The Fourth Amendment to the U.S. Constitution, part of the Bill of Rights, guards against unreasonable searches and seizures. Basically, it says that law enforcement needs a court-ordered warrant – provided there’s probably cause – to make a search. Today, one of the biggest questions for enterprises considering moving data to the cloud is, under the Fourth Amendment, what kind of data protection they’re entitled to when in the hands of a third party.

Now, however, there’s a new legal opinion of the application of the Fourth to the cloud. cnet has taken a look and reports that it’s not only right on the mark but that the courts sorely need to adopt it in deciding cases arising from cloud data privacy issues.

The paper is written by David A. Couillard, a student at the University of Minnesota Law School, and it is published in the June 2009 issue of the Minnesota Law Review.

The story reports that Couillard points out that both the security and opacity of a container used to store something determine the “reasonable expectation of privacy” test. He theorizes that even if the police or some other government body comes across a locked briefcase, they have a right to try and guess its combination until they opened it. However, its opacity – designed to keep its contents private – means its owner had a reasonable expectation for it to remain private.

So, are you still with me? And are you wondering how this applies to the cloud?

Couillard says: “In the context of virtual containers in the cloud…encryption is not simply a virtual lock and key; it is virtual opacity.” So, by signing up with a cloud provider to store your data, you’re guaranteed privacy, right?

Er; not so fast.  We still need a legal framework – like the Constitution itself – to protect data on the cloud and any other Internet service.  Couillard suggests we treat digital cloud data as we would the locked contents of a briefcase or an apartment:

” [T]he service provider has a copy of the keys to a user’s cloud storage unit, much like a landlord or storage locker owner has keys to a tenant’s space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox,” he writes. “Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space.

“The same rationale should apply to the cloud. In some circumstances, such as search engine queries, the third party is clearly an interested party to the communication,” Couillard continues. “But when content data, passwords, or URLs are maintained by a service provider in a relationship more akin to that of landlord-tenant, such as private Google accounts, any such data that the provider is not directly interested in should not be understood to be open to search via consent or a waiver of Fourth Amendment protection.”

Cnet blogger James Urquhart, after having read the paper on this crucial Fourth Amendment issue for cloud services, calls for the courts to begin applying its reasoning to Internet-based computing cases “immediately,” and calls on Congress, too, to create laws on the data rights of users.

I agree completely.

Working with companies and IT managers daily to provide them with protection in the way of cloud monitoring services, I know their concerns. Data privacy is one of them. And legislation and court decisions will go a long way to providing assurances and confidence in the cloud.

Google and a group of DNS and content providers, such as Sterling, VA-b ased Neustar/UltraDNS, want to extend the DNS protocol and speed up browsing. DNS, short for domain name server, translates URLs (e.g., mywebsite.com) into numeric IP addresses used by computers to communicate with one another on the web.

What Google’s proposing is that more information be sent during these machine/network communications “to optimize browsing speed” by creating connections with topologically linked servers, according to an account of Google’s proposal that I read. But Google also says that the volume of information sent should be limited so that it doesn’t violate users’ privacy. The story I read put it perfectly: by gathering enough data about a user’s location in a network, the system can then make the most of the connection to eliminate as much separation as possible between the user and the host.

“Our proposed DNS protocol extension lets recursive DNS resolvers include part of your IP address in the request sent to authoritative nameservers,” according to the writers on Google’s code blog. “Only the first three octets, or top 24 bits, are sent providing enough information to the authoritative nameserver to determine your network location, without affecting your privacy.”

Google hopes to get its proposal accepted as “an official Internet standard,” the blog says.

I can understand why Google is taking this initiative. I mean, aside from speed, which Google has been working to, well, speed up (launched officially as a goal in 2009), the company is uber (to use a German word) sensitive to data privacy violations now due to the recent cyber attacks against the company’s Gmail cloud app.

Even though this is more about extending the DNS protocol, I’m glad to see that Google is proposing privacy safeguards, too, in the initiative.

To take advantage of the rising number of companies embracing virtual data centers, Cisco, NetApp and VMware are ramping up their collaboration with new design architectures to help customers make virtualized data centers more efficient, dynamic and secure. 

The three technology companies have unveiled an end-to-end Secure Multi-tenancy Design Architecture that enhances security in the cloud. How does that work, you might ask? The architecture isolates the IT resources and applications of different clients, business units or departments that share a common IT infrastructure.  The three companies are also offering dedicated support to help customers quickly build a unified, virtual infrastructure.

In a CNN article, Tom Georgens, president and CEO of NetApp, said: “Our visions are aligned around the concept of a dynamic data center that will be the foundation of cloud computing and that will enable enterprises, integrators and service providers to deliver IT as a service [ITaaS]. In this scenario, IT becomes a dynamic asset that is more efficient and can better adapt to changing business needs. This new era of IT has stringent infrastructure requirements that our companies are ready to meet today — together.”

