Here's a quick test to make sure your mission critical data does indeed belong to you:

1. At the end of the contract, can you still use your data or will it be returned in a format that won't work in any other system?Your contract must specify that the data will be returned to you on demand, regardless of any outstanding monies owed, and in a format useable to you. Otherwise, you may end up with gobbley goop at the end of the contract whether or not the contract came to the end of the term or you quit the vendor. Indeed, this is the oldest trick in the book to forever bind customers to SaaS vendors.

    

    

2. If the vendor goes bankrupt and shuts down today, can you get your data back?You may not be able to if there is no specific clause in the contract spelling out if and when your data will be returned. Be sure to also get a guarantee that your data will be protected while the vendor is in a non-functional state and before you take receipt of it, preferably by a reputable third party. If you don't, you could be found liable for any number of legal transgressions because as the "owner" of the data, you're fully responsible for what happens to it.

    

    

3. Do you own the metadata too?So, you own the data, but do you own the data on the data too? Not if you haven't clarified that in the contract.

    

    

4. Have you given the vendor and its assigns unfettered access to your data?Certainly, vendors and their subcontractors may have legitimate reasons to have access to your data. This might include routine redundancies for disaster recovery or the ability to provide you with lost passwords so you can access your data. But if you have given them blanket access to your data without specifying that the data can only be used in the course of delivering the service and can be used for no other purpose even if anonymized, then who owns the data is a moot issue because the vendor and/or its partners can still use it any way they want too.

    

    

5. Have you given the vendor unlimited archival time spans?Here again there are legitimate reasons a vendor needs to archive your data either as a back-up or to speed data delivery to users by jettisoning older data from the load until such is specifically requested. But if you have not established a time limit, a vendor can return a copy of your data to you at the end of the contract but keep a copy in the archives for their own use as well.

    

    

6. Have you defined the extraction or cleaning process?So, your data has been returned to you at the end of the contract, but how can you be sure one or more copies are not floating around the vendor and/or its subcontractor's data centers? Spell out in the contract how your data will be scrubbed from all data centers it was stored in and demand verification that the cleaning procedure actually works before you sign the contract.

    

    

7. Have you prohibited data mining? You may be perfectly comfortable with a vendor aggregating your data with that of other customers to do analysis and make performance reports but unless you get real specific with the permissions language, you may have also granted them to right to mine your data for business prospects, customer contact information, and other information you didn't mean to share. Further, such could make your company legally liable for privacy infractions.

And so I ask again: who owns your data, really?

"There are many stories where a failure in an unimportant system had monster impact on the business or where secondary systems took on significant roles in product management, service support or disaster recovery," warns Brian Barnier, a principal at ValueBridge Advisors who also serves on standards and practices committees such as ISACA, ARMA and OCEG.

And, he's right. There are lots of actual disasters to learn the general lesson from, but there are still no steadfast rules to follow. So, we're back to the fistful of sticky labels and the conundrum that represents. What to do, what to do?!

I humbly recommend what I call the fire alarm scale to rank apps and processes. It's an adaptation of Michael Lee's three category breakdown of app importance. Lee, by the way, is principal consultant at SWC, an IT firm that specializes in serving mid-sized businesses. Anyway, Lee categorizes apps as:

1. Mission critical: those apps or processes that cost the company money any time they fail,
2. Mission important: no harmful loss to the company if it fails in the short term, but harmful if it stays down in the long term, and
3. Mission supported: will not stop the company's mission but will impede operations if lost.

That's a pretty good demarcation of apps and processes in general. However, I would remind you to also think about Barnier's warning of how secondary systems and seemingly insignificant apps and processes can suddenly pack a monstrous punch to an unsuspecting organization. Hence, my fire alarm scale which simply means weighing each app or process by the size of the panic it causes if it is down.

You could scare the heck out of everyone and just start unplugging stuff to see who - and how many - scream. I don't recommend that. It's very noisy and generally makes the company operations a mess for the duration. Plus, plugging things back up always entails more work than unplugging them, so it isn't a very efficient use of your time. It can be fun however if you are the sort that likes to remind people what it is that IT actually does. Ok, we've had our snicker let's get back to the fire drill.

The easier way to determine whether a downed app potentially amounts to a one-two-three or even four alarm catastrophe is to use app performance monitoring (APM) applications to automatically discover where the apps are, who uses them, and what resources they consume. But don't stop there. Find out what those apps are actually used for in order to discover their potential impact on mission critical processes. Trace it, track it, map it from source to end and back again; which is to say evaluate the importance of the data it contains, who is using that data and to what end.

