Much has been said on this topic, so I won’t recap the obvious.  The online service had a really bad day. 

Much finger pointing, lessons all around.

However, as we debate various cloud models, a key aspect between public and private clouds has been highlighted here, and that’s around notions of control, transparency and accountability.

Simply put, enterprise IT is always accountable for what happens — whether it’s in the data center, or in the cloud somewhere.

The Quick Recap

I really don’t want to replay the story, but I have to.  During an ostensibly routine infrastructure upgrade, a lot of personal data was lost. 

And there was no ready backup at hand. 

Are you cringing yet?  Most IT professionals wince when they hear stories like this.

Maybe there was a backup routine in place.  Maybe it didn’t get done.  Maybe the backup wasn’t usable.  We may never know.

Now, Shift To Enterprise IT

Within a data center, IT operations is responsible to make sure that (a) backups get religiously done per agreed policy, and (b) these are usable on short notice if needed, especially if a lot of bad stuff is happening.

Doesn’t matter whether the application runs in the data center, or in a service provider — IT is still responsible for the end result.  Period.

Is it acceptable to blindly accept that your service provider is doing this as agreed?  Perhaps not …

The Importance Of Transparency

If I was an IT administrator using an external service provider for my important applications, I’d like to be able to externally monitor that backups were getting done as agreed — using my own tools.

I’d like to be able to independently verify that the backups are usable — using my own tools.

And I’d like to verify that someone hadn’t made a bonehead configuration mistake like having the backup target data on the exact same storage array as the source data, such is the case with most kinds of snaps.  That ain’t a real backup, in my book.

I’d be OK with the service provider actually doing the backup work on my behalf — as long as I had complete transparency into what was being done, and how it was being accomplished.

Not in a high-level “trust me” kind of way, but in a manner where I could directly observe the low-level detail if needed. 

That’s what I can do when applications run in my data center; that’s what I would expect if they ran in an external service provider.

Now, I could choose to ignore all that detail, if I wanted to.  But it’d be there if I thought there was a concern.

It’s Not Just Backup

I think this line of “transparency” thinking can be extended to just about every other discipline where IT is held accountable: security, performance, compliance, licensing, etc.

The “trust me” default relationship we see in so many cloud and service provider models just won’t cut it for many enterprise IT organizations that trust their business to the cloud. 

This is stuff you can get fired over if it all goes bad.

IT will need to be able to probe, audit, interrogate, monitor, etc. IT operations in much the same manner as they do with their infrastructure today.

IT Control and Private Clouds

One of the key concepts of private clouds is the notion of control: IT has the option to remain in control, and not the service provider. 

Sure, the service provider is responsible for whatever they’ve committed to — but IT is capable of monitoring that the work is being done, and being done correctly.

Trust but verify.

Implications For Management And Security Frameworks

This implies a certain level of architectural thinking around “control planes” for fully virtualized environments where some pieces might be run internally, and some externally.

We’ll need to think in terms of federated management models that allow the “rented” part of our infrastructures to be managed, monitored, inspected, etc. — regardless of physical location.

And we’ll need federated security frameworks that do much the same thing.

Not to do a blatant product dive, but I would argue persuasively that you’ll see these exact same themes in EMC’s Ionix and RSA portfolios respectively: federated management, and federated security.

In addition, we’ll also need to see service providers who are willing to “open up” virtualized portions of their infrastructure to be under the control of the enterprise IT organizations that they serve as customers.

Frankly, not a lot of those in the market today — but I’m betting we’ll see more of these kinds of offerings before long.

The Bottom Line

Enterprise IT organizations won’t be big users of any cloud model unless they can trust it.  And, if they’re experienced IT operators, they won’t trust what they can’t see.

Is transparency the new table stakes for service providers who want a piece of the enterprise IT market?