So what is Secure Multi-tenancy Design Architecture anyway? Well, in plain language, it’s an end-to-end system architecture that isolates IT resources for greater security in virtual and enterprise cloud environments used by more than one department in a company or by multiple companies. Specifically, the design helps customers, systems integrators and service providers develop internal and external cloud services that isolate clients, business units, departments or security zones for beefed-up security across computing, networking, storage and management layers. The companies’ new Secure Multi-tenancy Design Architecture offers details about implementing and configuring the architecture, and it provides best practices for building and managing best-in-class solutions.

Bottom line: IT administrators have a new way to establish the right quality of service for each resource layer and to deliver consistent service levels for applications in each of those layers.

Support is Key

As part of their announcement, Cisco, NetApp and VMware also unveiled worldwide 24/7 support, which enables customers to get quick answers identifying and solving “potential issues” related to solutions used in the new architecture.

Support is one key concern that IT folks and end users have around cloud computing, along with security. So, I think that this feature, combined with the new ability to provide a more secure virtual computing environment, will add shine to the companies’ overall offering.

It’s good to see that cloud and virtualization solution providers are investing more in support and security features for their products. When I talk with current and prospective clients, these themes are very important.

Indeed, that’s why many of them turn to cloud-based services such as transaction, server, network and website monitoring.

 As part of this collaboration, also introduced a global 24-hour cooperative support model. This model offers customers a more streamlined response from Cisco, NetApp and VMware to identify and solve potential issues related to the solutions used in the Secure Multi-tenancy Design Architecture. This saves customers’ time and resources when they request product and technology support.

I really enjoyed reading author Ken Hess and his assessment of the top 10 server technologies for the new decade. It was a great read, not only because he’s a good writer with the ability to speak (that is, write) plainly, but also because it covered just about every IT trend that will save money for companies, promote green computing, and make life easier for IT folks and end users. Here are a few:

- Virtualization technology – which will touch every data center in the world. Virtualization promises that companies can save on IT costs by converting their infrastructures to virtual hosts and guests or moving to an entirely hosted virtual infrastructure. The migration to virtualization will in turn put pressure on computer manufacturers to “deliver greener hardware for less green.”

- Cloud computing – Hess predicts that “savvy technology companies” will use cloud computing to market their products and services to a global audience at a fraction of the cost of current offerings. (This doesn’t just mean platform providers like Amazon and Azure but also companies that offer such services as website transaction monitoring.) And, despite some pretty high-profile outages this year, cloud computing providers will increasingly move closer to offering an “always on” philosophy. Hess says “entire business infrastructures will migrate to the cloud during this decade.”

- Mobile computing – Any available web connection is what’s needed here for a rapidly expanding army of mobile workers, plus hardware that’s lightweight and easy to use (meaning no complex set-up) and that can pull data, apps, even your computing environment (or operating system) from the cloud.

- Virtual Desktops – Virtual desktops have been in the news lately with the development of fully functional cloud-based desktops and other neat gadgetry, for example, USB-enabled virtual desktops.  It’s all about leaving behind resource-needy local desktop operating systems and migrating to virtual ones housed in data centers. Hess predicts that desktops will be based in PCs, data centers and the cloud for the next few years, but eventually will all be non-local by 2020. He rightly points out that virtual desktops will help companies lower maintenance bills and help eliminate errors associated with desktop operating systems.

- Digital Libraries – Personally speaking, I like my books on paper (In one day, I look at the computer screen for more than is good for my eyes.) But Hess predicts that by the end of this decade “printed material will all but disappear” and that, someday, libraries will function more as museums to house historic and valuable volumes and to show kids how people used to read.

Of course, Hess writes a lot more about technology, including the advance of open-source migration, online storage and web-based apps.  To read more, check out his article.

Symantec ‘s cloud survey was conducted by Applied Research and polled 1,780 globally with at least 1,000 employees.

Some interesting points about cloud computing were made in Symantec’s recent 2010 State of the Data Center survey. Basically, the report offers a lot of statistics that say companies think cloud computing is an important priority but that actual deployments and activity remain pretty low.

For example, more than half surveyed said cloud computing was an important priority for this year, according to a report I read about the survey.  Among them, 57% said private cloud computing is either somewhat or absolutely important; 54% had the same assessment about hybrid cloud computing; and 53% said the same about public cloud computing.

But who’s actually got some form of cloud solution working for them? Only about 20%, apparently – using it as a cost-containment strategy. Of those, just under one-quarter used private cloud computing last year to cut or tighten costs, while 22% relied on a hybrid cloud solution and only one in five used public cloud computing.

In the story that I read, optimism remains high for the growth of the Cloud in 2010, though. 

