Tom Petrocelli's take on technology. Tom is the author of the book "Data Protection and Information Lifecycle Management" and a natural technology curmudgeon. This blog represents only my own views and not those of my employer, Enterprise Strategy Group. Frankly, mine are more amusing.

Wednesday, January 27, 2010

Nice. Not Thrilling But Nice.

I'm a bit puzzled by the recent Cisco-NetApp-VMWare announcement. Besides wondering how VMWare was even allowed to sleep with EMC's enemy, its focus on multi-tenancy security has me a a bit confused. Not confused in the “what the heck are they talking about” way. More of the “So what do they have to do with it anyway” manner.

Multi-tenancy is the sharing of an application amongst different users who, if they had their way, would much rather not share the same air . I saw this in the IP management software and call center outsourcing businesses. In both cases, customers needed to be assured that their incredibly valuable and secret data could never be viewed by someone else. For the outsourced software services provider, such as, this is a a pain in the neck. An understandable one but a pain none-the-less. To get the economies of scale outsourcers need to be profitable, it is best if you don't have to repeat yourself too much. Multiple instances of the same applications require more hardware, more software licenses, and more maintenance. In other words, more costs.

In most cases, if an application is designed correctly you can use a (logically) single application and database for everyone. That's the crux of the matter – if it's designed right. Bugs happen and there is the potential for data to be exposed to the wrong people. This is a rare occurrence but people worry about it anyway. Customers should worry about backup processes more since there is much more risk there. It's like worrying about getting hit by a meteor. It can happen but almost never does. Meanwhile, you don't worry about getting in your car and driving on the highway. Guess which one is more likely to get you killed.

This intense customer worry drives many outsourced service providers to either give almost no guarantees about security of data or physically segregate data on different servers running separate instances of the application. Virtualization helps a lot in that you can run reasonably secure instances of applications on the same hardware with little chance of bleed over. Everyone gets their own application space but not their own physical box which cuts down on hardware costs. It still doesn't solve the major problem - the need to reduce the number of instances of databases and applications. Repeating software is expensive and still a problem.

This brings me back to the “Huh?” look on my face. While it's nice to see Cisco, NetApp and VMWare working together to support a secure virtual environment, it doesn't solve the main problem of multi-tenancy. You can already virtualize the heck out of your environment to save on hardware costs. Great, but that's not what the people in multi-tenancy environments really need. They need to run one instance of their database and one instance of their application and be sure that any one customer can't see another's data. One application that can act like a dozen applications. They need virtualized applications.

These applications exist. I've designed and marketed a couple myself. The problem is that customers don't believe it. They feel that if data is in one place or accessed from the same application, then it is a hazardous environment. That's not true of course. Your bank is able to keep your records secure from other users even when accessed online. These applications can be built now. Virtualized hardware resources don't really impact that.

What the new triumvirate (or Axis of Evil depending on who you talk to) is developing is great stuff for hardware service providers wanting to sell virtual resources. It's good for IT departments looking to save on hardware costs through high utilization. It really doesn't solve the multi-tenancy problem any more than VMWare, NetApp, or Cisco products do alone. It's fundamentally an application software problem that needs to be solved by application software vendors. Multi-tenancy problems need to be solved by Oracle, IBM, and Microsoft.

Now that would be a mind blowing announcement.

No comments: