Structure:Europe speaker, VMware’s Joe Baguley, on cloud security and the ‘European Cloud’ challenge

Sep 9, 2013
Vote on Hacker News

LOGO1

Gigaom’s Structure:Europe is where Europe’s leading cloud visionaries convene to analyse technology and product needs for cloud services in Europe. This year’s edition, coming up on September 18 & 19 in London, will showcase some of the top global thought leaders on the Cloud. One of Europe’s brightest thinkers and leaders on the Cloud appearing at this year’s edition is Joe Baguley, VMware’s Chief Technology Officer for EMEA, where he leads EMEA-based R&D and helps develop and communicate VMware’s strategy with customers and partners. I caught up with Baguely, to learn a bit more about VMware’s strategic and business evolution and get his thoughts around cloud security as well as the challenges facing the EU in its goal to develop a true European cloud operator.

JoeBaguley-Small-250x375Tell me about VMWare’s overall strategy and development as an organization.

We’re famous and notorious for virtualizing compute.  We’re now building on that and moving beyond just virtualizing compute to what we define now as the Software-Defined Datacenter. So, essentially we’re now working to virtualize the other two major components of a datacenter – storage and networking. Realistically this comes together in what we refer to as the Software-Defined Datacenter, with a goal to move more intelligence within a datacenter from specialized hardware into software, ultimately offering customers more choice of hardware and application location.

Who does VMware tend to come up against most these days in terms of competition?

I could almost say everyone right now, because when you’re thinking about virtualizing networking, storage, and compute, everyone thinks of us as a partner, but many now also think of themselves as our competitors as well. We’re really building on top of other people’s previous investments. I think the reason we were so successful in compute was that we didn’t really compete with the hardware vendors, but worked with and on top of the hardware vendors. When we first came out with compute virtualization everyone said that Intel would be very cross with us because they would sell fewer chips as a result of our customers ultimately running more servers on fewer processors. But, it turned out that didn’t happen. In fact, they (Intel) developed a whole line of new chips for virtualization. The same was said for the major hardware vendors and they, ultimately, developed a whole line of servers for virtualization. We helped lead and they responded to that. We’re seeing the same thing happening now in networking virtualization as well.

Everyone is talking about cloud computing now and defining it very broadly, so perhaps it’s becoming a generic term.  What are you thoughts on this and where is cloud computing heading?

Yes this is a problem as ‘Cloud’ has become too generic of a term in many cases. Everyone does ‘Cloud’. Realistically, we fight quite a bit in this space around definitions of the cloud and have been doing so for quite a very long time. At VMware really see two major areas evolving, private and public cloud. At one point everyone felt that the whole world would eventually move to the public cloud. That’s not actually going to happen in its entirety. Not everyone is going to move to the public cloud. We really see people using what we call the hybrid cloud.  So what we’re really seeing in the marketplace is people using their existing on-premise resources, investing in their on-premise in private clouds and, at the same time, starting to use the public cloud for specific workflows and scenarios and mixing and matching the two. So, for things that are a core differentiator for their business they will keep on-premises as that’s a part of their IP. The things that they don’t see as differentiators, clients eventually will move to a (public) cloud solution as there’s no real operational benefit to them doing it themselves. A great example of that might be to more their HR systems to a cloud-based service because how one company does HR isn’t particularly different to that of another company. However, their manufacturing system, their accounting system, their finance system, whatever it is that makes them who they are as a company they tend to keep on-premise, either because they’ve invested a lot of money in it or because they see a competitive advantage in it.

The computing industry itself moves fast, but in reality it doesn’t move as fast as the industry would like. There’s a great danger here to trap ourselves in a sort of Silicon Valley bubble of excitement around what’s happening in the marketplace when in fact what’s really happening takes a lot longer than that. Hence why a lot of organizations still have mainframes or many organizations still have Windows XP. So I think it’s going to take a long time to change and markets take some time to move, so that’s why we see, at least for the forseeable future, the hybrid cloud as the way forward.

