Recently I had the pleasure to sit down with Darren Person, VP Chief Architect at Elsevier. We discussed his perspectives on the cloud computing industry at large, what developments he is interested in, his perspectives on leading an IT organization, and how Elsevier is approaching the cloud as an enterprise.
Gathering Clouds: Looking at the providers in the cloud space itself, let’s take Amazon or Rackspace, that are champions of different types of larger cloud provisioning with AWS being the plug-and-play and Rackspace being the largest of the managed service providers, who do you see winning long term between the two models?
Darren Person: I don’t think it is a win/lose situation. Many enterprise customers don’t typically own their data centers. The majority are colocation or managed services, whether that’s with Rackspace any other providers. A lot of enterprise customers are already in managed spaces, and many are “testing the waters” with the cloud. In the short-term, I see a significant opportunity for more hybrid approaches to delivering solutions until the cloud and our application architectures mature. Think about a traditional 3-tier application design patterns and how many applications are built under this guise. The challenge is that there is still a significant amount of common off-the-shelf software whose architectures require specific hardware and is not supported in the cloud. Based on this, there is a need for managed services and the hybrid approach. Rackspace is interesting because they offer both: they have their cloud and offer the ability to co-locate infrastructure which helps address the issues.
In the long term, I think everyone is looking for more of a services approach to solving problems. We prefer to spend our time focusing on driving value to our customers, while leveraging 3rd party experts to help compliment our solutions. In the long haul, the cloud provider that builds more services which enable their customers to focus on the competitive differentiation aspect of their businesses are going to be the cloud providers that ultimately win in the end.
GC: Okay, so for Elsevier, is it possible to take a step up and move to a managed service model without removing in-house staff doing similar functions? Can you move these people to something else or do you start with a managed service outsource model then shift your people internally to focusing more on the core mission of the business?
DP: We all start at the same spot. Unless you are a startup company today, you already have at least one data center. In most cases, your IT organization is very much structured the way I previously mentioned, where you have your 2 vertical stacks: your infrastructure team and your development team. Now whether or not the infrastructure team is outsourced or in-house, I don’t know how much that really changes the game. Ultimately, you have to have a vision of how you want IT to run in your company and how these teams come together to drive a solution, where their roles and responsibilities begin and end, and you have to converge on those attributes. You have to be clear on what you’re trying to accomplish, what the goals are, what the principles you want to accomplish those goals by, and then focus your resources.
GC: Is security still a major concern for you around the cloud?
DP: I would say that the concerns about security are dissipating. I think a lot of this is predicated on more education. To help alleviate concerns, we brought in our cloud partners to sit with us and go through their security audits and what they are doing to be compliant. From my perspective, we are in a constant educational process. I’m not sure we fully understand the ramifications a security breach would bring along. The outcome of a security failure to a cloud provider, while obviously important to us on a business level, is catastrophic for them. To have a breach in their security could be something that shuts down their business entirely. It’s these reasons why I have less concerns than most. Cloud providers are making security a top priority. In discussions, we’ve had with potential partners; they have provided certifications ranging from HIPAA to PCI compliance.
That being said, security is a two-headed beast. While the cloud providers are focused on providing security at the infrastructure or hypervisor layer, security is ultimately a shared responsibility between both infrastructure and development. A lot of people mistake security holes at an infrastructure layer versus security holes at an application layer. There doesn’t seem to be as much focus on the application layer than there is in the core infrastructure layer. In part of the acceptance process, infrastructure-as-a-service (IaaS) has been a compelling offering because the ability to achieve security compliance is easier than it is to get security and compliance in a platform-as-a-service (PaaS) model. Supporting the software in addition to the hardware requires a much more rigorous approach. This has presented interesting challenges and opportunities at the enterprise level.
GC: How are you approaching Elsevier differently from other companies you’ve worked in terms of the way you like to lead groups to drive innovation? How has the growth of cloud, now and for the last few years, enabled you to achieve more around your goal set then you previously could have?
