Deloitte Consulting, LLP
Cloud Computing Discussion
Dave Duden
Director
Perspectives on Cloud Computing
What’s in it for me? I’m not in IT, why do I care? Cloud computing
Cloud computing represents a major change in the way information services are delivered, based on wide use of internet standards and virtualization
Reduce capital spending Reallocate resources
Cloud computing represents a major change in the way information services are delivered, based on wide use of internet standards and virtualization
“Location independent resource pooling”
“Rapid elasticity” “Pay per use”
“Ubiquitous network access” “On-demand self-service”
Reduce capital spending Reallocate resources
Cloud computing represents a major change in the way information services are delivered, based on wide use of internet standards and virtualization
Service Type
Business-as-a-Service
Software-as-a-Service
Platform-as-a-Service
Infrastructure-as-a-Service
“Location independent resource pooling”
“Rapid elasticity” “Pay per use”
“Ubiquitous network access” “On-demand self-service”
Reduce capital spending Reallocate resources
Cloud computing represents a major change in the way information services are delivered, based on wide use of internet standards and virtualization
Service Source Public cloud (External) Hybrid Virtual Private Cloud
Community Private cloud (Internal)
Service Type
Business-as-a-Service
Software-as-a-Service
Platform-as-a-Service
Infrastructure-as-a-Service
“Location independent resource pooling”
“Rapid elasticity” “Pay per use”
“Ubiquitous network access” “On-demand self-service”
Reduce capital spending Reallocate resources
Cloud computing represents a major change in the way information services are delivered, based on wide use of internet standards and virtualization
Service Source Public cloud (External) Hybrid Virtual Private Cloud
Community Private cloud (Internal)
Business Model Cloud Service Subscriber
Cloud Service Broker Cloud Service Provider
Cloud Service Enabler Service Type
Business-as-a-Service
Software-as-a-Service
Platform-as-a-Service
Infrastructure-as-a-Service
“Location independent resource pooling”
“Rapid elasticity” “Pay per use”
“Ubiquitous network access” “On-demand self-service”
Reduce capital spending Reallocate resources
The emergence of cloud computing is a major permanent change to the information services market, is central to the evolution and transformation of business services
Cloud computing represents a major change in information technology architecture, sourcing and
services delivery, by giving business on-demand access to elastic, shared computing capabilities
Cloud Computing is changing in how business purchase, deploy, and support IT services, and offers
significant opportunities to expand and enhance their services to customers
Ongoing IT industry disruptions will result from the deployment of cloud computing as an alternate
sources of supply for products and services
For enterprises in the information services business -- as well as IT vendors, services providers, and
their suppliers -- cloud computing is the new basis of competition
Cloud Computing is a disruptive force comparable to emergence client/server architectures 25 years
ago. Enterprises must act to manage risks and taking advantage of emerging services.
Businesses that cannot establish a position in the market by leveraging cloud computing, may face
increasing competitive pressure from challengers
Enterprises that adopt cloud computing delivery models have the potential to fundamentally re-shape the broader business landscape
Cloud Computing is defined as multi-tenant, on-demand, scalable, elastic, pay-as-you-go IT applications and services, used to deploy a wide variety of solutions
Cloud Service Types
Service Type Definition Cloud Candidates Sample Vendors
Software-as-a-Service (SaaS)
Customers run finished applications from the cloud service provider on a subscription basis, with no software license, and limited operational control
CRM
HR, Payroll
Finance
Productivity Apps, email, collaboration
Platform-as-a-Service (PaaS)
Customers load and run software on cloud platforms through a subscription service, without visibility to the underlying server environment.
Custom Development
Java, Ruby, and extensions to SaaS environments
Infrastructure-as-a-Service (IaaS)
Customers provision servers, storage, and database services
on cloud infrastructure through a subscription service, with direct operational control.
