Video Surveillance and Video Analytics: Technologies whose time has come?


The IEEE ComSoc SCV chapter April 14th, 2010 meeting was very well attended with more than 80 people present.  This was our first joint meeting with TiE- The Indus Entrepreneurs organization. The meeting was titled, “Architectures and Applications of Video Surveillance and Video Analytics Systems.” and featured talks plus a panel discussion on those topics

The speakers scheduled to participate in the talks and panel session were Professor Suhas Patil, Chairman and CEO of Cradle Technologies, Basant Khaitan, Co-founder and CEO of Videonetics and Robb Henshaw, VP Marketing & Channels, Proxim Wireless. Robb Henshaw who was scheduled to speak on “A Primer on Wireless Network Architectures and Applications for Video Surveillance” could not attend the meeting due to illness and was replaced for the presentations section of the evening by Alan J Weissberger, IEEE ComSoc SCV chairman. The panel session  was moderated  by Lu Chang, Vice-Chairman of IEEE ComSoc SCV. This article has been co-authored with Alan J. Weissberger, who contributed the comment and analysis section, raised several unaddressed but nevertheless pertinent questions and also provided references to background articles on video surveillance and video analytics.

Presentation Highlights:

While presenting on behalf of Robb Henshaw on Wireless Network Architectures, Alan J. Weissberger noted that several new technologies are now converging which will make video surveillance a growing market and viable business.  These include: higher-quality IP digital cameras, improved and cost-effective video compression technologies (e.g. H.264/MPEG4 and HDTV), fixed broadband point-to-point and point-to-multipoint networks (including fixed WiMAX and proprietary technologies), and mobile broadband (including 3G+, mobile WiMAX and LTE).

To support the claim of a growing market for video surveillance and video analytics, Alan cited several key examples of applications for these technologies such as: security and surveillance applications, emergency and disaster management, asset and community protection by monitoring of buildings and parking lots, public entry/exits, sensitive areas such as ATMs, as well as high-traffic areas like highways, bridges, tunnels, public areas such as parks and walkways, infrastructure like dams and canals and buildings like a cafeteria, halls and libraries. Other applications include securing of sensitive areas like runways and waterways, perimeter security for military installations, remote monitoring of production on factory-floors and tele-medicine/eHealth initiatives.

Alan explained that Proxim believes that HDTV is going to be the technology of choice for video compression because users will be demanding higher quality video images.  Furthermore, Proxim thinks that that the wireless communication networks which convey the video streams are best built in a point-to-point and point-to-multipoint topology, rather than (WiFi) mesh which has fallen out of favor. He noted that Proxim’s broadband wireless transport systems that operate over these point-to-point and point-to-multipoint topologies do so over a private network (as opposed to connecting via the Internet like Cradle’s systems do, covered later in this article). Moreover, 95% of Proxim’s installations use fixed broadband wireless (both fixed WiMAX -IEEE 802.16d-2004 and a proprietary technology to increase speed and/or distance) rather than mobile broadband wireless connections.

Alan’s talk elicited two questions from the audience – the first questioner inquired why analog video surveillance technologies have found favor in practice with deployment and why digital video surveillance technologies were placed on the back burner after seeing initial deployment.  In his answer, Alan pointed out that digital video surveillance technologies need high-quality digital cameras, but also require a reliable transmission network (wired or wireless) which can provide steady bandwidth to transmit the video surveillance data to a point of aggregation like a central video server. In the absence of sufficient constant bit rate bandwidth, the resulting digital video stream quality will be unacceptable due to jitter or freezing of the image (caused by an empty playback buffer). The lack of sufficient network bandwidth was a major cause of digital video surveillance technologies failing to gain a large market share compared to analog systems. The second question related to the impact of electromagnetic interference (EMI) on the video information. Alan explained that the new wireless broadband communication systems (both WiMAX and LTE)  employ a multicarrier modulation scheme such as orthogonal frequency division multiplexing (OFDM) which is fairly resistant to EMI. Furthermore, OFDM can also be combined with multiple input multiple output (MIMO) transmission schemes to minimize the likelihood of errors at the receiver end.

In his talk on “Video Surveillance, Security and Smart Energy Management Systems,” Suhas Patil explained that the recent improvements in semiconductor chip set capabilities and new computer architectures have promoted the growth of digital video surveillance technologies such as those which employ network video recorders to aggregate video from an entire city. He also pointed out that a key contributor to the adoption of video surveillance systems in many parts of the world (despite concerns of invasion of personal privacy) was the possibility of, and actual occurrence of terrorism with the city of London (U.K.) being a pioneer in this regard. Suhas, while describing the structure of the video surveillance system, noted that a critical requirement for these systems is that they be resilient to any fault at anytime. These faults can include network breakdowns, power failures, control room disablement or faults caused by extreme ambient temperatures or extreme climatic conditions. As far as access technologies are concerned, digital video surveillance systems can use WiFi mesh networks, WiMAX networks or proprietary communication systems. According to Suhas, the technology underlying a digital video surveillance system is a highly complex one, employing state-of-the-art hardware such as cameras, storage systems and servers and state-of-the-art software including operating systems, and transmission technologies. Thus, the entire system needs very careful design in order to maximize it’s efficacy. Suhas also briefly explained videoanalytics as a system which can detect an object such as a human being behaving in a manner which would be difficult for a human observer to notice, such as a party guest moving around the room in a random or rapid manner compared to other party guests. Finally, the talk then pointed out several major challenges faced by video surveillance systems including the need to keep abreast of the rapidly changing technologies as well as practical deployment challenges.

In a response to a query on working on still images in a pixel-by-pixel fashion, Suhas explained that it is possible for a basic camera to capture raw information about a scene and then have the data processed pixel by pixel in order to maximize the dynamic range before the image is converted to a JPEG format. During the Q&A, Suhas briefly recounted the history of his company, Cradle Technologies, as being a spinoff from Cirrus Logic and which built multicore processors long before anyone else thought the technology (multicore processors) as being valuable. Additonally, while clarifying his assertion about digital versus analog video surveillance technologies, Suhas noted that while analog technologies are better suited to low-light conditions and offer better dynamic range than their digital counterparts, digital signals allow for better image resolution than analog signals. However, it is difficult to claim one technology as being clearly superior to the other.

The final presentation of the evening, by Basant Khaitan titled, “The Role of Video Analytics in Video Servers and Network Edge Products,” explained the nature of video analytics (VA) as a young field which has also been referred to as video content processing or video content analysis. Basant explained that VA can be defined as the real-time classification and tracking of objects like people and vehicles by using their (objects’) outlines rather than any bodily or facial features. The analytics system can be either co-located with the camera itself (at the network’s edge), or situated at a central server which receives the video streams from the various cameras at the network edges. Additionally, Basant pointed out that while a video frame’s size is of the order of megabytes, the corresponding analytics information for that frame is often no more than a few hundred bytes in size. While explaining the technical details of VA, Basant opined that modern VA systems produce results which are sufficiently reliable for practical use despite the presence of artifacts born from poor ambient light or dust-filled air. Basant then elaborated on a practical VA system built by his company and currently being used by the police in Calcutta, India for traffic management. According to Basant, VA systems built for such purposes as traffic control are highly mission-critical and require 100% reliable operation. In such conditions such as those found in developing countries, VA systems face severe challenges due to the presence of dense populations and poor public compliance with traffic laws. Furthermore, in tropical countries, extreme climatic conditions such as hot weather, rain-flooded streets and dust-filled air can also hamper the quality of the analytics results. In the case of Calcutta, all of the above conditions are faced by the VA system which is being used to control the city’s traffic lights. In this case, network-edge deployed analytics information is sent to a local video server (which, incidentally, was developed in cooperation with Cradle Technologies) from where the information can be remotely retrieved and viewed. Basant pointed out that all several intersections of Calcutta are now monitored by the VA system which has now replaced the previous system which was monitored entirely by human beings.

Panel Discussion Q and A:

The panel session was more of a collaborative Q and A with Suhas Patil and Basant Khaitan.  There were many questions from the meeting attendees, several of which could not be entertained due to a shortage of time (see list of unaddressed questions below).

In a response to a question on the number of video surveillance cameras which are connected wirelessly vs wireline connectivity, Basant mentioned that none of the cameras in their deployed systems are connected wirelessly at this time, and that all camera connections are of the wireline type. Suhas noted that while most cameras are connected via a wired connection like a CAT5 cable, the access to the content can be accomplished wirelessly via a cellular service (such as in the Indian scenario) or by a WiFi connection. WiFi-based access to the video server is also available if the server is connected to the Internet (Cradle’s server is one such example). The sensors in the video surveillance network themselves can also be connected wirelessly via a ZigBee mesh network, although they have not yet been so connected.

A question was raised about whether video processing is ready to see any major innovation such as what Map Reduce technology did for Google’s text processing. Suhas responded by explaining that the video analytics for applications like license-plate recognition can be done on the cloud. When queried about how Cradle’s technology can help mitigate the impact of, or altogether prevent future terrorist attacks, Suhas pointed out that the contemporary video surveillance systems had either failed altogether or had malfunctioned during terrorist attacks. Cradle’s system, on the other hand, continually monitors the deployed system for functional integrity via a central server cloud in order to ensure that it (the video surveillance system) is fully operational at all times.

The panelists were then asked a question about what is the preferred mode of connection for a city-wide array of cameras. Suhas invoked the example of Cradle’s approach to digital video surveillance, where fixed broadband wireless access via WiMAX or WiFi mesh is used to connect their networked video server to the Internet. Furthermore, a IP-VPN client (such as a PC or other screen-based device) is connected to the networked video server through the public Internet via a 3G or mobile WiMAX connection. The panelists, in a response to a question regarding the need for video analytics in countries such as those in Asia where labor is abundant and cheap pointed out that since an average human being’s concentrated attention span is only about 10-15 minutes, and the fact that, for the overwhelming majority of the time, nothing significant occurs which warrants raising an alarm, it is imperative that an automated VA system be put in place for such applications as were mentioned earlier in this article.

The final question of the evening inquired on how real-time bandwidth fluctuations within networks such as the mesh networks affect the VA performance. Suhas Patil mentioned that by placing the video server as close to the network drop-off point (i.e., close to the camera) as possible allows for good quality video to be streamed to the server. Thereafter, special network access techniques which circumvent the fluctuating bandwidth can be used to remotely retrieve the video information stored on the server.

After the panel session concluded at 9pm, several attendees stayed on for one on one interaction with the speakers.  This continued till 9:15pm when the lights were turned off and we were forced to vacate the auditorium

Unaddressed questions (submitted by Alan Weissberger to ComSocSCV Discussion List):

  • Where is video surveillance used now and what are the driving applications?
  • Are most of the video surveillance network architectures fixed point to point or point to multi-point, rather than mobile/wireless broadband? 
  • What role will 3G (EVDO, HSPA), WiMAX (fixed and mobile), and LTE play in delivering video content?  Why is mobile broadband required for video client access?
  • Are proprietary wireless technologies more cost effective for the performance they offer?  Is this a concern for the customer?
  • What type of security and network management is being used in video surveillance systems, e.g. for authentication and to prevent intrusion or monitoring?
  • What role does video analytics play to augment the potential and power of a video surveillance system?  Can it also be used as a stand alone offering?
  • Why are IP VPNs needed to convey and deliver the video content? Why not use a dedicated private network instead?
  • Is there any intersection between high end video conferencing and video surveillance systems? Are the same cameras, video transport facilities, and network management used for each?  What are the key differences?
  • What new technologies or business models are necessary for video surveillance to become a really big market?
  • What are the current barriers/obstacles to success are the video surveillance and video anaytics markets now experiencing?
  • How have terrorist attacks (e.g. Mumbai attack in late 2008) and national disasters (e.g. earthquakes) effected the video surveillance market?  What is the opportunity here?

Comment and Analysis (from Alan J Weissberger):

1.  Proxim’s answer to the question, Why Video Surveillance? Included these bullet points:

·   Perimeter, public monitoring solutions are becoming a key component for enterprises

·   Educational, healthcare and financial institutions are beginning to rely on surveillance systems to ensure safety within their premises

·   Public safety organizations depend on archived data from video monitoring systems to reduce vandalism in troubled neighborhoods

·   Live traffic surveillance is increasingly being used as a tool in community protection

·   Terrorist threats and public safety challenges continue to drive the need for high quality remote surveillance and timely response

Additionally, we’d include production plant and factory floor (remote) monitoring to prevent schedule slips and ensure good quality control.

2.  The role of broadband wireless networks in stimulating video surveillance:

-Fixed broadband wireless point to point and point to multipont networks and equipment (e.g. Motorola Canopy and Proxim’s products) that replace equivalent topology  wireline networks for delivering video over a private network.  Both proprietary fixed broadband wireless technology or IEEE 802.16d fixed WiMAX are used..  Those broadband wireless networks cost a fraction of the equivalent wireline networks and can be provisioned in a much shorter timeframe.  Fixed WiMAX could also be used to access the broadband Internet in an IP VPN scenario.

 -Mobile broadband (3G+, mobile WiMAX, LTE) which adds a whole new dimension to video surveillance and enables many new applications, e.g. IP VPN mobile client observing video images in remote locations, cameras in police cars transmitting video to police HDQ building while moving at high speed, emergency vehicles transmitting videos of natural disasters (hurricances, earhquakes, etc)  to 1st responder locations that will deal with the problem(s).

3.   It’s important to distinguish between the broadband wireless network architectures and topologies of Proxim (a wireless broadband transmission/ backhaul company) and Cradle (a Networked video server/client solutions company) :

a] Proxim makes broadband wireles transport systems that operate over a pt to pt or pt to multi point PRIVATE network.  Those systems backhaul video surveillance and other traffic to one or multiple destinations.  Proxim says that 95% of their installations use fixed (rather than mobile) broadband wireless connections.

b] Cradle uses fixed BWA (Wimax or mesh WiFi ) from their Networked Video Server to access the Internet.  On the client side, Cradle uses 3G or mobile WiMAX to connect the IP VPN client PC or other screen based device to the Networked Video server through the public Internet.  The key issues with that approach is that the end to end IP VPN server to client connection has to be high bandwidth and near constant bit rate, while the client access needs a high bandwidth, steady state mobile broadband connection to observe the MPEG 4 coded video over the IP VPN connection while in motion.  Otherwise the video image will be unacceptable or freeze.

4.  Basant’s example of controlling Calcutta traffic lights using video analytics integrated with a Networked Video server was a great demonstration of the underlying technology and proof of how valuable it is.


Here are a few background articles on video surveillance and analytics:

Video Surveillance and WiMAX- a great marriage or not meant for each other? Four companies weigh in!  (all 3 speaker/panelists+ Sprint were interviewed for this article)

The Wireless Video Surveillance Opportunity: Why WiMAX is not just for Broadband Wireless Access  by Robb Henshaw…

Video Surveillance Going Fwd, Suhas Patil, ScD

Remote Access Video Surveillance & Analytics,  Cradle Technologies


Exclusive Interview: Robb Henshaw of Proxim Wireless!

Video Surveillance Product Guide

FCC’s National Broadband Plan overview and IEEE ComSoc SCV March 10, 2010 meeting report


The IEEE ComSoc SCV chapter’s March 10th, 2010 meeting featured a very informative talk by William B. Wilhelm Jr., Partner, Telecommunications, Media and Technology Group at Bingham McCutchen LLP titled, “Effects of Broadband Policy and Economic Stimulus on Innovation at the Edge and in the Cloud.” The meeting was chaired by Simon Ma, Secretary, IEEE ComSoc SCV and was attended by approximately 30 chapter members. Despite the relatively low turnout, the number of questions which were raised and discussed during the talk and subsequent Q&A reflected the keen interest amongst the attendees on the broad topic of the Federal Communication Commission’s (FCC) National Broadband (NB) Plan.

Presentation Highlights:

Mr. Wilhelm explained that the FCC (on behalf of the federal government) believes that broadband can form a strong foundation for economic success and has hence drafted the NB plan. The FCC’s primary objective for the NB plan is to spur broadband deployment nationwide through innovation in devices and applications, which in turn, it is hoped, will drive broadband adoption amongst the United States populace. Furthermore, the FCC has designated that the plan must seek “to ensure that all people of the United States have access to broadband capability” and establish benchmarks to meet that goal. In fact, the foregoing statement also delineates the current top internal priority of the FCC. According to Mr. Wilhelm, a data rate of 3 Mbps is regarded as “broadband” within the United States. Underlining the non-trivial nature of the NB plan objectives, Mr. Wilhelm pointed out that several key challenges will need to be overcome to ensure the plan’s success. These challenges include agency and administrative action among the FCC, National Telecommunications and Information Administration (NTIA) and Rural Utilities Service (RUS), legislative action by Congress and a fair competition policy determined by the Federal Trade Commission and protected by the Department of Justice.

Regarding the objective of ensuring that all people of the United States (US) have access to broadband capability, Mr. Wilhelm noted that the American Recovery and Investment Act of 2009 (ARRA) has allocated $7.2 billion in stimulus funds for the expansion of broadband facilities and services to so-called unserved, underserved and rural areas of the country. Additionally, other ARRA-born programs including health care, smart grid and transportation may also promote large-scale broadband adoption. Describing the response to the first round of funding applications, the talk indicated that nearly 2,200 applications were received, requesting a total of $28 billion with $23 billion requisitioned for broadband infrastructure. The presentation also elaborated on the fact that, in addition to the $7.2 billion in stimulus funds for broadband expansion, over $19 billion has been earmarked for Health Information Technology (HIT) including over $16 billion in medical provider incentives for deploying HIT. The aforementioned funding for HIT is aimed towards developing a nationwide health IT infrastructure which allows for electronic storage, transmission and retrieval of healthcare-related information. The talk also provided attendees with a view to the workings of the FCC with regard to new policy generation such as Notice of Inquiry (NOI) release, and the holding of workshops to close gaps in the comments obtained from the NOI release.

Mr. Wilhelm then described the current broadband scenario in the US in terms of deployment, user adoption as well as a qualitative description of the state-of-the-art in hardware and software systems as found in US homes and offices. It was interesting to note that, while the US leads the world in internetworking equipment, semiconductor chipsets, software and internet services and applications, the US suffers from conditions which are fairly unexpected for a country of its economic stature. These latter conditions include the fact that 50-80% of the homes may get broadband speeds which they need from only one service provider, the fact that broadband adoption is lagging in certain customer segments and the fact that deployment costs for various geographies are significantly different. Further elaborating on the shortcomings in the broadband services faced by users in the US, Mr. Wilhelm pointed out that, for the median user during peak hours, actual download speeds are only about half of the advertised speed! Moreover, around 5 million homes get less than the advertised 786 kbps and approximately 35 million homes get less than 10Mbps. Other broadband service drawbacks faced by US-based customers include the fact that several market segments show penetration rates significantly below the 63% average and that the lack of widespread adoption may entail a social cost in the future in terms of lowered access to jobs, education, government services and information. For example, high school and university students who have little to no Internet connectivity will be at a growing disadvantage compared to students who have materially good quality access to the Internet.

Thereupon, the talk pointed out how high-quality broadband connectivity enables innovations across a broad swath of national priorities – for example, health care (electronic health records, telemedicine and remote/mobile monitoring), energy and environment (smart grid, smart home applications and smart transportation), education (STEM, eBooks and content, electronic student data management), government operations (service delivery and efficient administration, transparency in governance and civic engagement), economic opportunity (job creation, job training and placement, and community development) and public safety (next generation 9-1-1, alerts and cybersecurity). On being queried whether retail services are currently the dominant application of broadband communications, Mr. Wilhelm acknowledged the pertinence of the question, but was unable to comment further on the topic since the FCC report had not been released at the time of this talk.

The presentation then delved into topics such as regulation and deregulation of broadband networks, network neutrality, spectrum policy, investment in telecom systems and services, and next-generation 9-1-1 systems. Explaining the significance of internet services like DSL being taken off from under Title II of the Telecommunications Act as a result of deregulation, Mr. Wilhelm pointed out that since the DSL service is no longer under Title II, the FCC cannot protect DSL customers and small DSL companies anymore from being controlled by telcos or network service providers. With regard to net neutrality, the case of Comcast versus the FCC wherein the former is alleging that the Internet was not under the purview of Title II, was briefly touched upon. A question was then posed on whether managed services were expected to crowd out the non-managed services such as best-effort services. An audience member proffered his knowledge that the very same issue is being discussed in the public domain and that no clear consensus has been reached on this topic. On the subject of spectrum policy, the talk reiterated the oft-heard chorus in the telecom circles that the currently allocated spectrum is woefully inadequate to meet projected future demands (especially for the mobile broadband applications). Mr. Wilhelm then elaborated on the need for investment in telecom services and technology since venture capital investments in these sectors has fallen significantly in recent years. According to Mr. Wilhelm, investment in telecom is a key ingredient to promoting innovation across the hardware, software, network and services ecosystem and the absence of strong investment could result in reduced value of services to end-users.

Pointing out that broadband communications can support public safety and homeland security efforts, Mr. Wilhelm then touched upon the prominent areas of public safety which can be improved as a result of a new broadband initiative such as the national broadband plan. These areas are next-generation 9-1-1 systems, cybersecurity, alerting and a nationwide public safety network. For 9-1-1 systems, Mr. Wilhelm suggested the possibility of having an all-IP based system and to also allow users to submit recorded video to the 9-1-1 operators who could then dispatch the user videos to first responders.


The national broadband plan which the FCC will release (which, at the time of the writing of this article, has been released) is a key step in promoting the widespread adoption of broadband connectivity within the US. If a large portion of the US population gains access to broadband communication systems, the US can continue leading the world in technology innovations in telecom hardware, software and services sectors. Indeed, we believe that it is imperative that the FCC’s objectives of widespread broadband adoption be met in order to help meet other national goals such as homeland security, economic opportunity, healthcare and education. However, as was pointed out by Mr. Wilhelm, the adoption and retention of broadband communications among US users will entail significant investment in the telecom services and technology fields by venture capitalists as well as the federal and state governments. The lack of adoption could result in the exacerbation of the digital divide, especially in the education sector where students from schools which are not well-funded may fall behind in acquiring the skills and knowledge necessary to compete in higher education and (subsequent) job markets. On the other hand, the successful adoption of broadband communications could contribute an order of magnitude improvement in the quality of life for American citizens and further their nation’s leadership in the technology arena.

CSO Perspectives and SaaS Con report: Cloud Computing Security Remains a Conundrum


Prospective and existing cloud computing users often site security as one of their biggest concerns, particularly with public or hybrid clouds.  The lack of standards for security, federated identity, and data handling integrity hasn’t done anything to alleviate those worries.  For example,  Software as a Service (SaaS) or Platform as a Service security contracts often lack contingency plans for what would happen if one or more of the companies involved suffer a disruption or data breach. And it’s not generally known, what type of security exists when data passes between clouds (private-to-public or public-to-public).   There’s even talk of Virtual Private Clouds but no one really knows what that is either.

The enterprise customer, cloud providers and vendors are having difficulties in sorting out the many potential problems and resolving the finger pointing of  who is responsible for what in the event of a data breach or other security trouble – especially over a shared infrastructure.  In particular, there is no standard way of gathering the required information or isolating the problem in a multi-vendor cloud envirnoment.  In fact, cascading security breaches are possible.  That would really play havoc with cloud users data and apps.

Users and vendors are just starting to seriously examine these unresolved issues through industry associations, such as the year-old Cloud Security Alliance.   So the Cloud Security related sessions at the co-located CSO Perspectives and SaaSCon conferences took on an increased sense of importance and urgency. 

Conference Highlights:

1.  Panelists at a joint session on Cloud Security made the following observations:

-Security problem isolation and prevention of cascading security breaches must be specified in the Cloud contract or SLA.
-The cloud vendor should log all inappropriate or unauthorized access incidents.
-The cloud security market needs to understand the nuances of data loss due to security breaches.

2.  At a minimum, a Cloud Computing SLA should include:

a] Security of data, e.g. encryption mechanism
b] Up time/ availablity
c] Forensics of each security breach, especially across a shared infrastructure
d] Data portability to accomodate multiple vendor relationships
e] Being able to change the server OS (e.g Windows to Linux) without disrupting existing applications
f] Business continuity and contingency planning in the event of a falure(s)

3.  The following items were said to be needed, but currently missing from the cloud computing environment:

a] Standards or Interoperablity Agreements
b] Benchmarks to compare cloud services with one another
c] Federation of identities to facilitate single sign on procedure for multiple inter-connected clouds.

4. Interesting quotes:

a] Jim Reavis, co-founder of the Cloud Security Alliance, said, “”It’s important we understand there isn’t just one cloud out there. It’s about layers of services,” Reavis said. “We’ve seen an evolution where SaaS providers ride atop the other layers, delivered in public and private clouds.”  I believe the implication was that Infrastructure as a Service was layer 1 (the Data Center layer), Platform as a Service at layer 2 (the Application development/tools layer), and SaaS at layer 3 (or the Application run time layer)
b] Ed Bellis of on-line travel agency Orbitz said, “It’s a challenge, working with partners to get on same page.  Early on there were many things we didn’t expect. Federation of identities in our internal systems became a challenge because of differences between our internal procedures and those of the SaaS provider.”   “In your SLAs, you need to have clear language for how data will be handled and encrypted and, in the event of a security breach, the contract must have clear language on who is responsible for specific aspects of the investigation. Build these considerations into the contract side.”
c] Keith Waldorf, VP of operations at Doctor Dispense, a point-of-care on line medication and e-pharmacy provider, said one of his company’s most painful experiences in this area was on the contract side. “The lack of common standards really surprised us.”  Waldorf said he once was a client of an (anonymous) cloud service provider that upgraded its offerings, but his company was unable to take advantage of the upgraded services because the original SLA locked him in to using only the software and hardware that was available at the time he initially signed the contract.
d]  Jeff Spivey, president of Security Risk Management Inc., said “the vendors are driving the service, rather than the market defining its needs.”  The previous day, Jeff presented on the threat of “black swan-like” security threats and cautioned the security oriented audience to monitor for “weak signals (of potential threats).”

5.  Microsoft reiterates that they “are all in” with respect to Cloud Computing.

Tim O’Brien, Microsoft Platform Strategy Group manager said that what really matters is what cloud service based delivery can do for the customer.  Microsoft will be moving “category leading products and platforms to the cloud.  For example, Exchange Online (e-mail), SharePoint Online (collaboration), Dynamics CRM Online (business apps), SQL Azure (structured storage) and AD/Live ID (Active Directory access) as its lead services for businesses.  All of these are designed to run on Windows Server 2008 in the data center and integrate with the corresponding on-premises applications. They will also work together with standard Microsoft client software, including Windows 7, Windows Phone, Office and Office Mobile. 

In addition, the company is offering its own data centers and its own version of Infrastructure as a Service for hosting client enterprises’ apps and services. It is using Azure—a full online stack consisting of Windows 7, the SQL database and additional Web services—as a platform as a service for developers.  Microsoft Online Services are up and running. They include Business Productivity Online Suite, Exchange Hosted Services, Microsoft Dynamics CRM Online and MS Office Web Apps.  On the consumer side, Microsoft launched a cloud backup service called SkyDrive, soft-launched about two weeks ago. SkyDrive is an online storage repository for files that users can access from anywhere via the Web.  The web edition of MS Office 2010 will be free to all Windows Live account holders this May. (We wonder how that will effect the company’s profits, which have always depended on the desktop sales of MS Office.  

In summary, it’s clear that Microsoft has a comprehensive strategy is in place; users will now have to try the cloud based products and services and decide how integrated they really are.

The following from Tim O’Brien provides additional information and insight on Cloud Security and Web version of MS Office 2010:

Relative to cloud security, there are a number of resources you can access on our technical sites, some of which I’ve included here:

“For Office, you simply sign into with your Windows Live ID, and you can use the document workspace for your Office docs, and view/edit them in the browser using the Office Web Apps (specifically, Word, Excel, PowerPoint, and OneNote).  To create a file, you can click on “New” for a drop down menu of these four apps, and off you go…”


1. Frustrations with cloud computing mount
– Lack of standards, industry agreements get more attention as industry expands

Cloud computing lacks standards about data handling and security practices, and there’s not even any agreement about whether a vendor has an obligation to tell users if their data is in the U.S. or not. And
The cloud computing industry has some of the characteristics of a Wild West boom town. But the local saloon’s name is Frustration. That’s the one word that seems to be popping up more and more in discussions about the cloud, particularly at the SaaScon 2010 conference here this week.

That frustration about the lack of standards grows as cloud-based services take root in enterprises. Take Orbitz LLC, the big travel company with multiple businesses that offer an increasingly broad range of services, such as scheduling golf tee times and booking concerts and cruises.

2.  SaaS, Security and the Cloud: It’s All About the Contract
-Security practitioners have learned the hard way that contract negotiations are critical if their SaaS, cloud and security goals are to work. A report from CSO Perspectives and SaaScon 2010.

Perhaps the most important lesson is that contract negotiations between providers is everything. The problem is that you don’t always know which questions to ask when the paperwork is being written.  Panelists cited key problems in making the SaaS-Cloud-Security formula work: SaaS contracts often lack contingency plans for what would happen if one or more of the companies involved suffer a disruption or data breach. The partners — the enterprise customer and the vendors — rarely find it easy getting on the same page in terms of who is responsible for what in the event of trouble. Meanwhile, they say, there’s a lack of clear standards on how to proceed, especially when it comes to doing things in the cloud.  Add to that the basic misunderstandings companies have on just what the cloud is all about, said Jim Reavis, co-founder of the Cloud Security Alliance.  Somewhere in the mix, plenty can go wrong.

“If you’re in a public cloud situation and Company B is breached, a lot of finger pointing between that company and different partners will ensue,” Reavis said. “If this isn’t covered in the terms of agreement up front, you have no hope of recovering data (or damages).”

Security vendors can be part of the problem as well. In a recent CSO article about five mistakes one such vendor made in the cloud, Nils Puhlmann, co-founder of the Cloud Security Alliance and previously CISO for such entities as Electronic Arts and Robert Half International, noted that the vendor — who was not named — did “everything you can possibly do wrong” when rolling out the latest version of its SaaS product, leading to users uninstalling their solution in large numbers.

3.  Microsoft is moving ever deeper into the data center, exploring frontiers it hasn’t frequented in the past.

SANTA CLARA, Calif.—Only a year ago, the idea of Microsoft showing cloud computing services at an event like SaaSCon would not have computed one bit.
The world’s largest software company has been late to the party on a few things—the Internet being a classic example—but times and its corporate attitude have changed. They had to.  Microsoft, whose executives not long ago were often quoted as hating cloud computing because it cuts directly into their core business, already has swallowed its pride to embrace open source—well, to a certain extent. The company also is trying to move deeper into the data center, exploring frontiers it hasn’t frequented in the past.  At SaasCon 2010 here at the Santa Clara Convention Center April 6 and 7, Microsoft had its first booth dedicated strictly to business cloud services.  It’s an ambitious plunge into a market already full of veteran players and bright newcomers alike.

4.  A Tale of Two Clouds

The cloud is the answer to all our IT problems — from poor performance to lack of scale to high energy costs. The cloud is a sucker’s game that merely shifts responsibility for IT infrastructure to different hands, leads to performance issues of its own and leaves your data more open to theft.   If both of those statements happened to be true — and we won’t know for sure until it starts to amass significant workloads — would that alter your plans to deploy cloud infrastructure in any way? Apparently not, if the latest research is to be believed.

One the one hand, we have reports from groups like Global Industry Analysts that predict the cloud services market is set to top $200 billion in the next five years. That would represent a blazingly fast growth curve, driven largely by enterprise needs to cut costs and expand capabilities in what is likely to be a mediocre economy at best.   But it’s tough to square that level of acceptance with the increasing anecdotal evidence that suggests a large number of IT professionals are hesitant to place too much reliance on the cloud due to security concerns and a lack of interoperable standards.