>Here is the podcast from MeriTalk Silverlining Series (August 2009)
First let me start out by saying that cloud computing brings us closer than ever to providing IT as a utility such as electricity, where users no longer need to know or care about how IT services are provided, and only need to know that they are reliably there, just like turning on the light. This is the subscription approach to using information technology, where base services are hosted, shared, and you pay only for what you need and use.
In cloud computing, there are a number of basic models. First, in public clouds, we have a multi-tenant, shared services environment with access provided over a secure Internet connection. In contrast in a private cloud, the IT shared services is behind the company’s firewall and is controlled by in-house staff. Then, there is also a community cloud, which is an extension of the private cloud, where IT resources are shared by several organizations that make-up a specific community.
The advantage to cloud computing—whether public or private—is that you have a shared, enterprise-wide solution that offers a number of distinct advantages:
- Efficiency–with cloud computing, we build once and reuse multiple times—i.e. we share resources—rather than everyone having their own.
- Flexibility–we are more nimble and agile when we can quickly expand or contract capacity on-demand, as needed—what some call rapid elasticity. Moreover, by outsourcing the utility computing elements of our IT infrastructure, we can focus our internal efforts on building our core mission areas.
- Economy (or economy of scale)–it’s cheaper and more cost effective when we can tap into larger pools of common resources maintained by companies with subject matter expertise. They then are responsible for ensuring that IT products are patched, upgraded and modernized. Moreover, we pay only for what we actually use.
So cloud computing sounds pretty good, doesn’t it? What then is the big issue? Plain and simple it comes down to—Is cloud computing effective for the organization? And what I mean by that is a few things:
- First is customization, personalization and service: when you buy IT computing services in this shared services model, do you really get what you need and want – or are you just getting a canned approach, like the Model T that came in one color, black? For example, when you purchase Software as a Service are you getting the solution you need for your agency or the one built for someone else?
- Next is security, privacy, and disaster recovery. This is a big deal because in a public cloud, you are capturing, processing, sending, and storing data outside of your proprietary infrastructure. This opens the door for theft, manipulation, or other ways of our data being compromised by criminals, cyber-terrorists, and even hostile nation-states.
- Third, and maybe most important, is cultural, especially in a very individualistic society, like ours, where people are used to getting what they want, when they want, without having to share. For example, we prefer owning our own vacation home to having a time-share. We love the concept of a personal home theater. Everyone now has a personal cell phone, and the old public telephones that were once on every corner are now practically extinct. And most people prefer driving their own cars to work rather than using mass transit—even though it’s not environmentally friendly. So the idea of giving up our proprietary data centers, application systems, the control of our data, in a cloud computing model, is alien to most and possibly even frightening to many.
So how do we harmonize the distinct advantages of cloud computing—efficiency, flexibility, and economy—with the issues of customization, security, and culture?
The reality is that regardless of customization issues, we can simply no longer afford for everyone to have their own IT platforms—it’s wasteful. We are recovering from a deep financial recession, the nation has accumulated unprecedented levels of debt, and we are competing in a vast global economy, where others are constantly raising the bar—working faster, better, and cheaper.
Moreover, from a technology standpoint, we have advanced to where it is now possible to build an efficient cloud computing environment using distributed architecture, virtualization/consolidation, and grid computing.
Thirdly, on a cultural level, as individualistic as we are, it is also true that we now recognize the importance of information sharing and collaboration. We are well aware of the fact that we need to break the stovepiped verticals and build and work horizontally. This is exemplified by things like Google Docs, SharePoint, Wikipedia, and more.
In terms of security, I certainly understand people’s concern and it is real. However, we are all already using the cloud. Are you using online banking? Are you ordering things online through Amazon, Overstock or other e-commerce vendors? Do you use yahoo or Google email? Then you are already using the cloud and for most of us, we don’t even realize it. The bottom line on security is that every agency has to decide for itself in terms of its mission and ability to mitigate any risks.
How to Choose
So there are two questions then. Assuming—and I emphasize assuming—that we can solve the security issues with a “Trusted Cloud” that is certified and accredited, can we get over the anxiety of moving towards cloud computing as the new standard? I believe that since the use case—for flexibility, economy, and efficiency—is so compelling, that the answer is going to be a resounding yes.
The next question is, once we accept the need for a cloud computing environment, how do we filter our choices among the many available?
Of course I’m not going to recommend any particular vendor or solution, but what I will do is advocate for using enterprise architecture and sound IT governance as the framework for the decision process.
For too many years, we based our decisions on gut, intuition, politics, and subjective management whim, which is why statistics show that more than 82% of IT projects are failing or seriously challenged.
While a full discussion of the EA and governance process is outside the scope of this talk, I do want to point out that to appropriately evaluate our cloud computing options, we must use a strong framework of architecture planning and capital planning and investment control to ensure the strategic alignment, technical compliance, return on investment, and risk mitigation—including of course security and privacy—necessary for successful implementation.