Dev and Test Environments
High compute calculations (e.g., Monte-Carlo scenario analysis)
Web servers
Hosted Applications Infrastructure Software Operating Systems Virtualization Servers Connectivity Data Centre Ia aS PaaS SaaS
Delivery Model Definition
Public Cloud
External to a client’s premises
Infrastructure third-party owned and managed
Multi-tenant
Subscription-based
Scalable and elastic
Metered by use
Access via Internet
Virtual Private Cloud
External to a client’s premise
Third-party owned and managed
Multi-tenant (but virtually private)
Scalable and elastic
Access via dedicated but private link to public cloud
Segmented, secured, or compartmentalized for client
Private Cloud
Usually internal and delivered on client premises (although can be hosted by third-party provider)
Only used by internal customers
Scalable but with elasticity constraints
Access via private link or internal
Exclusive membership
Spectrum of control / ownership
Community Cloud As per private cloud but shared infrastructure resources with “communities” or groups with similar requirements (e.g., industry peers)
Hybrid Cloud Mix of private and public cloud environments (e.g., data stored in private premises but other infrastructure shared in public cloud)
Cloud computing has been subjected to significant marketplace confusion. To
demystify cloud computing services, clearly define what cloud is, and what it is not...
…on-demand Clouds can provide an almost immediate hardware resources (compute, network and storage) that can be access to a IT applications and services, platforms, or a pool ofallocated and provisioned on-demand …scalable and
elastic The key characteristic of a cloud service is the ability to compute, memory, and storage resources, and to be able to dynamically provision and de-provision applications,seamlessly scale services (up or down)
…pay-as-you-use Vendor-provided cloud solutions do not require upfront capital investments by the buyer. of resources, shifting expenses from CapEx to OpEx. Billing is tied to metered use
Cloud is…
Cloud computing offers increased agility through faster time to market, lower upfront IT capital expenditure and the ability to easily scale up / down and reallocate resources Cloud is not…
…simply virtualization
While many cloud solutions, both public and private, leverage virtualized infrastructure resources to deliver functionality, cloud raises the bar by providing on-demand provisioning. Publicly-announced private clouds are essentially an aggressive virtualization program on top of the traditional enterprise IT stack
…just applying SOA principles
Service Oriented Architecture (SOA) is a set of design principles, whereas cloud is a service. Cloud based
services will be defined and enabled through SOA. As such SOA is a prerequisite to reap cloud computing benefits. However, following SOA design principles alone does not guarantee the ability to easily transition to a cloud based solution
…traditional hosting
Cloud and traditional hosting share many characteristics but unlike traditional hosting cloud service is offered
on-demand, is scalable and elastic – a user can have as much or as little of the service as they need and pay for the
Cloud Computing vendors and services are at the different levels of maturity, and are growing rapidly to meet strong market demand for a variety of emerging services
Cloud Vendors at Different Stages of Maturity
Maturity (dynamic markets require continual reassessment)
Nascent technology pilots Early adopters, growing adoption Stable technology, significant adoption
IaaS SaaS PaaS Force.com Ad op tio n ERP on SaaS Google App Engine Workday RightNow Windows Azure Box.net Force.com NetSuite Microsoft Business Productivity Online Suite (BPOS) Amazon Web Services Gmail / Google Mail Salesforce. com CRM
Service Type Example Vendors
Software-as-a-Service (SaaS)
Productivity and Collaboration
Microsoft Online Services
Google Apps
Zoho.com
Soonr.com
ERP, HR, Finance and BI
Oracle PeopleSoft
Workday
SAP Business ByDesign
IBM Analytics
Cognos via SaaS
Customer Relationship Management
salesforce.com
NetSuite
Oracle (Siebel) On Demand
RightNow.com
Entellium
Platform-as-a-Service (PaaS)
Force.com
VMForce (Java PaaS offering joint venture from VMWare and salesforce.com)
Google App Engine
Windows Azure
Pega
GridGain
NetSuite SuiteCloud Platform
Engine Yard - Rails Application Cloud
Wolf Frameworks
WorkXpress
CodeRun
Infrastructure-as-a-Service (IaaS)
Amazon Web Services (AWS)
HP
IBM
Rackspace
Mozy
Terremark
AT&T Synaptic
Savvis
Flexiant – Flexiscale 2.0
Unisys Secure Cloud Solution
Verizon Computing as a Service (CaaS)
GoGrid (previously ServePath)
HP*
IBM*
*IBM and HP initially started as “cloud enablers”, developing hardware and software to deliver cloud; however, they are now moving into the “cloud service provider” space
