Cloud Computing Masterclass

Cloud Computing Masterclass

Andrew Stott

Senior Consultant, TWICT

formerly Deputy UK Gov CIO

Washington

27 Feb 2013 v0.4

@dirdigeng [email protected]

Perhaps not such a new idea?

Cloud Computing

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable

computing resources (e.g., networks,

servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Cloud Computing

5

“Cloud computing is a model for enabling

ubiquitous, convenient, on-demand network access to a shared pool of

configurable computing resources (e.g.,

networks, servers, storage, applications, and services) that can be rapidly provisioned

and released with minimal management effort or service provider interaction.”

Cloud Computing

“A standardised IT capability delivered via Internet technologies in a pay-per-use, self-service way.”

Cloud Computing: Essential Characteristics

 On-demand self-service

 Broad network access

 Resource pooling

 Rapid elasticity

 Measured service

One of these ….

… or part of one of these …

For SMEs and innovators it changes this …

Startups and SME users disproportionately benefit

 Access to enterprise-class software as a service

 Better security and resilience at lower cost

 No premises costs

 Fewer skills requirements

 Easier access to business building blocks (eg e-commerce, payment systems, CRM, ERP)

Cloud Computing: Service Models 17 Model Application Software Middleware (eg integration libraries, database s/w) Servers & Storage Examples Infrastructure As A Service

Consumer Consumer Provider Amazon EC2/S3 Rackspace

Platform As A Service

Consumer Provider Provider Google App Engine Microsoft

Azure

Software As A Service

Provider Provider Provider Google Apps Salesforce

Cloud Computing: Deployment Models

Model Location Infrastructure Platform Application

Public Cloud Off

premises









?

()



?



Benefits and Risks

Cloud Computing: Benefits  Cost Saving

 Staff savings

 Resilience

Cloud Computing Benefits: Cost Saving

Utilisation 10-20%  80-90%

Commoditisation

Use of capital

“Scale down” as well as “scale up”

Cost savings come from?

Standardisation

Cloud Computing Benefits: Staff Saving

Automated management

User-led provisioning

Leveraging of skills

Cloud Computing Benefits: Resilience

Uptime

Built-in backup and redundancy

Fit-for-purpose data centres

Disaster Recovery

Cloud Computing Benefits: Business Flexibility

Better lead-time/time-to-market

Scalability

Fewer infrastructure constraints

Greater standardisation

Variable business geometry

Cloud Computing: Benefits

Benefit Stream

Cost Saving  Utilisation 10-20%  80-90%

 Commoditisation  Use of capital

 “Scale down” as well as “scale up”

Staff savings  Automated management

 User-led provisioning  Leveraging of skills

Resilience  Uptime

 Disaster Recovery  Surge Capacity

Issues  Cyber-security  ICT infrastructure  Legal/regulatory framework  Territoriality  Vendor Lock-in  Business continuity  Governance 27

Cloud: Cyber-security

Issues Opportunities

Confidentiality/ Integrity

 Shared system risks

 (possibly) path to internet  Lack of control of entire

stack  Extra-territoriality  Software-maintained configuration  Well-established abstraction layers Availability  Dependency on connection

 Contention with other customers

 Data loss still possible

 Easier to handle surge in demand  Basic resilience as standard  More advanced resilience/recovery

ICT Infrastructure issues

 Always-on megabit-class broadband?

 80%+ coverage of system users?

 Good low-latency international connectivity?

 Trusted payment mechanisms?

 Sufficient potential market for localisation?

 Integration skills?

Regulatory Framework and Territoriality

 Regulation by outcome or by process/technology?

 Applicable law for contract?

 Location of data?

‒ Privacy law

‒ National security issues

Vendor Lock-In and Business Continuity

 What happens if the vendor goes bust?

 Can you get at your data

‒ To integrate with other services?

‒ To move to another supplier?

 Who owns the data?

 Can the data be used with other software? What will this mean for training?

 What’s the Business Continuity plan?

Governance

 Vendor-proofing the Enterprise Architecture

 Information asset and contract tracking

 Incentivising, controlling and managing use of Cloud in the supply chain

 Mandating appropriate use of the Cloud by Business Units

Questions so far?

Which applications are most suitable for

1. Public Cloud

2. Private Cloud

3. Not suitable for cloud at all

Desktop (Docs, spreadsheet)?

Collaborative working?

Sales?

Company Register?

Open Data?

Customer Relationship

Management?

