Cloud Computing Masterclass

Andrew Stott

Senior Consultant, TWICT

formerly Deputy UK Gov CIO

Washington

27 Feb 2013 v0.4

@dirdigeng

andrew.stott@dirdigeng.com

What is Cloud Computing?

2

Perhaps not such a new idea?

3

Cloud Computing

4

“Cloud computing is a model for enabling

ubiquitous, convenient, on-demand network

access to a shared pool of configurable

computing resources (e.g., networks,

servers, storage, applications, and services)

that can be rapidly provisioned and released

with minimal management effort or service

provider interaction.”

NIST, US

Cloud Computing

5

“Cloud computing is a model for enabling

ubiquitous, convenient, on-demand

network access to a shared pool of

configurable computing resources (e.g.,

networks, servers, storage, applications, and

services) that can be rapidly provisioned

and released with minimal management

effort or service provider interaction.”

NIST, US

Cloud Computing

6

“A standardised IT capability delivered via

Internet technologies in a pay-per-use, self-

service way.”

Forrester Research

Cloud Computing: Essential Characteristics

On-demand self-service

Broad network access

Resource pooling

Rapid elasticity

Measured service

7

Cloud is a Game Changer

8

One of these ….

9

… can now use one of these

10

… or part of one of these …

11

… using only one of these

12

For SMEs and innovators it changes this

…

13

… into this

14

Startups and SME users

disproportionately benefit

Access to enterprise-class software as a

service

Better security and resilience at lower cost

No premises costs

Fewer skills requirements

Easier access to business building blocks (eg

e-commerce, payment systems, CRM, ERP)

15

Cloud Service Models

16

Cloud Computing: Service Models

17

Model Application

Software

Middleware (eg integration

libraries,

database s/w)

Servers &

Storage

Examples

Infrastructure

As A Service

Consumer Consumer Provider Amazon

EC2/S3

Rackspace

Platform As A

Service

Consumer Provider Provider Google App

Engine

Microsoft

Azure

Software As A

Service

Provider Provider Provider Google Apps

Salesforce

Cloud Computing: Deployment Models

18

Model Location Infrastructure Platform Application

Public Cloud Off

premises

Community

Cloud

Off

premises ? ()

Private

Cloud

On or off

customer

premises ?

Hybrid

On and off

customer

premises

Benefits and Risks

19

Cloud Computing: Benefits

Cost Saving

Staff savings

Resilience

Business Flexibility

20

Cloud Computing Benefits: Cost Saving

Utilisation 10-20% 80-90%

Commoditisation

Use of capital

“Scale down” as well as “scale up”

21

Cost savings come from?

22

Standardisation

Simplification Sharing

Cloud Computing Benefits: Staff Saving

Automated management

User-led provisioning

Leveraging of skills

23

Cloud Computing Benefits: Resilience

Uptime

Built-in backup and redundancy

Fit-for-purpose data centres

Disaster Recovery

Surge Capacity

24

Cloud Computing Benefits: Business Flexibility

Better lead-time/time-to-market

Scalability

Fewer infrastructure constraints

Greater standardisation

Variable business geometry

25

Cloud Computing: Benefits

26

Benefit Stream

Cost Saving Utilisation 10-20% 80-90%

Commoditisation

Use of capital

“Scale down” as well as “scale up”

Staff savings Automated management

User-led provisioning

Leveraging of skills

Resilience Uptime

Disaster Recovery

Surge Capacity

Business

Flexibility

Better lead-time

Fewer infrastructure constraints

Greater standardisation

Variable business geometry

Issues

Cyber-security

ICT infrastructure

Legal/regulatory framework

Territoriality

Vendor Lock-in

Business continuity

Governance

27

Cloud: Cyber-security

28

Issues Opportunities

Confidentiality/

Integrity

Shared system risks

(possibly) path to internet

Lack of control of entire

stack

Extra-territoriality

Software-maintained

configuration

Well-established

abstraction layers

Availability Dependency on

connection

Contention with other

customers

Data loss still possible

Easier to handle

surge in demand

Basic resilience as

standard

More advanced

resilience/recovery

easier/cheaper

What are the risks of the legacy system?

ICT Infrastructure issues

Always-on megabit-class broadband?

80%+ coverage of system users?

Good low-latency international connectivity?

Trusted payment mechanisms?

Sufficient potential market for localisation?

Integration skills?

29

Regulatory Framework and Territoriality

Regulation by outcome or by

process/technology?

Applicable law for contract?

Location of data?

‒ Privacy law

‒ National security issues

“PATRIOT Act” concerns?

30

Vendor Lock-In and Business Continuity

What happens if the vendor goes bust?

Can you get at your data

‒ To integrate with other services?

‒ To move to another supplier?

Who owns the data?

Can the data be used with other software?

What will this mean for training?

What’s the Business Continuity plan?

31

Governance

Vendor-proofing the Enterprise Architecture

Information asset and contract tracking

Incentivising, controlling and managing use of

Cloud in the supply chain

Mandating appropriate use of the Cloud by

Business Units

Flow of funding

Controlling “around the edges” use of Cloud

32

Questions so far?

33

Exercise 1

34

Which applications are most suitable for

1. Public Cloud

2. Private Cloud

3. Not suitable for cloud at all

35

Email?

36

Desktop (Docs, spreadsheet)?

