Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Pushing Out The Web

Pushing Out the Web – The Out Of the Cloud Experience

Jon Collins, 31 March 2004

If there’s one thing we can take away from the triumph and disaster that was the dot-com boom, it is the fact that technology though can have a transforming effect, it is not the ultimate answer to every business and IT problem. In particular, the Web has given us a grasp of the concept of risk. We use the Internet in the knowledge that it is not perfect, and we make decisions about how appropriate it is for each use based our expectations of what the Internet can do, and what it is less able to do. Here are some of the everyday realities:

Dubious confidentiality. We use the Web for email, and we are generally quite happy to send emails “in clear”, that is without any encryption, on the assumption that any message will get lost in the noise. Employees regularly send quite confidential or even embarrassing information by email - how likely is it, for example, that the emails that indicted Enron were encrypted? It’s not just email – corporate files are regularly shared using peer to peer facilities or even using online groups such as Yahoo!, which offers only the flimsiest of guarantees of security or service.

Unpredictable performance. The Internet lives forever under the shadow of the potential for brown-out, where the whole thing grinds to a halt. It never has, but nobody would be that surprised if it did. Meanwhile, broadband access is often considerably less than broad, and mobile GPRS access is only fun for those who miss the good old days of 9,600 baud modems. The time that an email takes to cross the Web is sometimes measurable in hours, and other times, seconds, and many Web sites are slow to the point of being barely usable.

Less than 100% availability. There is nothing wrong with the expectation of 100% service, but the Internet does not provide that. Nobody quite knows whether how big is the maximum email we are able to send, but it is generally assumed that anything over 10 Mb is unlikely to reach its destination. The Internet has often been lauded for its DoD-hardened architecture, which in reality may have been more by luck than judgement, but it does seem to keep the connection going – most of the time.

If we have an option, we go elsewhere but otherwise we soldier on. The truth is that, with all its foibles, the Internet is perfectly adequate for the uses it is put to. One of its main strengths is the commoditisation of access, a business model which stems directly from the “pile ‘em high, sell ‘em cheap” school of supermarketing. Indeed, it should be applauded for that – after all, it was low-cost access (remember Cliff Stanford’s tenner a month Demon Internet?) that made the Internet such a success in the first place. However it is unsurprising that the Web has not displaced such services as EDI for financial transactions, or X.400 for military messaging. And a good thing, too.

The Web has a number of other strengths, differentiators or “Unique Selling Points”, to use the lingo. One is its ubiquity – any time, any place, anywhere, you can get access to the Internet, even if it is not very good access. Put a file on the Web, and it will be available from anywhere. Second is that it is a global standard – there are very few applications or devices these days that don’t offer some kind of Web facility, be it browser-based access or reporting by email. Finally, it offers a true service provider model, in which you are free to choose who you use for your site connectivity, hosting your Web site or managing your domain. The price pressures of the commoditised model coupled with Moore’s Law have ensured a highly competitive market.

In summary – as long as you’re not so worried about security, availability or performance, the Internet offers global, standardised access at low cost, using a service-based model. This is not to say that security, availability and performance are unimportant; rather, that they need to be treated in terms of risk management, rather than in absolute terms.

Given these strengths, it seems surprising that companies are not looking for new opportunities to benefit from the Web. One of the major casualties of the dot-com bust was the Application Service Provider (ASP): an argument often levied against such companies was that no corporation would ever hand over the keys to its corporate data, especially given the impossibility of guaranteeing 100% service. Neither should it – but there may be areas that companies can benefit, without taking such enormous strides and without setting the hurdles so very high.

Perhaps the main contender is email. There is a paradox with email, namely that we let it run over the dubious backbone for 99% of its global journey, then once it has arrived at its destination, we insist on trying to manage it like the CEO’s limousine, hallowing each message like some sacred object, with full backup, archiving and so on. If nothing else, this is hypocritical. There are a number of new pressures on email, in particular deriving from the aforementioned Enron scandal and the resulting Sarbanes-Oxley guidance. The fact remains however, that every organization has exactly the same requirements on what it considers to be email functionality. The latest versions of Microsoft Exchange and Lotus Notes are installed in exactly the same way in companies across the globe, and are a low-value drain on often stretched IT operations resource.

