The research goes on to show that among the IT professionals surveyed, almost one third believe the security threats came from internal sources. Other key findings included concerns around lack of control, security measures and compliance.

The findings of high levels of concern about cloud computing merely reflect what we have known for some time. However, it’s also interesting to note that almost one third of the security threats were cited as coming from inside the organisation. While most of these were deemed to be accidental, such as employees falling prey to viruses rather than attempting unauthorised access to company resources, it illustrates how internal threats represent a significant area of concern.

Today much of the attention on security, both within the cloud and on client devices, is software focused, however utilising technologies built into the hardware can significantly help in deliver more secure IT environments. At the same time the report was released Intel and McAfee unveiled plans for enhancing security within cloud-based infrastructure aiming to fuse hardware and software features to create a cloud computing environment that is secure from both the server and the client perspective. This approach addresses the security concerns expressed in the survey.

Cloud security issues are wide ranging across both hardware and software. Identity management needs to be incorporated into the infrastructure so users, devices and services can be identified as trustworthy, application security must be in place, data needs to be protected and legal and compliance issues considered. The use of virtualisation in cloud implementations also brings concerns. The virtualisation layer must be properly configured, managed and secured.

The Intel/McAfee announcement aims to address some of these concerns by enabling more layers of security. At the hardware level Intel’s Trusted Execution Technology (TXT) is used to validate key components within the server processor at start-up whilst McAfee’s ePolicy Orchestrator and can be used to enable a consistent security policy across physical, virtual and cloud environments.

Further software seeks out malware and limits the spread of infections and downtime while data entering or leaving the data centre is monitored for signs of infection. Updates are also automatically pushed out when they are available. Other software tools are available for validating the integrity of virtual machines, real-time cloud performance, software security and endpoint awareness.

The environment that the technologies cover extends from the server to the desktop and mobile devices. The focus here is the provision of a holistic approach to address the pressing security concerns around cloud technologies. The test will be how it is used in the real world. These are interesting times, characterised by genuine moves in the cloud sphere to advance architectures and I’ll be keeping a close eye on these developments. So watch this space.

It naturally follows that working practices are also going to change. We can already see this within IT departments where job roles are changing. For example, cloud specialist, cloud architect and cloud alliance manager are job functions that are becoming increasingly commonplace. Implicit within these new IT opportunities is usually the need to be able to work closely with the business.

This tells you that the cloud is accelerating changes in the way we work. For example, cloud computing is driving changes in flexible working. A case in point is business start-ups which are not constrained by fixed infrastructure. They can access the compute resources they need on the move and as easily as if they were in the office.

Cloud-driven practices are already gaining a foothold in the workplace because they offer a compelling number of benefits for both employees and employers. Employees can more easily balance work and home-life responsibilities, and for employers it widens the recruitment pool – location is no longer a primary issue.

As cloud technologies become progressively commonplace, flexible, remote and collaborative working will become more and more popular. This has some interesting implications that could gradually revolutionise the way we work. Patterns of working today are radically different from how our parents worked thanks largely to technology. And I expect this change to be accelerated even further by the cloud.

I’m aware that such concepts as the paperless office and total remote working have been around for a while and in some senses they have failed to live up to their billing. But remote working today is certainly common for many people, and even though in practice it might consist of one or two days out of the office rather than being a complete way of working, its prevalence will increase in the near future.

Some have asked me whether remote working will usher in an era of ‘dumb’ or thin clients – negating the need for intelligent devices to access information. I think the reality is instead that we’re seeing increasingly ‘smart’ devices – be they smartphones, media tablets or laptops – accessing and creating content on the move. The need for intelligent processing is increasing just as much as the need for mobility – and today more than ever the two are progressing hand-in-hand.

The fact that mobile computing is still evolving at a ferocious pace, to my mind, means that we’re well positioned to empower workers to exploit the benefits of the cloud. In so doing they’ll be helping shape a really dynamic new workplace – which encompasses the living room as much as the office.

The recent resignation of Chris Chant, who leaves the role of G-Cloud Programme lead, has unearthed some potentially uncomfortable truths about this journey. And yes, the programme hasn’t had an entirely easy ride prior to this. A brief outage within days of launch encouraged the naysayers to cast aspersions over the project. But a realistic analysis of the experience to date suggests that whilst this wasn’t the ideal start, it isn’t a cause to throw in the towel. Service was still delivered through other channels, and the story since has focussed more on its successes.

But I feel that if the UK government gets G-Cloud right, there’s a strong bet that even the most conservative of enterprises will eventually follow suit. The critical issue is the recognition the UK government has made to forward-thinking IT strategy.

Francis Maude, Cabinet Office minister, has said that cloud services are estimated to cut government IT costs by about 460 million a year and that the cloud is expected to become the common infrastructure for government computing. One key aim within this is to reduce the cost of its 600,000 end user devices. A progressive approach to IT will need to be economically viable if it’s to be realised. If the G-Cloud proves a success it could be the catalyst to a far better approach to major public sector IT.

Alongside these objectives, the strategy implicitly recognises that the IT landscape is shifting from traditional supply models with a handful of suppliers and long-term contracts to short terms contracts with services also supplied by small and medium businesses. In a sense, the UK government is taking the flexibility that the cloud delivers and is extending it to the supply chain.

Chant’s criticisms suggest that some of the stereotypical fears about the restrictively bureaucratic and immobile nature of the public sector may be accurate in some instances. Those working in the political sphere tend to avoid projects which gain a poor public reputation, and I hope that enough energy and fait is shown in the G-Cloud to ensure that it doesn’t fall foul of this trend. But there’s a potential prestige to the G-Cloud that I hope all those involved recognise. If it’s judged to be a success, it could be a landmark moment in the evolution of cloud computing.

