud which thoroughly documents these missteps and the technology issues experienced by AWS during the process. Based on how these events have unfolded I predict that we will see four significant changes in cloud computing moving forward, they are as follows:
- Customers will demand strong Service Level Agreements – The SLA at Amazon is particularly weak, in fact based on last week’s events Amazon doesn’t owe its customers a dime in SLA credits. While an SLA credit doesn’t begin to compensate customers for the losses that their business may incur from an outage, a 100% uptime guarantee is becoming very common with high quality hosting companies and it provides proper peace of mind to customers. It tells customers that their vendor believes in the service they are offering.
- Customers will start demanding (and performing) fail-over testing Today very few customers take fail-over planning seriously, even fewer have the discipline to test their plan quarterly. Customers that do this and do it properly will suffer very few service impacting outages.
- Customers will use multiple cloud providers – Today it is common for customers to use a single cloud provider and depend on their offerings to redundancy. I predict more customers (especially large enterprises) will want to put their eggs in multiple baskets moving forward.
- Providers will start offering packaged HA solutions – Today many of the top cloud providers offer do-it-yourself solutions for high-availability. Moving forward customers will demand that providers offer an integrated, easy to use, packaged solution for geo-redundancy.
Finally, on to the issue of how this impacts the cloud industry as whole. I think Lew Morman from Rackspace said it best in the New York Times, when he compared this incident to “the computing equivalent of an airplane crash. It is a major episode with widespread damage. But airline travel, he noted, is still safer than traveling in a car — analogous to cloud computing being safer than data centers run by individual companies”. Will this impact customer decisions, sure. Will it change behavior absolutely - it’s all part of the evolution of an industry. Back to the airline industry, at the beginning it was singifigantly more dangerous than it is today. But just like air travel replaced previous forms of transportation (think the Titanic for transatlantic transportation or 3-day trips from NY to LA via train) cloud computing is far more efficient, cost-effective, safe and available than any other method of keeping your applications online.
In a previous post, I discussed how SAS70 was being phased out and replaced by SSAE16 as the primary operational auditing standard used by hosting companies. After a number of conversations with our auditors it’s clear that with SSAE16 there are three variants of the report that hosting companies can have completed. My question is which version will hosting companies choose? Here is a quick review of each:
- SOC 1 – Is restricted to current customers, this is non-starter since many companies want to see a report as part of due diligence (prior to becoming a customer).
- SOC 2 – Contains everything that is in a SOC1 (the long-form) and distribution is limited to “users with sufficient knowledge” think IT or accounting professionals. It is distributable to customers, prospective customers and business partners so this looks most topical for our needs.
- SOC3 – This is a short-form, with no restrictions on distribution, but not as much information as the SOC 2. This is an intriguing option; it can be published on our web-site and probably accomplishes what customers want – which is 3rd party validation of controls. I love the idea of democratization and openness in the process, but I am not sure that every customer will be interested in the “short-form”.
Like a SAS70 there is the option of either a Type I or Type II, obviously (as with SAS70) customers will expect a Type II report since it involves actual testing of the controls over time. My question for you is what is your organization doing? I am intrigued by SOC 3, but naturally inclined to have a SOC2 – Type II preformed and call it a day. We are talking with our audit team from Ernst and Young in a couple of weeks, but I wanted to see what other hosting companies were doing. Let me know what you think.
