PwC: Is security just a matter of people getting comfortable with it over time? How will it evolve?
SM: No, I think that would be oversimplifying it. In my opinion, you don’t lose your good habits. You evolve them. You take the security best practices you have in your physical data center and you evolve them into your virtual data center. The technology also must lend itself and evolve itself to virtual environments. Managing virtual machines is a little different from managing physical machines, but whether you’re using data loss prevention or using any kind of technology for authentication, your good practices don’t change. The technology evolves with it. In the virtual/cloud world, we must think of security as built-in, not bolted on.
For example, EMC recently bought a company called Archer Technologies, which offers governance, risk, and compliance (GRC) solutions. The issue is not just security; it’s across-the-board GRC solutions for the enterprise. We’re fi nding new and creative ways to integrate Archer Technologies into our core business— IT and beyond. These solutions are particularly useful in moving to the cloud because highly automated cloud environments must be policy based to scale. That’s what cloud is all about. It’s all about policy-based, service-level-driven IT computing, and those technologies are evolving very quickly.
PwC: How does cloud computing help with innovation in an enterprise?
SM: At EMC, we are finding innovative ways to tackle old problems. I’ll give you an example. We had an application that reads a large data set and locks up desktops for long periods of time. Now, with a virtual infrastructure environment where we can serve up VDI [Virtual Desktop Infrastructure] machines running on a Vblock, we’re able to provision some of these virtual desktops on the fly so the engineers can spin up, load their data sets, go home at night, and come back in the morning. All of this is happening off the server with the added benefit that much of this is self-service. The engineers’ machines are free to do what they want to do, and all of a sudden: new solutions to old problems.
The point is not so much the solution. It’s the innovation around how you tackle the problem. The capabilities that a virtual, private cloud infrastructure provides enable us to address problems differently and say, “Let’s try that. We’ll come back to you tomorrow,” as opposed to, “Let me come back to you.” There’s more of an inclination to dabble and try to innovate and to risk and fail. The only caveat I’ll put in that statement is you don’t want to lose your good hygiene habits. There’s a fear in the minds of many that you can spin things up so easily that you may forget to spin them down, or you get inefficient because you’re spinning up too many resources, and you lose your basics on ROI [return on investment] and costs.
PwC: How do you see cloud computing affecting that old pendulum of centralization and decentralization of IT between the business units and central IT?
SM: I don’t think it’s so much about centralization and decentralization. Naturally, with cloud you want the operational elements more centralized, because you are harnessing the compute power back in the data center. Logically, you’ll get a lot more centralization from a technology point of view.
The exciting angle on this is the rationalization of roles. We will see the classic IT silos blur. I am convinced more than ever that the boundaries between systems and security, security and network operations, and network and storage operations will start blurring. There’s going to be a natural transition where once you get past the depth needed for designing, building, and deploying a private cloud, you really don’t think in the classic IT sense anymore. And you look at root cause analysis in a different way. This new wave of IT is ushering in an opportunity for IT professionals.