Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««123»»

Getting started with SQL Azure Expand / Collapse
Author
Message
Posted Thursday, October 22, 2009 10:28 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, July 19, 2014 8:06 AM
Points: 12, Visits: 53
Incidentally, I work in the IT industry. My truly little company focuses on reclaiming e-mail privacy and providing consulting services for companies that lack planning for the preservation and categorization of data that could be required in eventual litigation.
Post #807306
Posted Thursday, October 22, 2009 11:36 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, July 19, 2014 8:06 AM
Points: 12, Visits: 53
This is not just a United States issue; it is global. European law is far more restrictive than the United States with respect to what is private and what is not, and as companies become global in their scope, they wil have to contend with a wide range of privacy regulations.
Post #807355
Posted Thursday, October 22, 2009 7:06 PM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Monday, November 24, 2014 4:29 PM
Points: 752, Visits: 920
GRE-452109 (10/22/2009)
How do we think the Cloud will affect the 'employability' of the DBA?

Do we think it will reduce the amount of DBA jobs available? (as a results of adavantage 'Free from administrative headaches?')

does the cloud mean and end to the DBAs Job?


The short answer is no.

First, for several reasons a lot of data will not migrate to the cloud. The Cloud certainly has a place, and I make extensive use of certain services, but there are some things that for a variety simply will not fit there for the forseeable future. For one thing, if the database is anything truly mission critical than many executives are leery of loosing control over it. For another, use of the cloud does bring up privacy and security issues that can be challenging to work out if the data is at all sensitive. And finally, there is the loss of, at least in some cases, the ability to fully customize the service.

Even with data that does fully migrate to the cloud, in most organizations the DBA is the person most knowledgeable in terms of properly structuring it and protecting the logical integrity of the data. So, in that situation the DBA may shift more towards a Development DBA/Data Arhitect but there will still be plenty of room for the DBA.


---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
Post #807531
Posted Thursday, October 22, 2009 7:09 PM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Monday, November 24, 2014 4:29 PM
Points: 752, Visits: 920
Robert DeFazio, I am truly impressed with your answer. It seems well thought out and researched. But you seem to see no value in the Cloud whatsoever.

As an individual, I make use of certain select Cloud services. As a DBA, I currently do not make use of any cloud base databases professionally, but I could see a niche for them, especially when dealing with data that was not particularly sensitive.

Do you think there is any room for Cloud services alongside more traditional approaches?


---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
Post #807533
Posted Thursday, October 22, 2009 7:46 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, July 19, 2014 8:06 AM
Points: 12, Visits: 53
Timothy,

I think the cloud has a role for any company that deals with the public through the Internet. In fact, if you have a website, you are in the so-called "cloud." We, however, also have to live in the real world where attorneys and courts can deep six a company in nothing flat depending on how pathetic a picture they paint of the suffering of an alleged victim of corporate misdeeds.

The cloud could be used for non-sensitive information, but what information in a company qualifies for being non-sensitive information? Let's say that a customer sees something on a website that induces him to buy a product. Later, the product proves to be defective, and in the course of using it, the customer is injured seriously. He hires an attorney who requests production of a copy of the website page upon which the customer relied to make the purchase. You, the company representative have reviewed the copy of the page as it existed at the time of the customer's purchase, and you note that due to a mistaken sentence on the page, it could be understood why the customer went ahead with the purchase. On another page that existed at the time of the purchase more explanatory material detailed the hazards of using the product, but on the page in question, the wording would suggest to some that the company concealed a hazardous flaw.

From a legal strategy point of view, delaying the production of the web page in electronic format would be to your advantage and could spare your company millions of dollars in a court judgment, especially if your attorney is successful in obtaining a settlement before the case goes to trial. Unfortunately, the page is archived in a database located in the cloud, so opposing counsel simply subpoenas the digital version of the page from the hosting company, forcing your hand prematurely.

The cloud existed before it became fashionable to give it a name. In the 1980s, there were computer bulletin boards. In the 1990s, there was the seminal Internet. In the early part of this decade, there were application service providers (ASPs), and now this continuous presence has a name...the "cloud." It is not new, however. It is the same thing it has always been, namely an aggregation of service providers who offer to give companies and individuals the capacity to perform work with sophisticated software and tools at prices lower than those if they had to buy them outright. Insofar as the spectrum of services is concerned and the multiplicity of their uses, what we have now is certainly much better than what existed in 1980, but what is lacking is the common business sense that asks the question, "Is it wise to put certain kinds of information into the hands of people we cannot control directly, especially when we know that once the information is public, it cannot be retracted?"

That was why I said in my earlier post that an attorney should be involved in the inner group of persons in a company that determine how data is backed up and preserved. Minds that are engaged in other areas of business operations need to have a say in how data is used, where it is used, and how it is preserved. The IT world has always been a kind of glass ceiling world. Even within software companies, the people who are responsible for managing the servers that control workers' e-mail and house the databases used in the process of creating software never tend to rise into the inner circles of company management. The natural tendency of people is to reach for either money, power, or both. When money doesn't come easily, power is the next ring to reach for, so it is not at all surprising to see CTOs and CIOs build small fiefdoms out of their departments. Decisions are often made that do not necessarily comport with the objectives of general management, decisions such as putting the e-mail addresses of company personnel on websites, providing glowing testimonials about the educational background of the company president and his family and how the company is a family-owned business.

Now, let's suppose that information is put into the cloud, and an old rival of the president from his college days who has nursed a grudge against him since then happens to come across the information. He lays a trap for him and attempts to harm him physically, resulting in severe injury. The president's wife, after the shock of it all wears off, calls her attorney and sues the company for negligently exposing her husband and family to grave risks and emotional distress. $10 million later, the court case is over, the company is defunct, and the data is still in the public domain called the "cloud."

Good judgment is what spells the difference between a successful business leader and a flop. Good judgment is what is missing in most businesses, and when it is missing in a company with an active IT department, disaster is only a few short steps away.

So, yes, there is a place for the cloud, but it like a loaded revolver can either be an effective tool in warding off assailants or an instrument producing a self-inflicted wound. The difference between the two cases is the wisdom of the person that handles it.

Post #807548
Posted Friday, October 23, 2009 3:16 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, October 21, 2014 2:55 AM
Points: 80, Visits: 337

The case for data in the cloud is strongest for global companies that require near constant uptime. You can't say let's do maintenance at 3 AM like you do in the States, because 3 AM is smack in the middle of the day for other parts of the World.

There is also a huge advantage for companies that need to offer access to data to external partners. The whole process of creating VPN tunnels, opening ports, etc. is no longer the sys admins nightmare.

And let's not forget the time and effort it takes to put purchase, install and configure hardware and SQL Server, then take care of the day-to-day patch management, tuning, etc.

I am not saying to put medical records, credit cards, SSNs on SQL Azure but there are MANY use cases where data can be hosted in the cloud with zero risk.
Post #807697
Posted Friday, October 23, 2009 3:38 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, August 16, 2012 9:02 AM
Points: 389, Visits: 1,074
Robert, as Timothy mentioned yours is a well thought answer that certainly illuminates issues witht he cloud I had never considered ...

My only question concenring the points you raise would be surely the larger players etc would have considered the legal ramifications, especailly the issues concerning the Data Protection Act etc and would have factored that into their plans (one would at least hope)

And yes I do tend to agree... its a new name for an old concept

kind regards

~si



Post #807712
Posted Friday, October 23, 2009 7:54 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Today @ 1:46 PM
Points: 2,669, Visits: 4,095
Thanks for this timely article. I volunteered to invetigate Azure for my organization and this article will definitely aid that.

I doubt that all of our databases will be in the cloud. We have HIPAA requirements and no one is excited about putting the data governed by HIPAA on the web. However, we have several databases where it may make sense to store them in the cloud.

It's something we're looking at but I don't know that we'd be putting anything in the cloud before 2011.
Post #807900
Posted Friday, October 23, 2009 7:58 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Saturday, July 19, 2014 8:06 AM
Points: 12, Visits: 53
Sam,

The points you make with respect to the convenience of using the cloud as a mechanism for continuous, 24/7 operation and distribution of data to business partners are compelling from an IT operations point of view, but the assumption that large companies have thought out the legal ramifications of doing so is not necessarily valid. For data-centric companies or companies whose primarly line of business it is to manipulate and/or sell data, yes, it is likely that they have at least considered the possibilities of litigation as a result of cloud computing for more than a brief moment. The kinds of companies that I would expect would have considered such would be companies like Microsoft, DataQuick, MSNBC, Google, and the like. Notice that these are largely companies that produce cyber products or products that are used primarily to manipulate and shape data.

Companies that I would suspect have only given passing attention to these issues would be small to medium size companies that produce tangible products or that deliver services. Why? Their economic position is not as strong as that of global companies and they are far more concerned about making the sale as the first order of business. In such companies, marketing and sales departments carry far greater weight, relatively speaking, than their counterparts in global companies. This is not to say that global companies are slouches when it comes to seeking and closing deals; rather it is to say that the degree of influence that those departments in smaller companies have over fundamental business decisions is greater as a result of economic need.

I see significant hazards in making the assumption that if Microsoft uses and promotes the cloud, it must be okay because they wouldn't use and promote it if it were legally hazardous. For companies with a physical global presence and which have enormous budgets, dotting all the i's and crossing all the t's is feasible because of the capital they can throw in to protect their interests while at the same time engaging in and promoting cloud computing. Large global companies maintain parallel data paths, one for day-to-day operations and the other for legal protection. They categorize e-mail messages as they arrive, sort and archive each version of a document, make referential copies of each published press release and publicly released document, and take many other steps to ensure that in the case of litigation, there is a complete library of everything the company has ever said, published, or done so that an overwhelming presentation can be made in court to defend their interests. They have an army of in house attorneys and outside retained counsel to represent them and to verify periodically that they are continuing to keep up the archival processes that will result in their prevailing in litigation. Doing so consumes an enormous amount of money, far more than the entire annual collective budgets of multiple small nations.

Companies of the scale of IBM and Microsoft, as influential as they are on business and government, however, neither employ most of the world's workers nor produce most of a nation's GDP. The big players in both regards are the aggregate of small companies world wide that employ the vast majority of people and produce most of each nation's GDP. Companies of this smaller scale lack the budgets to sustain the kind of protective efforts that a company like Google would perform. What this simply means is that what is safe for Microsoft is not necessarily safe for a 100 employee company that manufactures fuel pumps for the automobile industry. They don't have the same mindset, economic advantage, legal staff, or budget to do so. If, therefore, they tread out into the cloud in order to reduce business costs and complexity, they do so without the expensive armor that global companies put on before taking the same steps, resulting in a far more hazardous adventure into cyberspace.

Let me give an actual example of the kind of thinking that goes on when entities consider moving to the cloud. Recently, the City of Los Angeles, faced with a budgetary crisis of historic proportions, was approached by Google and offered its cloud computing services. Google had already brought the Washington, D.C. into its cloud computing fold, so the Los Angeles city council wondered out loud if such an arrangement should be considered as well for itself. After all, if Washington did it, why not L.A.? What the city was considering putting into the cloud were tax records and police databases. Its confidential database of gang member affiliations, strategies and scenarios for breaking up gangs and criminal organizations, pending actions, personnel records, and the like would all be out in the cloud. Does that sound like good, legally defensible planning, or does it sound like someone only listening to the ringing of the cash register?

Breaking into a computer system isn't all that difficult. We have all heard of the Nigerian e-mail scam, phishing attempts on the part of Israeli and Russian cyber criminals, identity theft of credit card numbers, and a long list of largely untraceable criminal activities that have occurred over just the past five years, and the impression one has from the reports of these activities is that such invasions of corporate and personal privacy result from spyware, hacking, or breaking unbreakable computer security. In fact, most successful thefts of information result from errors of human judgment. A person calls a data center claiming his is John Jones in sales engineering, that he is out of the office at a customer site and wants to show a customer a spreadsheet on his workstation, but he just changed his password and can't recall it. So he asks, "Could you [the support desk attendant] give me a new password so I can complete the demo?"

Even simpler, is to physically call on a company claiming to represent a firm that has the world's best widget that will make the company lots of money and costs virtually nothing. You get a tour of the facilities, and as you stroll through the operations area, you notice that someone has posted his password on a sticky note attached to his monitor (there is always someone in every company that does this). You pause and make pleasant conversation with that person and learn his name from the business cards sitting on his desk. Later, when you try to enter the system remotely, you try various user names based on the name of the person you spoke with and just add the password. Eventually, you gain access to everything that person can see, and it is often surprising just how large the corpus of information is that each person in a company can see as a result of the company being "customer-driven." The information includes customer names, addresses, account numbers, methods of payment, last purchases, lines of credit, tax ID numbers, notes about the dealings with the customer including personal information about family members (birthdays and anniversaries).

Now, imagine that the data is located in a part of the world where the prevailing regional attitudes toward data privacy are not those that we embrace. Google has more than 23 world wide data centers spread across the globe operating under the laws of at least a half dozen or more countries and employing foreign nationals. In some cases, the data centers are simply computers set up in leased space in existing facilities owned and operated by non-Google entities. To the extent that the people who actually put their hands to the keyboards in those facilities do not share our understanding of the words "confidential" and "private," we are exposing our business, government, and personal data to theft.

The unfortunate truth is that because of the way that we as people choose to do business in order to appear to be approachable and friendly, we greatly enhance our likelihood of leaking information that can come back to bite us very hard. When we choose to conduct business in the same way within the environment of cloud computing where the data stored, from a legal point of view, has diminished privacy privileges to begin with and when we as business enterprises are not prepared either from a psychological or economic perspective to undertake the considerable additional measures to protect our legal and financial interests from the hazards of cloud computing, it creates a scenario that increasingly resembles playing Russion roulette.

From he perspective of a small business, using cloud computing tools seems like such a no-brainer. It's cheap, easy to use, doesn't require us to do updates or maintenance, and it's accessible from every branch office we could ever want to open. In a perfect world, all that is true,and it looks like a gift wrapped in pretty paper and tied up in a ribbon. In the real world, however, where people get sued, where people steal, where business ethics are constantly challenged, and where budgets tend to define what companies think they "ought" to do, all that is still true, but it is wrapped in caveats that are a mile thick and tied up with barbed wire.
Post #807906
Posted Sunday, October 25, 2009 9:31 AM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Monday, November 24, 2014 4:29 PM
Points: 752, Visits: 920
Robert, I think that it would be wise to treat all but the most generic of customer information, and certainly anything personally identifiable, as at least somewhat sensitive.

However, there is a lot of work with large datasets that are not about individual people or money at all. For instance, some scientific research can deal with large datasets where the need to protect the dataset itself may be at least relatively low. For instance, I suspect much work on the genome of the drosiphila fruit fly or other fields in bioinformatics would fall into this category. In such an instance, it may make a lot of sense to use Cloud services, especially if collaboration with colleagues that were geographically separated were required.


---
Timothy A Wiseman
SQL Blog: http://timothyawiseman.wordpress.com/
Post #808376
« Prev Topic | Next Topic »

Add to briefcase ««123»»

Permissions Expand / Collapse