All hail the Cloud

Craig McKenna

Evolving growth markets, advantages of Cloud for SMEs as well as big business, security risks and data breaches, the advantages of Blockchain and challenging the Big Three cloud providers, were all hot topics as Business Daily sat down with Craig McKenna, Director of Cloud and Cognitive Data Solutions for IBM, Asia Pacific region.
What sort of growth do you see in the markets you cover?
Australia/New Zealand is quite a mature market, highly competitive – every single vendor under the sun operates in it. Then we get into slightly less mature markets, both in terms of procurement processes as well as business maturity, in some of the other geographies. But we see more growth in those areas though. See for instance, India last year in particular, went through a massive growth curve because under Modi there was a big investment around ‘digital India’, which drove a lot of government spending, but also there’s often been commercial-spend associated with that. And just in the last two quarters we’ve started to see ASEAN, in terms of at least my results. India’s starting to slow a little bit again now, but it’s been the growth market for me for the last 18 months.

Is that pace going to continue to accelerate?
It will, and that’s where the benefit of things like Cloud come. Everybody wants the best infrastructure they can buy, but simply you can’t afford it. Cloud gives people the ability to tap into resources of that nature. For instance, a three person advertising company could hardly afford an IBM mainframe or an IBM power server running IBM flash systems underneath it and getting all those benefits. But they can subscribe to either a Cloud provider or a manual service provider who gives them access to a slice of that infrastructure. So they get the performance, they get the availability characteristics, they get all the benefits, without having to pay the flag fall on having their own infrastructure.

In terms of security, what is the main difference between a small company’s use and the government or financial services side?
Well a lot of it’s around legislation and or governing bodies like auditing bodies and so on, and associated penalties. Say for instance a data breach in the U.S. – if you have a data breach you actually have to tell the world that you had a data breach. It’s not mandated the fact that you have to report a data breach in most other countries in Asia. This is on the government and private sector side. So any financial services company, if they’ve had a hack and some of the customer data’s been released, they’ve got to tell the world. And they get big fines associated with that. But they’ve also got to inform the customers and inform the public in general that they’ve had a data breach. That’s not required in most other countries. I think you’ll find there’s been a lot more data breaches than you’d know about, simply because we haven’t historically had to report on it.

Have you found that in recent years people have been tightening up security?
I think that there’s a bit of scare tactics around the Cloud. People move to the Cloud and the first thing people say is ‘oh your data’s not secure’. And it actually is relatively secure if you’re going with a reputable vendor. Is it invulnerable? No, it’s not invulnerable. And a large data breach on a huge global Cloud environment could expose a lot of information to people who shouldn’t get a hold of it. [In part that’s why] we’re seeing a huge uptick in interest in things like Blockchain.

How did Blockchain gain importance?
It actually came out of Bitcoin. Actually IBM now is working very heavily in it, particularly in financial services. Because what it creates is a shared immutable, secure, ledger. So anywhere where there’s a supplier-vendor relationship, or multiple suppliers as part of a value chain, it’s open for interpretation, it’s open for human error. There’s a lot of distrust and a lot of holes in the system where fraud and things like money laundering and so on can go undiscovered. So with things like Blockchain, you’ve actually got effectively a shared ledger. You can only see parts that you’re allowed to see, but you all have a shared view of the contract, the terms, the money flow, everything in the entire value chain is part of this single, immutable, and trusted point of truth.
So it’s going to have a profound effect on a lot of industries, and I suspect things like credit card fraud and money laundering will become more difficult as the world adopts technologies like Blockchain. And there’s huge operational savings, billions and billions of dollars of operation savings as well as it being broadly applicable to anything – anywhere where there’s a consumer-supplier relationship.

Have you noticed that there’s been more interest from countries with growing casino presences in products such as Blockchain?
I’m not a Blockchain expert per se, but certainly the greatest level of interest has been in financial services. We’ve got a number of proof of concepts going with some large financial services institutions around Blockchain. People aren’t really deploying it in production yet. But most of those projects are on the distribution/logistics side or financial services today. But if you look at the sort of applications it can have, it is broad. It will be across any supplier relationship.

