Microsoft’s Cloud Service Hints at Future for Enterprise “Desktop”

Originally posted at : Internet Evolution – Sean Gallagher – Cloud Service Is a Portent for Enterprise Desktops.

Microsoft's offices in downtown DC

Microsoft’s K Street office entrance

A day before the 30th anniversary of the unveiling of the personal computer, I was at a Microsoft media event in Washington. Called “The Future of Federal Work,” the event was intended to show off Microsoft’s Office 365 cloud-based collaboration and productivity platform in the context of how federal agencies will use it. But the event also offered a look at how Microsoft envisions the future of business computing in general, and what place the PC holds in that future.

With the rise of the Web and cloud computing, IBM’s Mark Dean has said that we’ve entered the “post-PC” era. Microsoft vice president of communications Frank Shaw says he prefers to call it the “PC-plus” era, since the PC is becoming just one of many devices people use to access and work with data.

The PC isn’t dead — it’s just becoming harder and harder to define what a PC is. And based on what we’ve seen of Microsoft’s plans for the Windows operating system, the divisions between cloud, desktop, and mobile device applications are going to get even more blurry.

Office 365 itself is evolutionary rather than revolutionary. The biggest change may be in the business model for delivery. This platform gets customers out of the business of maintaining software infrastructure and the servers that run it, providing these elements through the cloud. And in the case of the government, that cloud is a private one.

Chris Niehaus

Chris Niehaus

Chris Neihaus, director of innovation for Microsoft’s US public sector business, said at last week’s event that Microsoft “used to be like Blockbuster, and now we’re evolving our productivity business to be more like Netflix.” As with Netflix, you can still get software delivered on disks, or you can download it on demand from the network on whatever device you have handy.

The demo of Office 365 was conducted on a set of giant touch-screens in Microsoft’s new Innovation and Policy Center in Washington. It was intended to show that the service bridges from thick-client desktop to browser to mobile device app with the same user interface, and it largely delivers the same user experience.

“The features and capability might not be at parity” across all devices, Microsoft public sector CTO Susie Adams said. “But the user experience is the same from a productivity experience.”

For many large enterprises, including government agencies, that commonality of experience, plus a previously installed base of Microsoft’s productivity tools, make Office 365 awfully attractive. This also means that previous investments in leveraging Windows management tools to enforce user authentication and security policies are largely preserved. And enterprises don’t have to invest in additional user and IT professional training to support this deployment.

A number of federal agencies are already using the service. Those that bought the predecessor Business Productivity Online Services-Federal (BPOS-F), including the Department of Agriculture, are being converted to Office 365 as the new service is being certified for compliance with federal information security management standards.

One part of Microsoft’s vision for the “future of work” was only hinted at during the demos. That part is Windows 8, the next release of Microsoft’s operating system, which will prominently feature applications based on HTML5 and JavaScript — already the standards for cross-platform mobile application development. By leveraging touch, clouds, and Web services, the next generation of Windows will further blur the line between what happens locally on a device and what happens in the cloud.

That approach isn’t unique. In fact, some may see Microsoft’s direction as a concession to victories by Apple and Google in the mobile realm, as well as by the Web over Windows as a development platform. But if people end up running Windows apps on their iPads and Androids, I hardly think Microsoft will consider that surrender.

— Sean Gallagher is an award-winning IT journalist and the former head of InformationWeekLabs. Gallagher is now an independent journalist and technology consultant based in Baltimore. He can be reached at: gallagher.sean.m@gmail.com.


Private Clouds, Self-Service IT, and the Power of Transparency

On February 17, I spent the day at Cloud/Gov, a conference on government use of cloud computing hosted by the Software and Information Industry Association and INPUT. One of the things I heard consistently from the federal IT leaders who presented and from those I met during networking breaks was that one of the biggest motivators for a move to the cloud is the financial transparency it provides. In other words, cloud services show exactly what agencies are actually paying for with their IT budgets.

Read the rest of this post at: Virtual Integrated System Blog – Government – Private Clouds, Self-Service IT, and the Power of Transparency.

Enterprise IT, virtualization

Virtual Integrated System Blog – Government – Are Feds Putting the Cloud Before the Horse?

The Obama administration has made “Cloud First” a key part of its strategy for creating a more efficient government IT infrastructure. But simply adopting cloud-based services for new IT acquisitions isn’t going to make the IT management situation any easier.

“We’re hearing from many agencies that the OMB (Office of Management and Budget) will consider cloud as a core element as part of a larger strategy around IT services,” said Kevin Smith, Dell’s marketing director for the Virtual Integrated System architecture, at a recent Ziff Davis Enterprise eSeminar on cloud in the government. “But there has been some criticism, from those who feel that agencies should continue to create open, manageable and uniform infrastructures before they start shifting to cloud platforms.”