"In an ideal world, all business processes within a company would directly or indirectly support revenue generation. But, in reality every process contributes differentially to this goal," says Deepak Bharathan of PA Consulting Group, a global management and IT technology consulting firm.

That's why you better know the terrain - every nook and cranny - and where the dangers really lie. Then and only then can you mark them clearly by the fire scale because then and only then do you really know what is and is not mission critical.

So there you are stuck between the abstract label and the budget justification.
Heck, it's easier to just call it all mission critical and dump the whole kit and caboodle in the disaster recovery plans. But keep it all out of the cloud, because hey, the apps are mission critical and you don't want them exposed to the elements.

That is, of course, a ridiculous plan. That approach will cost your company a ton of money and not solve a thing. If you're going to get ahead in any direction - be that profit enhancement, business growth, shorter time to market, increased agility, increased security, faster disaster recovery, or anything else - you're going to have to lighten your mission critical labeled load.

So, you scratch your head and ponder what in the pile can be thrown out of the mission critical category. Actually, that's a backwards approach to solving the problem and you're likely to end up with the exact same pile. The easier way is to think which application you would try to save if that pile of applications caught fire this very moment.

It's a bit like a house fire conundrum, you see. A family typically reaches for irreplaceable items like old photos, property deeds or financial records when there are only seconds to save anything from a household fire. Look at your stack of applications and think the same way. What would you save if you only had minutes to save anything?

Another way of looking at the problem is by asking what data cannot be replaced. Think data - not application. Why? With the exception of a few legacy apps, nearly every application can be replaced by contacting the vendor. But even legacy apps can likely be replaced with an off the shelf or cloud alternative. What can't be replaced is the data you put in the application. The application, you see, is only as valuable as the data it holds.

What data is critical? Well, that depends on what your company does. If you are Kentucky Fried Chicken, for example, the secret recipe is the critical data - customer records, meh! If you are a car manufacturer, maybe the most critical data is the design specs you fed into the robotics on the floor - or maybe it's supply chain contracts or both. If you are an online retailer, maybe your CRM data is most critical. The important thing is to ask "What can my company absolutely not function without?"

Be careful not to fudge the answer; the company absolutely can continue without issuing you a paycheck, for example. So, no, payroll applications are not mission critical even if your paycheck is the first thing you would grab if your own house caught fire.

Here is a listing (not a rating) of some of the top vendors and what they offer.

Amazon

Amazon Elastic Compute (EC2) is the dominant player. It offers several instance types in six groupings: Standard, Micro, High-Memory, High-CPU, Cluster Compute, and Cluster GPU. VM Import option allows you to import virtual machine images from your own environment at no additional charge. However, detailed monitoring is an extra charge but basic monitoring of EC2 instances is free. Amazon EC2 pricing requires no minimum fee and there's even a calculator to help you estimate your monthly bill and a detailed comparison page to help you choose between On-Demand, Reserved and Spot Instances pricing so you can make the best cost choice for your project. Specific Instances pricing is here. All told, EC2 is a full rent-a-data-center-service but it has crashed before so it is not infallible.

Rackspace

Rackspace Cloud Servers have gotten a lot of buzz lately around OpenStack, a joint Rackspace and NASA open-source cloud project. But there are a lot of moving parts thus the odds for something going wrong is higher. This is not necessarily a black eye for RackSpace as rival Amazon completely mishandled a crash in April underscoring that "stuff happens" even to the best of cloud vendors. Rackspace does offer very high customer service which is extremely helpful if something does go wrong. Pricing is based on server size with Linux-based servers being slightly cheaper than Windows. This site too offers a calculator to help you estimate costs in advance and a compare page that takes on Amazon EC2 head-on. Rackspace publicly claims superiority in a number of areas ranging from a greater selection of server sizes to third-party software support and admin level troubleshooting. Bandwidth is free between cloud servers but you have to upgrade your entire plan to upgrade storage. Pricing appears higher than Amazon but that may not translate to the final bill, especially if your project is small. You may get a better indication of pricing differences by running the calculators on all the cloud vendors and then compare the monthly estimates of each. All told, Rackspace is a strong company with an excellent reputation in support and delivery.

Joyent

Joyent is operating on a completely revamped infrastructure management platform called SmartDataCenter 6 which has granular analytics and added management, performance and security capabilities. Two free analytics packages, Joyent Cloud Analytics and New Relic, are included and they give users a good view into latency and other issues that some competing providers fail to reveal. Joyent uses SmartOS and KVM hardware virtualization. Pricing is based on server size with a minimal difference between Linux and Windows as is seen in the public cloud services field overall. Appliances, i.e. Percona/MYSQL, RIAK, Node.JS, and Zeus Load Balancer, are priced as an additional cost.