But before any IT worker reading this is gripped with terror, I need to point out that it’s not likely to happen any time soon, as ubiquitous clouds are probably about five to ten years away. And more fundamentally it’s not as if IT roles will disappear into a vacuum. The cloud will require new technology skills, and I see cloud computing providing a basis for IT’s more strategic contribution. Which means IT workers will spend less time on that old phrase ‘keeping the lights on’ and more on innovation.

In fact, a relatively recent report released by industry analysts IDC, predicts that IT cloud services will generate nearly 14 million jobs worldwide between 2011 and 2015. The research was commissioned by Microsoft and it also concluded that up to $1.1 trillion in new business revenues could be generated.

Let’s not forget the cloud is a transformative technology and as such it’s going to shake the industry up. It’s driving down costs and enabling innovation. It’s going to require a shift in skills from the traditional roles required for client server models to new ways of working. But IT roles have always evolved, and this is clearly the next big step.

I read recently of a US company, involved in scientific product development, moved its in-house communication systems to a cloud-based Software-as-a-Service (SaaS) offering. It did this because it wanted a simpler way of deploying communications systems without adding infrastructure, when it acquired a company.

It might be supposed that this almost 10,000 strong company would no longer need IT staff to manage its communication platforms and could therefore make significant operational costs savings. It did make savings but rather than reduce its headcount, IT staff simply switched their focus to helping the company’s customers integrate into its cloud platform. Rather than emailing scientific documents between the company and its customers, documents are now stored in the cloud so they can be accessed directly. IT staff are hence involved in product development lifecycles at a much earlier stage. At a wider level, the company has gained greater kudos within the industry because of its closer interaction with customers.

Clearly, this is only one example of how IT roles can expand as cloud technologies become more pervasive. But that said it’s indicative of a wider trend that will see IT roles evolve to meet new cloud requirements, particularly as clouds become the preferred delivery methods for new IT investments, whether it’s SaaS, online backup or data protection.

Currently, the trend for cloud-experienced IT workers is driven by service providers hiring software engineers to help implement SaaS solutions such as email, customer relationship management, ERP or other applications.

On the in-house or enterprise side (organisations which are using cloud services) I’d anticipate demand for IT people who can manage relationships with service providers. As cloud technologies become more pervasive supplier relationship management coordination is going to become increasingly important. At the same time there will also be a need for people who can understand and manage those elements of cloud technologies that are kept inside the company.

The key for IT workers is to build on existing skills and develop expertise in high-end technologies that are central to the cloud such as virtualisation and storage area networking. These skills will be needed. In short, the cloud isn’t going to make IT workers redundant; it’s likely to create lots more jobs and free up existing IT staff for more mission-critical roles.

As we move towards ubiquitous internet connectivity the flood of data that flows through an enterprise increases exponentially. Whether it is blogs, tweets, YouTube videos or other forms of electronic data, this mass of information presents a huge opportunity.

But the challenge most organisations face is how to mine the opportunities that are implicit in this massive growth in unstructured information. How do you harness, interpret and use it? To date, three big data dynamics have become evident. There are a few organisations who have seized the opportunity, there are those who are aware of it but don’t know how to make use of it, and there are others who aren’t aware that opportunities even exist.

The key to making use of big data is establishing what you want to achieve. For example, do you want to use data to identify new customers for your product or service, do you want to extract information that reveals the profiles of people who visit your website or interact with your social network presence, or do you want to identify customer behaviours?

In short, you need to think about the complexities of the data at hand and your objectives. For example, a retailer may want to chart demand for specific products, at particular locations and times. This type of information is tremendously powerful and could provide a much sharper focus for businesses. However, extracting it requires careful thinking about the types of questions you will use to interrogate the data. And it may result in your requiring more storage and/or compute power than your organisation currently hold on premises. Enter the cloud.

The use of the cloud can significantly advance any business’ chances of using big data to their advantage. But the cloud can’t do all the hard work for you – you need to know what exactly you want from it, just as you need to predict how you’ll interrogate your data.

A nice, clear example of the benefit of knowing what you want to achieve with a collection of data is TomTom’s use of mobile phone location signals. The satellite navigation company taps into the databases of mobile phone operators to gain real-time access to mobile phone location data. This information is then used in real-time to determine the speed of traffic, traffic flows and where roadblocks are. The information is then sent to TomTom satellite navigation devices to enhance the quality of user experiences.

These examples illustrate how some organizations view big data as a rich source of insights waiting to be discovered. The potential is enormous, and where once may have been the preserve of the IT powerhouses, such opportunities have been somewhat democratised by cloud infrastructures.

Some of these data centre advancements include rethinking how data centres are cooled, including floor design to optimise cooling and airflow, and new concepts such as solar power. The changes are fundamentally necessary and the equation is simple; data centres are costly to run so design needs to be more efficient.

To date, data centres have essentially been put together with an assembled collection of standardised components. But as the industry moves forward we’re set to see an integrated aggregation of best-of-breed technologies, for example, custom-designed servers and cabling innovations, offering solutions that are less expensive than existing fibre-optic products.

Taken together, these component innovations will enable more efficient data centres. However, that said, the fundamental requirements for next-generation data centres need to be addressed. At the server level these are higher levels of energy efficiency, lower power consumption and greater performance. If we get these components right there is a positive follow-on effect, for example, cooling requirements are not as onerous.

The beauty of cloud computing is that it has posed significant enough challenges to the prevailing order that major vendors and service providers are literally tearing up the rule book as to what we can and can’t do. When I read reports from the major analyst firms, read the news on ZDNet, and speak with my peers it’s obvious that cloud is more than just a new delivery paradigm. It’s a whole new motivator for the industry to exceed its own expectations and capabilities on a regular basis.

