Cloud Computing. It s Not About Blue-Sky Thinking

(1)

(2)

Cloud Computing has effectively transformed business over the past 10 years; not just in terms of the technology we utilise, but on a fundamental level it has changed the way we do business. Whilst there is still no single definition of what Cloud Computing is, it can be defined by its characteristics and how businesses and individuals use it. Cloud Computing is a scalable, flexible set of pooled resources that are accessed via the Net; it is available on-demand and consumed on a utility basis.

The lines between the traditional divisions of infrastructure, platform and software as a service have become blurred over time; any aspect of computing you can think of can be provided as-a-service. The concept of anything-as-a-service includes such diverse solutions as Communications, Desktop Services, Security, Data and Back-Up and Recovery.

The Cloud comes in a variety of shapes and sizes, with deployment options ranging from Private to Public or Community. Each individual or organisation will have a unique set of requirements that dictates the most appropriate combination of deployment options, necessitating a hybrid approach to Cloud Computing. This hybrid computing model will differ from one organisation to another and will likely feature elements of private Cloud, Public Cloud and on-premise solutions. Changes in working practices, business drivers and market characteristics have all contributed to a rapid adoption of Cloud Computing. With 95% of consumers using Cloud Computing in one form or another, and 75% of SMEs employing some element of Cloud Computing, it has moved well beyond a nebulous concept to a ubiquitous technology.

Not all businesses have wholly embraced the Cloud. There are still some elements of risk involved in divesting computing power, sharing access, authenticating remote users and securing data in the Cloud which have delayed the migration of some business critical data or applications. Data security has been the driving force behind a number of recent Cloud trends. Cloud Computing is not about blue-sky thinking. As the technology matures, adoption is no longer about differentiation or innovation; it’s a matter of survival. The following is an extract from Cloudonomics by Joe Weinman, first published in 2012:

“The cloud is transforming all spheres of our world:

commerce, entertainment, culture, society, education,

politics, and religion. Cloud start-ups are forming on

a daily basis and billions of dollars in wealth are being

created as companies craft innovative strategies to

exploit this opportunity. Conversely, long-standing

corporate icons that have failed to do so are becoming

history instead of making it.”

(4)

Cloud computing is not a new idea. It has been around for a long time in technology terms – the phrase was first used back in 1997 by University of Texas Professor Ramnath Chellappa. As the possibilities of Cloud have become more evident, adoption of the technology has become more widespread. Financial services organisations are leading the way in adoption but 75% of SMEs are utilising Cloud Computing in one form or another.

As consumers, 95% of us are benefiting from Cloud services; whether it’s online banking, apps stores or social media. Cloud is big business; Merrill Lynch (the wealth management division of Bank of America) values the 2013 global Cloud Computing market at $160bn.

What is the Cloud?

It’s an interesting question. At first glance it’s a simple question, but the answer is anything but simple. The National Institute of Standards and Technology (NIST) like a definition; it’s what they do best. However, after 15 drafts they finally published their 16th and final definition back in 2011. Here it is:

“Cloud computing is a model for enabling ubiquitous,

convenient, on-demand network access to a

shared pool of configurable computing resources

(e.g., networks, servers, storage, applications,

and services) that can be rapidly provisioned and

released with minimal management effort or service

provider interaction.”

“Cloud is about how you do computing, not where

you do computing.”

Paul Maritz, CEO VMware

“The Cloud services companies of all sizes. The Cloud is

for everyone, the Cloud is a democracy.”

Paul Maritz, CEO VMware

As definitions go, it’s OK, though many argue that it doesn’t go far enough. NIST themselves qualify the definition by saying the cloud is composed of 5 essential characteristics, 3 service models and 4 deployment models; which we will explore later. One thing to remember is that the Cloud is not a place. It’s a way of doing things. Paul Maritz, CEO of VMware puts it succinctly:

(5)

Cloud Components

If we return to the NIST definition of Cloud Computing, we can explore the essential characteristics that the Cloud exhibits.