The CTO of a data center consulting and solutions provider that was interviewed said “the main priority for most companies in 2010 is to reduce costs in the data center, an area where cloud computing can help.” But he said his firm has a lot of discussions with customers around cloud computing, but said that it’s still a relatively small part of the company’s overall business. Yet he expects activity to grow as the year progresses.

What’ll drive cloud growth is IT’s huge incentive to cut costs.

“To me, the real issue is dissatisfaction with IT being business as usual,” said the CTO. That’s what is “driving interest in the cloud. The current approach can’t be sustained into the future and has to change. I think 2010 will be a significant year moving forward.”

I’m curious about your cloud initiatives in 2009 and what they will be this year. Are you using a private, hybrid or public cloud solution? And why? Do you see it as a strategy to cut IT costs? What about cloud-based services, like transaction or cloud platform monitoring? If not, is it on your radar screen at all?

Bravo to Microsoft’s Brad Smith, the company’s senior vice president and general counsel, for urging Congress to create and pass legislation that would set security and privacy standards for the cloud – at the federal level!

Smith made his pitch this week at a forum in Washington, D.C., at the Brookings Institution. Smith listed the benefits of cloud computing and spoke about a recent survey from consulting and market research firm Penn Schoen and Berland Associates (PSB).  In an article that I read about his appearance on CivSource, Smith said: “Cloud computing offers new benefits for almost every part of society.”

He detailed results of the survey:  58% of consumers and 86% of senior business leaders are “excited about the potential of cloud computing,” and a majority of respondents believe “cloud computing has the potential to help make government more efficient and effective. ” We’ve certainly seen more government agencies – at both the local and national level – contracting with cloud providers (for example, the city of LA is now using Google’s Gmail).

And, no surprise here to anyone who’s been following trends in cloud computing: the PSB survey found more than 75% of senior business leaders say they’re mostly concerned about safety, security, and privacy on the cloud are top potential risks of cloud computing, and more than 90% of the general population and senior business leaders are concerned about the security and privacy of personal data.

What Smith wants the U.S. government to do to address these fears is create the “Cloud Computing Advancement Act” to promote innovation, protect consumers and “provide government with the new tools needed to address the critical issues of data privacy and security,” according to the article.

There are Fourth Amendment issues (addressing search and seizure of private information) involved here that need to be considered and worked through in the legislation. And he and others speaking at the forum recommended reforming the 1986 statute for protecting user privacy in electronic communications, the Electronic Communications Privacy Act (ECPA).

Also, Congress would be asked to set aside more money to develop law enforcement tools to fight malicious hackers and battle online-based crimes. Smith said that Computer Fraud and Abuse Act (CFAA) needs updating to protect data centre hacking.

Smith didn’t propose that the government do all the work, however. He said the technology industry could impose its own set of best practices and guidelines. “We need new ‘truth in cloud computing’ principles so consumers and businesses have full knowledge of how their information will be accessed and used by service providers and how it will be stored,” he said, according to the piece.

I agree that Congress has a crucial role to play in making cloud computing safer and more secure. The rewards will be multiplied as more and more businesses and end users reap savings and efficiencies. Knowing that their data is secure is the icing on the cake. And I urge the government to get moving on this front.

A short paper I read recently speculates that it would be good for the U.S. government to provide seed money to cloud-based industries just being developed. The argument there is that government should promote low-interest capital or R&D funds to the cloud to keep us (meaning America) in the IT lead among world players.

I think it’s a noble idea, and it reminds me of the call throughout history for the U.S. to step up support of other industries – especially faced with competition from abroad. Remember the “super-computing” race with Japan? Heck, even as a kid, I remember going to new science and phys-ed classes because the government was worried that the Soviets were passing us by in those areas.

More noble is the idea that the feds be blind (like the statue of Justice) when it comes to doling out the capital. In other words, it shouldn’t all go to Microsoft (who, with Hewlett-Packard, just announced a $250 million deal to develop hard- and soft-ware solutions for the cloud).

I hardly think that tech giants MS and HP should exclusively get government seed money to develop cloud solutions, and the analysis that I read from Gerson Lehman Group makes a point that support “must be open to all companies, including IBM, ORACLE/Sun Microsystems, CISCO,  Google,  VMWare, Yahoo, Juniper Networks, Amazon and all other technology firms in US who are promoting advanced technology.”

The piece correctly points out that security and privacy “are still major issues” that are affecting widespread adoption of cloud computing services by businesses. So, combined with the idea that government can be an equal spreader of cloud wealth and development, there is the need, too, for Uncle Sam to act as the setter of standards – particularly around security and privacy of data.

Higher standards can only mean good things for businesses providing cloud services, such as transaction or website monitoring, as well as end users!

