You Want “the Cloud?" So, Now What?
Introduction. Imagine this. It is Monday morning and your boss walks into the office unexpectedly excited. Curious, you inquire about her excitement. She informs you that the organization was just approved to “move to cloud.” She then informs you that she is placing you in charge of the effort. Before you could ask her any questions, she hurries to her first meeting, leaving you wondering “what are we moving to the cloud?”
If this scenario seems familiar, and you are nodding your head at its accuracy, you should know that this is how cloud adaptation is taking place in both the commercial and public sectors. It begins with the expressed thought, in some way or another: “I would like to move my organization to ‘The Cloud’.” But what does this really mean for your organization? The short, and academic, answer is -- it depends. It depends on a number of factors. Briefly, it depends on understanding and knowing the type of cloud services and deployment model you want, understanding your organization’s cloud requirements, and knowing how the move will affect your organization, financially, legally, and operationally. The intent of this blog is to briefly covers these “depends.”
But first, let us back-up real quick. When this blog mentions “The Cloud,” it is referring to “Cloud Computing.” There are many definitions for Cloud Computing. This blog will use the National Institute of Standards and Technology’s (NIST) definition, which defines Cloud Computing as a: “model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Understanding the Key Types of Cloud Services and Cloud Deployment Methods. Before moving to the cloud, your organization must first know what type of cloud computing services and the cloud deployment models it may require. Do not fret, NIST has also identified the basic cloud computing services your organization can acquire. These services are:
- Software as a Service (SaaS): “The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.” (NIST)
- Platform as a Service (PaaS): “The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure…but has control over the deployed applications and possibly configuration settings for the application-hosting environment.” (NIST)
- Infrastructure as a Service (IaaS): “The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software…The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).” (NIST)
Organizations can acquire these services individually or as a package. The diagram to the left graphically depicts whether the consumer or the Cloud Service Provider (CSP) manages certain cloud functionality based on the service.
With SaaS applications, the organization (or consumer) that purchases the services (e.g. through a subscription or license) simply uses the applications as given. This is also known as “out of the box” usage. The organization does not attempt (or even need) to customize it. (Some software solutions do not even allow for code customization.) Think of applications that provide word and simple data processing functionality as an example of SaaS usage.
An example of the use of PaaS includes software development. In this situation, the PaaS CSP would provide the customer the tools required to develop and maintain software.
Finally, an example of IaaS invoves virtual data centers and all that they entail. When you are acquiring IaaS functionality, your organization is acquiring functionality which allows them to function as a virtual datacenter. At this level of usage, the organization is simply abdicating the physical responsibilities of maintaining a datacenter to the CSP.
When it comes to cloud deployment models (CDM), there are four: Public, Private, Community, and Hybrid Clouds. Accordingly, “each CDM satisfies different organizational needs, so it’s important that you choose a model that will satisfy the needs of your organization. Perhaps even more important is the fact that each cloud deployment model has a different value proposition and different costs associated with it. Therefore, in many cases, your choice of a cloud deployment model may simply come down to money.” (ScienceDirect) The diagram to the right demonstrates how an organization could utilize each CDM, individually and as a hybrid model. Below is a brief explanation for each deployment model.
- Public Cloud: “The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.”
- Private Cloud: “The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.”
- Community Cloud: “The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).” An example of a Community Cloud is multiple police departments using one private cloud in order to spread the infrastructure costs across multiple organizations.
- Hybrid Cloud: “The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).”
Understanding Your Cloud Requirements. The foundation of knowing which Cloud services and Cloud Deployment Models your organization requires hinges on your ability to identify and know your organization’s cloud computing requirements. You cannot escape the fact that “requirements rule the day.” According to the Guide to the Business Analysis Body of Knowledge: “a requirement is (1) a condition or capability needed by a stakeholder to solve a problem or achieve an objective; (2) a condition or capability that must be met or possessed by a solution or solution component to satisfy a contract, standard, specification, or other formally imposed documents; or documented representation of a condition or capability as in (1) or (2).”
It is easier to simply look at the commercial tools available and pick the services you want than to properly analyze your requirements. However, how would your organization know its overarching cloud requirements were satisfied? For example, let’s say you wish to implement a well-known/used SaaS “Basic Productivity” software as a “proof of concept” for moving your organization to the cloud. When your team selected this product, it simply negotiated the price for the basic licenses. This license only included word processing, data processing (via spreadsheets), email, and information presentation functionality. After the purchase, your IT department removed the stand-alone productivity suite from everyone’s individual workstations. In its place, all users were provided log-in credentials to access this SaaS application online. A week into the implementation, the IT helpdesk began receiving numerous complaints about usage, access, and storage. Through investigation, your team learns that users could only access the application through a web browser and that they could only store files through this SaaS’s file storage service. Your organization must now renegotiate usage terms with this SaaS’s CSP. This renegotiation will likely increase your organization’s licensing fees.