Firstly, Cloud Computing features a pooled set of shared resources. These resources can be either physical or virtual and comprise all the usual elements of a computing estate, including servers, storage, processing power, bandwidth, data and applications. The Cloud can service multiple users simultaneously, with resources assigned dynamically, according to demand. Cloud resources are accessible via the net (Intranet, VPN, Internet) on a wide variety of devices, either thick or thin client.

Cloud resources are available on-demand on a self-service basis. Users are free to provision a range of services, as and when they need them, with little or no intervention from their service provider.

The Cloud offers a set of flexible and scalable resources. The elastic nature of Cloud services means users can scale up and down, often instantaneously, to match changing demand over time.

Finally, Cloud Computing is consumed as a utility. Services are effectively metered and can be monitored, controlled and reported on to provide transparency for consumer and provider alike. One feature of Cloud Computing that doesn’t feature in the core NIST definition is

location independence.

In most cases, users have no control over (or even knowledge of) where the physical resources are located; this is particularly true with Public Cloud Infrastructure (see below for Public Cloud vs. Private Cloud).

(6)

Service Models

NIST proposes three primary service models for Cloud Computing: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service). In reality, the lines between these broad categories have become blurred over time as we enter the world of

Everything-as-a-Service (XaaS).

Software-as-a-Service

SaaS allows users to access data and applications in a thin-client environment, typically via a web browser or over the Internet. Access is on-demand and can be from a range of devices but control of the environment and the underlying infrastructure remains with the service provider. In most cases, users can only choose from a range of pre-defined applications available from their service provider.

Platform-as-a-Service

PaaS places a greater degree of control in the hands of the user. Whilst the service provider maintains control of the underlying infrastructure (servers, OS, network & storage), users are able to deploy a wider range of applications (as long they are supported by the service provider) and have control over both the application capabilities and the host environment settings.

Infrastructure-as-a-Service

IaaS allows users to specify the building blocks of their Cloud infrastructure – servers, storage, processing etc. – and to deploy and run arbitrary software, including operating systems and applications. The service provider maintains control of the physical computing assets, wherever they may be located, along with the majority of the core network components.

(7)

Cloud Deployment

Sticking with the NIST categorisation, if not the description, of Cloud deployment models; there are four essential options:

• Private

• Public

• Community

• Hybrid

Public Cloud infrastructure is available from a third party service provider on a utility basis. Individuals and organisations specify what resources they need and pay on a per-user basis. The name “public” can be a little misleading as the service, whilst cost-effective, is not free. Another point worth making here is that your data and applications do not become public, just because they are on a public Cloud. Service providers employ strict policies and procedures to ensure your data remains secure. Public Cloud services provide a flexible, scalable and rapid deployment option.

In a private Cloud the infrastructure is not a part of a pooled resource and is dedicated to servicing an individual entity. The benefits of a private cloud are numerous: greater control and security, no bandwidth or compliance issues, more accountability and resilience.

Organisations can choose to host their own infrastructure in-house or utilise a third party service provider (in which case it’s a Virtual Private Cloud). If you choose to develop your own on-premise solution, remember this will involve significant capital investment and will take time to implement. A community cloud is a pooled resource that is utilised by a group of individuals or organisations that share some common standards – technology, security, compliance etc. The cloud

infrastructure can be owned by one or all of the community members and can be either an on-premise or third party service.

Community clouds offer some of the cost benefits of a shared resource whilst allowing members to maintain the management and control features of a private cloud. Once again, if you are investing in an on-premise solution it will take time and money to implement. However, once a community cloud is established, on-boarding new community members is quick and easy. Hybrid cloud, as you might expect, is a combination of two or more of the previous cloud deployment models. Hybrid is proving to be a popular model as it allows organisations to benefit from the best of both public and private cloud.

