|Asia-Pacific II 2012
|Head for the Cloud – see the reality
|IT expert (Consultant)
|PA Consulting Group
Alastair McAulay is an IT expert in PA Consulting Group. He has over 20 years of experience working in IT Consultancy, with the last 14 years of these in PA Consulting Group. His clients have included central government departments, government agencies and within the private sector, major finance, pharmaceutical and oil companies.
Mr McAulay is an authority on designing and delivering innovative, IT enabled business change programmes that incorporate leading edge technologies, including cloud computing. He works at the most senior levels to help his clients negotiate the ‘people and business change challenges’ that need to be overcome for successful delivery of benefits. In addition, his practical hands-on experience provides him with a deep understanding of the strengths and limitations of the underlying technologies and their contribution to IT service delivery.
While IT departments may see the Cloud as a threat, senior managers are attracted to the lower cost and greater flexibility to respond to demand fluctuation and organisational changes. Start-ups benefit most from the reduced capital outlay, allowing them to competeagainst the non-cloud establishment. Beyond the hype, the benefits are significant but there are many issues that should be addressed – integration, security, resilience, governance and regulation compliance. Cloud commoditises IT service delivery, and this places the responsibility of selecting the right solution firmly on the customer’s own IT department.
There is no doubt that the marketing efforts of cloud providers have raised awareness of cloud services among the wider business community. They have inspired many organisations to head for the clouds…. but marketing alone is not enough to explain the fact that cloud services are now being used in earnest.
From a business user’s perspective the cloud appears to be:
• Easy to access from a modern user interface such as a browser or smart devices
• Capable of meeting the functional and capacity needs of the individual or business
• Always-on (with apparent 100 per cent availability) and accessible anywhere from any device
• Able to deliver consistent and dependable performance
• A low-cost solution.
If this perspective seems to be fanciful, then consider the ordinary user’s experience of cloud services. Each of the above points would apply to a user’s view of their email service (Gmail, Hotmail), or their photo album service (Flickr, Picasa), or their free file hosting service (DropBox, RapidShare, Wuala). From the business user’s perspective they don’t appear to have their head in the clouds at all.
It comes as no surprise that the drive towards cloud within an organisation typically comes from the business, not its IT department. Established IT departments tend to see the cloud as a threat to their role as the gatekeeper to IT services. Its introduction is also perceived as bringing a raft of technical issues that IT departments would rather not deal with. In contrast, new start-ups see the cloud as an enabler, providing off-the-peg services that rival those of larger competitors but avoid the need to build costly IT infrastructures – the cloud effectively lowers competitive barriers. Consequently, start-ups are the keenest adopters of cloud services.
Why are business leaders even considering a highly technical service such as the cloud in the first place? The answer lies in the way the cloud is being marketed: easy for anyone to understand, where a flexible service is supplied and managed by someone else. Cloud is also noted to be allegedly cheaper than an in-house alternative. As the most well-known providers of cloud services, such as Microsoft, Amazon and Google, are also trusted household names, their products and services are already being used by the very same senior managers.
What this highlights is the discrepancy between perception and reality, between the views of senior management and end users, and those of the IT department who are charged with bringing the vision to life. Users are understandably only interested in the benefits that cloud can offer while the IT department is responsible for ensuring the cloud-based solution delivers to expectations.
The business case drivers are typically derived from the following benefits:
Cost: The perceived lower cost of cloud services is a major driver for all organisations irrespective of size. In reality the impact of cost savings and limited capital investment is likely to be disproportionately greater in smaller organisations.
Scalability/agility: Few organisations remain fixed in size and equally few applications have constant demands placed on them throughout their lifetime. The capacity of an IT infrastructure or software service to be scaled both up and down according to demand removes a significant headache facing many IT managers, especially when traditional bounded systems reach capacity.
‘Pain-free’ service evolution: Some SaaS providers boast that their services are always up to date, with new features and software revisions introduced seamlessly. This relievesthe need for organisationsto refresh their own infrastructures.
High availability: Cloud services typically offer a high level of availability, though not 100 per cent availability as is often assumed. Cloud providers – particularly larger providers – do also offer high levels of resilience through global replication.
Geographic independence: Cloud services from major providers typically offer an anytime, anywhere capability. This is often complete with time-zone and multilingual support.
Few would argue that this is not a great set of benefits. However there are definitely issues that impact the IT organisation. Any credible business case must enlist the IT team to identifyand address them.
Integration and interworking issues: Larger organisations carry a lot of IT baggage built up over many years. Any new cloud-based solution needs to work with the existing infrastructure. Applications must be able to continue sharing information across the cloud boundary with minimum disruption to business. Implementation plans must explicitly take account of the technical integration of the cloud with any core applications that are highly bound to the organisation’s IT infrastructure.
Security and privacy issues: Although security and privacy are important to all organisations, the ability of an organisation to manage security can vary dramatically. Particular attention must be paid to how security is maintained, since even apparently small changes to a service can have security implications. Organisations should review with the supplier precisely how security will be maintained and the mechanism for reporting changes that might have an impact on security.
Resilience issues: The level of resilience offered by the cloud varies depending on the size and type of provider. The larger providers (Google, Amazon, Microsoft) achieve high levels of resilience by distributing and replicating processing and data across many data centres. However if data is lost, there needs to be mechanisms to recover back to the original position.Addressing this issue depends heavily on the type of cloud service – whether it is infrastructure, platform or software as a service. With infrastructure, the most effective method of improving resilience is to use more than one cloud provider, ensuring that the two infrastructures are genuinely independent. The cloud customer then ensures that the applications running on the two infrastructures are synchronised.
IT governance issues: While the technical delivery of services may have been outsourced, supplier contract management and ongoing technical management of responses to changes made by cloud providers both require appropriately skilled staff who can understand what changes the providers have made and their implications for customers. Despite the cloud being in many senses a commodity, service providers still need to be managed just as traditional outsourced service providers are. The level of control cloud customers have will be less, but this only means cloud providers must communicate the likely impact of changes clearly.
Legal and regulatory issues: Closely allied to, and often driven by, security and privacy concerns, legal and regulatory requirements constrain the choice of cloud options available particularly to larger companies but also to smaller ones. Legal and regulatory requirements are black and white and everyone has to be adhered tothem. Any regulated organisation or organisation governed by special legal requirements is obliged to seek written assurances from any potential cloud providers that they can meet those requirements. To their credit, most service providers are stepping up to the mark and delivering solutions that meet general legal and regulatory requirements.
In conclusion the commodity nature of cloud services is both an advantage and a disadvantage. It lowers costs, delivers standardisation and provides relatively painless service upgrades. However this also means that services are unlikely to meet the exact letter of any corporate requirement.
This pushes the responsibility for assessing the ability of cloud services to meet individual corporate requirements back on to the customer. The customer has to define what it wants in terms of security, privacy, resilience and integration capability and then conduct an assessment of what is on offer against those requirements.
Buyers need to be focussed on both understanding the benefits and recognising the IT challenges to overcome.