cloud computing masterclass - world...
TRANSCRIPT
Cloud Computing Masterclass
Andrew Stott
Senior Consultant, TWICT
formerly Deputy UK Gov CIO
Washington
27 Feb 2013 v0.4
@dirdigeng
What is Cloud Computing?
2
Perhaps not such a new idea?
3
Cloud Computing
4
“Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network
access to a shared pool of configurable
computing resources (e.g., networks,
servers, storage, applications, and services)
that can be rapidly provisioned and released
with minimal management effort or service
provider interaction.”
NIST, US
Cloud Computing
5
“Cloud computing is a model for enabling
ubiquitous, convenient, on-demand
network access to a shared pool of
configurable computing resources (e.g.,
networks, servers, storage, applications, and
services) that can be rapidly provisioned
and released with minimal management
effort or service provider interaction.”
NIST, US
Cloud Computing
6
“A standardised IT capability delivered via
Internet technologies in a pay-per-use, self-
service way.”
Forrester Research
Cloud Computing: Essential Characteristics
On-demand self-service
Broad network access
Resource pooling
Rapid elasticity
Measured service
7
Cloud is a Game Changer
8
One of these ….
9
… can now use one of these
10
… or part of one of these …
11
… using only one of these
12
For SMEs and innovators it changes this
…
13
… into this
14
Startups and SME users
disproportionately benefit
Access to enterprise-class software as a
service
Better security and resilience at lower cost
No premises costs
Fewer skills requirements
Easier access to business building blocks (eg
e-commerce, payment systems, CRM, ERP)
15
Cloud Service Models
16
Cloud Computing: Service Models
17
Model Application
Software
Middleware (eg integration
libraries,
database s/w)
Servers &
Storage
Examples
Infrastructure
As A Service
Consumer Consumer Provider Amazon
EC2/S3
Rackspace
Platform As A
Service
Consumer Provider Provider Google App
Engine
Microsoft
Azure
Software As A
Service
Provider Provider Provider Google Apps
Salesforce
Cloud Computing: Deployment Models
18
Model Location Infrastructure Platform Application
Public Cloud Off
premises
Community
Cloud
Off
premises ? ()
Private
Cloud
On or off
customer
premises ?
Hybrid
On and off
customer
premises
Benefits and Risks
19
Cloud Computing: Benefits
Cost Saving
Staff savings
Resilience
Business Flexibility
20
Cloud Computing Benefits: Cost Saving
Utilisation 10-20% 80-90%
Commoditisation
Use of capital
“Scale down” as well as “scale up”
21
Cost savings come from?
22
Standardisation
Simplification Sharing
Cloud Computing Benefits: Staff Saving
Automated management
User-led provisioning
Leveraging of skills
23
Cloud Computing Benefits: Resilience
Uptime
Built-in backup and redundancy
Fit-for-purpose data centres
Disaster Recovery
Surge Capacity
24
Cloud Computing Benefits: Business Flexibility
Better lead-time/time-to-market
Scalability
Fewer infrastructure constraints
Greater standardisation
Variable business geometry
25
Cloud Computing: Benefits
26
Benefit Stream
Cost Saving Utilisation 10-20% 80-90%
Commoditisation
Use of capital
“Scale down” as well as “scale up”
Staff savings Automated management
User-led provisioning
Leveraging of skills
Resilience Uptime
Disaster Recovery
Surge Capacity
Business
Flexibility
Better lead-time
Fewer infrastructure constraints
Greater standardisation
Variable business geometry
Issues
Cyber-security
ICT infrastructure
Legal/regulatory framework
Territoriality
Vendor Lock-in
Business continuity
Governance
27
Cloud: Cyber-security
28
Issues Opportunities
Confidentiality/
Integrity
Shared system risks
(possibly) path to internet
Lack of control of entire
stack
Extra-territoriality
Software-maintained
configuration
Well-established
abstraction layers
Availability Dependency on
connection
Contention with other
customers
Data loss still possible
Easier to handle
surge in demand
Basic resilience as
standard
More advanced
resilience/recovery
easier/cheaper
What are the risks of the legacy system?
ICT Infrastructure issues
Always-on megabit-class broadband?
80%+ coverage of system users?
Good low-latency international connectivity?
Trusted payment mechanisms?
Sufficient potential market for localisation?
Integration skills?
29
Regulatory Framework and Territoriality
Regulation by outcome or by
process/technology?
Applicable law for contract?
Location of data?
‒ Privacy law
‒ National security issues
“PATRIOT Act” concerns?
30
Vendor Lock-In and Business Continuity
What happens if the vendor goes bust?
Can you get at your data
‒ To integrate with other services?
‒ To move to another supplier?
Who owns the data?
Can the data be used with other software?
What will this mean for training?
What’s the Business Continuity plan?
31
Governance
Vendor-proofing the Enterprise Architecture
Information asset and contract tracking
Incentivising, controlling and managing use of
Cloud in the supply chain
Mandating appropriate use of the Cloud by
Business Units
Flow of funding
Controlling “around the edges” use of Cloud
32
Questions so far?
33
Exercise 1
34
Which applications are most suitable for
1. Public Cloud
2. Private Cloud
3. Not suitable for cloud at all
35
Email?
36
Desktop (Docs, spreadsheet)?
37
Project Management?