Though the public and private elements of a hybrid cloud solution are separate entities, they will share common standards and technologies to allow freedom of movement of data across the cloud barriers. Business critical data and applications are managed in a private cloud environment, where availability and security are of paramount importance, whilst non-essential services and data-intensive services such as back-up are managed in a public cloud.

Hybrid is likely to become the default model for computing in the future as each business or individual has a unique set of requirements that suits a tailored combination of public Cloud, private Cloud and on-premise technologies.

(8)

Cloud Computing – Timeline*

The term “cloud computing” is coined by University of Texas professor Ramnath Chellappa in a talk on a “new computing paradigm.”

VMware founded, introduces software providing completely virtualized set of hardware to a guest operating system.

Salesforce.com founded in San Francisco apartment and SaaS is born Dot-com bubble bursts and Amazon moves to the Cloud

Blackberry launches the first Phone with voice, data, messaging and web browser functionality. The Smart Phone has arrived and users can now access the web from anywhere

Google launches a cloud-based email service – Gmail

Advances in high speed, high-capacity networks, low-cost computing and virtualisation sees adoption of enterprise Cloud architecture accelerate

Amazon launches Elastic Compute Cloud (EC2), offering infrastructure-as-a-service to individuals and small businesses

File hosting and synchronization service Dropbox is founded, making cloud storage a commodity Apple launches the iPhone with its innovative, multi-touch interface

Salesforce launches Force.com, a Cloud platform-as-a-service solution

Open-Source Eucalyptus launched as the first AWS APLI-compatible platform for implementing Private Clouds

As competition increases, companies rush to provide services for the mobile and tablet market. Everything is available as-a-service

Apple launches iCloud, its cloud storage and computing service

Private Cloud adoption increases as essential office applications move to the Cloud

An influx of new Infrastructure-as-a-Service providers boosts the Public Cloud in anticipation of enterprise adopting Cloud infrastructure

Cloud Computing accounts for one third of IT expenditure

What will the future hold?

Personal Clouds

Smart Phones and Tablets replace PCs as the access device of choice The term Cloud fades into obscurity – it is simply known as “Computing” *Source: Symantec.com

1997

1998

1999

2000

2002

2004

2005

2006

2007

2008

2010

2011

2012

2013

(9)

Cloud Adoption

The last 5 years have seen an increase in Cloud adoption rates, driven by advances in network performance and a reduction in hardware costs. Virtualisation has been on the increase too. Research firm Gartner predicts 60% of server workloads will be virtualised by 2014, a significant increase over the 12% figure from 2008.

The US and the UK lead the way in Cloud adoption statistics. The Cloud Industry Forum predicts that, by the end of 2013, more than 75% of UK businesses will be using at least one Cloud service. First time Cloud adoption has grown 27% in just 18 months, with no sign of slowing down. They also forecast that 80% of current Cloud users will increase their spending on Cloud solutions.

“92% of Cloud users are satisfied with their

experience to date.”

Cloud revenues are on the increase. In their recent Cloud Computing UK research paper; Ibis World expects to see the UK Cloud industry generating £5.79billion, up 6.5% on the previous year. So, why is everyone moving to Cloud Computing? The reasons are many and varied, and they are by no means driven exclusively by technological arguments. In fact, the abstracting of IT issues from the broader business decision making process is a thing of the past; it is a business imperative that is driving the change in technology.

Paramount amongst the business drivers behind Cloud adoption is cost management. The global financial downturn has meant that businesses as a whole, and IT departments in particular, are increasingly tasked with delivering more for less.

In a recent Gartner survey, mid-sized enterprises were seen to have cut their annual spend on IT from 5.3% of total operating expense in 2011 to 4.7% in 2012; a real-term reduction of 11.3% year-on-year.

If cost control is the dominating factor, what are the other compelling business reasons behind Cloud adoption?

The Cloud Security Alliance (CSA) conducted its own research into Cloud adoption and found the 5 leading business drivers were Cost Management, Business Agility, Time to Market, Efficiency and Productivity.

The respondents of the 2013 North Bridge Future of Cloud Computing Survey placed scalability as the key driver, followed by agility and cost management.

