tag line

moving IT to the cloud with service not servers

Saturday, 10 February 2018

SaaS is a big boys game now.

With the release of Chrome V68 planned for July this year all external websites not using HTTPS will be marked as “not secure” by default. I expect this event to be followed by protests that this will ‘break’ a number of important web sites that education relies on.

Perhaps a more measured response would be to question why these important web services are still transmitting data relating to staff and students across a public network without encryption.

Analysis of the traffic shows that over 78% of all traffic on Chrome OS already uses HTTPS. The technology is simple to implement and is well understood and so, after many years of cajoling, Google have decided to call time on the remaining traffic. There can be no complaints.

While we’re on the subject lets add a few more things that need to be shown the exit.

Adobe Flash.
No more Adobe Flash, the software is inherently insecure, it can’t be fixed and it has no place in an modern web app. With the release of V56 of Chrome, Google started blocking flash by default and although there are workarounds to re enable the plug-in, vendors should see this is a clear warning that the days of Flash are numbered. Adobe has announced that support for Flash will end in 2020 giving a fixed date for it’s final demise which is only 20 months away. Ask your vendor when you can expect to see a Flash free version of the site. If you get no response then you need to start looking for an alternative.

Local user databases.
SaaS services should have the option to use the authentication services and directories provided by Google and Microsoft. Nobody should expect to maintain a separate user database with passwords any more, especially within education.

Lack of a data policy.
In the European region new data protection regulations under the banner of GDPR are now in place and from May 25th it will have will have a global reach. While the SaaS application might be based in a non-EU location so long as the subscribers that use the service are located in the EU the publisher must comply with the regulations.

Other than having a clear policy as to why data is being stored and how it’s being used, the rules cover a whole range of requirements including physical security and the Right to Erasure (“Right to be Forgotten”).  While the big players such as Google G Suite and MS Office 365 have moved quickly to fulfil these requirements other SaaS providers have still to make their position clear. In the past these policies were simply considered good practice but in the future the legal team could get involved and that's not a good place to be. So ask the question of your SaaS vendor “Do you comply with local data protection standards” ?

SaaS is maturing into a powerful  platform for delivering software to all sectors of the economy and the days of the enthusiast website are over. Individuals and small teams can still create amazing services using the development tools provided by the public cloud. In fact the time has never been better to make that pitch - but you have to get it right from the start.

For those services that were launched a decade ago that are still running Flash over HTTP with a local user account database I’m afraid those days are numbered because Google, Microsoft and the regulation authorities are pulling the shutters down. Not before time.

SaaS is a ‘big boys’ game now and that includes HTTPS.

Wednesday, 3 January 2018

There's no such thing as hybrid cloud

One advantage in running a tech blog is that you can use it to sound off. It’s like therapy, only cheaper.

So let’s get one thing straight - whatever the marketing hype would like you to believe there is no such thing as hybrid cloud. As defined below, it's a meaningless concept.

Hybrid cloud is a cloud computing environment which uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms.   

The thing is, to have a hybrid cloud you first have to have a public cloud and a private cloud and while everybody has the first bit, nobody has the second bit.

The public cloud is a very special thing.  The scale at which it operates and the way it’s designed and managed is light years away from the virtual machine based infrastructure that today passes for a local private cloud. They couldn’t be more different.

To pretend that an on-premise cluster running virtualized servers is a private cloud is a bit like comparing a nuclear power plant to a pack of AA batteries and believing they must be the same because they can both be used to light a room; they’re not. Unfortunately, because you need a private cloud before you can have a hybrid cloud, it follows that hybrid cloud doesn't exist.

At best what you have is Hybrid IT, an arrangement in which on-premises infrastructure makes use of the public cloud and may even exhibit a degree of integration but simply linking your VMWare cluster to AWS, GCP or the Microsoft Azure cloud doesn’t result in a hybrid cloud.

So if hybrid cloud is a myth why am I reading so much about it?

I think it’s attempt by some vendors to hitch their  wagons to public cloud before it rolls out of town. To appear current and relevant they have to have a story and hybrid cloud (plus a sprinkling of digital transformation) is that story.

The elevator pitch is that to stay competitive you should be using public cloud but to use it effectively you need to buy more proprietary hardware and install it in your datacenter. I’m not sure that's really true but it sounds plausible and it certainly sells kit, so good luck to them.

In the future will businesses be running processes in local datacenters and shifting workloads to the cloud? It’s possible but not without moving away from the Virtual Machine (VM)  being the unit of compute. They are too big and unwieldy, carry an unnecessary amount of overhead and new technologies are set to replace them.

So when that happy day arrives will we all be running a hybrid cloud?

Maybe but it’s more likely that somebody in marketing would have come up with a better buzzword and the world would have have moved on.

So there you go.  I may be wrong, I may be right - all I know for sure is that I feel better already.

Happy 2018!