Tag Archives: salesforce.com

Application software in the cloud – power to the people

I think that it might be a novel approach to build a flat cloud security control model centered around consumers (stake holders, users and developers) of business applications software and the performance of the cloud services that they consume.

This might be a more productive and relevant control model than then the current complex, multiple layer, IT infrastructure and compliance-centric cloud security models that are being copied and pasted today.

It’s also more consistent with a technology shift towards consumer devices and services and an emerging transformation of the security industry from an end-user service industry to a B2B product.  Intel bought Mcafee. Two years ago, we still had end user customers. Today we only deal with technology vendors.

The cloud security reference model published by the CSA (Cloud Security Alliance) is a detailed and comprehensive guide to “Security for Critical Areas of Focus in Cloud Computing“.  The latest version was released in December 2009, back when Facebook had less than 80 million members.

It’s a long, eloquently written document with pearls of wisdom like:

Cloud computing is about gracefully losing control while maintaining accountability even if the operational responsibility falls upon one or more third parties.

I could not agree less.

We all use the term  “IT Governance” – as if security of  customer data was dependent on the governor of the IT department. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure.

Management information systems, (aka Information technology) is about empowering management with information.

Cloud computing is about replacing the hegemony of management with the freedom of choice of business units.

Cloud computing has nothing to do with gracefully losing control – it’s about getting out from under the thumb of the CIO.

This is why a performance-oriented security control model is a better and more relevant fit for consumers of cloud services. What interests cloud computing consumers are the following questions:

  1. Does the application or service help me sell more, faster and cheaper with something different my customers haven’t heard yet?
  2. Can I deploy (HIPAA, PCI DSS …fill in the blanks) applications in the cloud at a price I can afford?

When we buy software application services (SaaS) using a utility model, then the security should not interest us, since it’s built in.

When we develop our own application software and run it in the cloud using an IaaS (infrastructure as a service) provider then the IT security infrastructure does not interest us, since it’s built into the infrastructure.

What should interest us  is business performance and service costs.

Neither of these are addressed in the CSA cloud security reference model, which is still fixated on familiar infrastructure controls:

This rigidity often manifests in the inability to gain parity in security control deployment in cloud environments compared to traditional IT. This stems mostly from the abstraction of infrastructure, and the lack of visibility and capability to integrate many familiar security controls — especially at the network layer.

Why should we be concerned with parity in security control deployment when I buy a service?

When we buy electricity, are we comparing our utility and safety expertise in electricity generation with the electric company?

I don’t think so.

Consider, a consumer-service provider cloud security control model that is focused  on performance.

The fundamentals of scalable cloud computing systems are fast networking and non-blocking design—the rest is message passing.

Current Web applications running in the cloud are fairly high latency (200-600 ms round trips for Ajax transactions) and demanding on the server infrastructure (forking threads and blocking IO on the Web server for every request).

Looking at business performance we know that time is money. We know that high latency applications are less responsive (making customers unhappy and reducing revenue). Since the cloud service provider charges per CPU cycle,  if the cloud service consumer deploys inefficient applications  his revenue goes down and his costs go up.

Since cloud computing is a utility, it’s a business decision to write inefficient, buggy code and pay more for the privilege.  It’s also a business decision to use services like Microsoft Azure which locks you into the Microsoft application development platforms or Salesforce.com that locks you into the SF.com way of doing things.

There is something counter-intuitive about locking yourself into a cloud computing service.  The price has to be right long term and long term may be a decision that your successor is taking.  Hmm. Food for thought.

Power to people baby.

Tell your friends and colleagues about us. Thanks!
Share this

DimDim acquired by salesforce.com

Got back from my Friday morning bike ride and popped open my Inbox. Lo and behold – exciting M&A news first thing in the day.

Dear Enterprise Customer::

As you may have already heard, Dimdim has been acquired by salesforce.com.  We realize you may be wondering what this means for you.

While your Dimdim Enterprise service will remain fully operational during the life of your current contract, we will discontinue the service on the date the contract expires and will not be offering any renewals or extensions.

Pursuant to the Hosted Enterprise Agreement (the “Agreement”) between you (“You”) and Dimdim, Inc. (“Dimdim”) governing the provision and use of Dimdim’s Services (as defined under the Agreement), Dimdim is hereby exercising its option not to renew the Agreement after the expiration of the current term (either the Initial Term or current Renewal Term, as applicable, and referred to herein as the “Term”). For clarity, the Agreement shall not automatically renew nor may the Term be extended at Your request. Nothing herein is intended by Dimdim to diminish or waive the rights or obligations of either party under the Agreement until the expiration of the Term. Following the expiration of the Term, except for any confidentiality obligations under the Agreement that expressly survive termination of the Agreement, neither You nor Dimdim shall have any further rights or obligations of any kind under the Agreement, including the right to access or receive any Software, Services or Technical Support as defined therein.

