As cloud computing accelerates, developers and customers from across the ICT sector weigh up the pros and cons of the technology that will become a vital feature for the whole industry.
What changes are you seeing in IT with cloud computing?
We’re seeing a lot of change from customers’ purse strings. That’s impacting how people do business. It’s forcing them to do things differently. IT is much more stable and robust and it’s offering a lot more features to allow people to be disruptive and change how they traditionally do things. For customers, 80 per cent of an IT budget goes on maintaining the ‘as is’ and only 20 per cent around innovation and bringing new features to the business, i.e. bringing in additional revenue.
If you ignore cloud, do it at your peril because it’s there and one must recognise it. From a public sector perspective I think we’re probably a bit early to be going for the cloud as advertised by the main cloud providers and others. We’re looking at a private cloud in terms of lowering our costs and we have to lower our costs because our costs have been lowered for us.
We’ve lost 25 per cent of our staffing complement through RPA and CSR over the last three or four years. So we’re left with a relatively small number of staff managing a high number of applications and having higher levels of expectation from within the user community. The benefits of cloud for us are, first of all, the reduction of the cost, secondly the ease of use and the reduction of workforce hours required to maintain it, thirdly providing extra levels of availability and contingency for the user community: patients and staff.
It’s very important to understand what we’re talking about when we’re referring to cloud. Cloud is now an umbrella term which is applied to most things that anyone in IT produces. There’s a clear separation between public cloud that is provided by Amazon, Google and Microsoft and leveraging cloud technologies within your own data centre i.e. private cloud. For most Northern Ireland public sector organisations, if not all, today private cloud is probably the only viable option.
Public cloud infrastructures are really challenging to the public sector. Legislative challenges, like the US Patriot Act, negate the possibility of bringing a third party data centre. But with that in mind, I would say that taking the same technologies vendors use to leverage and build public clouds and using them in the private cloud scenario gives you the best of both worlds. They give you the trust, security and control that the organisation needs to maintain its data with a lot of the benefits of leveraging the newer technologies around economies of scale and lower operational and capital costs.
Our customers are looking for big benefits from using cloud or virtualisation technologies. The first can be efficiencies, and driving efficiencies from the resources they have, simplification of the network and the resources that they have and also trying to control and manage the costs. Cloud provides the ability to do much more with less through consolidation and simplification.
We are seeing a difference between private sector and public sector. In private, the main drive is towards software as a service, being agile and being able to deliver a service to your biggest customers that adapts to their needs and skill quickly and that relates back into infrastructure. We have customers that have peaks at certain times of year and from a cloud perspective you can do that very easily by just taking on additional services.
In the public sector, you think about some of the issues around data protection. You can separate out functions that aren’t data-sensitive, perhaps processing and resources. That reduces all your infrastructure and your real estate. A move towards virtualisation is a stepping stone towards that but it means you have a much lower footprint in the actual infrastructure you require so capital costs are lower.
Does it make for better IT rather than just focusing on cost?
It gives you the capability to deliver services in a way that is far more IT delivering a service to business as opposed to being the barrier. The way people build their IT service framework to support their business needs to change radically.
There’s a vast difference between public and private clouds. Private clouds exist already within a number of organisations. One of the most robust and efficient ways of looking at the cloud is in the delivery of a security and cloud service as a utility. Certainly one of the key factors that we’re seeing is the high adoption rate of cloud services by large organisations such as Google, Microsoft and Amazon. Cloud-focused organisations need to consider the ease of connectivity and the methodology used for secure access to data and applications in the cloud.
What good examples are there? How did a ‘green field’ approach work?
There are a couple of underlying things that’s driving it. The old story is that there should be more for less, but the less is decreasing and the more is increasing. The gap between the two is growing on a regular basis. The private cloud route is the direction we’re going to go. I’m in the pinch point between the IT world and the business world within the university and the business part of the university is expecting a clear strategy from central IT.