Why do we do this? Quite possibly, to keep some semblance of control; perhaps in the past, providers were not evolved enough to deliver the correct service levels; perhaps the applications were not ready. Perhaps, today, we do it because we always have, and this is no reason to resist change.

An alternative is to let the email provider that we already use – the ISP – to push a bit further out and add capabilities to what they already offer. We already trust them with our security and availability (after all, what’s to stop even the most reputable ISP from snooping through our email)? So, let us work with ISPs to extend their offerings. One of the first extensions is email virus protection, indeed would come as a shock that this is not already done, if we were not already used to what we have. SPAM-prevention is also a no-brainer. Neither should we stop with email – FTP and HTTP downloads can be checked for virus signatures on the highly scalable ISP servers, far more efficiently than they can on individual desktops. This suggests a level of caching at the ISP, which many provide already.

If the ISP is providing an enhanced email service, why can’t it go the whole hog and host the email altogether? We have already determined that we trust the ISP to store and forward email, so it makes sense to let them take as much of the load as possible. So why don’t we hand over our exchange servers? If we are worried about compliance, we can work with an ISP that offers a standards-compliant email service – in this way, compliance becomes a tick in the box, rather than having to first understand the guidelines, then implement them. If we want to spread the load, we can work with a third party email provider such as Cobweb, a compliance specialist such as Zantaz, or a third party email security service provider such as BlackSpider or MessageLabs. The result is the same – another company is dealing with the bulk of the email service and mitigating the potential email security risk, taking the load away from the corporate servers and the IT pro’s that manage and support them. They can also be dealing with ensuring that emails are backed up and disaster tolerant – indeed, most ISP’s can offer a far more resilient service than a most medium sized organisations.

Another way ISP’s can extend the service is by providing VPN functionality. As already discussed, we already trust the ISP not to snoop on the data as it passes through their servers and routers. VPNs can terminate at the service provider, for example, and the ISP assure the confidentiality of the data to the corporate site. This may not be sufficient protection against Robert Redford’s Sneakers, but we are looking to minimise the risk, not eliminate it, and there are probably bigger risks than that to our corporate data – are we going to start TEMPEST-protecting our computers, and don’t we already trust providers in a similar way for our voice calls?

Finally, we have data backup. Given what has already been said, how many organisations can truly depend on their own, internal backups – so why not use an online service? Connectivity that is good enough for a mission-critical service such as email, is also good enough to support data backup. Companies that fear eavesdropping can use online, encrypted backup services such as those offered by Connected.com. Users of hosted exchange services can already benefit, for example by creating a private Exchange folder and dragging stuff into it. Bingo – it’ll be kept securely, resiliently, and will be there whenever and wherever you need it. Online Sharepoint facilities are the same, or indeed the file stores offered by Akamai or eProject. Akamai’s offering adds a great deal of value – not only do you get the resilience, but because you are leveraging what amounts to a global file store, you benefit from high levels of performance.

There is a caveat to all of this – it is perfectly possible to offer a poor service, and one that is insufficient for email, VPN or backup, or anything else. The point is that most ISP’s do not – companies tend to vote with their feet, and ISP’s offering a poor service will not last long. Note also that a chain is as strong as its weakest link – online virus protection does not protect a business from a virus brought in on a CD, for example. Finally, the strength of any service should be determined by using it – for example, to find out how configurable the service is to meet a company’s own needs. Self service is the key.

It is still early days, but there are signs that the Web will be widening still further. One example, from Cisco, is a call centre infrastructure that can be shared between multiple companies for call routing and handling. Once again, we already rely on service providers for the bulk of call routing, so it is only a small step to consider the addition of call centre features. As with the other examples, the benefits are reduced costs, better security and enabling businesses to focus on their own activities.

Once again, self service is a driver to make it work – call centre routing for example can only work efficiently if it can be configured by the organisation. It is important to ensure that the facilities work with what is already there, and you need to choose your providers carefully, but the bottom line is, there is significant extra value you can derive from your service providers at significantly less extra cost. It would be folly not to.