IBM

IBM got into the cloud game early albeit quietly. The IBM platform runs virtual machines in a variety of formats along with other IBM services. It tends to cater to more conservative enterprise developers rather than the bolder programming crowd. The pricing is a bit confusing and is detailed in a charging schedule. Anonline IBM SmartCloud pricing plan spells out a $3000 one-time fee for the Enterprise On-boarding Service Package and a $1000 one-time fee for a Virtual Private Network Service on unreserved virtual machine instances.

Cloudshare

Cloudshare offers a free trial period and a super simple browser-based process. No need to even enter credit card information to get started and play around to see if you like it. Multi-server, fully functional SharePoint farms come with fully-licensed, best practice SharePoint templates pre-installed. Pricing for the full enterprise product is not readily accessible online and requires a call to the sales department for a quote. Cloudshare ProPlus which is suitable for enterprise app use and designed for development, testing and collaboration of smaller teams, is priced online starting at $49 a month for unlimited hours (but subject to save and suspend after 60 minutes of no activity) and rising to well above $599 for the always-on option (no automatic save and suspend).

Terremark

Terremark's vCloud Express is VMware based and requires no minimum commitment. Live chat service is available from the landing page to help you get started or to figure out what you need for the project at hand. Chat follows you from page to page standing at the constant ready. While there is a full-blown Terremark enterprise option, vCloud is designed more for smaller businesses, individual departments, rapid prototyping, and developer coding and testing. Adding and deleting extra capacity is relatively simple although the vCloud pricing table isn't. Priority support is an additional $500 or 20% of your usage fees, whichever is greater in a given month. The good news is that you can enable priority support whenever you wish so it really isn't an expense unless and until you need it. Prebuilt server templates contain licensed Windows/SQL software for a fee based on the number of VPU servers you use.

Elastic Hosts

ElasticHosts also offers a free trial period, but for five days which is less than the 14 day free period offered by Cloudshare. Pricing is based on by month or by burst and an online calculator helps you calculate the cost in advance. You have a choice in UK and US-based data centers and you can pay in either U.S. dollars or British pounds. The service configures VMs like hardware and provides persistent storage, static IPs and a simple API. ElasticHosts also offers ElasticStack, a platformthat allows hosting providers and data centers to offer their own branded cloud services.

Dell and HP

IThe cloud space is getting very crowded and there are even more public cloud providers preparing to launch. Dell is launching its public cloud offering later this year. The company has strong experience in cloud computing with a wide array of products to help companies make the big move. Dell's public cloud offering teams the company with VMware and its vCloud Datacenter Services offering. Prices have not yet been announced but there is little doubt that Dell will be a serious contender worthy of full consideration as an option.

HP has also announced an upcoming public cloud service, which is now in beta but a public launch date has not been announced. HP's platform is based on the open-source OpenStack project which adds steam to that movement overall.

Notice that most of the public cloud players are companies you already know. That's the good news in that it lends familiarity to an otherwise tricky equation. The bad news is that there is lots of fine print to weed through and none of it tends to be straightforward. Make sure you understand all the legalities wrapped in the service level agreements (SLAs) to avoid problems later and run the monthly calculators offered on most of these sites to get a better feel for actual costs before you commit.

Here's a lineup of my favorite apps that will help you collaborate not only around documents but with video too. And many of them are also free, too.

• Teamviewertops this list because of its versatility in everything from desktop sharing (even through firewalls) to browser-based presentations. The app is free to all non-commercial users and well worth the cost (a one time fee for as low as $750) for many business users, considering it also provides simple click connections between team partners and secure instant messaging. A very comprehensive tool that's incredibly easy to use.

   

   

• Crocodocallows you and your collaborators to add comments, drawings, doodles, highlights, and other markups to Word documents, PowerPoint presentations, images (photo or graphic), PDF forms and other documents. You can embed documents on a website or blog or simply share them privately. Documents are displayed in your browser and no Flash or plugins are required. Files can be password protected and encrypted, all free of charge.

   

   

• Createlymakes online diagramming and design work easy. You and collaborators can use it for flowcharts, UI mockups, UML diagrams, network and rack diagrams, wireframes, mind maps, chemistry lab diagrams, fishbones, organization charts and SWOT tables, to name but a few. It has an extensive library of object sets and templates that make the highly intuitive effort even easier. The personal version is free for sharing up to five diagrams, and fees start for as low as $5 per month per user.