On top of that, we have the driving issues within any public sector, which are securing data and securing the actual service delivery. Where we would regularly have audits, I couldn’t answer those questions if our solution was a public cloud. Our problem at this moment in time is mapping a strategy into something that actually delivers to the university. The challenge at the moment is changing skills and technology in-house to support this new world.
When we started looking at cloud computing 12-18 months ago it was all driven towards the public cloud and 85 per cent of businesses were moving towards it. We’re starting to see a big shift now where 85 per cent are going to adopt private cloud.
What it comes down to is if you don’t care where your data sits, then a public cloud is fine but too many organisations do care where it sits. It’s about what the business demands and if your internal IT department is able to do that at a price point that is relevant to the business.
Is there a different value proposition between public and private cloud? Is there a freer market in the public cloud?
People don’t really want to consume a public cloud or a private cloud. People want to take some specific advantages of both. There are some great things about public cloud services, the pay-as-you-go model, and the agility it generally brings. Private cloud people buy it and will configure it. If you need to very rapidly scale a private cloud, that’s a very difficult thing to do. The real magic is that you can create a solution that delivers a public cloud commercial model but provides service to an individual customer in the private, security and architectural model.
It really depends on the use case and the data set that you’re talking about. Certain data sets and use cases fit very well with current public cloud architectures. The peak demand type model is a great model for public cloud provided that you can trust the service provider with the type of data you are pushing into that environment.
The problem with some of those models today is that the balance of risk is totally slated against the customer. If the public cloud provider has an outage, typically there isn’t an awful lot of penalty built into the SLA against something like that happening. If that data is really important or valuable to the customer, there can be a massive impact at the customer side that isn’t reflected in the SLA and the public cloud provider.
Private and public isn’t something that you go one or the other. It’s picking the right model for the particular use case application and data set. In fact public cloud can be prohibitively more expensive than running the same infrastructure internally. It comes into its own when you need larger levels of scalability and you would have to build for peak demand rather than normal operation.
At the moment, what users don’t realise is that they’ve got governance and they’ve got assurance and they’ve got an entity that they can deal with. Once you move outside that you have to end up comparing like for like.
Inevitably with models that I have with Amazon, it’s fine if you are an SME and IT is not part of your core business. It’s about removing a major cost from your business but if you are in a public service business you’ve got patient consent, legislative mandates that you absolutely have to do, audit control that you have to do.
We have a range of applications which no cloud provider will possibly take on at all. With the levels of assurance, the risk is far too high for them. I have yet to see a cost model that remotely replicates what is currently being delivered internally.
In the Belfast trust, we have 690 applications across the estate. Some of them might only be two- or three-user applications but if that’s part of a neurology service or an ICU service the scale does not mandate that move into the cloud easily. You then have to keep core staff to maintain those applications. We are so lean. At the moment to add on the easy 20 per cent of the cloud which we really want doesn’t make financial sense.
They are coming in and looking at the top 10 per cent of easy apps but that doesn’t help me with any kind of costing model.
I still need all the guys that I have to maintain all the other 90 per cent of the applications that I have.
We’re starting to see community clouds whereby you have got organisations of a similar nature like health care trusts or universities building infrastructures that can be shared between different organisations of a likeness behind a firewall.
We’re starting to see that now with government clouds. If a particular department that has been a high consumer of IT or seen as the leader in IT in a particular government, they would take a lead in providing the rest of the government so they have the main infrastructure.
The Government Gateway is a common access platform for information access between a number of departments, but a specific line of business applications will still sit in their respective organisations. If you consider the G-Cloud and what’s being delivered through the platform, organisations are now more aware of the security aspect and what is required of them to maintain a specific set of information assurance standards.
Government agencies like CESG and the Cabinet Office have mandated how data is marked and set it against, common criteria. Certain data sets will always need to sit in specific silos. I believe moving forward, it’s going to be a mix of public and private clouds with air-gapping between those environments handling sensitive data.