How long before it will be mainstream?
It’ll be mainstream in financial services I think within three years. And other industries will follow, pretty quickly I suspect. If they interact with that financial institution, they’ll be interacting with Blockchain effectively, but they may not necessarily be part of the Blockchain ecosystem, for awhile.

What similarities do you see in the different markets in Asia-Pacific?
They’re similar in a lot of respects. Customer demands are very similar.
Now going back five, six years ago, it was very common in China that once they got to the end of a lifecycle of an asset they would just rip and replace absolutely everything. That was because times were good, growth was good, there was plenty of money in the economy. But we weren’t seeing that in mature economies where they would bleed assets, they would slowly turnover and roll out assets as they became a burden on the books. It was never a rip and replace mentality. So most of the technologies we’ve dealt with and brought out in the last five or six years, are with that in mind. People don’t just rip and replace, they evolve, they make what they’ve got more efficient, drive as much efficiency as they can while setting themselves up for the future workload. And I think you’ll see in China now that their behaviour has completely changed. They’re starting to do a much more slow-paced refresh of technology, a little bit more of what we consider a more mature approach to evolving their infrastructure.

If you talked about Cloud computing ten years ago, there would be very few people who knew what it meant. How about now?
Yeah, they didn’t but a lot of them were using it. We called it something else at the time, we come up with cool terms, so the idea of aggregated, centralised, processing goes back about 60 years. It’s called a mainframe (laughs), so in a lot of respects people have been ‘Cloud-ing’ for a long time, but things are cyclical.

Should everyone go ‘Cloud’?
Three years ago it was all public cloud: ‘move to Amazon, move to SoftLayer, move to…move everything!’ And the reality is you can’t move everything, so the pendulum swung back to this idea of hybrid-Cloud, where it makes sense to do some on-prem (on-premises hardware), some off-prem. But that doesn’t mean, and I hate this term, but it doesn’t mean you don’t ‘Cloudify’ your on-prem stuff. You still want the flexibility, the agility, the automation, on-prem – to drive efficiencies. It’s just that the workload itself is, for whatever reason, it doesn’t translate well to Cloud. So you need super-high performance computing and storage, which is hard to get on the Cloud. Or you’ve got privacy and security concerns and it needs to stay on-prem.

Is data more vulnerable when it’s in transfer?
In storage we tend to have a lot of data which is at rest. So once it’s written to disk or tape it’s encrypted. So if you then read it off, if you read it back out through the same system, it’s not encrypted, you can read it. And data in transit, well it depends on the security of your network. If it’s not encrypted and it’s going across the network and the network’s not well secured then, yes, it’s much more vulnerable outside of a firewall than it is inside a firewall.

How long has IBM been present within Cloud?
In some respects we’ve been doing Cloud for a very long time. Clearly our acquisition of SoftLayer put our stamp on a public Cloud per se. But through our outsourcing and global services organization, we’ve been offering private-managed or private-hosted Clouds under a different name, to be fair, for at least a decade.

Who are the Big Three and is it advantageous to be known as one of the primary public cloud brands?
Basically I’d say it’s Amazon, Azure and SoftLayer. They’re the three most well known public cloud brands. There are certainly other ones, but they’re the most well known.
As a storage guy, I find it frustrating that we’re not particularly well-known even though most of the storage technologies on the marketplace IBM actually invented. I find that a little bit frustrating, but I also understand the broader strategy here and I think there’s a tighter linkage now than there ever has been with storage, in particular in the Cloud and cognitive world.

Which markets were more prone to jump quickly to the Cloud, the mature or less developed markets?
It’s a bit of a mixed bag. Whilst those more mature economies, where some of these Cloud providers started up first, like Australia/New Zealand for instance, that’s the first place that they drop a point of presence. Because it has reliable networks, reliable power, mature economy, customers who want this. But there’s also a level of maturity in the clients, where they’ve been through hype cycles before: ‘let’s do an element of due diligence on this and I’m not going to throw everything at it, I’m going to throw a few workloads at it, learn about it and see how it works’.
I think probably the ones who moved more aggressively were probably more the Small and Medium Enterprises, for a variety of reasons. Mainly because there’s far less legislation that prevents their moving, or makes it difficult for them to move, around privacy and so on. As well as they also have fewer IT skills themselves, so they see the utopia that ‘someone else runs that for me’. And obviously also they’re relatively smaller infrastructures. So it’s not a 10-year exercise to move their data to a new Cloud provider. So I think it’s more of those medium size enterprises that might have gone a little bit too hard too fast and they’re now sort of in that position of saying ‘now how do I get back off it or how do I get the right mix’.

