Does "Where?" trump "How?"?

| No Comments
| More

Quocirca recently had an interesting discussion with an off-shore hosting and cloud company.  Jersey-based (as in the UK Channel Islands, not the US New Jersey) Calligo is positioning itself as the right place to be for data - and for running the applications that create and consume the data.

Why is this important?  Well, organisations are beginning to wake up to the fact that even when a data centre is in a "friendly" country, there is still potentially high risks to the intellectual property (IP) held within the data.

The US Patriot Act and the Foreign Intelligence Surveillance Act (FISA) make those European companies that have looked into their possible impact shudder.  That a foreign power can demand - and get - access to their data just because it is hosted by a company in the US - or is in a facility anywhere in the world that is owned by a company in the US - means that many are looking for alternative arrangements with companies that can still offer a broad range of services, but backed with better data security agreements that cannot be ridden roughshod over by the regional government.

Calligo's view is that Jersey is highly controlled from a data viewpoint.  Although it is nominally "in" the UK, it is actually a separate British Crown Dependency.  This means that it is autonomous, makes its own laws and operates outside of the reach of other country's legal systems - including the UK.  Sure, EU laws will still apply when push comes to shove - but a European customer may be happier with a Jersey/EU escalation than a <country>/EU/US three-way battle.

This means that data can be stored in a country where the legal system is subject to fewer overall laws, is overseen by fewer people and can be targeted to specific needs. Jersey has pedigree here with the way it has dealt with financial services in its country.

Jersey is also well connected from a data viewpoint to both the UK and the European mainland through multiple cables, and from these to the rest of the world.  Therefore, placing applications and data in a commercial, secure facility on an island that is part of the EU but is autonomous has many things going for it.

But, however well Jersey is connected to the rest of the world, it cannot overcome its relative geographic isolation. When fast, low-latency response is needed, e.g. for transactional work in the US or in Japan - the underlying latency can still be an issue.  Calligo recognises this, and is looking at where else in the world it can set up similar facilities and meet the needs of organisations that want to be assured of greater security for their data and therefore their intellectual property.

The Cayman Islands are one option - they are well placed for the south of the US, for Central America and for the major markets of the top of South America. Although the Cayman Islands are a British Overseas Territory with their own legal system, they come under the overall control of the UK and have a Governor appointed by the Queen - but can still enact and follow laws that make sense from a commercial viewpoint to the islands.

Calligo also includes a data ownership clause in its agreements - the data always belongs to and is owned by the customer.  Many cloud providers make no statements about this - which can cause issues for the actual data owner.  On top of this, Calligo says that it has a special clause in its agreements, which make it clear that should the untoward happen, the data has to be turned over to the customer (even by a business administrator) - so making it easier for a customer to regain access to the data and move it to another provider.

Similar approaches in other parts of the world could give Calligo an interesting footprint for a global offering.  With small, autonomous island states being more likely to provide laws that are data friendly while still retaining strong audit and overall data security capabilities, Calligo's offerings of IaaS, PaaS and SaaS (for example, it hosts SugarCRM and other applications) combined with the capability to use external cloud offerings where it makes sense (such as Google Maps) will make sense to many organisations.

Overall, Calligo looks like an interesting company.  For those who have worries about how their data is secured not just from the baddies out there, but also from the governments who are enacting ever more threatening laws around data access, the use of Island nations as a home for data could be just as good as using them for financial affairs.

CA versus Symantec

| No Comments
| More

By Bob Tarzey, Analyst and Director, Quocirca

Two back to back events recently saw Quocirca talking to veterans of the software industry; CA and Symantec. The high level message from both is pretty much to same; we help to secure and manage your data and IT infrastructure. Yet, it is rare to find these two head-to-head; because in reality they are more different than they are alike.

True, they are both US headquartered (more or less) pure software companies with annual revenues of a similar order (CA circa $5B, Symantec circa $7B) and both with profits of around $1B. Their current share price and market-cap are similar and their stock market history has followed similar ups and down over the last decade. Both are now 30-something; CA founded in 1976 and Symantec in 1982. Symantec's higher revenue is reflected in its head count, 20K employees opposed to CA's 14K, but that gives them remarkably similar productivity of about $350K per head.

Furthermore, both sit on similar piles of cash of about $13B. This ability to accumulate cash has been key to the way each has grown, through aggressive acquisition; both have acquired tens of companies over the years, in Symantec's case almost doubling its size when it merged with Veritas in 2004 to move into the storage market.

So, for two companies appearing so similar what are the differences that allow them to operate side by side in the IT industry without too many dogfights? The most obvious is their legacy; CA comes from a background of providing software for mainframes (the ultimate in enterprise computing), whilst Symantec's origin lies in its consumer focussed Norton anti-virus technology (probably still a more recognised brand than Symantec itself). The main target market shared by both vendors is supplying software for mid-market and enterprise businesses to manage and secure Windows and Linux based systems.

Even here, whilst they may still sound similar their products have historically not overlapped much. When it comes to management Symantec's main focus is end-points (via its 2007 Altiris acquisition) and storage, whilst CA is listed as one of the big 4 systems management companies (along with BMC, IBM and HP - or 5 if you include Microsoft), focussed on broad management of enterprise IT (in CA's case including those mainframes).

In security, historically the overlap has also been limited. Many still think of Symantec as primarily a security company, but over the years its acquisitions have taken it beyond its roots in anti-virus to included email security, web security, data loss prevention (DLP) and so on. Few think of CA in the first instance as a security company but it also always operated in this space, more focussed on identity and access management (IAM), despite also having its own anti-virus.