In his 2012 publication Cloudonomics, Joe Weinman discusses the business arguments for Cloud Computing and attempts to put some indicative numbers against the costs and benefits of Cloud adoption.

“By year-end 2016, more than 50% of the global 1000

companies will have stored customer-sensitive data in

the public Cloud.”

Gartner, 2013

(10)

What follows is a brief exploration of the reasons why businesses are

moving to the Cloud.

Cost Management

The financial benefits of Cloud Computing have been much vaunted; the economies of scale realised from a pooled resource, the reduction in size of the on-site technology estate and the pay-as-you-go nature of service provision has led to a reduction in both capital and operational IT expenditure. Outsourcing elements of the ICT function also reduce the need to maintain in-house administration and support functions.

Cost management is not just about reduction. Provisioning services on a utility basis provides transparency and predictability of costs, making budgeting easier and shifting the emphasis away from large-scale capital expenditure that can be hard to justify or secure.

Agility

The scalable, on-demand nature of Cloud services provides significant improvements in business agility. Being able to scale provision up and down instantly, and on-board new services rapidly, delivers a degree of responsiveness that is unobtainable with an on-premise IT estate. The ability to react quickly to changes in demand for IT resources enables businesses to exploit emerging markets and technologies whilst not leaving them exposed to over-provisioning when demand reduces.

Flexibility

One of the most significant shifts in business operations over the past decade has been the rise in workforce mobility. Changing shift patterns, the global marketplace and the advent of Bring Your Own Device (BYOD) has made the old model of one worker, one workstation, redundant.

Users require ubiquitous access to business critical data and applications anytime, anywhere and on any device. Utilising Cloud services enables users to benefit from standard office applications and the latest collaboration technologies alike; delivering improvements in workforce

productivity.

Time to Market

IT has not always been the most responsive of services. The time taken to commission, configure and roll out new services or upgrades/patches would usually be measured in weeks. The impact on IT department productivity was substantial, leaving IT mired in administrative tasks rather than focussing on strategic technology decision making.

With a Cloud model, patches and upgrades become automated and the cost of maintaining the latest versions of software is significantly reduced. Compatibility issues are eliminated with all users running identical versions of software. Provisioning new hardware becomes a near-instant process as virtual servers or storage can be added as and when needed.

Security

A contentious issue, security has been at the root of much of the reluctance to adopt Public Cloud. Ironic then that improved security is one of the heralded features of Cloud Computing.

The ISO standards that Cloud service providers have to adhere to are often more strict than those a business may insist upon for their own on-premise solution. Business critical data is stored in a central location, with access controlled via tight, two-factor authentication and users again benefit from economies of scale, provisioning cutting edge security at a significantly reduced cost.

(11)

The case against Cloud Computing

Whilst the adoption statistics indicate a ground-swell of support for the Cloud, business owners haven’t always been enthusiastic. Historically, there have been some fundamental concerns over Cloud Computing and not everyone is a fan.

The assessment of risk associated with public Cloud adoption has been an inhibiting factor for some organisations. The very features of Cloud computing that promise wide-reaching business benefits are the source of concern.

Public Cloud is a multi-tenancy technology. This means that a number of disparate users share access to the same computing resource; if one tenant is compromised, potentially all tenants could be. There has also been concern in the past of data leaking between tenants.

As a resource available over the web, user authentication and authorization has implications for data security. Public and private Cloud providers will come under scrutiny when it comes to robust access control policies. As the tenant doesn’t own the infrastructure, administrative access is beyond their control. Authentication of users outside of the tenant’s organisation is an area of concern.

When dealing with a public Cloud provider, the underlying infrastructure is often an unknown quantity. Without understanding what resilience is built in to the system, how can a tenant be assured of resource availability? There have been a number of high-profile service disruptions for major vendors recently; most notably in the summer of 2012 the Amazon servers went down as a result of electrical storms, taking Instagram, Pinterest and Netflix down with them.