We’re starting to see customers move to ‘service catalogues’ which defines the service you’re trying to deliver, the level of security, resilience and disaster recovery you want to build in each of the levels, and the cost of delivering these services. Some applications are best driven through scale via the cloud.
In cloud computing, we achieve economies of scale where services and applications are shared simultaneously and securely across multiple organisations. I’d also suggest that cloud computing in the form of SaaS has been around for some time. Webex, which is Cisco’s cloud-based collaboration platform, is a great example.
Take what Paul [Duffy] and Jim have achieved in building upon a legacy infrastructure and turning what they have into something very dynamic, robust and cost-efficient. Most organisations have all this computing horsepower sitting there and doing very little, yet utilising vast amounts of energy. What Paul and Jim have achieved is actually utilising that horsepower whilst maintaining an efficient growth curve.
What are the specific benefits or outputs? Have you gained anything you didn’t foresee?
Whenever you’re designing this new model, you have to talk through how the processes are going to work. It does away with the silo-based approach, which was fairly linear.
Now, it’s much more parallel processes with the processes pre-defined. That’s helped us to spin off applications much more quickly than we would. We’re able to provide resilience with the cloud infrastructure that the vendors themselves don’t have within their products.
In health and education, very few applications have the benefits realisation clearly understood. It’s up to the business and not IT to decide the levels of service. The end users have to decide the cost. First of all, IT’s got to understand the cost, engage with the service to understand what that cost is and give them an option to increase the levels of continuity and availability in that particular application.
Because there is a far more dynamic way of providing services, communities are struggling to deal with the idea of “I can choose the service-level agreement I want for this application.” You ask a community how long they can afford for email to be down. The first reaction is “never” and that’s going to cost you £1 million more than your current agreement, and so you work back.
Before launching any cloud strategy, a business has to take a step right back and say: “What do my users expect? What do my users need?” And get those user communities to identify recovery time objectives.
Clients spend a lot of time in IT departments, working with vendors and working out very detailed SLAs without actually thinking: “What’s the operating level agreement or SLA I need to have with the business?” Documenting that allows your IT function to report on your performance on that SLA. It’s very theoretical at the minute whereas if you have all that laid out in your agreements, that cascades down into your vendors as well.
Researchers within the university need to buy people, skills and equipment and the process calls for equipment has to physically exist. I need that policy within the research councils to change. If I’m going to sell a cloud infrastructure to that research, they’re not physically going to own anything.
If everybody’s just buying a service, will the market just look after infrastructure?
Procurement models desperately need to change. There’s always been this desire to spend capital and keep recurring revenue as low as we can. Why on earth would you own depreciating assets when you can simply consume as much as I need when I need it.
Customers are looking to move from capital-based expenditure to operational-based expenditure, using innovative financial models. They’re also looking to automate service delivery by building portal sites with built-in auditing and charge back.
It’s really up to the cloud providers to host the infrastructure but the danger for cloud is if you were to hand everything over, who provides the knowledge to the organisation to help to take them forward?
If you divest yourself of the knowledge to do that, then you’re going to be bereft in five or six years’ time and you’re going to have to buy that in or completely repopulate it at much greater cost. You really need to think about it strategically and find out what resource you need to retain internally to allow you to actually shape and deliver that service on behalf of your organisation.
In the second or third generation outsources, I spend a lot of my time responding to RFPs from the public and private sector. When you ask what runs that application, they say: “They run it for us and we want to get them out. The last thing they want to do is talk to you.”
Cloud risks the same thing happening, where you consume something as a service and then you realise that it’s not simply the case of issuing an RFP for the same service.
How we perceive the consumption of services has not caught up. Very often I hear people talking about end-user technology. The users are looking after their desktops or their mobile devices, but their purpose should be to look after the user. The user should be able to consume content using whatever device most suits them. People don’t want to interact with desktops. People want the data when they need it, where they need it.
