Intellectual Property Magazine - Cloud Computing: What In-House Counsel Needs to Know

Posted on March 6, 2011 by Sam Conforti

 

Intellectual Property Magazine - Cloud Computing: What In-House Counsel Needs to Know

Intellectual Property Magazine asked me to write an article for their March 2011 issue. We discussed various topics and ultimately settled on the subject matter in the title of this Blog posting above. Our arrangement allows me to publish my work in my Blog. The graphics in the published article are really quite amazing. What follows is the text of my article minus the graphics:

 

Cloud Computing: What In-House Counsel Needs to Know

The only constant is change. I remember being at an Oktoberfest back in the late ‘80’s. My friends and I noticed a young man wearing a phone on his belt. We laughed and thought how self-important he must think he is. Well, I confess that today I do not leave the house without my Smart-Phone firmly attached to my belt. I can make and receive calls, send and receive emails, surf the net, and even take a picture if needed. The old adage “Change, embrace it” holds true in today’s technological environment. 

It is said that the speed of processing chips doubles every 18 months. There does not seem to be an end in sight in the growth in sales for the ubiquitous mobile phones. Apple’s iPad is all the rage and the Apple stores cannot keep them on the shelves. The number of applications to be written for all mobile computing devices in the coming year is staggering. So the next phase in innovation in this burgeoning IT industry is Cloud Computing. The term “Cloud” gives the concept a rather nebulous tone. Studies show the sales in the Cloud Computing marketplace have doubled in the last few years and there is no slowdown in sight. Let’s first define exactly what Cloud Computing is in order to rid ourselves of the uncertainty and then examine its advantages and disadvantages.

Cloud Computing – What is it?

Software as a Service, also known as SaaS or On-Demand, is the term most closely associated with Cloud Computing. The key word is “Service”. SaaS acts similar to a linked network of computers, or a cluster of linked networked computers, to perform different functions. This cluster of networked computers acts as a virtual supercomputer. Each person working on his or her own laptop computer is provided with the exact application they need to work and perform the tasks on their part of a project or to perform their assigned tasks in their area of work in the corporate entity. These applications are provided to that person via the internet. The user can work remotely and the applications needed are accessed by them from the internet through their web-browser. It is a seamless delivery system and it appears to the user that the applications are installed on their lap-top. The software and the data generated are not stored on the premises or the user’s own hard drive, but rather on shared servers at the vendor’s site.

What are its advantages?

The major reason usually given for Cloud Computing is that SaaS is faster to get up and running into a productive environment when compared to a full blown enterprise wide implementation and therefore a much less expensive alternative. Hand in hand with the touted speed to productivity is the claim that the enterprise can avoid the upfront capital expenditures for additional or specialized hardware that are usually required in most Enterprise Resource Planning (“ERP”) implementations. The servers are not on premises. It is a shared server array at the software vendor’s site. Since it is a service, the pricing is based on a per seat use rate and so the millions in the initial cash outlay for the software suite are non-existent. The theory is that the enterprise pays for what one uses and no more. Depending on the application, the pricing might not be exactly pay as you go, but a hybrid. The software vendor may have a subscription based pricing for the estimated number of users or hits required over a shorter period of time. This pricing model can then be adjusted as events require. Another advantage to this delivery model is that it is easily scalable and provides flexibility as projects or the enterprise at large experiences growth. Users, storage space, and upgrades to new versions and releases to the software can all be dealt with as the needs arise.

What are its disadvantages?

Security is the paramount concern. Where’s my software? Where’s my data? We have government regulations to adhere to. There are new banking regulations and new privacy rules. What about protecting non-public personal information? How do you assure me that my data does not get mixed up with another entity’s data? And the list can go on and on. 

How do we address these concerns?

Cloud Computing is inevitable. Given the centralized nature of Cloud Computing, security becomes more efficient. Instead of fighting the concept, it might be wiser to prepare for its eventual acceptance and implementation.  It is a good idea to train your IT department personnel for the change so they can have a shorter learning curve when the switch is made. One way to approach this matter is to initiate trials for your personnel by creating an innovation sandbox in the cloud. Contractually, this is the time when in-house counsel needs to lean on the “techies” on the business team. Actually both sides must feel comfortable with the solutions to the security issues. Let the business teams gather all the questions and all the means to address those concerns. Then it is the contract draftsman’s job to memorialize these areas of concern and the consequences into the contract to be signed if such matters are not met. 

