t h o u g h t

cloud
Mergers & Acquisitions

le a d e r s h i p

s e r i e s

c lo u d f i n d s its f e et don't touch my stu ff

Data Ownership

a b ove th e l aw
Cloud Contracts

M e r g e r s

&

ac q u i s i t i o n s

cloud
Finds
By Andrew R. Hickey

its

Feet
clusters of cloud acquisitions are in the air and the pace of consolidation shows no sign of slowing any time soon

Cloud computing mergers and acquisitions have been happening at a rapid clip and there is no sign that cloud consolidation will halt any time soon. Whether its solution providers looking to add cloud competency to their portfolios, like massive global integrator Dimension Datas acquisition of cloud infrastructure player OpSource, or a communications giant like Verizon nabbing a cloud software company

thought leadership series

Join us for the Red Hat Cloud Symposium at the North America Partner Conference in Miami, October 25-27, 2011.
Be one of the first to hear how the leading Open Source provider of public and private clouds offers you a unique opportunity to build the industrys only complete, open cloud solution for your customers.

4Register for the Partner Conference today.

M e r g e r s

&

ac q u i s i t i o n s
acquisitions are a harbinger of more to come. This will certainly drive consolidation within the cloud and infrastructure services market, Cohen said at the time.The reason is simple: The desktop is dead.The main conduit for software has become the Internet. The line between software provider and infrastructure provider has quickly become blurred. Bandy said major vendors and larger telecoms recognize that they cant build their entire cloud ecosystems and innovate solely in-house, and they are under pressure to launch new products, gain intelligence and foster greater integration capabilities. Theyre saying, In order for us to continue to compete we need to have this as an offering, Bandy said. Kevin Price, CEO of Centennial, Colo.-based AccuCode, said the acquisition push is a bid to remain relevant in the market as it transitions.A host of companies are jockeying for cloud computing dollars and need to differentiate themselves. But Nimbos Shaw said its important to not acquire for the sake of acquiring, but instead ensure that its a strategic investment that will boost cloud capabilities. The big providers definitely have the cash, he said. The main thing with the cloud is its very disruptive. These providers are making these acquisitions to save business. In some cases its an emotional play. Regardless, Shaw said theres still room in the market for smaller players, and many may stave off acquisition and continue independently.

$1.4B
The price Tag for which telecom company Verizon boughT Terremark.

like CloudSwitch, the pace of cloud consolidation could make your head spin. Cloud solution providers see the breakneck mergers and acquisitions continuing as the cloud market continues to find its feet and computing giants look to round out their rosters with more cloud products and services. The key players are acquiring capabilities instead of companies, said John Shaw, CEO of New York-based Nimbo, a cloud solution provider. Shaw pointed to recent acquisitions like Dells buyout of Boomi and IBMs pickup of Cast Iron as the two tech titans look to beef up their integration capabilities. And while Shaw said many solution providers arent directly affected by the swift M&A activity, unless theyre partnered with the acquirer or the acquired, it does change the market landscape. Aric Bandy, CEO of Minneapolis-based cloud solution provider Agosto, agreed. Theres a consolidation Its a sign of the market maturing, he said, adding that cloud computing created a breeding ground for startups that were ripe for acquisition and large providers took note. It didnt take much to get up and running in the cloud. One of the biggest trends in cloud acquisition is traditional telecoms, carriers and cable companies spreading their cloud wings and scooping up cloud players, both established and upand-coming. Verizon got the ball rolling when it bought Terremark for $1.4 billion, several months before the CloudSwitch buy. The charge was continued by Time Warner Cable, which bought cloud infrastructure player NaviSite shortly after. Then telecom giant CenturyLink added cloud provider Savvis to its roster through acquisition. Major vendors, too, are taking note. Dell and IBM aside, HP bought Autonomy to raise its cloud profile and add information management capabilities. Salesforce.com has been on an acquisition hot streak, beefing up its cloud platforms and offerings. And Google has been on a nonstop buying spree. Meanwhile, there are some cloud mainstays that have held pat saying they wont fall to acquisition. Rackspace has gone to lengths to assure partners that its not up on the auction block.