IT Services will migrate to different cloud computing models at different times, based on fit, the maturity of services providers, and availability of suitable technology
Today
Websites, Intranet
Rapid App Dev
Productivity Apps
High Performance Computing / Clusters High-End Servers
Storage & Back-Up Standard Servers
Dev & Test Collaboration
Office Productivity
“Standalone” Apps Core ERP
Engineering Apps
New Core Apps SaaS
IaaS
PaaS
Low High
A
dopt
ion
Mainstream Adoption of Workloads by Service Type Comparing Managed Hosting to Cloud Computing
Managed Hosting Applications
Cloud Applications
“Static & Continuous”
“Dynamic & Bursty”
IT Services will migrate to different cloud computing models at different times, based on fit, the maturity of services providers, and availability of suitable technology
Websites, Intranet
Rapid App Dev
Productivity Apps
High Performance Computing / Clusters High-End Servers
Storage & Back-Up Standard Servers
Dev & Test Collaboration
Office Productivity
Insurance Apps
Core ERP
Engineering Apps
New Core Apps SaaS
IaaS
PaaS
Low High
A
dopt
ion
Mainstream Adoption of Workloads by Service Type Comparing Managed Hosting to Cloud Computing
Managed Hosting Applications
Cloud Applications
“Static & Continuous”
“Dynamic & Bursty”
Enterprises deploying Cloud Computing services must have a comprehensive
strategy for managing a wide variety of key capabilities in a new “cloud savvy” way
Governance
Cloud Computing Strategy Business-IT Alignment
Cloud Service Delivery Strategic Planning and Architecture
Governance Risk Management
Data controls Technology controls Audit and Assurance Backup and DR Vendor “lock-in”
IT Operations Readiness Risk Management
Compliance
Corporate Policies Industry Policies Regulations: -State -Federal -Safety
Compliance
Security & Privacy
Data Segregation, Integrity and Deletion Identity and Access Physical Security Network Security Application Security
Security & Privacy
Legal
Contract Mgmt Service Mgmt e-Discovery
Business Processes Regulatory and Compliance
Legal
Tax
Proactive tax analysis and strategy
Tax alignment Domestic and Local Country Tax Treatment
Tax
Technology
Virtualization
Next-Gen Architecture Infrastructure and Process Standardization Resource Mgmt and Metering
Technology
People
Skills and Talent Culture
Training and Development Organization
People
Service Operations
Service Provisioning Resource Planning Incident Mgmt Technical and Professional Support Claims
Service Operations Product
Development
Pricing /Underwriting Profit vs. Break-even External Cloud Contracts (Hybrid Operations) Platform License & Entitlements
Economics
If using public clouds or hybrid clouds, also consider implications for Sales and Marketing, Underwriting, Billing, Order and Customer Experience
Potential Cloud-based applications include analytics, leveraging non-traditional data structures to achieve high scale and rapid results
Datasets used in business can grow very large because they are increasingly being gathered by
ubiquitous information-sensing mobile devices, software logs, cameras, microphones, wireless sensor networks, etc.
Data analytics workloads are computationally intense. The computing environments needed to
perform analytics can require significant capital investment using traditional approaches, so many enterprises do not incorporating analytics into their business.
Because it is “horizontally scalable”, cloud computing is well suited to the very large datasets
typically used in analytics applications.
Horizontal scalability is achieved by adding more computers to a cloud computing architecture,
allows them to achieve aggregate computing power many times greater than traditional systems. A variety of new database technologies is now available to support these “NoSQL” data sets, such as those powering Google, Facebook, Amazon, and others.
In cloud computing, NoSQL database management systems differ from classic relational database
management systems, and may not require fixed table schemas, avoid join operations and typically scale horizontally.
The combination of horizontally scalable cloud computing architectures and NoSQL database technologies allows for dramatically improved data analysis capabilities.
Organizations should consider several dimensions when evaluating strategic options for applications and services to be delivered through cloud computing
Cloud Considerations
Regulatory and Compliance
Technology Business and Financials
Operational
Considerations For Building a Cloud Strategy
What are the availability requirements for this application and can those be met by cloud?
How will support model for this application change if it is moved to the cloud? Are the potential changes acceptable?
How will cloud impact my chargeback model for this application? Can I support the new model? Will business accept the changes? Can cloud meet my business continuity and disaster recovery
requirements for the application?