The release of Intel’s Intel Xeon processor E5 family this week is a good example of innovation, so I hope you’ll forgive my taking a moment to explore this announcement, but I believe the technological advancements we have worked to achieve will become the foundation stones of next-generation data centres.

Let me qualify this – Xeon E5 offers a staggering 80 percent performance improvement over the Intel Xeon processor 5600 series, which is currently a popular choice for data centre servers, with significant improvements in energy efficiency and I/O thruput. For users, this means dramatically reducing compute time on large complex data sets, which is coupled with performance that scales up and down when it’s needed. Security, flexibility and manageability are all accelerated to meet the growing demand from the cloud. Interestingly, we’re also seeing an increased usage of our Xeon processors within the storage infrastructure of data centres – providing a consistent processor architecture across both compute and storage workloads.

So the cloud may be giving many CIOs sleepless nights as to whether they take the plunge and shift some or part of their infrastructure in this new and exciting direction. But you can be assured that on the other side of the equation, there are just as many of us with minds racing as to how we keep up with this ferocious rate of progress.

However, I believe that many of the fears around cloud security are largely unjustified. To start with, the word ‘cloud’ creates a sense of intangibility, in which data apparently floats around in some kind of stratospheric no man’s land and is zapped down to a physical location when it’s called for. This perception has partly been brought about by the hype surrounding cloud technologies.

But as we know, and despite the airy terminology, cloud servers are real servers located in real concrete structures, built upon hard terra firma. It’s important to find out where your physical data is held if you can. For example, due to data protection legislation you may want to store your data in a local territory rather than a foreign jurisdiction. Well, you can, as long as you use the right service provider and define an appropriate service level agreement. The distinction between public and private clouds has also fuelled the fear and uncertainty.

Service providers offer public clouds over the Internet to deliver resources such as applications or storage to a wide variety of customers. Despite use of the ‘public’ Internet, data can be securely encrypted as it’s transmitted. Private clouds, as the name suggests, are cloud infrastructure or services operated for use by a single company, where that company controls who can access the cloud services. These can be hosted either within a company’s data centre or at an external third party’s data centre.

Despite the relative newness of the cloud, the approach to security should be, and is, the same as for any other IT infrastructure. Identities need to be authenticated, users’ levels of access to specific data needs to be managed and data needs to be backed up and protected. In short, the same rules and concepts need to be applied to the cloud as to other IT infrastructures.

I touched on this point in an earlier blog when I drew a parallel with the uncertainty around online banking when it was first introduced. Lots of people said it would never work but they were wrong. For sure, there have been steep learning curves for both banks and customers but today online banking is the preferred and often the only channel for millions of people.

Service providers have a deeply vested interest in ensuring their clients’ data is well protected. It’s their business to do so. If they leak customer data they may as well put themselves out of business and that’s why they do all they can to ensure security. This often consists of the best technologies and multiple layers of defence, typically exceeding the measures that many companies take themselves. This ‘optimisation’ also extends to replicating and securing the data across multiple locations.

The security policies that apply to an on-premise infrastructure should also apply to a cloud infrastructure. However, it’s important to establish security policy flexibility with a service provider so changes can be made in line with the customer’s changing requirements. From the outset, these issues should be nailed down in the service level agreement. This addresses the perception that companies lose control when they use cloud service providers.

In summary, I would say the fear around cloud technology security is for the main part without foundation. Of course, attack methods are evolving all the time and service providers tend to be targeted with frequency. But that said, security is just as much – or more – of a challenge to many in-house teams . Arguably the cloud providers are more up-to-date with their infrastructure technologies thanks to their business model which shares investment costs amongst several customers. And this is important, because at the hardware and software level, innovations are constantly coming to market which will make the cloud a safer and safer place to operate.

This year was no exception, and if there were any differences from last year’s event, it was that more cloud users were on hand to offer their experience and more vendors were on hand to display their understanding.

One of the most interesting speeches was delivered by David King, CTO of Logica, the outsourcing company. He compared the cloud of today with the railroads of the last century, in which the movement of goods across continents became vastly easier and in turn helped transform business.

He elaborated by explaining that the ‘sharing’ elements of cloud usage are where new business models are being developed, due to business services and public sector services finding new ways to share information and extract greater value from that information. In short, King claimed that the cloud is bringing together communities that previously operated in relatively narrow spheres of interest but are now working together in positive and cooperative ways.

From the technology perspective clouds have matured to such an extent that organisations, whether they are operating in a public or private cloud, can be brought together to share information over the cloud.

To illustrate his point King cited the example of Burgemet, a cloud-based service in the Netherlands that helps local people to solve crimes. Those who subscribe to the service receive a request via their mobile phone to be on the look-out after a crime is committed. They receive information relative to the crime such as a person or vehicle description. The service user then sends their information directly to the police.

In a sense, it’s the modern equivalent of the Wild West’s wanted posters but it does illustrate how information can flow across the cloud. It also begs the larger question about how, where and when information is shared between different organisations.

It is this aspect that has got King excited because he see’s in it an opportunity to help society grow more cohesively. However, there are all sorts of implications for this particular example and questions about whether citizens are being asked to become digital vigilantes. That said, in terms of what the cloud can help achieve, this is a secondary issue.

Most people are moving towards the cloud because of the efficiencies, flexibility and lower costs the technologies enable. The fact that other usage models, predicated upon the easier flow of information, are emerging indicates the cloud is clearly maturing as a technology infrastructure.

The past few years have seen cloud computing increasingly accepted as a form of service delivery. From the user’s point of view it provides services ‘on-tap’ and enables a nimble dexterity that galvanises business operations.

Given the current economic climate, cloud adoption is set to increase because it requires less capital and operational expenditure. In fact, you might say this could be the year of the cloud service provider. It’s a time of opportunity for service providers as companies and organisations look for ways of battening down the financial hatches.

Small and medium sized businesses (SMBs) will lead the charge into the public cloud by taking advantage of office apps, and email, delivered remotely. We will also likely see a growth in complete cloud desktop offerings too, which comprise all the services, and bespoke apps, that SMBs use.

Although the public sector has sometimes been seen as slow to adopt new technologies, ongoing austerity is nurturing increasingly adaptive approaches. The UK government already has a ‘G-cloud framework’ in place with a view to slashing the cost of government IT. The US government is already driving a ‘cloud first’ policy and I expect this trend to be also followed in the European Union.

At the enterprise level, the continued transition to private clouds will gather pace. Automation and orchestration will become central foci as private cloud infrastructures are built out and the need to manage the utilisation of internal cloud infrastructures and balance usage of external services becomes increasingly important.

Certainly, the mobile cloud is going to come more into the foreground. At this year’s CES, Technicolor, a leading content distribution company, announced a strategic relationship with Intel, through the launch of M-GO, a service that combines movies, music, apps and live TV in a single cloud-based location. We can expect more of this.

It’s important to remember that not all devices are made equal; CPU power, battery life, display/graphics capability, bandwidth capability and so on can differ widely. Cloud content delivered to devices needs to be appropriate to the client’s capacity.

Of course, with all of this continued movement to cloud infrastructures bandwidth is going to become an increasingly important issue. It’s all well and good to leverage the value of the cloud, but if the plumbing can’t carry the data loads it could become problematic. The bandwidth gates need to be able to handle data transmission to and from the cloud and at the precise time that it’s needed, without data jitter or time lapses.

Mobile bandwidth also has the potential to limit the use of mobile clouds. We’re already seeing this issue play out among mobile phone providers as data caps and excess usage charges are the norm. It would be interesting to see how this has affected mobile phone usage because this dynamic will certainly be replayed in some form in the mobile cloud space.

This also ties in with data storage questions that organisations will have to answer. If anything, the cloud is driving the availability of a growing mass of unstructured data especially from social networks and emails. Data management solutions are available to deal with these issues; the important thing for companies is defining what they want to do with the data, what to permit and circumscribe, what’s important and what isn’t. In fact, analysis of this data to drive business decisions is going to becoming increasingly important, not only this year, but in the following years too.

And let’s not forget privacy and policy concerns that are becoming an increasingly hot topic in the European Union. Organisations will need to factor into their planning, legislation that is coming out of the European Union. The legislation is aimed at introducing sweeping data protection measures that applies to all of Europe and companies that are operating within its territories. These new laws will drastically alter how companies collect data, for example, among other measures they will have to tell users why they are collecting data and how long it is being stored on servers.

I believe 2012 will see some significant advancements in cloud adoption, driven in part by adverse economic conditions with SMBs in particular leading the charge, and service providers rising to the challenges. Of course, there are issues around bandwidth, data protection and technical areas but as clouds develop these will be addressed. Interesting times lie ahead.

Forrester’s US Tech Market Outlook for 2012, published in late December 2011, is optimistic about how much cloud computing will grow this year, estimating that sales for four leading vendors will increase by 23% in Q1, and will then grow 24% quarter-on-quarter until the year’s end. Although those figures are based on a small slice of the cloud computing industry as a whole, they show great confidence in cloud technology, especially in a year which is likely to see further economic turmoil.

Forrester believes that growth in the cloud computing sector will outpace growth in the software market. This reflects the fact that a significant number of companies will be switching their IT budgets from traditional spend towards strategic cloud investments. Many IT directors have been challenged to ‘do more with less’ for years, and cloud technologies could enable them to cut their operational costs, assuming they can ride out the hump that comes with the project costs of implementing cloud.

This time last year, there was a lot excitement about the cloud. In some cases this translated into movement towards cloud projects. However, in many cases perceived barriers limited adoption. Security is one of the top concerns. Many companies are used to having their data in their own data centres where they can “see” it, so tucking it away out of sight is worrying for them.

It imposes a huge burden on operators to demonstrate they deserve the trust that their clients must have in them. There are some unresolved legal issues too. The idea of using a 3rd party data centre to host your data has been around as long as the internet, but it didn’t matter so much when it was mostly public-facing web pages. Once the core data of your business goes into the cloud, perhaps in a foreign jurisdiction, it raises real questions about what privacy and disclosure regime applies to it.

All of these barriers are surmountable, though. A radio programme recently mentioned that it is 15 years since internet banking came to the UK. A lot of people were extremely nervous about it, with some justification. However, history shows that the IT industry can solve security problems and inspire trust, and it will do so again for the cloud. There’s a lot of fear of the dark, but technology solutions already out there, and those in development, can provide the appropriate light. There are wider technology challenges to resolve too, including standardisation, but bodies such as the Open Data Center Alliance (ODCA) are working hard to resolve these.

Will 2012 be the year of the cloud? Certainly the promise of a cloud revolution seems a reality.

On paper, disaster recovery in the cloud is a viable and sensible model. However, it probably wouldn’t work in all cases, such as organisations that have large data volumes, as data transfer could be problematic.

But that said, it can be an attractive option for some companies, especially those who are strapped for IT resources such as small and medium-sized organisations. Because the infrastructure is in a sense ‘parked’ for most of the time (that is it’s in the cloud) the cost is minimised. Cost savings are also made on data centre space, IT infrastructure and IT resources.

This makes it an almost perfect model for smaller companies who don’t have the resources of their larger enterprise cousins. However, like traditional disaster recovery, there isn’t a single blueprint for disaster recovery in the cloud and as such each plan needs to be specific to each organisation.

There are three distinct model options. An undoubtedly popular option is to put both primary production and disaster recovery into the cloud and have it handled by a managed services provider.