   

   

• Cozimoallows creative teams to collaborate on images, documents and videos. Its synchronized video feature keeps all the editors and collaborators perfectly synched in real-time. You can draw directly on the images, leave post-it like comments, and easily access the automated project tracking to stay up-to-date on changes and communications. It works in any flash-related browser. Its one of the few apps that allows you to work easily with multi-page PDFs and vector rendering for Adobe Illustrator and CAD files. The personal version is free, and paid versions start at $29 per month.

   

   

• Onehubis a great file sharing app that excels in sending, receiving and tracking large file transfers. Invitation and comment emails can be branded either to reflect the company or the project's name. The app sends email as directed by users to invite new collaborators, share comments on items, post a new message, or simply to disseminate daily notifications. Virtual workspaces can be easily customized. Users typically set up one work space pre project or department but workspaces can be used in any way that works for the user. The free version includes 2 GB of storage and paid plans start at $29 per month.

   

   

• Wizehive Project Management provides private workspaces, file sharing, and detail and activity tracking. It works very well with projects that have lots of participants and tons of details to worry about. Additional tools are offered to help with specific project verticals, i.e. contests, scholarships, and grants. The free version includes three workspaces, and paid plans start at $24 per month.

There are application usage management solutions available already but they typically ignore abandoned mobile apps entirely and focus instead on managing enterprise apps or enabling enterprises to create their own app stores and apps (which inevitably ends in more zombie apps).

Granted application management providers such as Flexera Software are working on solutions to manage zombie apps now, but nothing is ready at the moment.

Meanwhile the app graveyard is woefully under-tended and the zombies are growing both in numbers and in strength.

Sprawl as security threat

Zombie app sprawl presents new security threats in two ways: abandoned apps can still carry and spread malware and, if they are set on automatic update, they can grant themselves continuous access to information. Since zombie apps are abandoned apps and the updates are automatic, no one is aware that the apps are running in the background, much less what they're doing back there. The consumerization of IT fuels the problem since IT no longer knows what apps are on employees' devices in the first place.

Flexera Software says continual application readiness is in order to control such risks. "Managing the applications that have been deployed, and making sure the enterprise is efficiently managing the application estate, making sure applications are deployed and up to date, and making sure unused applications are removed from the system, should be priorities," says Randy Littleson, vice president of Product Management at Flexera.

Application management software makers are not the only ones sounding an alarm. Symantec is already warning enterprises "that the majority of the malicious code for mobile devices we see today are Trojanized legitimate apps." Imagine an army of those on any number of devices eating away at company information. "So, in terms of enterprise concerns, this should be a big one," says Khoi Nguyen, senior product manager of the Enterprise Mobility Group at Symantec.

Brains, zombie apps want brains, as we told you web apps are wont to do in an earlier post. If you don't want your company data to fill that appetite, something must be done to actively zap the threat. But for the moment, that entails one uninstall at a time and a diligent policy and education program to make sure your employees know when and how to pull the trigger

Certainly other manifestations of the desktop's evolution, such as in this interactive exhibit at the DDR museum in Berlin will appear in mass production eventually.

Projected screens and keyboards that can be used on walls and other surfaces are also a given. As are hologram projection screens and keyboards, both 3D and flat.

But smartphones and other mobile devices will also have the features below. What makes a desktop remain a desktop is not these physical changes to it and its peripherals, but the fact that some data will remain local and therefore some processing and storage capability must also remain local. The computing process has remained the same for many years, and the desktop PC is its best incarnation.

Yes, I know that smartphones and laptops and other devices of today are tremendously more powerful than desktop computers of just a few short years ago. Even so, the desktop has continued to provide more processing and storage muscle than any of its mobile brethren.

Eventually the silicon revolution will end and Moore's law will collapse. It is at that point that we will entirely change how we compute. Some people predict we will change over to quantum computing, change from bits to qbits (or qubits), and do our processing on electrons rather than on chips. American theoretical physicist Michio Kaku predicts that molecular computing will see widespread adoption before quantum computing does.

No matter if we end up with molecular computing or quantum computing, we will radically disrupt the computing process -- processors, programming, storage and, yes devices -- all of what we use today will no longer fit into that new computing process and thus will all become obsolete. And then, the desktop will finally die.

And that, says Kaku, is as important to the world economy as it is to humanity's ability to compute. When we drive headlong into the silicon chip's dead end, devices will no longer sell at a fast pace simply because there will be no improvement in new models over old models. However, with the birth of a new computing process and all the new devices that it will spawn, the world economy will thrive.

And therein lies the answer to why hardware manufacturers are so eager to prematurely declare the PC dead: they need to sell more devices quickly before the silicon chip maxes out. And, they can already see that Moore's law will collapse entirely within the next 10 or so years. In other words, their desperation is showing.

