You know there are cases where a private cloud is the only way to provide services too, e.g. testing new software releases or building internal apps on software your company builds. So, I'm not sure why you're calling that conservative.

It's just not possible for every enterprise to go full cloud, and a private cloud is a really good option that, frankly, is a better one in a lot of cases.

Corporate OpenID may be the way to go eventually, but it still has an uphill battle in the consumer world to win first. Maybe the US government's steps to adopt will help.

But I'm also a realist – right now, the concerns about trust and reliability are quite valid given the immaturity of the domain, but I think that does not mean we shouldn't still have our eyes raised towards the ideal end-state goal.

I think the issues you've identified are valid, but the reaction – moving to a private cloud infrastructure, hence control – misses the mark in terms of the longer term objective of positioning your IT organisation to fully exploit the cloud services becoming increasingly available (_not_ aim to replicate it all themselves inside the firewall).

Personally, I think the core issue concerns authentication and access control infrastructure. Issues such as where data resides (ignoring for a minute some regulatory constraints) are subsidiary once you have control of the authentication and access control process.

The big issue that corporate IT needs to be hot on right now is that external cloud services _are_ being used for business (no matter what your policies say). And mostly, employees are using personal login credentials for these services. A big security and compliance nightmare. What should Corporate IT do? Getting control means providing some way of enabling corporate identities to be exported on the web (so when I login to google docs, I use my corporate OpenID, not my personal account for example).

I've been spruiking the idea for a while with some positive feedback (definitely not a tidal wave) – for the latest see http://tardate.blogspot.com/2009/09/opx-almost-… – interested in your thoughts;-)

You know there are cases where a private cloud is the only way to provide services too, e.g. testing new software releases or building internal apps on software your company builds. So, I'm not sure why you're calling that conservative.

It's just not possible for every enterprise to go full cloud, and a private cloud is a really good option that, frankly, is a better one in a lot of cases.

Corporate OpenID may be the way to go eventually, but it still has an uphill battle in the consumer world to win first. Maybe the US government's steps to adopt will help.

But I'm also a realist – right now, the concerns about trust and reliability are quite valid given the immaturity of the domain, but I think that does not mean we shouldn't still have our eyes raised towards the ideal end-state goal.

I think the issues you've identified are valid, but the reaction – moving to a private cloud infrastructure, hence control – misses the mark in terms of the longer term objective of positioning your IT organisation to fully exploit the cloud services becoming increasingly available (_not_ aim to replicate it all themselves inside the firewall).

Personally, I think the core issue concerns authentication and access control infrastructure. Issues such as where data resides (ignoring for a minute some regulatory constraints) are subsidiary once you have control of the authentication and access control process.

The big issue that corporate IT needs to be hot on right now is that external cloud services _are_ being used for business (no matter what your policies say). And mostly, employees are using personal login credentials for these services. A big security and compliance nightmare. What should Corporate IT do? Getting control means providing some way of enabling corporate identities to be exported on the web (so when I login to google docs, I use my corporate OpenID, not my personal account for example).

I've been spruiking the idea for a while with some positive feedback (definitely not a tidal wave) – for the latest see http://tardate.blogspot.com/2009/09/opx-almost-… – interested in your thoughts;-)

I’ve been to a couple of these virtualization pitches recently, one for desktops and one for the data-center. Pretty cool stuff. I think it’s perfectly applicable here…you’ll get innovation if you give your employees (individually or groups/departments) the freedom to tinker. Doesn’t Google do 20% of your time?

It’s probably why I like your group…small, nimble and jumps tall buildings in a single bound.