How advantageous are Clouds to start-ups?
Well, start-ups in a lot of respects, I mean if you don’t have legacy infrastructure then you need to go buy your own or you can run a virtual infrastructure on a Cloud, so a start-up sort of makes a lot of sense because laying out a massive amount of capital when you’re a start-up is kind of dumb. It might cost you more to do it as a model on a Cloud, but at least if the start-up doesn’t workout, at least you don’t have a white elephant sitting on your data centre floor. You just turn it off and stop paying for it. And that to an extent, I think that it’s an enabling technology for start-ups. Be you a software developer or running your own online business, the impediment or the barrier to entry, is gone.
You literally just get on and put your credit card in and spin up a VM (virtual model).

Are there more hacking attempts on some of the more-secure, bigger Cloud providers, or more-so the smaller more vulnerable systems?
There are so many layers of intrusion detection and prevention that you’d have to be pretty talented (to hack a secure provider). And then if you did break in, how much could you actually glean? A lot of the data is actually distributed across multiple systems. So, can you reassemble the data from the fragments that you’d gain? And in some cases yes. They do have data breaches that go on even in robust financial institutions, they have issues. So I’m sure all those things they’re certainly possible. I think, you’re a bigger target, but I also think you’ve got a level of maturity and capability that you should be more impervious to that increased threat.

In most cases, the threat lies mostly on the employee side, is that true?
Yes, disgruntled employees are probably the biggest data threat you have. Stealing data, or putting it on their laptop, or publishing it or taking it to the next business. That’s absolutely the biggest data breach issue out there. Which is why things like data at rest encryption is important, because you can take it, but you can’t do anything with it. Or you can’t actually read it or assemble it.
Irrespective of where the data lives, your security protocols need to be across the entire infrastructure. So that means you need to encrypt data in flight, or data at rest, or certainly encrypt the data on the network. Your considerations around security don’t stop just because you outsource it to a Cloud provider. At the end of the day, you’ll find that most Cloud providers take no responsibility for your data. It’s your problem to secure it.

So would that be applicable to Dropbox, the normal free version? Does that mean there’s not a requirement for them to protect the data?
It’s more reputational. So is it a requirement in their contract? No. If they lost all my data, when I called them they’d probably say ‘I’m terribly sorry about that but we’re not responsible contractually so there’s no legal obligation.’ But certainly the reputational damage would be astounding.

What new technology is on the radar?
Some of the technology, from IBM and others, that’s coming out is staggering. It’s human-like in terms of its ability to understand, ingest, learn, and apply almost critical thinking, but it’s really just going through a set of probabilities and figuring out what’s the most probable – which is what we call critical thinking. But it’s doing it in a computational sense, understanding a language.
There’s a lot of applicability in a lot of industries, but will it actually ever, fully take over? (laughs). Some people are afraid that that may happen.
For IBM at the moment, that’s a long way away. In our view, that’s still decades away from getting to that point. But having said that, they’re still setting up, making sure that we have a sort of governing body of various parties, government bodies as well as sort of private think tanks, as well as private corporations such as IBM are sort of establishing an oversight group.

Having such a powerful computational tool, do you think it will push people further away from the services sector and more into the primary sectors as things were before?
Everything’s going to change. But every revolution has created problems. The industrial revolution created a whole bunch of issues with labour in that sense. But what it actually did it is created a whole bunch of new careers, new roles and so on. So as long as you retrain, you re-skill and you’re always building for the future, it’s something that – whilst it will certainly destroy a number of jobs - in some respects is also going to create a whole new industry around it.