The teams must agree on the specifications of how the data is to be isolated and protected. Include language that allows and mandates that the customer’s data is retrievable in a format that is desirable and safe. The ability to retrieve your data in the right format should be part of any Disaster Recovery language and the policies and procedures discussed and inserted into the contract. Your data should be backed-up periodically on a regular basis and copies of the back-ups should be stored off-site at another secure facility. Support levels and upgrades are part of the selling feature of any SaaS initiative and so these must be clearly spelled out in the contract, usually via a separate Support Schedule attached to the terms and conditions and incorporated by reference. In addition to clearly defining what is included in Support, make sure to have your team develop in conjunction with in-house counsel and the vendor’s team a Software Support Response Schedule for inclusion into the contract. Such a Response Schedule should have up-time availability percentages for the Productive System and a sufficient penalty if these availability percentages are not met. Do not be afraid to include tough penalties for failure to achieve the agreed upon up-time availability to adequately incentivize the On-Demand vendor to meet their promised availability times. These penalties usually are a dollar percentage credit to the customer’s monthly or quarterly use fees. The teams should work on clearly defining different levels of priority and the times to respond to such calls for support (e.g. Level 1 is Very High Priority due to Productive System Shutdown. Response time after reported is 1 hour).   The contract must clearly state that the vendor is SAS 70 certified and such certificate must be made available to the customer upon signing of the contract. It should go without saying, but verify that all of the promises made have been confirmed by a team from the customer by an on-site visit to the vendor’s facilities. The on-site visit should be able to confirm all the physical security claims and the policies and procedures discussed in the contract negotiations. Once the promised savings materialize due to reduced costs on maintenance and upfront costs for specialized hardware, the enterprise can use these funds and direct its efforts to more innovative ways of running the business.

Is complete surrender the only alternative?

Depending on the type of business your company is engaged in, considering the move to Cloud Computing and the nature of the data to be processed, the concerns over security might be just too high a hurdle to overcome. The new Privacy Laws and computer hacking and new government regulations sometimes present an insurmountable obstacle.  Another approach is to perform a cost benefit analysis of just certain parts of your business and the results might make the transition to Cloud Computing more palatable. On-demand service providers, another name of SaaS software vendors, are coming up with hybrid delivery approaches to Cloud Computing. If the enterprise has a myriad of smaller customer interfacing transactions at a multitude of cites, why not make use of the Cloud with all its advantages of scalability and pricing based on use while leaving the more sensitive data processed and stored on premises in a single tenancy traditional approach. This allows the enterprise to take advantage of the cost savings of using Cloud Computing while still maintaining the integrity of the more sensitive data stored on premises.

Where do we go from here?

The worldwide recession has kept the lid on software vendors raising prices. But this economic downturn cannot last forever. During this time, there has been a consolidation of software developers in the ERP industry. In April 2009 Oracle purchased Sun Microsystems. This purchase alone gave Oracle, one of the prime players in the ERP market space, access to not only Sun’s premiere hardware capabilities, but also the keys to some of Sun’s stalwart software applications, most importantly the Java programming language. Along with Oracle’s purchase of Sun came the Solaris operating system asset as well. With all the assets of the Sun Microsystems purchase, including both the software and hardware, Oracle has placed itself in a position to provide the foundation to build its SaaS and Cloud Computing services. 

SAP, who has been partnering with IBM since the late 90’s, plans on developing along with IBM a product that will facilitate the creation of an in-house cloud. SAP’s new endeavor, the “Reservoir” cloud computing project’s aim is to spread the utilization of requested applications across the enterprise’s servers thus addressing under utilization and spikes in usage.

Intel, the world’s prime chip manufacturer, purchased McAfee, a leader in network security industry. With this purchase Intel hopes to integrate security directly into the architecture of its chip. If this is accomplished, Intel’s potential to enter such new markets as network security, smart phones, and PC tablets is boundless.  

Google, purveyor of the prime search engine of choice, has recreated itself into a vendor of mobile devices, operating systems, and Cloud Computing. Other big IT players such as CISCO, IBM, and HP, now flush with cash and seeing the impending paradigm shift in the industry, have gone on a shopping spree purchasing unified communications vendors, and network security companies, and business intelligence vendors. Oddly enough all of these companies apparently are perceived as being outside of the acquirer’s original area of expertise.  

With this consolidation in the market many of the potential ERP customer’s choices will be eroded as only a handful of ERP vendors will remain. It’s a fair assumption that prices will be on the rise. Your IT budgeters should expect the need to request increases in funding for the usual items that accompany an ERP Business Suite purchase such as increased costs for support, higher rates for users, and the ever burdensome costs of a full blown enterprise wide implementation with all its foibles and miscues.   One way to counteract the consolidation in the ERP market space is to examine the alternative methods for deployment of the needed IT services. Cloud Computing, Software as a Service, a hybrid approach, or Managed Services are options your IT department should be considering. As I have discussed the insurmountable hurdles to Cloud Computing can be overcome. With the right contracting model, adequate assurances and protections, along with sufficient penalties to incentivize adherence to agreed upon terms of protection, Cloud Computing can be the viable alternative for your IT department. Change is coming. Embrace it.