We’ve actually just launched in production last week our vCloud Hybrid service where we’ve taken what we’ve been selling to customers to run on-premise, built it ourselves and are operating it as a public service. With this service, customers have the opportunity to seamlessly extend their datacenter into our public cloud where it’s identical to what they’re doing on-premise. So workflows can move freely between the two. With this service, organizations can start to take advantage of the economic benefits of a on-demand service without having to make sacrifices around operating models or technology.

What are the biggest bottlenecks you see around cloud adoption?

People and process tend to be the biggest challenge actually. Transitioning to the cloud is not really a technology challenge. It’s changing the people and process within an organization to adopt and take advantage of what technology can do which is the biggest challenge.  We spend a lot of time via our advisory services business focusing on the people and process piece of the evolution of IT. If you think about it from a purest perspective,  the only reason that we run infrastructure in organizations is because we had to in the past. If I was a bank that wanted an automated accounts payable system, there was not option to buy it as a service.  I had to build my own datacenter, my own computer in some instances, buy a big mainframe from IBM, etc. So overtime as an industry we built up expertise within organizations in building and configuring infrastructure and developed the mindset that building infrastructure was what you had to do. Now we’re turning that on its head and telling people, no you don’t have to build infrastructure, let’s just focus on application. Let’s focus, instead, on what you’re trying to deliver to the end-user. The infrastructure piece is secondary. But yet, you still have whole IT departments structured around managing infrastructure. So a lot of it is around changing perceptions and around changing understanding in organizations that they don’t have to worry about these things anymore as we continue up this abstraction tree.

What about security and the cloud? I know you’ll be speaking on that specifically at Structure:Europe. What are your thoughts on that?

There’s obvious concerns around security that people have when talking about ‘cloud’. There’s various reasons for that,  some have become more prevalent recently with the actions of various governments.  But there really are a few things to really care about when it comes to security. The first is that a lot of organizations are not as secure as they think they are when it comes to their internal IT. For example, some refuse to put their things in the cloud because they feel it’s insecure when they would find that their own internal IT house is not very secure anyway. In fact you might find that the cloud service you’re going to is more focused on security than your organization is. If you’re a large company and you have a security breach there is a potential that you could keep that from getting out and your organization’s reputation would stay intact. Whereas if I’m a public cloud operator and one of my clients has a security breach then my reputation as a cloud provider is in tatters.  Therefore, as a cloud provider, I’m probably going to be even more concerned about security. Also as cloud provider, I operate in the world of the internet so, by default, have to be highly concerned about security.

Another point is around the physical location of data, which we focus on quite a bit in Europe. Certain governments and regulators, including financial, medical and otherwise, have various stipulations around the physical location of data. So, as a cloud operator you often need to give assurances of data sovereignty, which is also a big source of discussion and debate in Europe at the moment. Anyone looking to build an operator cloud in Europe has to understand that the French government, for example, is going to want French companies’ or customers’ data to remain on French soil. The same applies for Germany and other EU nations same. Because of this situation, there remains a differentiation benefit for a purely national cloud operator (French, German, etc) with no operations or connections outside their home market.

This is, in fact, one of the big challenges that Neelie Kroes has been working on as part of the European Cloud Partnership which I’m on the advisory board for, namely trying to break down those legal barriers (between EU markets). As there is such a big focus on success of ‘Cloud’ in Europe, the  EU often comes to us as an industry and asks what technical advances can be made to make a difference here and how can we help. The real answer is actually we need a legal advantage.  If we want successful ‘Cloud’ in Europe, we need to breakdown these legal barriers. These data sovereignty requirements tend to restrict the build-out and completion of the development of European-scale cloud operators that everyone’s dreaming of. Ultimately what you (customers, etc) care about is not where your data is, but who has access to it. The law is still tied up, however, in the concept that physicality is tied to security. I think that’s a big part of what’s holding us back.