So, to reflect this approach, the hybrid desktop was born. You can also think of it as the rebirth of personalization.

In previous incarnations of the virtualized desktop, image updates totally wiped out any personalization the user added - stuff like apps, personalized settings and user data. Hybrid methods let the user keep personalization, since they typically update a base image layer and leave the user layer untouched. Beyond capturing the desktop architecture consistency advantage of virtualized desktops, this hybrid approach also captures the additional storage space, processing and graphics of the PC. Further, it improves productivity by allowing people to retain the desktop they want without having to re-personalize after every update.

The hybrid desktop has other advantages as well. Chief among them is asynchronous communications. The user can work offline and everything will sync with the data center as soon as the user reconnects to the network. This is infinitely more efficient than a system that can only work when the endpoint is connected.

Hybrid desktops are cheaper and more scalable too, considering that thousands can be supported by a single node compared to the mere dozens a true VDI environment can support.

What happens to the desktop OS in all this remains to be seen. The desktop OS conundrum is covered well in a previous RWW story by David Strom.

There are a number of vendors already moving to capitalize on the strengths of a hybrid desktop. The current lineup includes Intel's Intelligent Desktop Virtualization system and its tie-in with RES's Virtual Desktop Extender; a hodgepodge of smaller firms such as Wanova with its Mirage platform; and then there's Citrix dabbling in the issue with its recently acquired RingCube Technologies.

Look for more players to enter the field shortly. There is just too much sense in the idea to leave money on the table (or on the desktop so to speak).

Take for example the claims that radio would kill newspapers and TV would kill radio. It didn't happen. Why? Because each of these devices served a common purpose and although the mode changed, the process did not. Then along came the Internet to disrupt the process - in terms of dissemination and access. Sure, the Internet spawned new devices too but these were attuned to the same Internet-based process and thus it is the process and not the advent of these new devices that will kill the Big Three - newspapers, TV and radio.

But, these new Internet-based devices will not kill the desktop because the desktop is based on the same process. It belongs to the Web-ilk, that is, to the Internet of Things.

And so the desktop will live on in one form or another as long as the process, i.e. the Internet as we know it, does. Perhaps not this desktop, though (the Data General One):

But what possible advantage can process have over utility, one might ask? To which I would say, that is the wrong question. Utility is served by process too. For example, the radio was once a fixed object in the home. Later it became portable and even found a way to roam about in cars. It wasn't its form or its mobility that fully addressed its utility. Form and mobility merely augmented its usefulness. But its utility remained the same. This is true right up to satellite radio today. Access improved, but utility remained the same.

However, a change in process came about through the iPod and iTunes, Internet radio and MP3-capable phones. The change in the process was that music was no longer a one-way stream of sound. Now music can be selected from a variety of sources, played on demand, stored in various ways, owned or rented, commercial free or ad endowed and shuttled between devices. In other words, the listener commands the what, where and how of music enjoyment rather than passively receiving the music from a disc jockey's predetermined playlist.

With the new process comes a new utility. Once again, the new devices that are now slowly killing traditional radio are doing so because of their process and not because of their utility or newness to the scene.

The same holds true with the desktop - the much maligned CPU with monitor, keyboard and mouse configuration literally sprawled on desktops everywhere. Its utility has not changed and neither has its process .

The situation is similar to that of the QWERTY keyboard which is still around today because the process of data entry has remained unchanged despite the onslaught of new devices and Web advancements. In much the same way, the process behind desktop use remains static.

The desktop provides the muscle needed to handle large amounts of local data in the current computing process model. It is superior to all other Internet-based devices in offline data retrieval and use. There will always be people who want to keep their information on a CPU and out of reach of Dropbox- and Wikileak-style fiascos and warrantless government searches.

There will always be nerds and geeks who want to code in private and thus
want CPUs that can work offline. They will keep machines at the ready to test everything from hacking tools to new software, both online and off. They will have a pile of CPUs at their feet and a spread of monitors on their desks as long as life breathes
within man and machine.

There will be scientists with new discoveries, governments with secrets, and corporations with profits to protect who will always guard against leaks and spies by keeping information on-premise.

And this is why the desktop will never die. At least not until the the Internet as we know it dies and a new computing process takes its place.

Photo @ Creative Commons by kerplunk kerplunk

In essence, it is the production of a single item to a customer's unique specifications at or near the same unit cost as its off-the-shelf, mass produced counterparts. Though not yet fully realized in manufacturing, this concept will nonetheless move from the factory floor to the software maker's door in the foreseeable future.