Epilogue : My editor asked me to develop a “To Do” list for the readers. The graphics in the published piece consist of a yellow legal pad with the following bullet points:

To-do-list

·         When implementing cloud computing, it is a good idea to train your IT department personnel for the change so they can have a shorter learning curve when the switch is made. 

·         In addition to clearly defining what is included in support, make sure to have your team develop in conjunction with in-house counsel and the vendor’s team a software support response schedule for inclusion into the contract.

·         The contract must clearly state that the vendor is SAS 70 certified and such certificate must be made available to the customer upon signing of the contract.

·         Make use of the cloud with its advantages of scalability and pricing based on use while leaving the more sensitive data processed and stored on premises in a single tenancy traditional approach. 

 

Tags: , , , , , , , , , , , , , , , , , ,

The Paradigm Shift in IT Continues: Intel Buys McAfee

Posted on September 5, 2010 by Sam Conforti

 

I highly recommend Larry Barrett’s August 20th article in CIO Update entitled Intel’s McAfee Buy Latest Sign of Sea Change in IT. In the second half of his article Barrett discusses how Intel’s acquisition of McAfee opens the door for Intel to become a key player in the mobile device and network security markets. I will discuss some of his key points later in this posting.  However, what I found most interesting is his discussion in the first half of his article where he describes quite adroitly and with relative ease his perception of the “Sea Change” in the IT industry. Barrett lays out the salient points in rapid fire succession based on his perception that the arrival of wireless networks, smartphones, and the “consumers’ unquenchable thirst for mobile devices” has sparked an acquisition frenzy amongst the big IT players who have plenty of cash on reserve. For example, Google has gone from the prime search engine vendor to mobile devices, operating systems, Cloud Computing, and SaaS. He mentions Cisco Systems, IBM, and HP purchasing unified communications, network security, and business intelligence companies, all of these companies apparently outside of the acquirer’s original area of expertise.

And now Intel’s Security on a Chip:

This acquisition takes Intel in a totally different direction from its core business. Gartner security analyst, Peter Firstbrook, doesn’t believe you can build security on a chip:

"Security is dependent on the OS and the apps in the stack. You can't anticipate that in the chip."

However others are not so skeptical. They see the potential that exists for Intel to enter a whole array of markets from network security, to smartphones, to PC tablets, to the myriad of hardware and software these markets create. Intel CEO, Paul Otellini, stated that the purchase of McAfee and bringing security to the chip was

“not just the opportunity to co-sell but also the opportunity to deeply integrate into the architecture of our products."

 

Tags: , , , , , , , , , , , , ,

SAP Partners with IBM and INTEL

Posted on March 9, 2009 by Sam Conforti

Alex Goldman reports for InternetNews.com on two interesting collaborations announced recently by SAP in his article SAP Taps IBM, Intel to Cut Datacenter, SMB Costs. Here’s a brief synopsis:

Ability to create an in-house cloud:

The two giants have been collaborating since 1999 on this particular project. Although the product is not yet generally available, SAP and IBM demonstrated it at the CeBIT trade show. The idea is simply to spread SAP’s utilization across the servers in an enterprise which lessens underutilization of servers while also allowing for spikes in usage. This should be attractive to companies trying to get the most out of their current infrastructure. The technology demonstrated is based on the RESERVOIR cloud computing project. The goal is to make it easier for datacenters to be able to adjust their services to meet demand at different times. 

Xeon-based systems for SMB’s:

Another SAP announced partnership is with Intel. SAP’s Business One customers (i.e. SMB’s) are to be the beneficiaries this time. SAP plans to develop applications for use on Intel's 64-bit Xeon architecture. The end result is a faster deployment for SMB’s using Intel Xeon based systems.

The Green Effect:

The current “Green” craze is not lost in the two announcements above. The parties involved are proud to state that both moves reinforce the output of lower carbon emissions in customers' datacenters.

 

Tags: , , , , , , , , , , ,

SaaS: Will the Large Enterprises Accept it?