Another cloud disaster recovery option is to keep applications and data on-premise and back-up data into the cloud. Then data can be restored onto on-premises hardware if a disaster occurs. In this approach the back-up in the cloud becomes a substitute for tape-based off-site back-ups.

Back-ups and restores directly to the cloud is a third approach that can be taken. Rather than being restored to on-premises infrastructure it is restored to virtual machines in the cloud. There is also a model for those who require continuous data protection based on replication to cloud virtual machines. This can be used to protect both cloud and on-premises production.

Each model has its benefits and clearly the unique features of each company will determine the appropriateness of the model.

However, compliance is one area that all users would need to address, which ever model they choose. Data sitting on a server may be compliant but if it is off-site in a cloud data-centre it might not be. This is an issue that needs to be nailed.

Disaster recovery in the cloud can provide many benefits, especially for smaller companies, and as cloud technologies becoming increasingly accepted and ubiquitous it’s sure to become increasingly prominent.

A number of service providers are already offering disaster recovery in the cloud and the trend is expected to gather pace in the coming years. If you’re considering it, it’s worth keeping in mind that best practice should guide your decision making, just as it does for conventional disaster recovery. And because it’s a relatively big step you might want to take a step-by-step approach which ultimately results in evolving disaster recovery fully into the cloud.

One year later it has over 300 members, representing over $100 billion in annual IT spend; eight published usage models; the first industry paper on best practice for cloud application development and resiliency; and collaborations with leading standard bodies including the Cloud Security Alliance, the Open Compute Project, the Green Grid and the Distributed Management Task Force.

By any measure the ODCA has been a great success. It’s underlying aim, and ongoing endeavour, to develop a unified vision for long-term requirements for the cloud, is something that it’s well on the way to achieving.

Certainly, this is evidenced by the growing number of influential members spanning multiple continents and vertical industries. And it’s also clear by the publication of eight cloud computing usage models. These models cover four areas: security, automation, common management and policy and transparency.

Security covers two areas: security provider assurance and security monitoring. These provide users with granular specifications required from every solution provider to enable security, and mechanisms that allow real-time monitoring of security level delivery to organisational and regulatory policy.

By meeting the requirements set out in these usage models, cloud users would be assured of robust security mechanisms. Similarly, the automation usage models offer users important safeguards and benefits. For example to ensure increased efficiency of virtual machines, the usage model specifies exact bandwidth requirements for each machine and the total amount of network I/O based on policies.

Regulatory compliance is also another important issue facing potential cloud users. The ODCA regulatory framework usage model sets out the full scope of government mandates from all around the world and provides a reference to international and domestic regulations. For users, it ensures that they can adopt a comprehensive and holistic approach to compliance and thereby avert significant investment further down the line.

The transparency models, carbon footprint and service catalogue are designed to create a consistent approach towards carbon monitoring to enable improved differentiation of ‘green’ service providers. The service catalogue addresses the fundamental issue of how to measure the cloud services offered by a provider and what attributes exist for the service. Another usage model under the transparency umbrella, Standard Unit of Measurement for IaaS, is designed to help with SLA determination.

All in all, these OCDA usage models provide very useful templates to assess, gauge and work out whether you’re getting the service you need, what you need to know to get the service you need and how to receive the best possible cloud service.

These usage models also help the IT supply industry, such as OEMS and ISVs, understand the key business challenges facing IT departments in moving towards the cloud. As a result, it enables them to develop more targeted solutions.

A lot has been achieved by the ODCA in a relatively short time which augurs well for the future of cloud computing, as does the growing and expanding number of ODCA partnerships. The Green Grid for example, aims to improve the resource efficiency of data centres and business computing systems while the Open Compute Project aims to build efficient computing infrastructures at the lowest possible cost. Both are influential organisations and these liaisons both reflect the standing of the ODCA within the industry while also signalling how the industry is evolving towards ever more cost effective and energy efficient forms of computing.

What’s interesting is that community clouds, as new as they are, tend to be less concerned about technology infrastructures and more about the common objectives. That in itself tells you how far cloud technologies have developed and how widespread is the acceptance of the cloud.

These objectives could be meeting the same regulatory compliance mandates, satisfying audit requirements or delivering required service level agreements such as response times. In some senses they are a logical next step for cloud evolution, because each community user doesn’t need their own IT infrastructure, yet they aren’t generic public clouds designed to appeal to the needs of the broadest user. As such, the service focus for community clouds can be very specific rather than broad and general.

Within certain areas, such as the public sector for example, the shared resource model of the community cloud can provide a perfect fit. It supports a specific community, education for example, with each user having a common set of shared concerns around mission, policy and compliance.

However, building a high-quality cloud computing infrastructure requires major investment in terms of expertise, equipment and support. And who would provide this, a local authority or central government? If it came from within the community, for instance a local authority, it’s quite likely that these internal community clouds could be quite limited in the services they deliver and the resources they use because their budgets are limited.

It would make far more sense for these community clouds to be centrally funded, but clearly there are lots of competing budget claims and even more so with public sector activities facing a range of cuts. What’s more likely to happen is that government departments will go out to service providers who specialise in clouds for local and national government. This makes sense for service providers too, because the services they develop could be replicated across regions. For example, within government content delivery and data protection mandates are likely to be similar irrespective of location.

Even at the commercial level, where there are many competing interests, it could also work, as long as the competition between the subscriber companies isn’t too fierce. After all, a community cloud is about meeting a shared set of concerns and these seem to head the list of priorities, rather than a shared infrastructure. But that said, it’s also hard to imagine fierce competitors, in retail for example, agreeing to share the same infrastructure – in fact, I’d say it would be next to impossible.

However, I can envisage companies in the same industry sharing resources that are not business critical such as human resources, pay roll and recruitment. In fact, it’s not too difficult to foresee service providers specialising in specific types of workload for specific industry segments or even ISVs providing their software as a service rather than via licensing. As a result, clouds could target particular industry segments.