As I’ve mentioned here previously, the federal government has been pretty aggressive about creating open cloud standards. The Federal CIO Council’s FedRAMP initiative and the National Institute for Standards and Technology’s SAJACC efforts have laid the groundwork for security and interoperability standards for cloud services, and NASA’s contributions to the OpenStack initiative to create an open-source cloud infrastructure have done a lot to create an open implementation of cloud computing that others can build on. But all the interoperability in the world doesn’t help get the government’s application infrastructure out of its sprawling population of data centers and into a shared cloud environment.

Federal IT initiatives will not be well-served by simply buying software-as-a-service, or platform-as-a-service, or infrastructure-as-a-service from an approved Apps.gov provider and then throwing virtual servers into the cloud. Adding externally hosted cloud resources to the management stack for federal IT managers who are trying to consolidate their internal applications in accordance with OMB’s data center goals just creates another degree of complexity in the process, and another set of processes and management tools that need to be mastered by IT staff.

Read the rest of this post at:

Virtual Integrated System Blog – Government – Are Feds Putting the Cloud Before the Horse?.

Cyberdefense and Information Assurance

NIST Sketches Map to Secure Public Cloud for Feds

NIST has just published a draft set of guidelines for government agencies to follow to ensure security and privacy compliance when they use public cloud services, such as Google Apps for Government.  Written by NIST computer scientists Wayne Jansen and Timothy Grance, NIST Draft Special Publication 800-144 is the product of several years of work examining cloud computing, and comes just as the federal government is instituting a “cloud first” policy for new IT projects.  While it’s still in draft phase for comment, the recommendations included in it apply not just to federal agencies, but to any public sector organization looking at possibly using public cloud services.
Entitled “Guidelines on Security and Privacy in Public Cloud Computing” (PDF), it takes a deep dive on all of the concerns, precautions and policies that agencies at all levels should be aware of when looking at public cloud services, and even offers up the City of Los Angeles’ conversion to Google Apps for Government as a case study of what can go right and wrong in a migration to cloud. Google had to make some extraordinary contractual concessions to the City of Los Angeles to meet the city’s needs, and it’s not certain they would be able to be so flexible for many state and local governments’ requirements.
At a high level, Jansen and Grance’s recommendations fall into four major categories:
  1. “Carefully plan the security and privacy aspects of cloud computing solutions before engaging them.” Before even looking at cloud solutions, an organization should make certain that they fully understand the privacy and security requirements of the data that will be handled.  Not doing due diligence on all of the potential privacy and security issues in advance can lead to roadblocks to deployment later—or worse, major breaches in security or exposure of citizens’ private data. The City of Los Angeles was caught by surprise when it found that its cloud solution wasn’t in alignment with federal data protection regulations for public safety data, for example.
  2. “Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements. “ The financial advantage of cloud services usually comes from the same advantage that drove Henry Ford’s model of manufacturing efficiency: “You can have any color, as long as it’s black.”  Most public cloud services—be they infrastructure-as-a-service, platform-as-a-service, or software-as-a-service, were not built with public sector regulatory requirements in mind.  Agencies need to do an analysis of the gaps between what cloud providers have and what their own privacy and security demands require—and then determine whether the cost of getting that sort of solution from a cloud provider makes going forward with a project financially feasible.
  3. “Ensure that the client-side computing environment meets organizational security and privacy requirements for cloud computing.” Just because the application and data are secure at the back end in the provider’s cloud doesn’t ensure the overall security of the solution.  It’s easy to overlook the client side, which can create a number of potential security problems—especially if SaaS applications include support for mobile devices.  It’s important to take issues like how to lock down smart phones and other mobile devices from being able to gain access through cached credentials, for example, if they’re lost or stolen.   And there’s also the issue of how the public cloud service will integrate with identity management and established authentication standards already being used in the organization.
  4. “Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.” Outsourcing the infrastructure doesn’t mean an organization is outsourcing responsibility.  Public cloud should be handled like any managed service or outsourcing arrangement—agencies need to be able to ensure that security and privacy practices are applied consistently and appropriately in the cloud just as they are to internal IT resources.  That means that agencies should ensure that they have visibility into the operation of the cloud service , including the ability to monitor the security of the cloud assets, and continually assess how well security and privacy standards and practices are implemented within the cloud infrastructure.
Networking, Phone apps, Software

Four Tech New Years Resolutions from the ‘Cloud’


Time (and technology) continue to march forward, and it’s time for New Years resolutions again.  This year, you should include some technology-related resolutions that take advantage of  “cloud” applications—software that uses the power of Internet-based servers to deliver services to your PC or mobile gadget—to to make your life simpler and better in 2011. Here are some tips on resolutions you should keep in the coming year:


read more