37

Project Management?

38

Collaborative working?

39

ERP: Finance, HR, Procurement?

40

Sales?

41

Military Command and Control?

42

Company Register?

43

Railway Signalling?

44

Open Data?

45

Customer Relationship

Management?

46

Public-facing Government

Websites?

47

e-Government systems?

48

Population Register?

49

Control systems for a nuclear

power plant?

50

Cadastral Records?

51

Mapping?

52

Software Development and

Testing?

53

Taxation?

54

E-Voting?

55

Review

56

Applications

57

Email

Desktop (Docs,

spreadsheet)

Project Mgmt

Collaboration

ERP: Finance, HR

Sales

Military Command and

Control

Company Register

Railway Signalling

Open Data

Customer Relationship

Management

Public Websites

eGovernment systems

Population Register

Control of Nuclear Weapons

Cadastral Register

Mapping

Software Development and

Testing

Taxation

e-Voting

The Cloud Market

58

What parts of the ICT market are affected?

59 Market size data: Forrester Research

Low

High

Medium

Impact

IT Market changes

New entrants in Infrastructure, Platform and

Software

Traditional IT players highly conflicted

Telcos familiar with cloud infrastructure model

For G-Clouds, PPP is a feasible model

Lower barriers to entry for software providers

‒ Lower upfront capex by using cloud

infrastructure

‒ Lower marketing and distribution costs

‒ Easy access to international markets

60

So the IT market is changing too. From ….

61

… to new players such as these

62

SAAS is predicted to dominate long-term

63 Source: Forrester Research

SAAS on IAAS

64

“G-Cloud”

Cloud for Government

65

Singapore

66

Private IAAS

5+5 years

Singtel

Public IAAS

2+2 years

Singtel

Contracts

awarded

2012

Moldova

67

M-Cloud 2

Wider range of services

Public-private

partnership

Feasibility stage

M-Cloud 1

Private IAAS

Existing estate

Gov owned

Now live

United Kingdom

68

“Cloudstore”

access to public

cloud services

462 suppliers

(75% SMEs)

3185 services

Re-compete every

6 months

“Accredit Once”

“G-Host”

Private Data

Centre/Cloud

G-Cloud Policy Drivers

Save Money!

but also

Improve time-to-market

Increase effective resilience ‒ Reduce risks in legacy datacentres

‒ Make system continuity affordable

‒ Make surge capacity affordable

Break traditional IT supplier model

Allow faster innovation, both IT and business

Facilitate business integration

Vehicle for requiring effective IT governance 69

Questions

70

Exercise 2

71

Some of the usual Open Data excuses

It’s held separately by n different organisations, and we can’t join it up

It will make people angry and scared without helping them

It is technically impossible

We do not own the data

The data is just too large to be published and used

Our website cannot hold files this large

We know the data is wrong

We know the data is wrong, and people will tell us where it is wrong

We know the data is wrong, and we will waste valuable resources

inputting the corrections people send us

People will draw superficial conclusions from the data without

understanding the wider picture

People will construct league tables from it

It will generate more Freedom of Information requests

It will cost too much to put it into a standard format

It will distort the market

Our IT suppliers will charge us a fortune to do an ad hoc extract

72

Exercise 2

You are part of the Management Team of the

IT Director of the Ministry of Drains

The Government CIO is proposing that your

applications should move to his new “G-

Cloud” under his control

Let’s brainstorm at least 20 reasons why your

applications should not move

73

Review

74

G-Cloud Issues

Cyber-security

ICT infrastructure

Legal/regulatory framework

Territoriality

Vendor Lock-in

Business continuity

Governance

75

No surprises here!

G-Cloud issues: Cyber-security

Don’t try and put everything in the Cloud

‒ But consider consolidation of remainder

“Accredit Once” (UK Cloudstore, US

FedRamp, private IAAS) allows rigorous

assessment with lower compliance costs

Significant proportion of the IT “estate” does

not hold sensitive data

‒ Development and testing configurations

‒ Many public-facing systems

Be realistic about state of legacy estate

76

G-Cloud: implications for procurement

Providers tend to shape the market

Requirements-led specifications may not give

optimal solutions

Capability-led specifications raise new issues

Prime Contractor model needs to be adapted

Client side integration skills important

Risk allocation, not simple risk transfer

Low-cost, commodity, model makes high bid

costs untenable for some vendors

“Thick” integration layer absorbs most/all of

financial and non financial benefits

77

G-Cloud: implications for governance

Is there a Central IT Office with the authority

and resources to sustain a “Cloud First”

policy?

How is Cloud brought to individual

Ministries/applications – through the market

or through a central provider?

How will funding for cloud flow through the

Government? What is the best structure for

charging out shared assets?

How will requirements be managed to avoid

pushing up costs?

78

Cloud-ready Government?

Effective cross-government ICT leadership?

Effective ICT governance?

Full ICT cost awareness?

Standards-based approach to cyber security?

Results not inputs culture?

Suitable Ministry to be “G-Cloud broker”?

Sufficient critical mass?

79

Questions?

80

Exercise 3

81

Getting a G-Cloud going

How would you get a cloud initiative running

in your Government/Sector/Region/Country?

What would “cloud readiness” look like?

‒ Governance?

‒ Finance?

‒ Skills?

‒ Technology?

‒ Leadership?

82

Review

83

End

84