What’s the key success factor and what should anyone who’s preparing a cloud strategy really focus on?
It goes back to whether they want a private or a public cloud. If you have the infrastructure to run the cloud internally and you have the wherewithal and the investment of people and knowledge, the question needs to be asked, do you start internally? And what applications, if any, can you split out? Is it economical to run a cloud out on the internet? What is the trade off?
The end user wants something on a screen, the business wants the governance of all of their data and systems and I had to balance that, to deliver all the right things, at the right time and under their control, all for the right amount of money.
It’s getting the right mix of all that technology and service that is sustainable, but at the end of the day, the user sitting down in front of their screen, on their phone, a system at home, or on the road gets what they want, when they want, where they want but the university’s systems and data are protected.
Don’t think of things as public and private. Think of things as the service that you need. Identify what you need an application or service to deliver, and then go out and seek a way of delivering that. In BT, we’ve already got the ability to provide a public cloud consumption model and private cloud security model.
This is all happening very, very quickly. Don’t make any assumptions. Go out there with an open mind. Go out there identifying what matters for my app, my users and my people and see what’s happening.
If you’re moving beyond private into public cloud, it means unbundling x per cent of what we do. Will we unbundle 100 per cent? Most likely not the case. So, while we have to keep 1 per cent plus unbundled, then we have to keep 80 per cent of what we have in place to look
One way or another, it becomes a number-crunching game compared to service delivery and it’s getting that right mix. We can’t put everything into the public cloud. If we need to deliver private cloud, I need in-house expertise to deliver it.
AEP Networks, have adopted the same methodology as EMC and Cisco, with a pay-as-you-go Security as a Service model. It’s essential that the right people get the right information, at the right time, agnostic of device. Within health, when you see US hospitals now delivering bed head prescription and patient treatment through the value of the iPad at the bedside, all boundaries and borders on information access have been extended. What we need to ensure is that access to information remains secure and that policies are in place to ensure correct information marking is maintained throughout the organisation.
To me, it’s all about the service. We used to have information lifecycle management, which was about placing your information at the right cost point on the most appropriate storage platform. We are now doing the same thing for services.
The service demands will change over time, you may be running a service for 20 years and the importance of the service to the business will change over time. At the moment we are finding that it’s all about cost, speed to market, and risk.
The biggest barrier to the adoption of these technologies is that customers have very defined methods of building and operating IT. Cloud technologies allow people to be disruptive and to rethink how they deliver services to maximise quality and minimise cost.
Knowing exactly what kind of service you want in the cloud and how you want that to look when, and linking that back to the return on the investment.
Organisations who we have worked with, and have done that successfully, have taken a step back, looked at the IT function they’re providing and actually taken the blinkers off in terms of business tradition; perhaps some of that is still valid. They benchmark their IT function and then look at areas where they can put it into the cloud.
The first thing you need to do is understand what the costs to your business are. Then you can get into some kind of competitive analysis, look at breadth, depth and quality of service. And then you can have a look at the comparative model coming in from cloud, whether that’s private cloud, public sector locally-held cloud or worldwide cloud.
There are two levels. The business level is very much looking for efficiencies and cost reduction. The IT department is having to support the business in reducing cost. They see cloud as a way of doing that. It simplifies infrastructure and makes things more scalable for them. Virtualisation and cloud go very much hand in hand. ‘Green’ is probably a fairly small agenda for a lot of businesses on the IT side but it can certainly help reduce power and cost.
Start with a clear set of objectives. It’s such a broad term. You’ve really got to understand why your organisation is embarking on or developing something related to cloud. We talk to the organisation around those benefits. Are they real, tangible? Can we measure them?
It’s all fairly standard stuff but it’s amazing how many times those questions aren’t asked or done. Look for organisations that can help you along the journey, have got demonstrated skills with the technology set, good referencibility and experience at delivering these projects.