However, that is changing - CA has been acquiring more and more security assets, for example it moved in to DLP in 2009 when it acquired Orchestria. And Symantec is now moving into IAM with its O3 platform that includes single sign on (SSO) via a partnership with Symplified, secure web access and compliance enforcement/reporting. Whilst Symantec remains by far the bigger of the two in IT security, it can expect to see more and more of CA going forwards.

Both vendors are keen to be seen as innovators (or keeping up depending on your viewpoint) with the key IT trends; cloud, mobile, social media, big data etc. However, this week they were both as keen to talk about people as products and solutions. Symantec has recently replaced its CEO of the last 3 years, Enrico Salem (whose blood was said to flow yellow, the vendor's corporate colour) with Steve Bennett who joined the board from Intuit in 2010. In a session on strategy, Symantec had little to say except the new CEO's pronouncements could be expected in January 2013. John Brigden, Symantec's head of Europe, Middle East and Africa (EMEA) for the last 7 years will be keen to see what that means for his organisation.

CA has already shaken up its EMEA operations bringing a new head Marco Comastri just over a year ago from Poste Italiane (he has also worked at IBM and Microsoft). Comastri is bringing new faces and trying to get CA EMEA more focussed on solution selling than technology.

Whether it is at the global or European level, these two software juggernauts have a momentum all of their own and management may find is frustrating to change direction. They should not try too hard, both have huge legacy customer bases and healthy finances, shareholders will not be happy to see either compromised.

Power to the People?

| No Comments
| More

Energy usage is a focus for many at the moment.  For IT, it seems to be a big focus - mainly as organisations become more aware of how much energy is wasted in their data centre facilities.  However, it is likely to be brought into even greater focus in the not so far distant future, as the looming energy deficit starts to become more apparent.

A mix of short-sightedness and prevarication by politicians means that the UK is now at a position where it is unlikely that it will be able to meet all its consumers' energy needs in just a few years - the UK's energy market overseer, Ofgem predicts that the UK's current energy generation over-capacity of 14% could fall to 4% in just 3 years.  The failure, or the need to take down for even planned maintenance - of only one generation plant could lead to insufficient power being available for all the country's needs.

Therefore, planned outages will be required to be put in place - and the biggest energy users will be targeted where overall country needs will not be adversely impacted.

So - steel and aluminium production is unlikely to be hit.  Retail may be asked to cut down on lighting and heating.  But the one place where politicians can really point to is the use of IT - and how many organisations could be asked to reduce their energy usage here - or risk having it cut off for periods of time.

It is widely accepted that data centres are inefficient when it comes to usage of energy - the average utilisation of a server is around 10-20% of cpu, and of storage around 30%.  Sure - a move to virtualisation can drive up these utilisation rates and so lower the amount of equipment being used and so lower the energy being needed - but is this the best way to address the overall need?

To take a bigger picture, it is necessary to look at the whole data centre facility and its energy usage.  There is a means of gaining a measure of the overall energy efficiency of a facility through the use of power usage effectiveness, PUE.  This is a comparison of the total amount of energy used by a facility divided by the amount that is used to power the IT workloads - i.e. that used by servers, storage and network equipment.  The rest of the energy is used in peripheral areas, such as lighting, cooling, and uninterruptable power supplies (UPSs).

A theoretical perfect data centre should therefore have a PUE of 1 - all the energy is used in powering IT workloads.  However, in practice, the PUE for an "average" facility is around 2.0 - for each Watt of power used for IT workloads, another Watt is used for peripheral items.

So - only 50% of the facility's total energy is reaching the servers, storage and networking equipment.  Running at 20% IT equipment utilisation means that at a rough estimate, around 90% of a facility's total energy input is essentially going to waste.  Upping IT equipment utilisation rates to 40% and getting rid of excess equipment could mean a saving 10% of a data centre's energy usage - which is wonderful - but still only means that 20% of a data centre's energy is being used for useful IT work.

However, the majority of data centres utilise UPSs to support pretty much all the energy used across the facility.  Unfortunately, many of these devices are pretty old, and will be running at 94% efficiency or less.  Modern UPSs run at 98% efficiency or greater.  But, is a 4% improvement in energy efficiency at a UPS worth the bother when a 10% improvement at the server and storage layers is possible?

Back to the maths.  If all the facility's energy goes through the UPS, then a 4% improvement across all systems (servers, storage, networking, cooling, lighting) is a 4% savings in energy bill - without having changed anything but the UPS.  Now, introduce the virtualisation mentioned above.  The server utilisation rates are upped from 20% to 40% as before, and the saving is 10% of the data centre's energy bill.  But, because we have improved the overall data centre's energy usage as well, we get a greater saving.  Every time we improve the equipment in the data centre - IT or support - then we gain that extra energy efficiency as well.

Modern UPSs also provide a host of other capabilities - as battery technology and battery management systems have improved, a well-implemented UPS can help in bridging some breaks in energy provision without the need for auxiliary generators to switch in.  They can also better deal with low voltage situations ("brown outs"), ensuring that an optimised energy feed gets to all equipment.

Should Ofgem be right, there will be planned brown outs and power cuts around the country within a few years.  Organisations can help in many ways - improving their data centres so that they are more energy efficient could put this back by a few months.  However, ensuring that their data centre facilities have newer, more effective UPSs in place can help in not only providing a far more energy efficient facility, but also in dealing with the problems that an energy deficit could present.

Quocirca has written a report on the subject, which can be downloaded for free here:

Enhanced by Zemanta