VARs, solution Providers not immune

Cloud solution providers themselves arent immune to acquisition and consolidation, and some hope that they get swept up in the action. Google cloud provider Cloud Sherpas is one solution provider that has gone on a cloud shopping spree of its own, scooping up three solution providers in recent months to expand its presence internationally and beef up its cloud presence. In June, Cloud Sherpas acquired Omnetic, a San Francisco-based Google Apps solution provider. That was followed by Cloud Sherpas buyout of Beloit Solutions Group, an Overland Park, Kan.based cloud solution provider, which gives Cloud Sherpas and its Google offerings a foothold in the Microsoft-heavy Midwest. And in late July, Cloud Sherpas acquired New Zealand Google Apps reseller and cloud service provider WaveAdept, gaining a strong position in the Asia-Pacific region. n

Cloud Players Acquire to Compete

On the heels of the Verizon and Time Warner cloud buys, Reuven Cohen, founder of cloud platform vendor Enomaly and cloud capacity clearinghouse SpotCloud, said that the recent string of cloud

thought leadership series

Capturing the Next Wave of IT

NOVEMBER 15 16, 2011 www.comdexvirtual.com

REGISTER TODAY!
NEW!
2011 KEYNOTE SPEAKERS:
FEATURED TOPICS
Business Management & Strategy
Robert Faletra
CEO Everything Channel

Kelley Damore
VP, Editorial Director Everything Channel

Lisa Gansky
Author

Patrick Thean
Entrepreneur

Cloud Computing Data Center Networking Security Storage Unified Communications Virtualization Wireless & Mobility

Are you ready for it?

Whether you are on the wave or trying to catch it, you will take away valuable information. Hear from industry experts, meet with leading vendors, and network with your peers. Come and connect with the global IT channel community this November.

Winners will be announced live online during COMDEXvirtual!

FOLLOW US: COMDEXvirtual

Data

Ow n e r s h i p

Dont

My stuff!
happens if cloud customers fail to pay their bills. And as more cloud providers spring up and more workloads and data are moved into the cloud, those questions become more pressing. The issue came to a head earlier this year when Dropbox, a cloud storage provider, tweaked its terms of service to include language that led customers to believe that Dropbox could use their files, documents and other data as it saw fit. When Dropbox revised its Terms of Service in July, it wrote: By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-

touch

Customers worry about loss of control over their data, but solution providers assure them its safe
By Andrew R. Hickey Data ownership concerns clouded the initial move to the cloud, with questions swirling over what happens to data when its moved to the cloud; what happens if a cloud provider goes out of business; and what

thOught leaDership series

Dont touch My stuff!

exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. The wording sent Dropbox customers into a frenzy. Dropbox quickly did an about-face and changed its tune, apologizing for the gaffe and told customers that customers own their data and Dropbox will not use it. The UKs National Computing Centre also recently found that IT decision-makers from private and public sector organizations rank their largest concern when it comes to cloud security as loss of control of data and loss of control over where data is held. And in the U.S., cloud users share similar fears. Gartner last year crafted a cloud computing bill of rights, where data ownership was the first and most important right afforded cloud users. Gartner said cloud users were entitled to the right to retain ownership, use and control of ones own data and that cloud providers must specify what they can do with customer data. The rise of social networks has also called into question data ownership, when networks like Facebook were rumored to be leveraging user photos for advertising and other content without consent. The thorny issue of data ownership has caused businesses to wonder if its safe to turn their data over to cloud providers and trust it off-site on someone elses servers. But for cloud providers and cloud VARs, data ownership isnt even a question. The customer owns it. No ifs, ands or buts. But it is up to the vendor and cloud provider to spell out exactly what it has access to and what happens in the event that data is unavailable or inaccessible. Data that is uploaded to the cloud belongs to the individual supplying the information. The normal ownership rules of proprietary data still apply, said Brian Fino, managing director of Fino Consulting.

the cloud customer owns the DataPeriod

There has never, ever been an issue of who owns that data. The customer owns that data, added Mike Eaton, CEO of CloudWorks, a Thousand Oaks, Calif.-based cloud solution provider. For cloud providers, making it clear where the

data ownership coin falls is a key differentiator, Eaton said. And it is important to tell clients that data is private. But Eaton said some customers are standoffish because of their experience with other cloud providers and Web service providers. For example, users know Google wont share user data, but Google mines data for patterns and behaviors to rev its advertising engines and target content. Solution providers like CloudWorks have a different business model. You have to understand how a service provider works, he said. We make a living serving our customers. If youre getting a free e-mail account, you have to wonder whats in it for the provider. Eaton said customers frequently ask how data is secured, how its backed up and how its stored, along with what CloudWorks can do with that data. There are cloud security certifications and safeguards in place to document how data is handled in the cloud and what a cloud providers and cloud customers rights are. Backupify, a cloud backup player that integrates with Google Apps, said providers will have to better answer data ownership questions as the market continues to evolve. As the market continues to develop and customers get more sophisticated, theyre going to hold vendors that much more accountable, said Daniel Stevenson, who recently joined Backupify as vice president of partnerships and alliances. The onus is on the providers to improve how they communicate. But recently, the market has shifted and customers are now less concerned about how a provider is handling their data, and have become more concerned with the one-in-a-million chance that data becomes unavailable or cannot be accessed. Stevenson said data has to be stored in more than one place in the event that a cloud provider goes out of business or an outage occurs or any other number of issues causes data to be inaccessible. This is a blind spot or white space that needs to be filled, he said. CloudWorks Eaton takes the firm stance that while cloud providers should tell customers how their data will be treated, the integrity and ownership of that data should never be called into question. Its the customers. Plain and simple. Data ownership has never been a gray area, Eaton said. Its black and white. n