A few months ago NYSE Technologies launched the Capital Markets Community Platform, the first cloud platform dedicated to the financial services industry.

It supports a huge ecosystem of NYSE Technologies clients ranging from small and large banks to asset managers and various investment firms. Developed by VMware and EMC, using an Intel platform, it has been designed to increase business agility, simplify market access and reduce trading friction by using rapid on-demand computing resources.

In short, it enables customers to easily access NYSE Technologies’ portfolio of financial services products and buy the computing power they need at any given time so they can focus on their core business rather than IT infrastructure. Users gain cost-effective access to a virtual capital markets community and rapid access to global markets and actionable intelligence. And some of them are fierce competitors.

In a sense, this could be seen as an extension of how some communities work together to access the information they need. The community cloud is certainly an interesting model but one of the big questions is how to extract value from it for all concerned.

At the moment community cloud adoption, within EMEA at least, is almost non-existent (as far as I’m aware). But it is early days. If you have any thoughts I’d be interested to hear.

To briefly spell out the issues around enterprise mobility and the cloud just think of all the different mobile devices out there and their different capabilities. Some can run web productivity and communications apps with no issues, others can’t. Now consider all the new platforms that are emerging: smartphones that are becoming ever smarter, tablet platforms that are seemingly proliferating by the week, laptops with the computing power of high-end PCs and more.

Not all devices are created equal which ipso facto means apps often don’t function to their full potential across different devices. In short, users often receive a poor experience. Within the context of cloud computing, clunky and sporadically-streaming apps that don’t provide full functionality overshadow the benefits of moving towards the cloud.

Yet, with the increasing consumerisation of IT and the growth of cloud computing this is an issue that can’t be ignored or sidestepped. It’s also an issue that needs to be addressed soon given that device proliferation is going to increase many fold in the coming years. A few years down the line computing is not going to be about the device in your pocket in its own right. Instead it’s going to be about how that device connects with the hardware in your car, the sensors embedded in sports stadiums, computing in retail outlets – in short, intelligent connectivity everywhere. This also means a lot of very varied engagements with the cloud.

There are several ways of addressing the issue of poorly performing web apps but broadly speaking a consistent user experience can be achieved by ensuring devices are ‘context aware’. Put simply, this means that cloud services are able to establish what client device is being used and what its capabilities are. As a result, the web application can perform optimally on the device.

This state of contextual awareness can be achieved by creating API’s that let web developers add Javascript to their applications so information about the device can be gathered. This includes details about the processor, bandwidth, screen resolution and so on. The web application then automatically adjusts to the device based on the characteristics of that device.

For example, some of these API functions can include allowing an application to detect wireless signal strength so it can adjust content quality; establishing the CPU type so applications can be optimally displayed or executed; and periodic power updates to inform a user to conclude a process if, for example, battery power is running low. You can find out more here.

In short, client-aware devices expose their attributes and capabilities to the cloud. In turn the cloud must be able to detect device capabilities and choose to either run an application from a cloud-based server for a device with limited capabilities or to download the application and run it on the device when the device has suitable performance and capabilities. Enabling the cloud to detect device capabilities and state will also enable decisions to be made about the type of data the device can access and this will help enterprise IT maintain their security policies.

However, on the road to a truly client-aware cloud, this is only a first step, albeit a significant one. The ideal, which we should endeavour to reach, is a dynamic state in which devices and applications automatically react to each other ensuring the best possible service is delivered. To ensure that we slide fluidly into the age of context-aware cloud computing, rather than jolt along awkwardly, the industry needs to agree on universal standards so all manufacturers can help realise the true potential of the cloud. In turn, this means the end-user is using optimally performing apps whatever the client device.

However, before I get rolling, I’d like to put the need for greater efficiency in context. First up, data centres are estimated to consume 1.5 percent of total world power and that consumption continues to increase. In concrete terms, that’s the equivalent of 50 power stations each year. They also generate 210 million metric tons of CO2, roughly the same as 41 million cars.

A considerable proportion of the energy consumed by data centres generates heat, which under the traditional view of facility management poses problems for the reliable running of servers. Consequently, data centres operators have cooled their facilities to between 18-21C to try and keep the IT equipment cool. Ironically this cooling process consumes a considerable portion of the overall energy demands in a given facility.

We’re in this position for a number of reasons, including the fact that traditionally IT equipment manufacturers have specified their systems to operate at 20-25C. One of the main reasons for this was to ensure reliable operation of the IT equipment. However operating a data centre at a higher ambient temperature, and using natural cooling facilities such as air, can result in reduced energy consumption and in turn lower annual CO2 emissions.

One commonly used metric to quantify data centre energy efficiency is The Green Grid’s Power Usage Effectiveness (PUE), the ratio of inbound power to a data centre versus the power that is actually used by the IT equipment.

A PUE of 2 for example, will mean that only 50% of the power used by a data centre is actually consumed by the IT equipment – the rest is consumed by the facilities equipment cooling the data centre. This is clearly inefficient.

Working to reduce the PUE so it is closer to 1.0 results in more of the inbound power actually being used by the IT equipment and less used in cooling the data centre. This can result in direct financial savings to the data centre operator.

There are lots of ways of lowering a data centre’s PUE but raising the ambient data centre temperature can have a striking impact. Facebook, for example, retooled its Santa Clara data centre to 27C from the average 18-21C. Its annual energy bill correspondingly fell by $229,000, earning it a $294,761 energy rebate.

Intel’s IT department has undertaken some work with a data centre in New Mexico to evaluate the value of high ambient temperatures and the use of natural cooling resources. The data centre had 900 production servers and 100 percent air exchange at 33C. It delivered an estimated 67 percent power savings when compared to the average 18-21C. This translated into approximately $2.87 million savings on the cost of power. There was no humidity control and minimal air filtration.