The first software companies to make instant customization happen will likely seize huge market share. But only if it is instant customization in its truest form and not the simplified stabs at immediate customization that we see today in skins and basic UI changes or reporting options. True instant customization in software means software-on-demand in the coding rather than the cloud sense.

In manufacturing, instant customization is about more than just retooling a factory to instantly adapt production in line. It's ultimately about letting the customer control production. Take, for example, Shapeways, a company that enables you to upload your own 3-D models that it then prints on 3-D printers and ships the real object to you or to your customer. Indeed, 3-D printers are seeing more venture capital investments and support because of the increased interest in this democratization of physical manufacturing.

What the future portends

In the near future, customers of almost any industry will dictate and design the customizations they want online and the machines on the production line will instantly churn out the results.

When IC comes to the software industry, software customizations will no longer be a lonely, arduous and expensive task for the user or the enterprise. Its emergence on the scene will probably first be seen in SaaS vendors who will pool common customizations to deliver scalable instant customization. In all likelihood, the customizations will be delivered in automated self-service models. We see this already happening to some degree in app stores and in game mods.

Current apps, however, are not examples of instant customization as they are still a one-size-fits-all, mass approach to changes. No, instant customization in software will be a customer saying 'I want to do this, in this exact way' and the software will then be instantly written to specs with absolutely no need to customize further.

The evolution process will eventually lead to the use of artificial intelligence to instantly configure code or app modules to provide uniquely customized software that may bear little to no resemblance to any of the software company's core products.

This is the future of software development. A world where the developer no longer hopes that his own creation will be adopted and adored but instead hopes users will leap upon it and reform it into their own image.

Control issues, no doubt, will rapidly surface during this harrowing transformation and patent wars will become all the more contorted. But no one said anything instant would be truly carefree.

There's plenty of motivation to find a way to thwart software pirates. A recent Business Software Alliance (BSA) global survey (PDF available here) found nearly half the world's personal computer users - 47 percent - acquire software through illegal means most or all of the time.

Now, in fairness to users, not all piracy is intentional. Certainly there are numerous online and offline sources selling pirated software to unsuspecting users. There are also companies that are totally clueless as to what software their staff is using and whether it is licensed or not, a situation further complicated by the consumerization of IT and the swell of unauthorized virtual machine spin-ups by business users.

And it doesn't help that some software manufacturers make it difficult to restore or reinstall licensed software - a situation that prompts legitimate licensees to pluck an easy fix from the ever-accommodating pirates.

But by and large, software piracy is intentional and it's costing developers billions, $59 billion and counting, according to BSA. China had a higher percentage of these regular software pirates among its PC-using population than any other country surveyed, followed by Nigeria and Vietnam.

All of which is spurring software developers to cast a hopeful eye at the cloud. Since code is not distributed in the cloud model, they wonder, can the cloud help stop piracy, or will the increased access only make piracy worse?

"It is too soon to say whether widespread cloud adoption will substantially reduce intellectual property theft," says BSA President and CEO Robert Holleyman.

The cautious answer is appropriate considering that pirates are more agile than most of the methods that are designed to thwart them. Alas, the cloud will be no different and pirates will remain elusive.

"In fact, IP theft may take new forms in the cloud - from under-licensing or illegally sharing account credentials for software that is delivered as a service, to using cloud configurations to surreptitiously deliver pirated software," explains Holleyman.

But don't think you're free to freeload. Groups like BSA and the Software & Information Industry Association (SIIA) are dedicated to hanging offenders with staggering penalties. Then there are all the individual software vendors out there who are increasing the number of audits they do each year. Pirates are getting busted more frequently, and fined more heavily, as a result.

"We will monitor these trends carefully to ensure lawful best practices take hold and become the norm," says Holleyman.

And, indeed, they will. Yes, they surely will, matey.

Photo by CRBowman

Buyers are skeptical, and have good reason to stay so until cloud vendors put some skin in the game.

For the moment, it is the vendors that are most fearful of the cloud. You can see that clearly in the typical service level agreement (SLA). If vendors were as fully confident in the cloud as they claim to be, the SLA would be public and straightforward and the shared responsibility between buyer and vendor would be clearly evident with lines cleanly drawn.

But that is not the way things stand now.

The very beginning of the process is fraught with secrecy and threat. A signature is required on a non-disclosure agreement before the contents of the SLA are revealed. The threat of legal action prevents discussion of a single word within. Keep in mind that the typical SLA does not contain proprietary information of a patentable sort or details surrounding intellectual property. It's just an agreement that says "we provide this and here's what we'll do to make things right if something goes wrong."

