Cloud Computing Bringing the Cloud into Focus November 2011
Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice President, Solutions Delivery IT/NET Ottawa, Inc. 2
What are your objectives for cloud computing? To contain IT costs? To support consolidation of IT assets? To improve service quality? To support greening? To improve time to market for client program needs? To reduce the procurement burden on projects? To achieve department or government-wide standardization? To allow you to focus on core business client specific solutions? 3
What is the goal of Cloud Computing? To provide easy access to and elasticity of IT services 4
Agenda Cloud Myths Cloud Computing 101 ( Bringing the cloud into focus ) Value Proposition ( The silver lining ) Issues ( Storm warnings ) Next Steps ( The forecast ) 5
Cloud Myths 6
Cloud Myths Cloud Computing is a buzzword that has been sometimes misused. Hype and misconceptions are common. Below are several myths that are commonly associated with Cloud Computing: Cloud Computing is a specific technology (e.g., virtualization) It s just Web Hosting / Grid Computing / Outsourcing evolved There are no standards Everything can move to the cloud It s all hype It s always cheaper Let s learn more and look into these myths 7
Cloud Computing 101 Bringing the cloud into focus 8
Cloud Computing 101: Defined a model for enabling: convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be: rapidly provisioned and released with minimal management effort or service provider interaction. 9
Cloud Computing 101: What it s not Cloud Computing is not: Any specific technology such as VMware or SalesForce Virtualization Outsourcing Grid computing Web hosting 10
Cloud Computing 101: What it is Cloud Computing is: An IT delivery approach that binds together: Technology infrastructure, Applications and Internet connectivity as a defined, managed service that can be sourced in a flexible way 11
Cloud Computing 101: It s characteristics On-demand self-service Broad network access Resource pooling Rapid elasticity Metered service Abstracted Service Based Scalable 12
Cloud Computing 101:Service & Deployment Models Service delivery models Deployment Models Infrastructure as a Service (IaaS) Raw computing power and storage Private Hosted internally or externally for your enterprise Platform as a Service (PaaS) Operating system and application platform Public Hosted by a service provider for many Software as a Service (SaaS) Remotely accessible applications Hybrid Private data and/or applications are kept internal 13
Cloud Computing 101: Service Delivery Models Software as a Service (SaaS) The capability provided to the consumer is to use the provider s applications (and services) running on a cloud infrastructure. SaaS (Software-as-a-Service) Reduce or eliminate application development effort High adoption rate any device, anywhere, any time Lower up-front costs E.g., SalesForce.com Software, Application Layer 14
Cloud Computing 101: Service Delivery Models Platform as a Service (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. PaaS (Platform-as-a-Service) Simplified software management (upgrades, patches, licensing, etc.) Simplified application deployment E.g., Google App Engine Standard Application Platform Business Rules, Logic, and Middle-ware 15
Cloud Computing 101: Service Delivery Models Infrastructure as a Service (IaaS) The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the customer is able to deploy and run arbitrary software, which can include operating systems and applications. IaaS (Infrastructure-as-a-Service) Cost reduction/pay as used Scalability/dynamic resource allocation Reduced administrative overhead E.g., Rackspace Servers & Storage Networking Infrastructure 16
Cloud Computing 101: Deployment Models Private Cloud Operated solely for an organization May be managed by the organization or a third party On premise or off premise Full control Low risk/compliance issues High initial investment Inside the Enterprise External but owned by the Enterprise Private (Internal Cloud) Private (External Cloud) 17
Cloud Computing 101: Deployment Models Public Cloud Available to the general public or a large industry group Owned by an organization selling cloud services Pay as you go, utility pricing High agility Low control over data and service levels Dependencies on external vendors Public Cloud Public Cloud 18
Cloud Computing 101:Deployment Models Hybrid Cloud Composition of two or more clouds (private or public) that remain unique entities Bound together by standardized or proprietary technology that enables data and application portability Maximum flexibilities in managing costs, risks, and resources High administrative overhead Careful definition of data eligibility for migration from private to public Inside the Enterprise External - Public Cloud Private (Internal Cloud) Public Cloud Hybrid Cloud 19
Value Proposition The silver lining 20
Value Proposition to the business Agility / Time-to-Market New applications and computing resources can be provisioned more quickly Cost Shift from CapEx to OpEx as infrastructure investments are billed based on usage Transparency Business can see the ongoing costs of their applications due to the utility-pricing nature of Cloud Computing Increased mobility of applications Internet-based applications can be accessed, through appropriate security channels, anywhere Forced compliance and governance Standards which applications must follow (security, D/R, performance, etc.) can be enforced at the point of deployment to the cloud i.e., release management cannot technically deploy an application to the cloud which does not meet certain criteria 21
Value Proposition to IT Reduced support footprint Standardizing platforms reduce the number of supported technologies, allowing a focus on depth of expertise Service development flexibility Defined platforms allow developers to focus on applications approval processes, rather than build times Green (Improved efficiency of capacity) Optimized utilization of resources through the abstraction of platforms and services from their underlying hardware and the merging of computing resources into a single grid Faster deployment of resources Security Standardized platforms can be Use of a common framework deployed in minutes, limited by can improve overall security 22
Issues Storm warnings 23
