I had a great conversation the other night while at the Seattle Web Analytics Wednesday (#waw) with Carlos (@inflatemouse) and a dozen others.  @inflatemouse brought up the idea that an analytics provider using the cloud, increases or at least possibly increases the risk of security breach to the data.  This is, after all a valid point, but because of the inherent way web analytics works this is and is not a concern.

Web Analytics is Inherently Insecure

Web analytics data is collected with a Javascript Tag.  Omniture, Webtrends, Google, Yahoo, and all of the analytics providers use Javascript.  Javascript is a scripting language, which is not compiled, and stored in plain text in the page or an include, or passed into the URI when needed.  This plain text Javascript is all over the place, and able to be read merely by looking at it.  So the absolute first point of data collection, the Javascript tags, is 100% insecure.

The majority of data is not private.  So this insecurity isn't a huge risk or at least should not be.  If it is, you have larger issues before you even contemplate using an on-premise and cloud solution to bump up your compute and storage capabilities.  Collecting data that needs to be secure via web analytics is an absolute no.  Do NOT collect secure, private, or other important pieces of data this way.  If you have even the slightest legal breach in this context, your entire analytics provision could have this data scraped, possibly used in court in a class action suite, or in other ways even.

For the rest of this write up, I will assume that you?ve appropriately encrypted, or enabled SSL, or otherwise secured your analytics or data collection in some way.

Getting that Boost on Black Friday

eE-commerce has gotten HUGE over the last decade.  The last Black Friday sales and holiday season saw the largest e-commerce activity in history.  Omniture, Webtrends, and all of the other web analytics providers often see a ten fold increase in web traffic over this period of time.  Sometimes, for some clients, this traffic is handled flawlessly by racks and racks of computers sitting in multiple collocation facilities around the world.  However, for some clients that have exceedingly large traffic boosts, data is lost.  (yes, ALL the providers lose data, more so during these massive boosts)  The reason is simple, the machines can?t process in time or handle the incoming traffic because the extra throughput isn?t available to scale.

Enter the cloud.  The cloud has vastly more scalability, almost an infinite supply by comparison, to any of the infrastructure available to the analytics providers.  Matter of fact the cloud has more scale available than all of the analytics providers.  This is actually saying a lot, because Webtrends (and maybe some of the others) I know does an amazing job with their scalability and data collection, arguably more accurate and consistent than any of the other providers (especially since many of them just sample and "guess" at the data).

So when you extend your capabilities to the cloud for web analytics do you really increase your security vulnerability?  Most of the providers of web analytics have their own array of security measures, that I won't go into on levels of security.  However, does introducing the cloud change anything?  Does it alter the architecture so significantly as to introduce legitimate security concerns?

Immediately, from a functional point of view, assuming good architecture, intelligent system design, and good security practices are in use already, introducing the cloud should and is transparent to clients.  For the provider it should not increase legal concerns, functional concerns, or otherwise pending the aforementioned items are taken care of appropriately.  But that is just it, every single current provider has legacy architecture, various other elements that do not provide a solid basis for a migration to the cloud for that extra bump of power and storage.

So what should be done?  What if a provider wants that extra power?  Can the technical debts be paid to use the awesome promises of the cloud?  Is the security really secure enough?

Probably not.  Probably so.  But . . .

This provides a prospective opportunity for a new solution for web analytics to be provided.  It provides a great opportunity for a modern cloud based solution, that provides more than just a mere Javascript tag and insecure unencrypted data to be collected for analysis.  It provides the grand opportunity to design an architecture that could truly lead the industry into the future.  Will Webtrends, Omniture, Unica, or someone else step in to lead the analytics industry into the future?

At this point I'm not really sure, but it definitely is an interesting thought and a conversation that I have had a lot of people at #altnet meetings, cloud meetups, and with cloud architects, engineers, and others that have similar curiosities.  I await impatiently to see someone or some business take the lead!