Another example of using HTA within a data centre is the Yahoo Computing Co-op which developed a data centre that operates no chillers and requires water for only a few days a year. Its estimated PUE is 1.08. It relies on 100 per cent natural air flow which means less than 1 percent of the building’s total energy consumption is used for cooling.

Of course, there are many elements that go into producing a truly energy-efficient data centre, which in turn delivers true cloud-computing benefits. These range from increasingly powerful but more energy-efficient processors to server platform innovation. But the fact can’t be escaped that by raising ambient temperatures, and using natural cooling resources, the energy-efficiency of data centres can be upped dramatically.

While this particular report was not overtly hostile, for example, it acknowledged the many benefits of IT and was even handed in its approach, it did highlight some startling facts. For example, it cited a new data centre in the US run by a well known technology vendor that was tipped to consume up to 100 MW of electricity. To put that in context, that’s about 80,000 US homes, or 250,000 homes in the European Union.

I’ve blogged before about the importance of cloud to energy efficiency in data centres. In fact, I’d go as far as saying that the success of cloud computing really depends on aggressive power management.

This requires a policy-based approach in which each energy component is identified, evaluated and managed. To begin with, there are a number of steps that can be taken to operate a more energy-efficient cloud, ranging from better instrumentation to better power management at the server and rack level, and power management at the facilities level. In turn, this will deliver optimised power consumption and reduce the total cost of ownership. You’d be surprised at the energy savings that can be made if such a policy also includes the capability to monitor and cap power in real-time at the server, rack, zone and data centre levels.

Real-time server power monitoring, for example, can lead to power aware scheduling. Virtual machines can be relocated from power constrained systems to power unconstrained systems for better system utilisation and performance across different clusters. Optimising rack density is another power management method that can make a significant difference. Intel experiments have proven that dynamic power server capping can lead to a 30 to 50 per cent increase in server density and maintain the same power envelope for each rack.

The Intel experiment mentioned above was based on specific hardware and software combinations but it does illustrate the potential for making sweeping power savings. However, it must be pointed out that opportunities to reduce energy use through power capping alone are limited.

The bigger picture needs to change in many facilities. Typically, data centre computing capacity has been based on potentially misleading sources such as peak server power consumption or an approximation based on power loads.

While the industry is advancing and becoming more sophisticated it’s still a reality that in practice, actual power consumption with real data centre loads is much lower than the actual system specifications. This inevitably leads to data centres that are over provisioned for cooling and power capacity.

While cloud technologies are being rightly touted for their management benefits, OPEX rather than CAPEX spend, and ‘on-tap’ application delivery, correct power management can also bring significant benefits for service providers.

I can only touch on the subject in this blog, but I can say while energy-efficiency for data centres that deliver cloud services is still a work in progress lots of advancements have already been made. In short, the use of cloud technologies can give us better understanding and control over server power consumption and enable more energy-efficient data centres. Having a clear set of policies based on real and accurate data will be the key to an informed response to the critics.

In this respect, IDF 2011 didn’t disappoint. One of the things I found most interesting was the announcement that the Open Compute Project (OCP) and Open Data Center Alliance (ODCA) are set to collaborate to accelerate the development of cloud standards. Just to recap briefly, the ODCA is today comprised of over 300 companies who have come together to provide a unified customer vision for long-term data centre requirements. They aim to define usage models, influence industry collaboration and help create common standards for cloud technologies.

OCP is a Facebook-based initiative that aims to transform the energy efficiency of global data centers. Essentially, it aims to share the custom-engineered technology in its first dedicated data center in Prineville, Oregon. This technology delivered a 38 percent increase in energy efficiency at 24 percent lower cost for Facebook, and the specifications and best practices behind those gains are available to companies across the industry.

To my mind, the significance of this partnership is that end-users will be telling the vendors what they want. For example, ODCA members will have computing requirements fed to the OCP. Open Compute members will take on board these requirements and distill them into hardware designs which in turn will become part of ODCA usage models.

These hardware usage models will be available to other companies who can use them as they deploy particular kinds of infrastructure to support specific workloads. It’s an interesting approach because as well as having industry-defined usage models for IT infrastructure, we are now moving towards an industry-defined set of hardware requirements to implement these usage models.

In short, we’re going to have the establishment of detailed reference architectures for specific workloads. For example, we should get detailed specs about power consumption and cooling systems relating to the applications that are running. Clearly this has implications for hardware manufacturers because the typical ‘server box’ approach is going to lose value, when you have in effect bespoke architectures for specific usages.

At one level it makes absolute sense, however, at another it also challenges established practises. But that said, if there is one word that sums up the IT industry, its ‘innovation.’ And if this approach gains traction I’d expect the hardware manufacturers to continue innovating within this new framework.

Certainly the weight seems be shifting in favour of end-users and the OCP is playing a strong role in this. I ask myself is this a revolution that is possible or will we continue to see standard servers and IT building blocks as the way forward for cloud computing?

Some research recently came out from Cisco which reveals that adoption rates for cloud are slower than one might expect given all the hype. I’d say my experience shows more enthusiastic adoption already taking place, and I particularly agree with one of the sentiments expressed in the press release – that people still don’t always understand when they’re actually using cloud services.

The fact of the matter is that for all the hype, cloud computing is not yet a widely understood phenomenon. I’ve read comments from Gartner which imply that the taxonomy of the cloud is probably more confusing than the technology itself. There are times when I’m inclined to agree. In fact, to ensure we’re clear in how we’re discussing the cloud, Intel has published its own cloud taxonomy (http://intel.ly/nJUxPi).

