GSI founder Robin Greenhagen discusses cloud computing for small businesses in the November 2009 issue of KC Small Business magazine. The online version is available here: http://bit.ly/5nGcBP

Much attention in our industry has been given to a recent "rant" by one of the popular financial talk show hosts declaring that "the data center business is dead." His logic was that the new CPU technologies were going to render the need for all this crazy data center space moot.

Well, I want to be the first person in our entire industry to say: OK, I agree with his statements that data center square footage is not going to be on fire like it has been, but he really missed the point. The CPUs aren't the cause; the HyperVisor is the real reason data center space is dead.

GSI is regularly helping clients clean out their corporate data centers with 20-30 cabinets of hardware and putting them into 2-3 cabinets of virtualization and storage gear. Our Matrix Enterprise Virtualization Platform makes that a 100% CapEx free zone, as well. We have already invested the CapEx, so you don't have to.

Now, let's talk about the other item relevant to the concept that "data center space is dead." If you are shopping for data center space, you are REALLY MISSING THE BOAT. What you should be shopping for are the services that your business needs for your IT infrastructure: Storage Services, Computing Services, Management and Monitoring Services, Compliance Services, Backup Services, Messaging Services, Data Archival Services.

I have encountered very few corporate IT teams that can touch the depth of knowledge, certifications, experience, customer satisfaction, and speed to deploy and scale that can be found with a good, qualified managed service provider like GSI. Even when we do come across a VERY competent team, they are constantly fighting cost-control and budgeting issues. And most importantly to the business, none of the corporate IT guys are willing to put their monthly paychecks on the line to stand behind an SLA to the business.

Shouldn't your IT staff be focused on servicing the business's vertical applications and processes, and not patching servers, reading log files, and filling out those darn TPS reports? I see a good analogy here to the wireless industry. You would never consider an insurance company, healthcare provider, or financial services company building their own wireless digital cellular network across the country, hiring teams of people to deploy it, hiring teams of people to operate it, and then dealing with the constant technology upgrades, etc. They let providers like Sprint, Verizon and AT&T do that stuff; they just hand out the Blackberries and iPhones, and everyone starts talking.

Why do insurance companies, healthcare providers, financial services companies, and literally MILLIONS of other businesses think they need to buy a bunch of servers, hire some folks to run them, rehire people to backfill when they have churn in the IT team, etc.? Computing that they can just pass out and use is where they need to be. Quit buying servers, quit buying storage, quit buying data center space. Buy services that your business needs.

Sure, GSI will provide these services in a nice, cool, highly secured data center that meets or exceeds all industry standards. But the actual services are where you need to spend the most time evaluating the real value chain and potential ROI for your business.

Several of the big names in the hosting and payments business have released "solutions" that offer PCI-DSS relief to Level 4 merchants (small businesses with small transaction volumes). Well, after reviewing almost 20 offerings, I can readily summarize this as "all hat, no cattle." A bunch of hot air.

One major hosting provider recommends that merchants just don't handle credit cards. Seriously? But what about the MILLIONS of merchants that have custom-coded shopping carts, ERP systems, and business POS tools that rely upon the back-end databases that hold their client and payment information? What about businesses that retain card data for recurrent payments?

IMHO, these folks are trying to pull the bait-n-switch on a relatively unsophisticated (from an IT capabilities perspective) group. 'Hey, host in our "cloud" and follow our recommendations (or at least think you are following them), and you can be PCI-DSS compliant.' Wrong, that is PCI-DSS avoidance. Not really an option for millions of businesses. 

These businesses need a REAL PCI-DSS compliant way to economically host their systems. We all know the hoops that a TRUE, VALIDATED, MANAGED PCI-DSS solution will require. It won't be cheap (no more $59 per month hosting with no firewalls!). But, there will be solutions on the market that will uphold even the most vigorous QSA audit, or even a REAL, HONEST Level 4 SAQ. Stay tuned for more from GSI!

Are you a skeptic in your passion for all things cloudy? Companies buying and selling cloud-based services have had to deal with an attitude shift to "where is my data?" fear and loathing. This angst is understandable, especially when protecting data that can make or break your company's reputation, business transactions, or even worse, data that potentially belongs to your clients.

GSI's complex managed hosting and PCI-DSS compliant hosting clients simply wouldn't/couldn't fathom not knowing where the bits live, and EXACTLY how we were protecting them, feeding them and watching over them every minute of every day. We went for true enterprise virtualization when we built our Matrix virtualization/cloud offering. Tools like VMWare Enterprise, NetApp Storage, Cisco and Force10 Networking, Dell/AMD Servers, etc., have proven themselves over and over again both in our shop and in nearly every IT organization we meet.

If one of our clients wants to know where their data is, we can point it out, both logically and physically. We can explain the security protocols, lockdowns, and testing that is performed to ensure the integrity of their data. We show them our PCI-DSS audit of our Matrix Virtualization platform and enable them to sleep at night knowing that the cloud won't "swallow" their corporate or client data.

We wanted to make sure that our cloud was anything but secret sauce. It's mustard, ketchup and some pickle relish (actually Enterprise Pickle Relish 2.1c).

<analogy alert> I see hosting in the cloud a bit like taking my eight-year-old niece and nephew on a trip to the mall. Most cloud offerings would say, "Go ahead, just drop them off and let them run around our semi-structured environment." Well, besides that fact that there are occasionally a few undesirable people at the mall, I just don't trust that my precious assets will be safe. When I ask for details and get "non-specific" answers on their security, activities, whereabouts and planned activities, I am definitely not going to let them have the run of the place.

However, I have no problem dropping them off at their school, because I know there is a structured security plan, trained professionals that cater to their needs, and at any time, if I need to, I can identify where they are and who they are playing with at recess.

GSI has been offering PCI-DSS compliant virtual machines for a couple of years already. We started by virtualizing environments for individual clients, and in January 2009, we announced our Matrix Virtualization platform, which has been fully validated as part of both our SAS70-Type II and PCI-DSS compliance assessments (yes, we are a PCI-DSS Level 1 Service Provider). PCI in the cloud can be done, and is being done.

Further Reading

GSI's Matrix Virtualization Platform