Recently Amazon jumped into the relational database cloud competition with Microsoft.  Up until the 6th of this month, Microsoft had the only cloud with a real dedicated relational database offering in SQL Azure.  Now Amazon has their Relational Database Service heating up the competition.

In other news, Google finally joined the storage party with their recent launch announcement at the I/O Conference.  So now we have Amazon, Microsoft, and Google as the big companies on the block throwing down on the storage offerings.  Stay tuned for more!

In other news I have been working through the katas setup for TDD practice.  They're actually a lot of fun and would suggest anyone out there interested in TDD or just unit testing to just go out and give one a test drive.  : )

• http://osherove.com/tdd-kata-1/
• http://www.iamnotmyself.com/2009/10/23/TDDKataCalculatorDemonstration.aspx
• http://rickardnilsson.net/post/2009/10/27/Code-Kata-Cast.aspx
• http://www.21apps.com/agile/tdd-kata-by-example-video/
• http://charlesmaxwood.com/8-lessons-from-corey-haines-performance-kata/
• http://vimeo.com/7014098
• http://5whys.com/blog/how-to-measure-programmer-productivity-using-tdd-katas.html
• http://osherove.com/videos/2009/8/25/tdd-understanding-mock-objects.html
• http://www.markhneedham.com/blog/2010/01/10/roy-osheroves-tdd-kata-an-f-attempt/
• http://vimeo.com/8206748

Currently I am working on a code kata putting together ideas from Roy Osherove's The Art of Unit Testing and what one needs to know for testing in enterprise environments, abstracting the appropriate code to take into account web services, files, I/O, architectural issues, and other elements of coding.

I have been in many conversations lately about Software as a Service (Saas) and Cloud Infrastructure & Technology.  In those conversations I have found that there is commonly a mixing of what people think Saas and Cloud actually mean.  In reality, there are two autonomous concepts and Cloud should not be used interchangeably with Saas.

Saas Clarified

Software as a Server, commonly shortened just called Saas is very descriptive of exactly what it means.  With Saas there is a particular software application provided to clients via a service.  That may be a bit confusing, so I will elaborate further.  The software part of this acronym could be a calendar application, a to-do list, expense tracking, or something else.  The delivery of that particular software is then provided by a service such as SOAP or REST Services, or some other transport medium over the Internet or other secure connection.

The other very significant implication of Saas is the process of payments for the particular software or service.  This is the part that is not implied within the name.  Saas is and was created primarily to allow creators of software to provide software based on subscription style payments.  Since the maturity of software applications has reached a certain threshold the industry as a whole has been searching for a mechanism to allow more fluid and measurable means of revenue.  Saas is the model that provides that means.

The Clouds Defined

What is cloud technology, infrastructure, applications, or computing?  The various cloud offerings out there do not always work to provide a good clear definition of what exactly a cloud is.  What I like to think of as the cloud ideal, which fits into most of the definitions is,

"Cloud Computing is Internet computing using shared resources over geographically dispersed areas.  Over these areas, content delivery is provided with resiliency through redundant systems, drives, and other hardware providing a high uptime percentage (99.9% or more)."

Of course, that is my definition with my particular criteria that I feel is important to have for a legitimate cloud.  As I learn and research more about cloud technology, infrastructure, and the ideals behind this model of computing I will most likely get more specific, and possibly add more to my personal definition of what Cloud Computing is.  Also, see my original definition by real examples blog entry.

Cloud and Saas Clarification

The cloud, often used to describe a Saas model is incorrect.  A Saas Business Model can be hosted in any number of cloud infrastructures, but one does not implicitly necessitate the existence of the other.  A Saas Business Application may simply be hosted in a shared environment, or on a single server, partially clustered servers, or otherwise.  Meanwhile a cloud infrastructure setup may not have any Saas Applications at all and instead runs only services between machines.  Simply put, the cloud and Saas don't particularly have anything to do with each other.  It just happens that they often do.