If I were to tell you that 2013 was the year for cloud computing at Interop, I'd sound like a broken record. Haven't we heard this before, in 2009 and 2010 (okay, hardly anyone attended those years) and certainly the past two years?
Rest assured, I'm not going to claim that 2013 is the year of the cloud. We're past that.
This year industry trendsetters are moving beyond the will-they-or-won't-they cloud adoption tedium. Instead, they're figuring out how to make the cloud better, faster, more secure and more open.
Here are three trends the cloud experts were talking about at Interop 2013:
1. Cloud Security Is Starting to Mature – Sort Of.
One cloud trend that alarmed me this year at Interop is how dependent people still are on passwords. This isn't really a cloud issue so much as a general computing one. I'm not going to rehash how risky typical passwords are – I've been sounding this alarm for years – but apparently, for many organizations, strong authentication means some combination of letters, numbers and special characters, along with regular cycling.
That's just not good enough, especially in the face of today's targeted, persistent attacks. Combine that with the fact that sensitive corporate assets are moving to the cloud, and then add in the reams of data that can be mined about each and every one of us through simple Web searches and social media, and, well, the situation just screams out for multifactor authentication. Fortunately, the adoption of multifactor authentication is high (and often mandated by regulatory bodies) in high-risk sectors like financial and health care. The rest of the enterprise world still needs to catch up, though – especially those adopting cloud services.
Another security trend that has been percolating for a few years and is starting to show signs of maturity is the shift from a keep-the-bad-guys-out security strategy to a risk-mitigation one. We can only fight effectively on so many fronts, so this helps organizations focus on protecting their most important assets.
"At Interop this year, we're seeing more consensus about the impact that context and intelligence can have on security," Geoff Webb, NetIQ's director, Solution Strategy, said. "We're also seeing how automating the integration of this data is key. As more employees connect from their mobile devices to the plethora of cloud services available to them, the only way to implement an effective data-centric security strategy is by providing context and intelligence about those connections." In other words, if you're in a branch office, your risk posture is lower than if you're on a public WiFi connection in Starbucks.
Or to look at this from a data-risk perspective, if a mobile employee wants to access a lower value asset like a company directory, identity enforcement can be a little looser. If that employee wants to look at customer lists, your access control or identity enforcement tools should raise the bar.
However, few organizations have automated the process of securing connections between people, place, data and real-time threat intelligence. Fewer still have integrated these capabilities with cloud services.
I asked Webb about why security organizations don't embrace openness when it comes to sharing threat intelligence. I'm not naïve. Obviously, this intelligence has value, and few will want to just give it away, but shouldn't we have some sort of standardized mechanism that allows organizations to share threat information in real time, rather than acting out the parable of the blind men and the elephant?
Webb believes we're on the cusp of getting much better at threat correlation among security vendors. "I think we will soon see better threat intelligence sharing from third-party sources, some of whom may begin licensing their data to other security vendors and their customers. As security becomes more of a priority, our customers are realizing that this context is the key to taking raw data and turning it into better security policies that protect their businesses," he said.
2. Software Defined Networking Is the Hot Trend.
"Software Defined Networking" (SDN) is being hyped the way "cloud" was a few years back. Yet, there's arguably more substance and less fluff to SDN hype. Cloud definitions varied so broadly and vendors abused the term so shamelessly that it's shocking there's not more cloud backlash.
SDN isn't applied nearly as promiscuously. During Cisco SVP Rob Soderbery's keynote, he apologized for the fact that everyone is getting bombarded by SDN buzz, and then really didn’t talk much about SDN.
SDN is a geekier concept than cloud, and it builds on much of the groundwork previously laid by legitimate cloud and virtualization proponents.
SDN's value proposition is fairly straightforward: SDN makes networks configurable (and reconfigurable) in software rather than hardware, and as a result, networking can be delivered as a cloud-based service, rather than as a bunch of expensive boxes.
Or to put a different spin on it, SDN pushes networking up the stack to the vicinity of the application layer. (We may need to rethink the OSI model with all of this virtualization going on.)
Much of the SDN talk, though, was backwards-looking, focusing on the Nicira and Vyatta acquisitions (by VMware and Brocade, respectively) and essentially saying, "See, this proves SDN has value."
Well, no. Plenty of acquisitions have led to exactly nothing.
What does highlight SDN's potential (and, yes, I mean potential, not value) is that most of the main networking players, from Cisco to HP to Juniper, are aggressively fleshing out their SDN positions. Plenty of startups are in on this game too (Embrane, Midokura, Plexxi, to name a few). But what's different is that the SDN hype is breaking from the typical cycle where startups do the heavy lifting and trumpet its virtues, then incumbents show tepid interest before starting to launch their own initiatives and acquiring or crushing all but a couple of the best-funded, most-innovative startups, which manage to compete on their own.
This time, the startups don't have as much of a head start and must be on top of their game pretty much from day one.
IDC predicts that the SDN market will generate $3.7 billion in revenue by 2016.
Of course, there are plenty of in-the-trenches IT folks who are skeptical of SDN. Frankly, I'm skeptical of the skeptics. The IT pros managing and maintaining those expensive boxes are worried about having their expertise made obsolete during the next hardware refresh. And, of course, until about six or eight months ago, I could reliably count on skeptics to tell me that the cloud was a science project each time I wrote a cloud story.
I actually didn't encounter that much SDN skepticism at Interop. I did run into doubt about pieces of the SDN puzzle, such as OpenFlow, but most of the people claiming SDN wasn't for them were basing that on the fact that they had too much money tied up in legacy architectures to abandon them in the near future.
3. IT's Reach Is Expanding – And the Convergence of Cloud and Mobile Have a Lot to Do With It.
The cloud and mobile have been on a collision course (convergence course?) for quite some time now. I'm a firm believer that one of the best ways to prevent data loss on mobile devices is to make sure sensitive data doesn't get stored on them in the first place.
No, I’m not advocating a no-BYOD vision; rather, when mobile employees access sensitive data, it should reside in the cloud, not on their devices. And it should stay there. Of course, the premise of this belief is that cloud security will rise to the challenge. While we're not quite there yet, it's doable.
The convergence I encountered over and over again at Interop was that everything from mobile device management (Citrix) to 4G failover (CradlePoint) to indoor wireless optical networking (RiT Technologies' Beamcaster) are integrating cloud-management capabilities that allow IT pros to manage remote, mobile and branch office workers and systems. Critical IT services are being pushed out farther and farther from headquarters, and IT workers don't necessarily need to go along with them.
Interop 2013 really hammered home the idea that the days of "cloud" being an overhyped trend are long gone. It's an enabling technology as much as anything. For hype-phobic trend-loathers, it's time to look elsewhere for something to hate.
Jeff Vance is a Santa Monica-based writer. He's the founder of Startup50, a site devoted to emerging tech startups, and he also founded the content-marketing site Sandstorm Media. Follow him on Twitter @JWVance.