Applying a Systems Engineering methodology will help any organization flesh out its cloud computing requirements by aligning the requirements to your organization’s overarching goals and objectives. Do not skip or “hand wave” this process. You do so at your own peril! Requirements are the key to a successful cloud implementation. Remember to focus on the outcomes desired.
Are You Able to Answer These Three Questions? The shift to the cloud is nearly inevitable. Organizations as large as the Department of Defense and as small your local pizzeria are discovering an untold amount of benefits of shifting some (or all) of its functions to the cloud. This means that “the Cloud” is no longer a buzzword that you should wish would get lost in the sea of many organizational and technology buzzwords that organizational “gurus” have coined. As you plan your organization’s move to the cloud, here are three critical questions you should seek to answer before you recommend that your organization is ready for the move to “the Cloud”:
- First, how much will this cost? Many organizations make the move to the cloud based on the premise that their capital expenditure will go down. This is true. The requirement to buy hardware, and conduct periodic hardware refreshes dramatically goes down when you move to cloud. The responsibility, and incentive, to keep hardware current/up-to-date shifts to the CSP (Cloud Service Provider). The amount of the reduction depends on the amount of hardware the organization utilizes to operate its datacenter. Staffing costs also go down because some of the IT functions are outsourced to the CSP. But, be careful. You must have a clear understanding of your computing requirements (remember the SaaS “Business Productivity” example) to be able to gauge usage and need. Bottom-line, do not accept the “cost reduction” premise until the organization’s cloud computing requirements are properly architected.
- Second, are there any constraints that govern which cloud services and/or CDMs your organization is allowed to use? As example, when looking at government agencies that generate and analyze data that is considered classified or top secret, there are laws and regulations that prevent these organizations from placing that data in “public clouds.” During the analysis phase of the implementation project, it is imperative that the applicable laws, regulations, and policies, which are pertinent to your industry or organization, are properly identified and analyzed for such additional requirements.
- Finally, what is the right organizational level for cloud implementation? Face it, some organizational units operate at a level within the organization where cloud computing is not beneficial, or do not add value, to the success of the organization. For example, in the Army, there are multiple organizational levels. At the lowest level, there is the team. At the enterprise level, it is HQDA (Headquarters, Department of the Army). At the team level, implementing cloud computing may not generate the desired value or return on investment compared to the enterprise because of limited usage and limited data generation. However, at the HQDA-level, cloud computing is becoming a critical function. The Army-wide enterprise generates a massive amount of data per day. In order to turn this data into information, and the information into knowledge, the Army must implement cloud computing across the enterprise so that it can aggregate its data in order to effectively and aggressively employ tools to turn that data into information, and information into knowledge. Using cloud computing services, in some form, is definitely possible at levels below the enterprise. Just know that the value proposition of cloud computing is reduced as you go down into the organization.
Insights. “The Cloud” offers massive benefits to organizations and companies seeking to increase their effectiveness. Understanding the types of cloud services and the cloud deployment models that exist should help identify how your organization will function in the cloud. At the foundation of a successful implementation, its the ability to properly, accurately, and completely identify your organization’s cloud computing requirements. Only then can you properly estimate cost, understand the risks, determine viability, and architect the solution.
Cloud computing is no longer a buzzword. Appropriate analysis will help your organization determine how its usage is needed. Do not assume that moving to the cloud will reduce costs. Accurate system engineering will help validate (or invalidate) that assumption. Finally, during analysis, ensure the implementation team identifies all pertinent laws, regulations, and policies in order to know if your organization is allowed to use cloud services. Only then can your organization really take advantage of “The Cloud’s” numerous benefits.
Image courtesy of Theeradech Sanin at FreeDigitalPhotos.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Lieutenant Colonel Xkoshan L. Arnold, U.S. Army, is an active duty acquisition officer currently serving as a Research Fellow in the Army’s one-year-long Training with Industry Program at IBM. His research fellowship is intended to develop his technical expertise and analytic leadership so that he can apply industry best practices in his future Army assignments. This blog post was written during his time at the IBM Center.
***The ideas and opinions presented in this blog post are those of the author and do not represent an official statement by IBM, the U.S. Department of Defense, U.S. Army, or any other government entity.***