Public-facing Government

Websites?

Population Register?

Control systems for a nuclear

power plant?

Cadastral Records?

Software Development and

Testing?

E-Voting?

Applications 57  Email  Desktop (Docs, spreadsheet)  Project Mgmt  Collaboration  ERP: Finance, HR  Sales

 Military Command and Control  Company Register  Railway Signalling  Open Data  Customer Relationship Management  Public Websites  eGovernment systems  Population Register

 Control of Nuclear Weapons

 Cadastral Register

 Mapping

 Software Development and Testing

 Taxation

What parts of the ICT market are affected?

59 Market size data: Forrester Research

Low

High Medium Impact

IT Market changes

 New entrants in Infrastructure, Platform and Software

 Traditional IT players highly conflicted

 Telcos familiar with cloud infrastructure model

 For G-Clouds, PPP is a feasible model

 Lower barriers to entry for software providers

‒ Lower upfront capex by using cloud infrastructure

‒ Lower marketing and distribution costs

So the IT market is changing too. From ….

SAAS is predicted to dominate long-term

63 Source: Forrester Research

“G-Cloud”

Cloud for Government

Singapore  Private IAAS  5+5 years  Singtel  Public IAAS  2+2 years  Singtel  Contracts awarded

Moldova

67

M-Cloud 2

 Wider range of services

 Public-private partnership  Feasibility stage M-Cloud 1  Private IAAS  Existing estate  Gov owned  Now live

United Kingdom  “Cloudstore” access to public cloud services  462 suppliers (75% SMEs)  3185 services  Re-compete every 6 months

G-Cloud Policy Drivers

 Save Money!

but also

 Improve time-to-market

 Increase effective resilience

‒ Reduce risks in legacy datacentres

‒ Make system continuity affordable

‒ Make surge capacity affordable

 Break traditional IT supplier model

 Allow faster innovation, both IT and business

 Facilitate business integration

 Vehicle for requiring effective IT governance

Exercise 2

Some of the usual Open Data excuses

 It’s held separately by n different organisations, and we can’t join it up

 It will make people angry and scared without helping them

 It is technically impossible

 We do not own the data

 The data is just too large to be published and used

 Our website cannot hold files this large

 We know the data is wrong

 We know the data is wrong, and people will tell us where it is wrong

 We know the data is wrong, and we will waste valuable resources inputting the corrections people send us

 People will draw superficial conclusions from the data without understanding the wider picture

Exercise 2

 You are part of the Management Team of the IT Director of the Ministry of Drains

 The Government CIO is proposing that your applications should move to his new

“G-Cloud” under his control

 Let’s brainstorm at least 20 reasons why your applications should not move

G-Cloud Issues  Cyber-security  ICT infrastructure  Legal/regulatory framework  Territoriality  Vendor Lock-in  Business continuity  Governance 75 No surprises here!

G-Cloud issues: Cyber-security

 Don’t try and put everything in the Cloud

‒ But consider consolidation of remainder  “Accredit Once” (UK Cloudstore, US

FedRamp, private IAAS) allows rigorous assessment with lower compliance costs

 Significant proportion of the IT “estate” does not hold sensitive data

G-Cloud: implications for procurement  Providers tend to shape the market

 Requirements-led specifications may not give optimal solutions

 Capability-led specifications raise new issues

 Prime Contractor model needs to be adapted

 Client side integration skills important

 Risk allocation, not simple risk transfer

 Low-cost, commodity, model makes high bid costs untenable for some vendors

 “Thick” integration layer absorbs most/all of financial and non financial benefits

G-Cloud: implications for governance

 Is there a Central IT Office with the authority and resources to sustain a “Cloud First”

policy?

 How is Cloud brought to individual

Ministries/applications – through the market or through a central provider?

 How will funding for cloud flow through the Government? What is the best structure for charging out shared assets?

 How will requirements be managed to avoid pushing up costs?

Cloud-ready Government?

 Effective cross-government ICT leadership?

 Effective ICT governance?

 Full ICT cost awareness?

 Standards-based approach to cyber security?

 Results not inputs culture?

 Suitable Ministry to be “G-Cloud broker”?

 Sufficient critical mass?

Exercise 3

Getting a G-Cloud going

 How would you get a cloud initiative running in your Government/Sector/Region/Country?

 What would “cloud readiness” look like?

‒ Governance?

‒ Finance?

‒ Skills?

‒ Technology?

Review