Posted on July 28, 2008 by Sam Conforti

 

Richard Adhikari reports on a recent summit of SaaS executives in his article Are Changes Coming in the SaaS World?  The direction the industry should take was discussed but with little consensus.  It seems that those assembled see the huge potential in acceptance of SaaS by the large global enterprises, but no one can quite figure out how to break through the barriers.  Adhikari has done an excellent job of presenting the plethora of diverging views on why or why not the SaaS vendors should target the large enterprise market and how to go about doing it.  I am not privy to their marketing research nor have I suffered the trials and tribulations that some of the participants relate.  It just seems to me that sometimes it might be best to let the sleeping giants sleep.  Will these large enterprises come on board sooner or later?  Adhikari cites Maynard Webb, CEO of virtual call center company LiveOps who states:


It's a vicious circle: SaaS vendors can't sell to the enterprise because they haven't solved many of the concerns IT has with on demand software, so they don't try.  Most SaaS vendors target the SMB market, while the rest aim "at niches in the enterprise such as human resources"


What becomes apparent when reading Adhikari’s article is that there isn’t just one reason for the reticence of large enterprises to accept the SaaS model.


In my research in this area I have come across varied opinions and insight into just what exactly SaaS is and who should take advantage of it.  In my February 10, 2008 posting to this Blog SaaS is the Future software developers were scrambling to meet the demands of their market.  At that point their market was the SMB enterprise.


A further explanation as to the non-universal acceptance of SaaS can be gleaned from an insightful comment by Sybase CEO John Chen:


“ … But the reality is that every new technology and every new method will have its audience – but it won’t wipe out the previous ones.”  For the full story and an interesting perspective see my May 1, 2008 posting What Customers Want from their Software Vendors.


Of course there also is the other side of the coin.  The SaaS software developers themselves have their own internal hurdles to surmount.  In my June 1, 2008 posting Growing Pains of OnDemand I highlight one of the problems of managing a subscription business:


“Simply put, the business processes needed to run a subscription business do not yet exist, and when these new business processes do come on line, they will be incompatible with the existing business processes for a large enterprise software company.”


Perhaps it is best summed up in Adhikari’s article by Lisa Lambert, managing director of the software & solutions group at Intel Capital:


Intel's Lambert thinks the notion of selling to the enterprise is a red herring.  "I don't think it's a question of enterprises not being ready to buy SaaS, it's that it makes more sense for small businesses to buy SaaS.  The value proposition of SaaS really appeals to small businesses, which were excluded from being able to buy legitimate software infrastructure that's enterprise ready because they couldn't afford it, it was too expensive and complex, and had long implementation cycles."


Tags: , , , , , , , , , ,

SAP and Intel Prepackaged Solution for the Small and Mid-Market

Posted on March 7, 2008 by Sam Conforti

SAP took the opportunity at CeBIT 2008, the world leading technology fair, to announce its latest partnership which builds upon SAP’s Business All-in-One solution. SAP has teamed with Intel and will be offering a landmark product on Intel Xeon-based systems via original equipment manufacturers (OEM) and hardware system providers based on SUSE Linux Enterprise from Novell and the database SAP MaxDB. Hardware offerings pre-installed with SAP software is landmark to say the least. The intended benefit for the SME market is a reduction in the Total Cost of Ownership of their IT systems. SAP stated in its announcement:

“The offering targets midsize companies in the manufacturing, service and trade industries and directly addresses the demands in these market segments for quick and easy implementation, and tailored yet scalable solutions at predictable costs."

Ray Boggs, VP of small and medium business research IDC, noted that having the alignment of hardware and software will give customers what they have been looking to do, “reconcile the somewhat contradictory goals of a solution designed to meet their individual needs but in an almost pre-configured fashion to minimize time and cost." SAP plans to continue with this strategy of partnering with hardware vendors to directly address the needs for TCO for its SME customers. For a more comprehensive description of this announcement see SAP and Intel Collaborate to Offer Pre-Installed Business Solutions for Midsize Companies Optimized for Quad Core Intel(R) Xeon(R) Processors.

Of course on the surface this hardware with pre-installed SAP software approach seems to be a winner. Even below the surface it is hard to find fault with this methodology. But I am a simple man. When I see the words “Xeon Processor”, “SUSE Linux”, and “database” in the same sentence my eyes begin to glaze over. I might have a talent for spotting an ambiguous phrase or two in a software license or consulting agreement and perhaps the ability to offer a revision to it to bring the language to a more equitable point of view. However, I wonder if it is reasonable to ponder this new approach from SAP from a slightly different perspective. I almost get the feeling as the Portuguese explorers must have had during their successive voyages down the coast of Africa in search of the riches that lay ahead in the Far East. These aren’t entirely unchartered waters, but one cannot be quite sure what lies ahead. Others, such as Microsoft, have gone down this course before. I have to wonder what obstacles may present themselves in the future. The usual suspects are ubiquitous, (confidentiality, ownership, infringement, anti-trust). I am sure that the right people at SAP and Intel have considered these issues and more and are fully prepared. The cost of doing business is a fascinating journey.
Tags: , , , ,