I have always thought that client-less Web conferencing was a great idea and DimDim was pretty good software, although the Open Source part of it turned out to be marketing spin (they never really stood behind the project).  Although the opportunity for leveraging an innovative Open Source project seems to have gone by the wayside, perhaps the salesforce.com acquisition opens a new space of business opportunities for Facebook style applications with Web conferencing and collaboration on the SF.com platform .

Time will tell.

Tell your friends and colleagues about us. Thanks!
Share this

Cloud computing, buzz-word du-jour

Cloud computing

The buzzword du-jour in the current economic crash of 2008 is “Cloud Computing”.

There are several interesting question around cloud computing – why now, how are people building it, what are people doing with it and what about security.

1) Why now?

Back in 2001 after the dot com crash, On-demand / SaaS started picking up. My personal  explanation is that  a) there were a lot of  programmers and entrepeneurs out of work, looking for new things to do and  b) an oversupply of bandwidth and server capacity on the Internet and c) a lot of VCs looking for the next big thing. The sales guys try to pitch an economic reason for on-demand: businesses not having the money to buy large enterprise software systems in a down-market.  Since Salesforce.com is not keeping up with the profitability of year-on-year growth of Oracle Applications and SAP – I don’t buy it. At $50/seat for Salesforce.com – if I have 100 people, it’s $5000/month or $60,000/year which is 10x more than I would pay for a free open source instance of SugarCRM or TigerCRM running on a dedicated server at rackspace.com. If SaaS is not an economically sustainable business model for service providers, it will not sustain  for end user customers either long term.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Host your own SaaS with Open Source – the potential of Mosso

Show me a profitable business application-as-a-Service (SaaS) company.

There is a lot of trade talk about the success of Salesforce.com. Here is a company with a $3.2BN market cap as of Oct 26, 2008 currently trading at 24 down from 72, 5 months ago.

In 2007 – SF.com  posted a net income of $480K on revenue of $497M. Compare this to BMC Software,  a software vendor that provides system and service management solutions for the enterprise. BMC has a current market cap of $4.2BN, trading at 23 down from 39, 3 months ago. In 2007 – BMC Software posted $215M net income on $1.5BN in sales.

In plain language – Salesforce.com does not or cannot charge high enough prices for their services to sustain long-term profitability and growth.   At low price points; Free Open Source on inexpensive hosting becomes a highly-competitive alternative, especially for an SME.

Five years ago – the barrier to entry was application functionality but today, Free Open Source line of business applications like Sugar CRM Community edition are mature, full-featured applications with very little, if any, missing features and some unique advantages that Open Source offers.  Salesforce.com imposes a unique IP address/user constraint which can be very annoying. In SugarCRM, if you get User logged out when IP dynamically changed, just change 1 line in config.php

‘verify_client_ip’ => true, to false

Suppose you need a CRM system (if you’re a large shop, you already have one – like Siebel). We’re a small group of 5 guys – and we were using Salesforce.com with one of our business partners and wanted to use SF.com for our own business. The cost is $325/month or almost $4,000/year for 5 users. You can get 90% of the functionality from Sugar CRM for the cost of a onetime installation (which will take less than an hour of your time or about $150 if you pay someone) and $15/month for the hosting (if you use dreamhost.com, like we do). That’s a net savings of $3,000 / year.  dreamhost give us 700GB – more than SF.com, and the response/time is at least as good.

I know you’re saying that dreamhost.com at $15/month can’t compete with the scalability, reliability and service levels of SF.com. Maybe,  maybe not – but if you want muscle – consider Mosso.

For $100 per month, Mosso will sell you 80 GB of SAN storage, 2000 GB of bandwidth, a control panel to create sites, email accounts, databases, etc. and customer support.

Mosso says it takes radically different approach to Web hosting, using enterprise-level architecture. It deploys each website across clusters of servers, so when a server crashes or a hard drive fails, the other servers in the cluster pick up the slack without downtime. Their promise: for every 1 hour of downtime, they will reimburse you for 1 day off your bill.

Tell your friends and colleagues about us. Thanks!
Share this