DP: Good question. Every organization that you go into has a different set of challenges, whether it is moving the technology or business needles forward and in some cases, both at the same time. At a high level, all organizations have challenges with legacy estate management and historical processes that need to be managed. Depending on your role, you either have to manage those challenges directly or through influence.
In addition, I think every CEO, CIO or Chief Architect needs a burning platform – some form of platform where there is opportunity for you to move the needle and the company by leveraging that platform and driving it to success. The cloud is my burning platform for which I’m able to help drive new ideas and innovation into the company. When you look at the four scopes and priorities I mentioned earlier, clearly disaster recovery was a big opportunity and something we wanted to make sure that we had proper plans in place for. When DR came up, I immediately saw the value proposition and thought “wow, we have to implement this here. It makes the most sense for our business.” For new product development, you hear the desire to deliver new products to market more quickly. Again, the cloud seemed like a perfect opportunity. The cloud was/is my burning platform which is enabling me to re-imagine the way we operate today and execute on it. In essence, finding that burning platform, and then driving it in concert with your company’s objectives are critical to meeting your goals.
GC: How do you see the industry or the business changing, since the business and the challenges associated with doing the business are becoming more technology-savvy, while the technology people are also becoming more business-savvy?
DP: I’m really excited about the up skilling of both the business and technology teams to become more aware of each other’s areas of focus. I have always loved working with computers, but the real value proposition comes in when you can work side-by-side with our business partners, speak their language and help them understand how you can apply your skills to drive innovative product ideas. As I look to my kids as the next generation, I see the convergence of these skills through the rapid consumerization of IT. We have more and more people who are comfortable with tablets and PC’s. I predict that we will see more engaged conversations with the business, a bigger focus on how technology helps drive decisions forward, and how it can be used to create new businesses. If you think about Amazon and the transition from selling retail goods to selling IT services (AWS), it represents the transformation that can be achieved when product and technology teams come together and innovate.
GC: Looking broadly, you’re looking at a bunch of different providers, vendors, all of the time. Specifically related to cloud, in the past 5 years and then moving to the future, how are you seeing the cloud landscape particularly change, both from a technology and a positioning standpoint, and how do you see it continuing to evolve? Or where would you like to see it evolve to?
DP: If I look back 5 years ago, the cloud was only a concept with handful of machines used to do some very basic parallel processing. The concept was great, but the underlying technologies to support it at scale were still immature. As we fast forward to today, we’re seeing the full maturity of virtualization coupled with an outward mindset focused on automation. We are seeing much tighter integrations through API’s, more advanced architectures based on loosely coupled services, and an evolution in the way IT thinks about infrastructure – some of these things are actually business workflow solutions, in addition to raw computational power. The idea of being able to dynamically scale up or scale down your infrastructure based on signals that you’re receiving both from your customers use of your product, as well as your equipment, that’s meeting a real business challenge. If I fast forward 4 or 5 years from now, I believe we will continue to see the progression of more building blocks in addition to a migration towards SaaS based solutions. I also see an increase in cloud reference architectures, more templates, more pre-built entire stacks that are easily deployable.
GC: What’s missing for you as you look out at the cloud landscape?
DP: Yeah, so this is an interesting question. The big thing that’s lacking right now is just sheer experience in the cloud. The area where we’re feeling really challenged is that it’s still so new and we haven’t reached a critical mass of available resources that are cloud savvy. In addition to resource limitations, we’re also missing a solid set of technologies that enable multi-region support for traditional application architectures. High availability and disaster recovery are promises of the cloud, but there have been recent cases where outages take down an entire region forcing the need to look for a broader solution (e.g. multi-region deployments). Finally, I think there are still the challenges of governmental data regulations and general compliance obstacles that need to be addressed. On the positive side, the educational process is continuing and we are seeing large steps to help us close the gaps.
By Jake Gardner