How Cloud Computing fits with Enterprise Architecture:
As we move to cloud computing, we need to recognize that this is not something completely new, but rather an extension of Service Oriented Architecture (SOA) where there are service providers and consumers and applications are built by assembling reusable, shared services that are made available to consumers to search, access, and utilize. Only now with public cloud computing, we are sharing services beyond the enterprise and to include applications, data, and infrastructure.
In terms of a transition strategy, cloud computing is a natural evolution in IT service provision.
At first, we did everything in-house, ourselves—with our own employees, equipment, and facilities. This was generally very expensive in terms of finding and maintaining employees with the right skill sets, and developing and maintaining all our own systems and technology infrastructure, securing it, patching it, upgrading it, and so on.
So then came the hiring of contractors to support our in-house staff; this helped alleviate some of the hiring and training issues on the organization. But it wasn’t enough to make us cost-efficient, especially since we were still managing all our own systems and technologies for our organization, as a stovepipe.
Next, we moved to a managed services model, where we out-sourced vast chunks of our IT—from our helpdesk to desktop support, from data centers to applications development, and even to security and more.
Finally, the realization has emerged that we do not need to provide IT services either with our own or contracted staff, but rather we can rely on IT cloud providers who can offer an array of IT services, on demand, and who will manage our information technology and that of tens, hundreds, and thousands of others and provide it seamlessly over the Internet, so that we all benefit from a more scalable and unified service provision model.
Of course, from a target architecture perspective, cloud computing really hits the mark, because it provides for many of the inherent architecture principles that we are looking to implement, such as: services interoperability and component reuse, and technology standardization, simplification, and cost-efficiency. And on top of all that—using services on a subscription or metered basis is convenient for the end-user.
Just one last thing I would like to point out is that sound enterprise architecture and governance must be user-centric. That means that we only build decision products that are valuable and actionable to our users—no more ivory tower efforts or developing shelfware. We need to get the right information to the right decision makers to get the mission accomplished with the best, most agile and economical support framework available.
>Cloud computing is “shorthand for centralized computing services that are delivered over the Internet (a.k.a. the ‘cloud’).”
Cloud computing is to traditional computing as electricity is to rubbing two twigs together to make a fire. Ok. That’s a little bit of an exaggeration, but not by much.
Years ago, people made a fire in their home or workspace which they continually fed to get warmth, lighting, and cooking; now they get these from centralized utilities that distribute it to them on an as needed basis. It’s a lot more efficient that way!
With cloud computing—it’s very similar. Currently, we have our own computing resources (like a hearth and firewood) that we must purchase and regularly maintain to do basic information technology processes for transaction and analytical processing, information sharing and collaboration. Now, we can get these functions from centralized computing facilities or data centers that distribute them, as needed on a subscription or metered basis. This gives us a predictable, stable source of computing at reduced prices, delivered via the Internet, when we want and need it, and without the hassle of having to purchase and maintain the hardware and software infrastructure. It’s a user-centric model!
Most of us with very busy and already complex lives inherently understand and are drawn to a model that is convenient and cost-effective. Flip on the switch and voila—lights/heat in one case or email, e-Commerce, and online entertainment in another.
To me, if its not a mission-specific or highly sensitive application, the question is why shouldn’t it be in the cloud?
Fortune Magazine, 2 March 2009, on the rise of cloud computing juggernauts like Salesforce “a public company with a market capitalization of $3.5 billion, generates revenue of more than $1 billion a year—a 60% five-year annual growth rate—all from providing software subscriptions to business.”
Marc Benioff, their CEO says “We’ve always believe everything’s going into the cloud.”
Even detractors, like Larry Ellison, the CEO of Oracle, has helped fund Saleforce and another major cloud computing vendor, NetSuite. Moreover, “Oracle at the end of January lauched a new version of its online sales-management product…CRM on Demand” —so you see where Mr. Ellison is strategically placing some of his chips.
What about the other major application vendors?
“SAP said it would be releasing a software-as-a-service product in May…and Microsoft also has customer-management software available. IBM just named a cloud computing czar, and Google and Amazon are launching ambitions initiatives.”
So what’s holding up the transition?
Generally, the biggest cited obstacle to moving to cloud computing is security. Yet, “Salesforce has recorded only one security breach, a phishing attack in November 2007.” Moreover, because of the scope, scale, resources, and expertise that these vendors have, they can actually deploy and maintain a level of security that other organizations may only dream of.
Never-the-less, “companies remain committed to owning and hosting their own software and despite the tough economic times, they are loath to try something new, especially if it means making additional investments, however meager.”
But in the end “cost cutting and convenience are expected to prompt more firms to rent software that will be delivered over the Internet cloud.” IDC projects that by the end of 2009, “76% of U.S. organizations will use at least one web-delivered application for business use.”
Further, according to research firm, Gartner, “of the approximately $64 billion spent on business applications in 2008, about 10% or $6.4 billion, was spent on applications housed remotely and delivered via the Net.”
The writing is on the wall or should I say in the cloud!
>How should a CIO allocate their time between strategy and operations?