Data ownership, use anD control is the first anD most important cloud computing right, accorDing to gartner.

thOught leaDership series

C lo u d

C o n t r aC t s

above the law?

solution providers need their cloud contracts to include correct legal wording
Scott Campbell

s
8

olution providers should review their contracts regarding their liability involving a breach of a customers data, otherwise they could be in for trouble, said Zenith Infotechs general counsel during a general session at the recent PSA platform companys Cloud Summit in Moon, Pa. Hire counsel to draft your initial agreement to make sure you get it right the first time.
thought leadership series

You dont want to go back and change agreements or not comply with the law. Make revisions sparingly, said Bradley Gross, an attorney at BeckerPoliakoff, a Fort Lauderdale, Fla.-based law firm. Contracts should be especially scrutinized for VARs and MSPs selling cloud solutions to customers, Gross said, because of all the parties that theoretically might own or touch the data. Any good vendor is likely to have an airtight policy regarding its liability, and contracts need to very explicitly detail the solution providers liability as well, he said. VARs are exempt from liability in many cases as long as they include the correct legal wording in contracts, he said. From an MSP perspective, its always ambiguous on whether you give a special layer of security, Gross said. For example, HIPAA relates to entities that personally deal with health information. But youre not a doctor or insur-

above the law?

ance company. With Sarbanes-Oxley, you have no responsibility as an MSP, but the companies giving you data do. Gross stressed that thats the law right now but a new SAFE Act currently under discussion in Washington could change the game. You guys dont have laws governing data security besides the High Tech Act. Keep your eye on the SAFE Act. It might put responsibility on how much security you have to offer customers. At best it will be out in mid-2012, assuming there are no changes to it, Gross said. VARs are still subject to negligence laws, Gross said, meaning that they could be held responsible if they knew of a problem or knew that it was their duty of care and didnt meet that duty of care. Then youre going to have a problem. Its negligence. Not only did you know [of a problem] but you willfully ignored it, he said. Solution providers are also subject to Federal Trade Commission laws that say they must perform the scope of the contract. If you dont do what you say youre doing, thats a problem, he said. They will go after you for unfair trade practices if you promise a customer something and dont do it. Gross offered two suggestions to VARs selling into the cloud. First, they should check with their upstream providers to understand their security parameters. You cant offer that which you dont have, he said. If I offer you a [encrypted cloud] solution and you type in Charlie and then you can see [unencrypted] codes, dont say you have the best encryption in the business. Second, understand the data storage chain, Gross said. Know where the vulnerabilities are so you know what to promise and not promise. Create a security plan for monitoring, detection, escalation, remediation and notice, he said.

400K
number of instances of silent disk corruption found when there was no prior indication of a disk problem, according to study of 1.53 million drives.
your specific state and make sure its clear and conspicuous in a contract. Dont bury it, he said. Have a paragraph with a limitation of liability. If you have that, limitations are usually enforced. For example, Gross said the Cern particle accelerator in Europe ran an experiment which found that of 33,700 files checked, one in 1,500 of those files were corrupt (22 mismatches) in a sample of 8.7 terabytes of user data checked for accuracy. There was no sign [beforehand] that it was corrupted. Thats a problem for Cern, he said. In addition, a University of Wisconsin study of 1.53 million hard drives over 41 months found 400,000 instances of silent disk corruption when there was no prior indication of a disk problem. You guys selling cloud solutions. I assure you that some of the data from some company got corrupted and is sitting in a corrupted manner off-site and you dont know about it, Gross said. The Wisconsin study also found no clear evidence that workload effects the probability of developing silent data corruption nor that disk size affects the probability of corruption. The point is this stuff happens, Gross said. He quoted Amazons cloud liability statement, which says though unlikely for any given request, data loss or corruption in transit does occasionally occur. What does your agreement say or not say about silent data corruption? If it affects Cern, IBM, Amazon, Zenith, then it affects you, he said. n

Corrupt Data Liability

Its always foolish to offer 100 percent security, Gross said, because such a beast does not exist. You need to put parameters in the contract. They should be whatever Zenith [Infotech] is offering you at the end of the day. You dont make statements that something is foolproof. If you do, youve exceeded the parameters that were given to you and you could have a problem, he said. Many states allow businesses to have language limiting their liability to what they have been paid for by customers, Gross said. Its best to check with

thought leadership series