38
Collaborative working?
39
ERP: Finance, HR, Procurement?
40
Sales?
41
Military Command and Control?
42
Company Register?
43
Railway Signalling?
44
Open Data?
45
Customer Relationship
Management?
46
Public-facing Government
Websites?
47
e-Government systems?
48
Population Register?
49
Control systems for a nuclear
power plant?
50
Cadastral Records?
51
Mapping?
52
Software Development and
Testing?
53
Taxation?
54
E-Voting?
55
Review
56
Applications
57
Desktop (Docs,
spreadsheet)
Project Mgmt
Collaboration
ERP: Finance, HR
Sales
Military Command and
Control
Company Register
Railway Signalling
Open Data
Customer Relationship
Management
Public Websites
eGovernment systems
Population Register
Control of Nuclear Weapons
Cadastral Register
Mapping
Software Development and
Testing
Taxation
e-Voting
The Cloud Market
58
What parts of the ICT market are affected?
59 Market size data: Forrester Research
Low
High
Medium
Impact
IT Market changes
New entrants in Infrastructure, Platform and
Software
Traditional IT players highly conflicted
Telcos familiar with cloud infrastructure model
For G-Clouds, PPP is a feasible model
Lower barriers to entry for software providers
‒ Lower upfront capex by using cloud
infrastructure
‒ Lower marketing and distribution costs
‒ Easy access to international markets
60
So the IT market is changing too. From ….
61
… to new players such as these
62
SAAS is predicted to dominate long-term
63 Source: Forrester Research
SAAS on IAAS
64
“G-Cloud”
Cloud for Government
65
Singapore
66
Private IAAS
5+5 years
Singtel
Public IAAS
2+2 years
Singtel
Contracts
awarded
2012
Moldova
67
M-Cloud 2
Wider range of services
Public-private
partnership
Feasibility stage
M-Cloud 1
Private IAAS
Existing estate
Gov owned
Now live
United Kingdom
68
“Cloudstore”
access to public
cloud services
462 suppliers
(75% SMEs)
3185 services
Re-compete every
6 months
“Accredit Once”
“G-Host”
Private Data
Centre/Cloud
G-Cloud Policy Drivers
Save Money!
but also
Improve time-to-market
Increase effective resilience ‒ Reduce risks in legacy datacentres
‒ Make system continuity affordable
‒ Make surge capacity affordable
Break traditional IT supplier model
Allow faster innovation, both IT and business
Facilitate business integration
Vehicle for requiring effective IT governance 69
Questions
70
Exercise 2
71
Some of the usual Open Data excuses
It’s held separately by n different organisations, and we can’t join it up
It will make people angry and scared without helping them
It is technically impossible
We do not own the data
The data is just too large to be published and used
Our website cannot hold files this large
We know the data is wrong
We know the data is wrong, and people will tell us where it is wrong
We know the data is wrong, and we will waste valuable resources
inputting the corrections people send us
People will draw superficial conclusions from the data without
understanding the wider picture
People will construct league tables from it
It will generate more Freedom of Information requests
It will cost too much to put it into a standard format
It will distort the market
Our IT suppliers will charge us a fortune to do an ad hoc extract
72
Exercise 2
You are part of the Management Team of the
IT Director of the Ministry of Drains
The Government CIO is proposing that your
applications should move to his new “G-
Cloud” under his control
Let’s brainstorm at least 20 reasons why your
applications should not move
73
Review
74
G-Cloud Issues
Cyber-security
ICT infrastructure
Legal/regulatory framework
Territoriality
Vendor Lock-in
Business continuity
Governance
75
No surprises here!
G-Cloud issues: Cyber-security
Don’t try and put everything in the Cloud
‒ But consider consolidation of remainder
“Accredit Once” (UK Cloudstore, US
FedRamp, private IAAS) allows rigorous
assessment with lower compliance costs
Significant proportion of the IT “estate” does
not hold sensitive data
‒ Development and testing configurations
‒ Many public-facing systems
Be realistic about state of legacy estate
76
G-Cloud: implications for procurement
Providers tend to shape the market
Requirements-led specifications may not give
optimal solutions
Capability-led specifications raise new issues
Prime Contractor model needs to be adapted
Client side integration skills important
Risk allocation, not simple risk transfer
Low-cost, commodity, model makes high bid
costs untenable for some vendors
“Thick” integration layer absorbs most/all of
financial and non financial benefits
77
G-Cloud: implications for governance
Is there a Central IT Office with the authority
and resources to sustain a “Cloud First”
policy?
How is Cloud brought to individual
Ministries/applications – through the market
or through a central provider?
How will funding for cloud flow through the
Government? What is the best structure for
charging out shared assets?
How will requirements be managed to avoid
pushing up costs?
78
Cloud-ready Government?
Effective cross-government ICT leadership?
Effective ICT governance?
Full ICT cost awareness?
Standards-based approach to cyber security?
Results not inputs culture?
Suitable Ministry to be “G-Cloud broker”?
Sufficient critical mass?
79
Questions?
80
Exercise 3
81
Getting a G-Cloud going
How would you get a cloud initiative running
in your Government/Sector/Region/Country?
What would “cloud readiness” look like?
‒ Governance?
‒ Finance?
‒ Skills?
‒ Technology?
‒ Leadership?
82
Review
83
End
84