Why, then, is it necessary to make the SLA document secret since it is merely a warranty of sorts? Nearly every other industry uses its services and warranties as a brand differentiator. You need only to watch a car commercial on television to see an example - free maintenance, extended 'bumper to bumper' warranties, guaranteed trade-in values, etc. Yet, you do not typically see such promotions of service warranties with cloud vendors with the one possible exception of Google Apps..

Secret SLAs

Why, then, do cloud vendors lean heavily towards secrecy when it comes to their service level agreements?

Because the contents of the SLA typically guarantee nothing of value. Indeed they are harmful in that they transpose all risk to the buyer/user. The most you will find is a promise pertaining to uptime but even that is hedged with weird measuring calculations that will always render the vendor blameless.

Further, server uptime is not the same thing as an end-user application speed and availability guarantee and therefore meaningless to enterprises. Without a guarantee that provisioning will be speedy to meet peak demands and another warranting that end-user delivery will be steady and predictable - plus a bevy of solid metrics to measure those by - the SLA is nothing but a guarantee of profits to the vendor at the expense of the buyer.

Until the cloud industry matures and vendors make it evident that they truly do have skin in the game, enterprises are generally better off going with a hosted version, where SLAs are more meaningful and advantageous, or in building private clouds. Either way, passing on anything secret in the public sphere is a good defensive play.

Part of this trend is that more of our business computing has gone mobile: last year smartphones outsold PCs for the first time.

Trying to wrest control over this rapidly evolving situation is impossible. IT can try to control which phones are being used across the enterprise, but it is a doomed exercise. "That results in new apps that IT has to maintain and update, apps that consume storage space on smartphones and tablets and apps that can take months to prototype, develop, test and deploy," says Price. "And they still require the purchase and installation of the mobile development software and, often, the use of consultants to integrate the software and provide implementation and training assistance, since IT skills are mandatory."

Then along came the cloud with its "pay by the sip" affordability and its superior abilities in mass distribution.

"There are two things that consumerization of IT and the cloud bring to the table: atomization of applications and distribution of processing, incidentally, two of the largest promises of true cloud computing," says CRM guru, Esteban Kolsky, founder and principal at ThinkJar consulting.

With the rise of the API and the atomization of apps comes a release from the prerequisite over-hyped, over-bloated and cumbersome software platform. This new generation of apps is built and sold as independent atoms that can integrate with a wide variety of software tools and apps to form highly customized molecules. Remember reusable object-oriented code? This time around the apps are built like Lego's and connect to one another with flexibility and ease. In this latest case, though, the little building blocks are the beginnings of programming interfaces between the apps themselves. What is important is not the code itself, but what is being communicated between programs. Compare the first Tron with last year's sequel: the Master Control Program is irrelevant.

As integration is built in for the convenience of the user what software is used becomes more and more irrelevant to everyone. That being the case, one wonders how much longer the clunky software platform models can continue to be profitable and how fast devices may become obsolete (at least in terms of relevance to the buyer).

"The distribution opens the world of remote operations and multiple providers to bear," explains Kolsky. "Any small vendor who knows how to, literally, build a better mousetrap can now get people interested in it to use its systems on a per-use or rental basis. This basically makes any small vendor competitive with the larger ones - even more appropriate against those that have not adopted this model."

For now, these APIs tend to be seen only by developers, although end users are catching on and voting with their mouse clicks at various app stores. And while there are a few critics claiming that many APIs aren't quite fully baked for enterprise use, others realize their agility and simplicity and the power of choice. Enterprises want everything to work with everything else. That's precisely what these new APIs provide.

"Users benefit because they can automatically route their applications to any other remote component as they need, with minimal preparation," says Kolsky.

I offer for your esteemed consideration the following exemplary examples of this new breed of APIs, in no particular order of importance:

• TweetRoost by MediaRoost is an inversion of social CRM (sCRM) in that it is a social media product with CRM built-in, rather than the other way around, thus enabling sales, service desk and support personnel to work directly in Twitter. It integrates with Salesforce.com and Zendesk but requires the user to own or use neither.
  
• HYVE is enterprise application suite that combines social networking, geo-location and analytics tools in a mobile platform for internal collaboration. It's produced by DoubleDutch, a software start-up in San Francisco. HYVE's API is compatible with SAP, SalesForce, Oracle and other workflows typically embraced by large companies. Cisco, HP and other big corporate brands are already using the application within specific workgroups.
  
• Bime is a business intelligence (BI) app by We Are Cloud, a privately funded French start-up based in the academic R&D hotbed of Montpellier. Bime is able to work with a variety of platforms including, but not limited to: Google Docs, SalesForce, Oracle, PostgreSQL, Mysql, Microsoft Sql Server, FireBird, Informix, SADAS and IBM DB2.
  