An extension of the resilience argument is concern over disaster recovery and data retrieval. Although uncommon, there have been instances where customer data has been irretrievably lost. One of the other major concerns is around intellectual property. Who actually owns your data if it’s stored on a third party’s servers? Service providers like to own the data they store as it limits their liability and provides opportunities for commercial exploitation.

The Cloud Industry Forum surveyed 250 UK IT decision makers from across the private and public sectors; it was no surprise that data security was the number one concern – 90% of public sector and 78% of private sector respondents admitted it was their primary concern. Other factors included the fear of losing control of the IT function, being locked-in to a specific provider, data sovereignty and the cost of migration.

In a similar piece of research, the Cloud Security Alliance established that data security and location were behind the majority of barriers to adoption - Information Security, Data Sovereignty, Information Assurance and Contractual and Regulatory Compliance.

“I really worry about everything going to the Cloud. I

think it’s going to be horrendous. I think there are going

to be a lot of problems in the next five years”

(12)

Moving to the Cloud

Cloud Computing is not about blue-sky thinking. As the technology matures, adoption is no longer about differentiation or innovation; it’s a matter of survival.

Three factors to consider when choosing a cloud vendor

Experience

With multiple vendors offering similar-sounding services, it can be difficult for organisations to select the most reputable provider. Find a vendor with substantial experience of providing hosted services. Don’t just take their word for it though; look for third party endorsement in the form of case studies, testimonials and industry awards.

Security

If you have any concerns about storing and accessing your data via the internet, make sure you address them with your service provider. Reputable vendors will have strict security policies and practices in place and will be able to offer higher standards of security than you could reasonably maintain in-house.

Gartner recently identified seven security issues prospective customers should investigate when considering a cloud vendor’s services:

1.

Privileged user access – Enquire about who has access to data and about the hiring and management of such administrators.

2.

Regulatory compliance – Make sure a vendor is willing to undergo external audits and/or security certifications.

3.

Data location – Ask if a provider allows for any control over the location of data.

4.

Data segregation – Make sure that encryption is available at all stages and that any encryption schemes used were designed and tested by experienced professionals.

5.

Recovery – Find out what will happen to data in the event of a disaster. Does your vendor offer complete restorations, and if so, how long will this take?

6.

Investigative support – Enquire whether a vendor has the ability to investigate any inappropriate or illegal activity.

7.

Long-term viability – Ask what will happen to data if the company goes out of business. How and in what format will data be returned?

Integration

The Cloud services you subscribe to should integrate easily with your existing networks and infrastructure, so that your new services become a seamless extension of those already provided by your in-house IT department. As ubiquitous access is a feature of Cloud services, integration should be a simple process.

“The cloud is

transforming

all spheres of our

world: commerce,

entertainment,

culture, society,

education, politics,

and religion.

Cloud start-ups are

forming on a daily

basis and billions

of dollars in wealth

are being created

as companies

craft innovative

strategies

to exploit this

opportunity.

Conversely,

long-standing

corporate icons

that have failed to

do so are becoming

history instead of

making it”.

Joe Weinman, Author

of Cloudonomics, 2012

(13)

About IP Solutions

IP Solutions, one of the UK’s leading independent communication services providers, has over 10 years’ experience of providing communication solutions for organisations of all types. Using their extensive market knowledge and analytical tools, they provide cost-effective solutions for businesses that are looking to maximise the benefits of unified communications.

By reviewing and accessing the needs of an organisation, IP Solutions can provide critical information and advice – their assistance with managing communications costs and implementing new tariff structures has saved organisations hundreds of thousands of pounds. Independent and jargon-free recommendations have helped a host of high profile businesses reduce their annual costs significantly, whilst achieving a flexible and productive communications infrastructure.

As one of the largest providers of VoIP in the UK, IP Solutions can implement hosted solutions to help companies streamline their communications; delivering economies of scale, flexibility, greater workforce collaboration and productivity.

(14)