Some CIOs are all operations; they are concerned solely with the utility computing aspects of IT like keeping the desktops humming and the phones ringing. Availability and reliability are two of their key performance measurement areas. These CIOs are focused on managing the day-to-day IT operations, and given some extra budget dollars, will sooner spend them on new operational capabilities to deploy in the field today.
Other CIOs are all strategy; they are focused on setting the vision for the organization, aligned closely to the business, and communicating the way ahead. Efficiency and effectiveness are two of their key performance measurement areas. These CIOs are often set apart from the rest of the IT division (i.e. the Office of the CIO focuses on the Strategy and the IT division does the ops) and given some extra budget dollars, will likely spend them on modernization and transformation, providing capabilities for the end-user of tomorrow.
Finally, the third category of CIOs, balances both strategy and operations. They view the operations as the fundamentals that need to be provided for the business here and now. But at the same time, they recognize that the IT must evolve over time and enable future capabilities for the end-user. These CIOs, given some extra budget dollars, have to have a split personality and allocate funding between the needs of today and tomorrow.
Government Technology, Public CIO Magazine has an article by Liza Lowery Massey on “Balancing Strategy with Tactics Isn’t Easy for CIOs.”
Ms. Massey advocates for the third category, where the CIO balances strategy and operations. She compares it to “have one foot in today and one in tomorrow…making today’s decisions while considering tomorrow’s impacts.”
How much time a CIO spends on strategy versus operations, Ms. Massey says is based on the maturity of the IT operations. If ops are unreliable or not available, then the CIO goes into survival mode—focused on getting these up and running and stable. However, when IT operations are more mature and stable, then the CIO has more ability to focus on the to-be architecture of the organization.
For the Total CIO, it is indeed a delicate balance between strategy and operations. Focus on strategy to the detriment of IT operations, to the extent that mission is jeopardized, and you are toast. Spend too much time, energy, and resources on IT operations, to the extent that you jeopardize the strategy and solutions needed to address emerging business and end-user requirements, and you will lose credibility and quickly be divorced by the business.
The answer is the Total CIO must walk a fine line. Mission cannot fail today, but survivability and success of the enterprise cannot be jeopardized either. The Total CIO must walk and chew gum at the same time!
Additionally, while this concept is not completely unique to CIOs, and can be applied to all CXOs, CIOs have an added pressure on the strategy side due to the rapid pace of emerging technology and its effects on everything business.
Cloud computing—“a style of computing where IT-related capabilities are provided ‘as a service’, allowing users to access technology-enabled services ‘in the cloud’ without knowledge of, expertise with, or control over the technology infrastructure that supports them.” (Wikipedia)
In an article in InfoWorld, 7 April 2008, called What Cloud Computing Really Means, Galen Gruman states that “Cloud computing encompasses any subscription-based or pay-per use service that, in real time over the Internet, extends IT capabilities.”
What’s an example of cloud computing?
An example of cloud computing is Google Apps that provides common business applications (similar to traditional office suits) online.”
How does cloud computing work?
In cloud computing, resources–either hardware or software–are available on-demand—as needed.
In the case of on-demand software, application service providers (ASPs) offer software as a service (SaaS). And for on-demand hardware or IT infrastructure (i.e. virtual data center capabilities such as servers or storage), the offering takes the form of utility computing. In both cases, technology resources are served up on a pay-as-you-go or metered basis, similar to the way a public utility would charge for electricity, oil/gas, telephone, water, and so on.
The cloud computing model is similar to service oriented architecture where there is a service provider and consumer, and here the Internet functions the basic service broker.
Cloud computing is has a basis in technology virtualization in which service providers “hide the physical characteristics of computing resources from their users [consumers].” (Wikipedia)
What are the major advantages of cloud computing?
Cost—one of the big advantages of this computing model is that the upfront IT investment cost is little to none, since the IT assets are in essence being rented.
Scalability—customers have the ability to use more resources when they have a surge in demand and can scale back or turn off the spigot when the resources are not needed.
Flexibility—As IT capabilities get updated by the service provider, consumers in the cloud model can make immediate use of them and benefit sooner than if they had to stand up the capabilities themselves.
Mission focus—The enterprise can stay focused on core mission and mission support capabilities and in essence easily outsource business support functions, where the service provider is responsible for enabling more generic (not strategic or differentiators) business capabilities.
What are the enterprise architecture implications?
Cloud computing can play an important role in focusing IT solutions on strategic mission requirements, simplifying and standardizing our IT infrastructures by outsourcing capabilities, utilizing a services oriented architecture (SOA) model where common business services are served up by providers and consumed by the enterprise, and more effectively managing costs.
What is the future of cloud computing?
Obviously, there are security implications, but as Galen Gruman states: “as SOA and virtualization permeate the enterprise, the idea of loosely coupled services running on an agile, scalable infrastructure should make every enterprise a node in the cloud. It’s a long-running tend with a far-out horizon. But among big metatrends, cloud computing is the hardest one to argue with in the long term.