Analyst Gartner released a report that says IT spending globally will grow this year a total of nearly 5% over 2009 and reach $3.4 trillion.

From a “Great Recession” point of view, that’s good news because IT spend actually fell by nearly that much from 2008 to 2009. Plus, it’s a change from Gartner’s previous estimate earlier this year that IT spend wouldn’t hit 2008 levels until next year. Gartner’s prediction follows forecasts by other research firms and technology companies of a huge IT spending surge.

“Although recovery will be slow, over the next 12 to 18 months, gross domestic product (GDP) is projected to increase, consumer confidence is expected to improve, and the availability of credit should increase,” said Gartner Research Vice President Richard Gordon in a statement, reported by cnet.com.  “At the same time, pent-up demand for new technologies will be released as enterprises focus on new growth opportunities and increase spending plans.”

Every major segment will feel the blessings of new investment, including hardware, software, IT services, and telecommunications.The rebound should be more gradual in mature markets like the U.S. (2.5% growth) and in Western Europe (more than 5% growth) and in Japan (1.8% growth). Meanwhile, look for spending to jump a more robust 9.3% in Latin America, 7.7% in the Middle East and Africa, and 7% in Asia Pacific countries.

I’d bet my last nickel that those new technologies Gartner is predicting that companies will invest in include cloud and virtualization services. I believe that, yes, IT departments and the CIOs that oversee them will pump up spend but still retain a mentality of thriftiness.

Smart spending is what I call it, and the Cloud, because it allows firms to expand computing resources without investing in expensive, maintenance-heavy servers and data centers, is the perfect example. 

I bet you thought that Los Angeles’ deal to use Google Gmail was big news. No; the biggest cloud deal yet is between Panasonic, the electronics giant, and IBM.

According to a story about the cloud-computing deal that I read, Panasonic will stop using Microsoft
Exchange, messaging and collaborative software, for IBM’s LotusLive cloud services – within Panasonic’s internal corporate structure for web conferencing, file sharing, project management and instant messaging.  In addition, Panasonic will also use LotusLive for social networking between employees, partners and supplier.

Panasonic will apparently take a phased approach. To begin with, it will roll-out LotusLive services for 100,000 employees. But in a few years, the company will use the service for about 300,000 employees, partners and suppliers. 

The company chose IBM’s cloud service because it wanted an integral vehicle that enables it to work with customers and business partners as “a globally integrated enterprise,” a Panasonic executive was quoted as saying.

While both companies wouldn’t say how much the deal was worth, it’s easy to guess at the scale: 300,000 users for one company. Compare that to Google Apps, which has over 2 million business users in total with an average of 10 users per account.

Don’t feel so bad for Microsoft, though.

This news follows on the heels of a recent announcement by Hewlett-Packard and Microsoft of a $250 million deal (over three years) to develop both hardware and software focused on management and virtualization solutions for data centers, pre-packaged solutions for data warehousing technology and the Windows Azure platform.

Looks like 2010 is roaring toward being the year of the cloud!

If you’re a small business owner, you’ll identify with the following numbers and be heartened by the following forecast.

First the numbers: There’s anywhere from 14 million to 22 million small businesses online in the U.S., and they spend about 83% of their online marketing budget on advertising – compared to 26% for all sizes of businesses.

Yet, while all businesses spend 67% of their online dollars on advertising support, small businesses spend just 9.3%. Why such a small ratio?  Because they can’t afford an agency (and its rates) to provide a listings product, PPC campaign, site development, email auto-responder, call tracking, and a significant amount of consulting (client education). Typically, the full solution needed costs $2,000 per month, but the typical small business is willing to plunk down only $500.

There is the self-service option but businesses can’t be moved to adopt it – despite efforts to make creation of pay-per-click (PPC) campaigns, building a site through templates, setting up email auto-responders simple, says Dennis Yu, co-founder and CEO of BlitzLocal.com, an organization that provides local search solutions for companies.
Yu says 87% of small businesses are aware of PPC, but only 9% of them are actually doing it.

So, what’s a small business to do if it wants to use the web to grow and prosper? Good news: Proactive sales self-service will thrive in 2010, and it will happen “through the intersection of local, mobile, and social,” according to Yu.

Yu says video game dynamics, which gradually teach players a basic set of operations and then reveal new features and options until they’ve learned the game, are now on mobile phones. And these games or apps allow users to earn sales incentives and collect information (phone numbers, pictures) on local businesses.

Add social networking tools, like Facebook (which recently registered 350 million users globally and accounts for one-quarter of traffic in the U.S.). They provide the support infrastructure for this new breed of small business sales force.

What I find fascinating about all this is the cloud infrastructure that makes this all possible. It’s amazing to me to see the ingenuity behind cloud gadgets and the kinds of benefits it produces for businesses.

You can read more of Yu and his ideas for the future of sales and advertising here.