One of the problems here is that cloud comes in different forms, with various benefits and challenges. Keeping it simple, ‘public’ cloud sees services delivered using a shared infrastructure model, typically provisioned from a 3rd party data centre accessed over the internet, and benefits from massive economies of scale. It also brings perceived security concerns, though whether these are valid is determined by the service provider and their security and resilience standards.

The private cloud sees data and applications sit within a data centre that is accessed from behind your internal firewalls and where you control the access rights. This can typically give you more control over how the data and access is managed but may not give you the flexibility and scale that public cloud services can offer.

The prevailing logic for many end organisations is the hybrid cloud, conventionally defined whereby a company provides and manages some resources in-house, while others are provided externally through a public cloud service. It is also possible to architect a solution where you can ‘burst’ out to a public cloud when the capacity of your private cloud is exceeded. Or take reverse approach and contract back from using a public cloud into a smaller private cloud when you no longer need to capacity offered by a public cloud.

This is typically undertaken to capitalise on the huge potential cost efficiencies available using public cloud, whilst keeping mission critical data safely up your sleeve, in your own data centre. And you can’t really fault the logic in this.

However my plea to all the businesses out there when considering cloud computing is to be thorough when assessing security risks – and that includes your own data centre. Private cloud is an increasingly appealing way to manage mission critical data and applications. But just as we’re all increasingly being told to scrutinise every aspect of a public cloud provider’s infrastructure, don’t be too nave to do the same to yourself. The technology for a secure cloud is already with us.

Even since the cloud phenomenon erupted, the security of the server has become an accelerated priority. For example, at Intel we’ve paid a lot of attention to Advanced Encryption Standards – developing Advanced Encryption Standards New Instructions (AES-NI) which guarantees faster encryption without a performance lag. Meanwhile our Trusted Execution Technology (TXT) is in place to secure data being moved through virtual environments. Technologies like these mean that the cloud security question really needn’t strike fear in the hearts of end users.

And it’s worth remembering that the need to stay safe in the cloud applies to your own data centre as well as to public cloud service providers.

A recent blog in the Back Office section of this site discussed the risks that you face if data is held in the US, where the Patriot Act allows gives law enforcement great freedom to ‘explore’ your data. In the example given, the FBI swooped on a data centre to seize data from a single account. The agents were unable to identify the relevant server and so took complete racks in the course of their investigation. As a result, quite a few business websites simply disappeared – and their data too. The message here is that your data, even if your business is carried out in Indonesia for example, is subject to these jurisdictions.

It can also be important to know which countries your cloud provider operates in. Even if your data does not leave your local country, if the provider is a US based company, US jurisdiction can apply to your data. This was highlighted recently when Microsoft was introducing a new cloud service and admitted that data stored in Europe could be accessed by US authorities.

In the UK and Europe we have legislation such as the Freedom of Information Act, EU Data Protection Directive or the banking-driven Basel II to consider. The US Sarbanes-Oxley Act from 2002 also imposes laws on the retention of data. It’s fair to say that the legislation surrounding use of the cloud is a topic for significant consideration (though in reality, it’s already the case for any data you hold that it is subject to numerous and complex standards and laws).

The type of data you store in the cloud can also have an impact on where it can be located and how it is managed – legislation normally relates to certain types of personal/medical data and where this can be stored. For commercial data it is down to to owner to understand the impact of where the data is stored and to assess the implication of legislation on their business.

Whether or not laws are changed, the issues need to be presented in a transparent fashion – and hence widely understood. Where many of us in the industry will be comfortable with a solid piece of technological advancement, we don’t have the legal know-how to navigate a legislative minefield.

I believe that there needs to be within the industry, recognition of the factors which determine the security of data – beyond the technological challenges. Hardware and software vendors, service providers, end-users and even governments themselves need to be alert to the impact this will have on the advancement of cloud computing – and hence to the democratisation of computing services which will be critical in the expansion of many businesses and economies.

This is one of the major incentives of the cloud. Things can move quickly; there’s scalability in a way we’d always dreamed of having.

Imagine your typical dedicated server stack. You make the decisions about the servers, storage and networking and then use this configuration for the following three to five years. During this time, you might need to add some memory, upgrade disk drives and at some point find there’s a pressing need for a significant increase in capacity. You add more servers, and then have to juggle resources when for significant periods of time you perhaps don’t need them. It comes with the territory.

Here cloud is being hailed as a panacea for scalability concerns. It makes possible, and painless, rapid expansion and contraction of capacity for spikes in sales, web traffic or whatever other facet of the business you need to support. This much is clear to anyone following the IT industry in the last year or two.

But the benefits become particularly interesting in the murky world of financial control of IT resources. To become more OpEx than CapEx focussed is an outcome that will see most CFOs biting your hand off. The immediate cost reductions associated with cloud are often debated and it is possible that moving to the cloud may not produce savings, rather it provides a better way to manage costs and to charge uses for what they actually consume. Another consideration is that the actual process of assessing and planning the transition may itself identify areas for cost savings.

Cloud helps deliver better control of expenditure, and when it comes to future resource planning, you can strategise around the provisioning and de-provisioning of resources as required. Not every investment needs to lead to the painful sweating of equipment to recoup value.

This level of transparency and scalability enables better re-distribution of IT spend across the business. For IT teams it may mean an escape from having to go cap in hand for further projects. If nothing else, the exercise of evaluating the costs savings that could be achieved may help lead to a fuller understanding and better management of the infrastructure – be that cost-per-mailbox or the cost-per-app-user. For IT organisations that make the transition to using the cloud, or operating their internal infrastructure in a ‘cloud-like’ way, there is the opportunity to implement processes to charge their users (business units) for their services on a pay-per-use basis - further helping the move to an OpEx cost model.

Of course, out with old and in with the new requires bold steps. And you may not wish to rush down this road quickly. But the flexibility of a private cloud should certainly be appealing and the potential for a thorough cost-evaluation exercise makes absolute sense for the business.