By guest authors Shaloo Shalini and Pablo Chacin
SM: Let’s switch the discussion to security. What are your prime focus areas with respect to cloud security?
MS: We are a bit of an anomaly with respect to security. We are in a B2B business, and we don’t handle a lot of personal information or credit card information or even customer financial information other than the final orders and things like that. It is not the same as handling a lot of third-party information which needs to be secured, as it would be in the case of a financial service or retail industry. I want to be careful when I pontificate here. We have really different kind of business model. But having said that, there is ton of encryption technology that is sitting up there, there are some sophisticated techniques that ensure sensitive data can be pretty carefully camouflaged. I think one of the bigger concerns related to security is to do with data volumes as they start moving in and out of public cloud. The public cloud is a fabulous resource for computer-intensive applications that don’t require large amounts of data. If it had to start moving data back and forth on your wider area networks, in and out of the public cloud, your circuit charges are going to go up. You are going to have latency issues in doing that. Let’s say you want to run a profiling algorithm in a public cloud that tries to predict the three books you should be offered every time you enter a book store. If you try to do that for every customer who tries to enter a store, in every country, with all those transactions set up back and forth in that public cloud, well . . . I don’t know what the volume data would be, but you will start reaching the point where data management issues start to eclipse the benefits of the infrastructure service.
SM: I see. For you, this data security itself is less of a pressing issue, but movement of data in and out of the public cloud into the private cloud or into your data center is a bigger issue. What about vulnerability management?
MS: Getting back to security in the cloud, I think there are a lot of technical solutions to the problem. The stumbling block is more legal or contractual, so on a company-to-company basis you want the public cloud vendor to financially warrant liabilities that could potentially be incurred. I think we really have crossed that step over here. Right now, most of the technology is there. It is one thing to say we have got the solution that works most of the time, but it is not same as finding a contract that covers each liability.
SM: I see. So, today, there is a risk that if the cloud vendor lost a whole bunch of your data, you wouldn’t really have recourse.
MS: Correct. If in a class action suit you were to sue the company that put the data there, or try to sue through to the deep pockets, presumably, of the public cloud vendor, I think the contract is in such a way that there is no real protection or recourse for you, contractually speaking. But again, there is an abundance of technical solutions to avoid scenarios where your data gets compromised.
SM: What are your thoughts on technologies such as Qualys or Proofpoint? These vendors are going heavily toward offering vulnerability management and a variety of cloud security protection through the cloud architecture itself. Is that something you are working with or looking at?
MS: No, in fact, it is probably unique to both the industry that BMC is in and the size of the company. For a larger company in retail or financial services, or medical or pharmaceutical kind of environment, then security could be a bigger problem.
SM: Our final topic is entrepreneurship in the cloud. What are you seeing on your radar that you don’t find current cloud vendors addressing? Are there any entrepreneurial opportunities that you see in the cloud?
MS: That is an interesting question. I think one the notional idea that is floating around is industry-specific clouds. One of the chronic examples of this is a hedge fund. Say the hedge fund wants to perform complex calculations and computationally intensive algorithms. But those algorithms run on fairly standard sort of data. Frankly, everybody starts with the same information about stocks, how they have traded in the past, and how they correlate with each other. So if you have substantial financial information which can be dumped in a common database, then the value comes in the form of unique algorithms. If you think about building a computationally intensive public cloud somewhere in the New York City metropolitan area, the hedge fund people can show up and take turns to run their models at night or during the day. If such a setup is delivering their answers, then no one hedge fund would have to build supercomputers. I have also been told there’s some collaborative interest from pharmaceutical companies that offer to perform calculations that are very intensive and predict the outcome of drug testing and modeling.
There’s a lot of work that’s done on WAN acceleration, reducing a lot of latencies that exist on the network, and that might be another breakthrough opportunity as far as public could computing is concerned.
You remember “Minority Report,” the movie in which Tom Cruise is walking in a mall? Imagine you walk by different stores and they invite you personally to come in, because they have the product you want, they got it discounted for you. They could know your favorite screensaver, the name of your kid, the name of your best friend, what book you bought last, and so forth. That could all be grabbed and displayed in a very short period. But the computing resources for doing that could probably eclipse what a retailer would be able to afford. They could be able to tap that in a public cloud and find demographics if the WAN latency issue is addressed. That would make the public cloud more acceptable for larger volumes of data and provide some pretty interesting business models.
SM: This is basically the holy grail of Web applications. The concept of intense personalization has not been done yet; it’s not being done very well. Whatever little bit we see on Amazon and Netflix is about all that exists today. It’s not only a computationally intensive problem but also a huge issue about who has the data, how is the data organized, and how that data is correlated. These correlation algorithms are very complicated, and that is a very hard problem.
MS: The two big issues that CIOs at retailers grapple with today are first, present space retailing. Will a buyer or customer opt in, or agree to, what you, the retailer using the information about where they physically are. Say a big brother keeping an eye on you day in and day out where you are traveling.
Do you want them to market to you based on your individual buying patterns in the past? Or do you want them to just affiliate you to affinity groups?
Again, the first question is you have the choice to opt in. I don’t think they want to stand up legally and just keep up a file on you and your personal buying patterns.
They would much rather do what Amazon does, which is find out that you and other 70,000 people bought some collection of books. Therefore we get pretty good idea about what all books you may be interested in buying right, without ever saying we know exactly what book you bought. So you are part of the affinity group.
So, think of the generational changes that will happen. Today’s Facebook-using generation keeps its perspective on technology, the people who opt in without thinking about it.
Maybe a different generation will be concerned in terms of privacy concerns and Big Brother-type tracking. There is a generation coming along that are willing to give up on privacy in return for a 10% discount.
SM: I think the promise, if you are willing to give up some privacy in return, is of a highly tailored user experience in whatever domain you chose to [be in].
MS: Exactly. In effect, there are a lot of possibilities if you really think about it. People have started using Twitter to consult their friends and associates for making different kinds of buying decisions. That could be done in a far more structured and interactive way if a store wants to offer that capability.
SM: This is a domain of great interest to me and it is a domain not really addressed well by entrepreneurs yet.
MS: I was interested at Dreamforce user group meeting that Salesforce had last November. They had a speaker from Avon. He explained how they went to colleges students and said, If you use Facebook or Twitter, whatever you social networking you use, leverage that to spread the word about Avon to your friends, and we will give you a kickback. This was not cash but in terms of discount on products. So it was kind of a massive Ponzi scheme, trying to get friends of friends of friends buying stuff, and since then they have grown explosively apparently. Tens of thousands of women are participating on a monthly or quarterly basis. The funny thing about this is that they got young women who were the instigators who did not think of themselves as if they were selling anything. They thought that they were sharing useful information with their friends
SM: Very interesting! That is the affiliate model that Amazon came out with back in mid 1990s when we were just starting out with Internet. I think it is the same psychology of kind of just using others’ channels that have a closer affinity, closer customer relationship, and just using those channel to provide information.
SM: I really enjoyed this conversation with you Mark, it was very insightful. Thank you for your time.
MS: Thank you.