Issues: Storm Warnings Financial Underestimated start-up costs Penalizing exit costs Contract Complexity Run-away variable costs poor capacity planning and forecasts from the business Financial Data Operational Data Data Segregation, Isolation and Transparency Concerns Data encryption Security/Privacy/Access Intellectual Property Protection Vendor Vendor Lock-in vendors dictate technology to be used Service Provider reliance on service providers for business process (bankruptcy, loss of reputation, lawsuit) Vendor Business Risks Technology Operational Business Resiliency/Disaster Recovery Service Reliability and uptime SLA Compliance in accordance with agreed upon RACI (who is responsible?) Regulatory Compliance Complexity to ensure compliance with Regulatory Requirements and Regulations (Privacy, ATIP, etc.) Lack of industry standards and certifications for cloud providers Records Management/Records Retention Concerns Providers ability to monitor and adjust based on changes to regulatory stipulations Regulatory Compliance Technology Compatibility and Integration with other services outside the cloud Emerging technology/speed at which advances are made in a production cloud environment Customization limitations Human Capital Security (Malicious Insiders)
Next Steps The forecast 25
Business Criticality of Application / Data Service / Deployment Model Decision The service/deployment model selection process requires an assessment involving factors such as: IT budget and financial constraints Long-term IT strategy Level of governance across IT in defining and enforcing standards for security, development Current understanding of existing application portfolio, e.g., knowledge of attributes, dependencies, documentation, architecture Classification of applications based on business criticality Application development organization s maturity and level of standardization IT organization s willingness to accept risk and comfort-level with moving applications outside of their premises and immediate control Private / PaaS-SaaS Public / SaaS Private / IaaS Public / PaaS Complexity of Applications 26
Common Challenges in Adopting a Cloud Strategy Lack of a clearly defined architecture vision There is no plug-and-play solution Appropriate architectures will be unique to each organization Must weigh service and deployment models and their impact on people, processes, and technology. Perception of insecurity Public clouds introduce the risk of data being stored outside the enterprise in uncontrolled, multi-tenant environments Both public and private models must ensure appropriate identity and access management and audit compliance. Lack of standardized platforms & technologies Business developing their own applications using whichever platform suits its need comes to an end in PaaS and SaaS models Platforms and technologies must be carefully selected based on the enterprise s business application requirements, balanced with technical feasibility. 27
Common Challenges in Adopting a Cloud Strategy Reliability, ensuring SLAs Can mission-critical applications be moved to a cloud environment? How will SLAs be assured with tenants sharing resources? Even for non-mission-critical applications, contracts with public cloud vendors must be carefully defined to address SLAs and how the provider will meet these. Vendor lock-in and interoperability Will standardized platforms and technologies lock the organization into a specific vendor or limit its scalability in the future? Regulations and compliance Geo-location and in-house restrictions on data may limit the types of services that could be moved to a public cloud environment; private clouds must accommodate these regulations by appropriately zoning applications. 28
Service Models Compared Level of Standardization IaaS PaaS SaaS Low Medium High Flexibility High Medium Lowest Agility Fast Faster Fastest Consolidation Reduced number of physical hosts required Reduced breadth of support required to service various platforms Security Logically, same Increased through reduced number of platforms to secure Everything up to the software-layer is consolidated, focus shifts to any customizations or mash-ups to make up a business service Potential to be strongest, limited, defined software stack to secure 29
Deployment Models Compared Cost Flexibility Agility Public Hybrid Private + Low up-front costs + Shift capital expenses to operating expenses - Vendor-lock in risk, limited portability + Offerings prebuilt, very fast deployment +/- Similar to private; however, private build-out requirements may be less + Able to discriminate data moving to a public cloud - Risk of vendor-lock with public-cloud element - Most complex to architect and deploy - Up-front costs may be significant; new computing capabilities may be needed; new skill sets and knowledge may be required + Full customization of platform and infrastructure offerings available +/- Risk of vendor-lock limited to component technologies + Once fully implemented, has potential to quickly deploy business services Security - Least control of environment, reliant on vendor +/- Provides balance; ability to determine public-eligible or restricted data or services + Most secure; data and services are kept in-house 30
Conclusion: Myth Busters There are many misconceptions about Cloud Computing. Cloud Computing is a specific technology, (e.g., virtualization) It s just Web Hosting / Grid Computing / Outsourcing evolved There are no standards Not true However, Virtualization technologies, such as Vmware, provide a base on which to provide Infrastructure-as-a-Service Not true It is an IT delivery approach that binds together technology infrastructure, applications, and internet connectivity as a defined, managed service that can be sourced in a flexible way Not true Cloud Computing in PaaS and SaaS Service Models limit the breadth of applications and platforms available to the business, leading to increased standardization Everything can move to the cloud It s all hype It s always cheaper Not true The feasibility of moving to the cloud depends on security requirements, ability to standardize, risk concerns, access requirements Not true Cloud Computing is built on the world s continued globalization and internet connectivity and is here to stay Not true Underestimated start-up costs, penalizing exit costs, contract complexity and runaway variable costs all impact the financial benefit of Cloud Computing 31
IT/NET can help Cloud computing promises to bring sweeping changes to the way businesses and other organizations use IT. IT/NET can help: 1 2 3 Provide clarity on cloud computing services and practices Identify tangible benefits that are achievable today Assist in navigating the associated risks and challenges Getting independent advice can mean the difference between success and failure 32
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. Thank you! 33