Ascend to the Cloud through Five Prisms
On January 28th, 2010, New York State successfully organized its first Request For Information (RFI) on Cloud Computing. It was delivered via a fairly successful multimedia syndication to over 200 leaders from the state agencies and vendor community and countless people online. The response was warm and insightful. At the end of the session the question is not if we should go with Cloud Computing, it is when and how.
To help an Enterprise as vast as the New York State government to reap the benefits of Cloud Computing, a comprehensive and prudent plan is needed. The risks should be carefully managed. Every CIO should look at the Cloud implementation through the following five prisms: finance, services, governance, risks, and processes. We should carefully address the following five questions:
1. Does the business model of cloud computing address the immediate financial bottom line?
Moving to cloud computing should also subscribe to the desired performance based budgeting. The return on investment (ROI) and economic impact of Cloud Computing needs to be carefully looked at. Cloud computing will reduce capital expenditure (CapEx) but it may keep pace or even increase operating expenditure (OpEx) for IT. It will alter the pictures of the cash flow and the balance sheet for an enterprise. Whether this is advantageous to do depends on the current situation of the enterprise. If an enterprise is having a current cash flow problem, the desire of asset consolidation and relocation simply cannot triumph if the marching towards cloud computing incurs large migration cost.
Moving to cloud computing brings both tangible and intangible benefits and costs. Computing on demand is usually perceived more cost effective than maintaining private data centers whose capacities are engineered for peak activities rather than actual usage. In the government settings, the overcapacity and waste also stem from the fact that we usually build permanent infrastructure for temporary programs.
We also need to be cognizant of the intangible impact and figure out how to account for it. The agility and flexibility that cloud computing bring to us will advance the innovation in our enterprise. Many new ideas were simply too expensive and too tedious to try. A traditional proof of concept will have to go through the normal procurement process and require outright capital expenditure, leaving the innovators steaming and frustrated. After moving to Cloud Computing, the enterprise IT workforce can be shifted from infrastructure centric to business process centric. The impact may be profound as our operation is increasingly (business) knowledge driven. On the other hand, shifting the computing to the cloud will incur some new cost that is associated with dealing with the shifting legal responsibility, more complex knowledge management, and required governance.
2. Have we clearly articulated in business terms the impact of cloud computing on our business processes?
All IT systems impact business processes to a certain degree. The moving to the Cloud is not a march by IT alone. Business users are coming with us. To assess and articulate the impact on our business activities is one of the hinges for success. Moreover, migration towards Cloud computing will compete for resources. Certain business processes may be slowed down. As CIOs, we need to make sure there are gains in business processes due to cloud computing that can more than offset other delays. Many enterprise processes are complex requiring sophisticated integration and process management. Cloud computing may simplify such processes if we know how to coordinate and consolidate. Many users already have the desires to use readily available computing resources outside of the enterprise to advance their goals. A fragmented approach may cool the enthusiasm if the business processes are not improved.
3. Are we prepared to operate and govern a multi-host multi-tenancy computing ecosystem?
Multi-tenancy has the potential to lower the infrastructure cost for individual participants. However the shared environment will cause a shift of responsibilities. How does the accountability precipitate and how do we govern in the shared Cloud? Among the top concerns for moving to the Cloud are security and privacy. It is not only the complexity associated with securing the shared infrastructure but also the shift of regulatory compliance responsibilities, whether it is Sarbanes Oxley or HIPAA. Legal counsels need to be involved before the enterprise can plant solid footing in potential quick sand.
Information governance has paramount importance for security and privacy in cloud computing. A good information classification program is one of the precursors for moving to cloud computing. It will shed light on how an enterprise chooses its pilot cloud services. Salesforce.com has been a successful business case of cloud computing for small and medium businesses because the data and information stored in the cloud are less burdensome in terms of regulatory compliance. A strong information governance in the Cloud is the critical path for the enterprise to prevent itself from being locked in a single vendor solution.
4. Are we clear what the risks and performance metrics are?
Security, privacy, performance, vendor lock-in, service level are the top concerns of Cloud Computing. The ability to gauge and mitigate risks in relation to our current business practice is a required IT competence for cloud computing. For example, in order to ensure the cloud services to be portable among vendors, adoption and enforcement of standards may not be straightforward given the myriad of interoperability standards out there. The performance for business computing over the Network can be a real bottleneck for the adoption of cloud computing. The success of cloud computing have to come with high-bandwidth and highly available Network. The ability to decouple the tightly built private systems to be Cloud-ready is another challenge. A well documented risk management plan and a set of key performance indicators for cloud computing should be in place sooner rather than later.
5 What IT services do we select as the first wave of Cloud Services?
Picking up a rock of the right size is part of the success. We want to avoid taking too big a bite than what we can chew. Starting to review the enterprise IT service catalog was timely recommended by one of the attendees in the New York State Cloud Computing RFI session. Like any technological advancement, Cloud Computing is still climbing the ladder of IT services. As the technology community starts cataloging cloud services such as Communication as a Service (CaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), Cloud computing comes with various levels of maturity and is associated with different degree of risks. For example, CaaS is more mature than SaaS in many cases while application development environment is less risky than production environment. Choosing the right Cloud Computing pilots that has manageable business complexity and controlled risk will help the movement along more smoothly.