Is the vendor limiting interoperability or access to your data?
Do the workloads exhibit characteristics that can derive real benefits from scalability and elasticity?
Will the application be built to run on a cloud supported platform (e.g., commodity hardware, supported OS)
Can the application components be architecturally designed to be suitable for deployment to a cloud based solution?
What design trade-offs will be needed to make this application cloud-ready?
Are internal IT architecture and organization structures “ready”?
Are there any risk management or compliance requirements for this application? Will cloud be able to satisfy those requirements?
Does the application hold confidential or customer data? Can this data be easily masked in the future?
Does the application data need to reside within organization? Will we be prohibited from moving data outside of the country?
Who owns the data? How is it used? Are controls in place? How is security achieved? What is the level of privacy protection? Can you meet needs for legal compliance and tax issues?
What are the anticipated usage patterns for the application and will it be cost effective to move to the cloud?
What is business sponsor's preference for CapEx vs OpEx? How will designing for cloud readiness impact my implementation
cost and timelines? Can I achieve overall lower TCO?
Will moving to cloud help me capture new sources of value for the business?
Enterprises should take a comprehensive approach to cloud strategy, integration, migration, and monitoring, to manage the risks and maximize benefits of adoption
Cloud Capabilities
Cloud computing opportunity assessment Assessment of application portfolio to select applications
suitable for cloud migration
Impact to regulatory compliance, such as SOX and
HIPAA
Impact to data privacy and protection standards, data
location/segregation standards
Impact to organizations security posture and likelihood of
increased vulnerabilities
Cloud Computing Strategy
Evaluate vendor capabilities, mapped to requirements,
with financial benefits
Assessment of cloud computing providers security
capabilities, control, and monitoring
Assess tax Implications and evaluate strategic
alternatives
Define cloud computing architecture, migration, and
operations plan
Create processes to integrate cloud computing into
security framework
Ongoing monitoring
Periodic security activities for cloud related components to
evaluate for vulnerabilities
Conduct review of logs/audit monitoring,
vulnerabilities/controls mitigation/remediation
Implementation of cloud computing Assist in conducting cloud proof of concepts (POC) and
pilots to mitigate risk
Assist with installation, configuration, and testing;
We recommend a structured multi-phased approach to developing a Cloud Computing Strategy for IT services delivery and technology adoption
In-scope activity
Phase I: Cloud
Computing Strategy Phase II: DetailedImplementation Planning
A standard strategic approach to cloud adoption follows the three major Phases and activity steps as shown below:
1. Discovery which works with the key stakeholders and gather the data which will allow the team to understand the current state and identify opportunities
2. Direction Setting and Gap Analysis which builds on the data gathered through discovery, and allows the team to analyze, group, and prioritize along benefits, cost, and value dimensions, including a gap analysis between the current state and future target states of Cloud capabilities
3. Future State Direction completes the strategy, including detailed projects to advance the strategy and improve Cloud capabilities
4. Roadmap with a prioritized high level multi-year Cloud roadmap of major milestones
Phase III: Implementation
Step 1: Discovery Step 2: Opportunity Analysis Step 3: Future State Direction
Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
During the opportunity analysis, a structured approach as shown below should be taken when reviewing cloud suitability factors for applications and workloads
Workload Attributes
Level 1 Workload Analysis
Potential Cloud
Candidates Applications / Workloads
Targeted for Migration
Migration Planning
Testing
Change Management
Cutover
Identified App / Workload Filtered App / Workload
Preliminary Assessment Application Criticality
(business criticality of app) Application Complexity Poor Virtualization
Candidate Utilizes Commodity
Infrastructure
Technical Feasibility
High Network Bandwidth Needs Infrastructure Requirements Shares Environments Shares Software Stack
Utilizes Specialized Infrastructure
Feasible Cloud Candidates
Business Feasibility Internal / External Facing Application
High User Impact
Service Level Requirements Confidential / Customer Data
Proposed Cloud Candidates Input s A nal ysi s O ut put s Level 2
Determine Suitability for Cloud (IaaS Cloud Candidates)
Level 3 Business Case and
Operational Analysis Execution
Candidate list for cloud
evaluation List of cloud applications / workloads with high migration potential
Business Case Analysis (including cost vs. run rate analysis)
Technical Analysis
Detailed application and workload migration analysis
Migration plan
Realized benefits
In-house / Co-location Candidates Not Technically Feasible Not Business Suitable Detailed Analysis
Business Case Analysis
Detailed Technical Analysis
Operational Analysis
Management Considerations
Migration Not Feasible
Sour
ce Workload attributes
Application characteristics Suitability framework
Technical reviews with application owners and infrastructure teams Input from application business owners and SLAs
TCO Data and Analysis
Stakeholder Inputs
Business Case Analysis
Technical Analysis
Opportunity Analysis In Depth Analysis & Planning
ILLUSTRATIVE
Evaluate Suitability for SaaS and PaaS
To successfully make the transition, enterprises must address key operational and governance issues during the adoption of cloud computing services models
Data Controls
Back Up and Disaster Recovery Vendor “Lock-In”
IT Operations Security and
Privacy Audit and Assurance Tax and Legal
IT and Business Readiness
Who owns the data? How is it be used? Are controls in place? How is security achieved? What is the level of privacy protection? Are there risk management controls to applications and data? Can you meet needs for legal compliance and tax issues?