• TeamViewer is remote support and presentation software that is superb for screen-sharing and file transfers and even offers easy means to flip user control. Features include a whiteboard, video screen capture, chat, VoIP, integrated teleconferencing and other neat functionality without requiring firewall reconfiguration. The TeamViewer app can be installed on any device but it can also be used simply through a web browser without any installation necessary. Inter-platform connections are easy and seamless.
  
• EchoSign is a cloud-based e-signature and contract management service which allows users to edit, redline and track changes, revise and negotiate 100% online by leveraging both Google Docs and Microsoft Word. It can be accessed from any mobile device and is integrated with a number of systems including SAP, Salesforce, NetSuite, SugarCRM, Google Apps, DropBox, Box.net, Xobni, Evernote and many more. It was acquired just a few days ago by Adobe and is now slated to become part of Adobe's document services.

While much of tech media trumpeted the introduction of Twitter for Newsrooms (#TfN) as if the guidelines for journalists presented some new technology or service, Twitter and its partners made off like bandits with the sustained and focused attention of the most influential group of people on the planet: journalists and bloggers.

Despite the free publicity ride that is bound to boost the brand and attract app developers in droves, the TfN guidelines are indeed helpful to journalists.

Search options are covered in detail -- from basic to advanced -- for journalists new to using search to parse tweets. Directions are also provided in how to negate search rate limits so that a journalist or team of researchers can search endlessly. Ditching the rate limits, I must say, is a welcomed change.

The publish guidelines are instructional and helpful in everything from embedding Tweets and publishing them on air to displaying tweets on the news media's respective websites. Wow! More free promotion for Twitter! Somebody hand those boys an advertising rate card. After all, as we wrote about last week,Twitter is busy selling promoted Tweets.

The Extra section of the guidelines offers links to support and safety teams, Twitter's many internal blogs, foreign language tools, and an intro to its ecosystem partners. The Media Ecosystem Directory link at the bottom of that page is a bit misleading as it leads to a directory of partners who can help media do various tasks and analytics, but are not media-specific tools per se. The buttons at the top of the directory claim to allow a search of partners in the ecosystem by subject or task but appear to be dead. The journalist is left with a simple list of 20 partners all briefly described and with a link to the partner's website. In other words, it's a list of partners, a billboard, and a far cry from an app store. However, I wouldn't be surprised if an app store is exactly what Twitter is aiming for and what better way to attract a critical mass of developers in a big, fat hurry than to attract so many journalists first?

No doubt editors, community developers, new media specialists, and social media gurus in newsrooms worldwide quickly thrust the Twitter for Newsrooms URL in the email inboxes of every journalist in the office or in the field. Equally without doubt, journalists with no to massive amounts of experience with Twitter searched its pages with keen interest. Each and every one of them was searching for secrets and shortcuts they hoped would ease the pressures associated with news production and news promotion at Internet speeds.

Many would make the guidelines themselves news and never catch the slightest whiff of Twitter's sublime "news media needs us" play.

It's not that journalists are the befuddled baboons that many inside and outside of media like to portray them to be, it's that journalists have yet to discover social media's limits in news production and therefore are slow to question whether there are any limits.

Case in point: the plethora of references to Twitter as the newsroom in tech and media reporting. That claim is pure baloney.

Twitter is not a newsroom. It's more a smoky bar, shadowy garage, corporate breakroom, and boisterous mob gathering -- places reporters traditionally went to tease out news leads -- all rolled into one. Twitter is a place where people talk, often while inebriated or delusional (believing a public forum is somehow private). It's a gathering of intelligent and average people with smart thoughts and dumb thoughts. It's peppered with marketing people with PR ploys and social media pros with marketing plays. It's a collection of friends and enemies, strangers and acquaintances, rebels and tea partiers and traditionally scandalous politicians. In other words, it's a reflection of the real world with a bounty of tidbit pickin's and tantalizing leads, but it isn't a newsroom.

Twitter is just one of many places journalists go to meet sources and troll for news.

But there's not one damn tweet found in a random Twitter search that any reporter worth his or her salt is going to trust. Not even if that Tweet came from his own mama's smartphone. The info in the tweet, as well as the identity of the Tweeter, will be checked and rechecked. That's what journalists do. They don't trust, they ask questions.

Yet most journalists trusted every word of the Twitter for Newsrooms guidelines and immediately took the words to heart. Almost to a man, journalists wrapped themselves tightly in Twitter's "how-to" as though it were a lifeline in a rough sea. And perhaps it is.

Well done, Twitter. Well done.