Are data backup, retention, and disaster recovery practices sufficient? Is the vendor limiting interoperability or access to your data?
What IT services and applications are best suited for the cloud?
Are internal IT architecture and business organization structures “ready”?
Alignment with Enterprise Risk and Governance strategy will help organizations address
What are the near term business benefits of comprehensive Cloud Strategy?
M Significantly increased flexibility: reduced time to design, implement, and “go to market” with cloud-based software systems
M Much faster time to develop, test, and deploy packaged software
M “Encapsulating” single-tenant non-cloud software is a fast path to short-term value M Longer-term value in cloud will offer significantly higher benefits, but will require
replatforming and replacement of “legacy” software – and that is a big hurdle
M Cost Savings: reduced CapEx, at a lower amortized cash flow, using subscriptions
M Reduction in total costs of software licenses and ongoing maintenance costs, through use of SaaS subscription models rather than on-site licensed software M Reduced physical infrastructure costs by moving to vendor cloud IaaS: reduced
hardware, networking, data center, facilities, power, etc.
M Positioning for major cloud architecture changes coming in the future:
M By introducing cloud products and services into the complex IT architectures, you will be positioned for the major changes to reap the benefits of cloud
Enterprises that adopt cloud computing delivery models have the potential to re-shape their competitive position – and the broader business landscape
Our POV: Cloud Computing will have a significant impact on IT Strategy
Cloud offers major benefits of flexibility, cost savings, and improved IT capabilities. To gain these advantages, we recommend that enterprises:
MEstablish new IT application and technology architectural principles and standards which are necessary to reap cloud benefits.
MRevisit current major system architecture and design principles and evaluate fit with cloud suitable design concepts
MUnderstand the timing of major system software architecture changes, and plan for adjustments to enable ‘cloud friendly’ application delivery models
MIdentify new usage models, considering new options for SaaS, IaaS “encapsulation”, mobility apps, and “Big Data” analytics, to enable highly efficient and flexible products and services MQuantify the benefits that cloud will bring to your company, while assessing all affected roles and functions to gauge organizational and business impacts and risks
New cloud software is fundamentally different, and improvements to “legacy” software often require complex software engineering and architecture refactoring.
What are other large Companies doing at this time
?M Moving development, testing, and integration of major system systems to cloud Infrastructure as a Service
M For smaller functions and services, deploying cloud systems to replace on-site major system implementations of older “stand-alone” systems ( CO)
M “Decoupling” the major systems stacks using a “best of breed” approach, taking into account new software now available on a SaaS subscription delivery model
M Consolidating major application platforms on to single cloud-based infrastructures, while removing “edge” services to other cloud vendors when possible
M Understanding their major system roadmaps, working with vendors to influence the product direction to map to their customer priorities
M Taking a hard look at their end-to-end IT architectures, to determine their long-range plans for a more fully “cloud-enabled” business architecture and customer services
Many enterprises with large systems are taking the first steps to make their cloud plans “actionable”, to position themselves for strategic advantage
M About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
