CLOUD CONFIDENCE It s Not Blue-Sky Thinking!
Cloud Confidence - It s Not Blue-Sky Thinking! Confidence in any form of Cloud Computing should not require debate and consideration from today s IT Management. In all organizations, regardless of industry or size, the operational efficiencies are there to be gained by all. Where Cloud is concerned there should only be clear skies but the storms are the unwanted headlines which appear, thanks to affairs such as the United States National Security Agency s (NSA) ability to monitor and track the communications networks of Brazil and the disclosure of PRISM by Edward Snowden. Fuelled by these headlines, the internal debate about data privacy and residency is unnecessarily raging within company boardrooms and IT often fails to counter the case for adoption of any form of Cloud Computing; whether Software, Platform or Infrastructure as a Service (SaaS, PaaS and IaaS respectively). Yet, how many individuals sitting on company boards are using Apple web services for sharing and storing files held on personal devices? Realities will collide and like the consumerization of IT, the use of Cloud within businesses is increasing and will continue to do so. Gartner predicts cloud computing spending to increase by 100% in 2016 The headlines for many companies and their decision makers need context. Here in the United States, the Patriot Act questions the concept that data residency in the cloud is a safe option, while over in Europe, the laws which are laid down ask Companies to be compliant to privacy and security standards while denying Government unfettered access to the information. The purpose of this white paper is to outline the terms of reference and explain the business reasons why providers of cloud services are duty-bound to secure and protect the data of its customers, their staff and partners, the regional differences relating to data residency and why, despite the headlines, Cloud adoption does not require a whole lot of blue sky thinking to make it work. In short, the benefits of cloud solutions extend beyond data security and operationally can significantly improve and increase productivity within IT and across any business function, in any type of organization to provide a platform through which new applications can be developed and deployed for real competitive advantage. What s The Real Headline Story? Regardless of whether Acts relating to the privacy and residency of personal or corporate data have been contrived by Governments to counter acts of terrorism, the reality is their impact is stalling decision making within organizations. A report by 451 Group s research arm TheInfoPro1, concluded that 69% of enterprises questioned have budget for cloud computing and are predict spending increases this year and throughout 2014. However 83% of that number fear they will still face issues moving forward at the pace IT management desire. Politics and a resistance to change from within the boardroom are frequently cited and no surprise that concerns about Security (in the widest sense) accounts for nearly a 3rd of the study s respondents followed by migration and integration fears. In mitigation, the Cloud Security Alliance concluded, in early 2013, that although it is right for Companies to be concerned by security issues, the greatest threats are not necessarily caused by intrusive legislation. Issues such as system-failed data loss and leakage and service traffic hijacking by 3rd party protagonists are the types of threats organizations, globally, need to guard most against. Selection therefore of a cloud solution provider and/or hosting partner has to be rigorous yet standards have long been established. In 2005 ANSI/TIA-942 was published as a telecommunication industry standard for data centers. Today, the Uptime Institute s four level tiering of data centers is the most commonly accepted criteria used for selection. 1 Published conclusions from TheInfoPro Wave 5 Cloud Computing Study
For organizations wishing to adopt cloud computing the Institute recommends (as a minimum) that any provision meets Tier 3 SaaS Type II criteria in order to benefit from multiple secure and independent distribution paths that will deliver service continuity and +99.9% availability. In addition any data center should be certified to ISO 27001 for information security management. More than this, organizations should also be asking its cloud providers for the ability to monitor cloud services accurately. Typically, for both IT and business management, this is about... ensuring that productivity gains are achieved as web services and applications migrate to the cloud, where the infrastructure encourages fluid deployment and anywhere connectivity. So like anything within an IT infrastructure, if standards and procedures are adhered to, compliance is achieved then systems, services and applications are delivered securely with high availability and capacity to the business. Cloud computing is no different and no less secure but still the noise around legislation is there in the background, so what is the real issue? Legislation is a Geographic Restriction The legislative issue is real, but not international. The most prohibitive is the Patriot Act and (ignoring the US-EU Safe Harbour agreement) this is bound to the USA. Recent press reports (trade and news titles) suggest the PRISM revelations and the NSA s ability to access data from US web firms will cost its cloud computing industry $35bn 2 in 3 years. It is only when data resides with a US cloud provider that such intrusions can be made. Increasingly, organizations are wary of this and because this is not about data center standards and certification customers, the world over, are considering vendors, such as EasyVista, that truly provide their solutions from data centers internationally. This issue will shape the industry moving forward. Figures released by the Information Technology & Innovation Foundation3 (ITIF) highlight the damage done by the Edward Snowden disclosure, and suggests firms with an international focus will benefit as increasing numbers of organizations lose faith in US cloud providers including Microsoft, Salesforce and ServiceNow. In Switzerland, Artmotion, the country s largest cloud provider, reported a 45% increase in revenue the month following NSA s revelations about Snowden and the Prism surveillance program. The report is based on a survey that found that 10% of respondents outside the US had already cancelled a cloud project with a US firm because of PRISM and a further 56% said they were less likely to use a provider based in the US. No blue sky thinking, here! Arguably in the 21st century it is unthinkable, commercially, that such restrictions are placed upon an IT industry that pretty much shaped 20th century IT, but the reality of Cloud computing for any organization is that it is real, secure and confidence should be high that the promise of operational advantage is within reach and achievable in spite of the US Patriot Act. Concerns therefore should be limited to prudent due diligence regarding residency and data center localisation. Clear thinking is all that is required from IT. For IT Management, Cloud represents a significant advance in the roles and responsibilities that have been performed traditionally. How an organization embraces Cloud will determine how free IT will become of traditional systems management and support duties. After all, it is the business model of the cloud provider to deliver a service, through its data centers, that are 100% secure and where application servers are fully maintained and available. Consequently, Cloud allows an agility around how rapidly businesses adopt new technologies and services and IT is no longer maintaining legacy infrastructure or commissioning systems, it is brokering the correct services its business customers need. Finally, IT is out of the back-office. 2 http://www.computing.co.uk/ctg/news/2287148/prism-could-cost-us-cloud-firms-usd35bnbut-benefit-eurpean-providers 3 http://www2.itif.org/2013-cloud-computing-costs.pdf
Degrees of Adoption! That said, Cloud is not without some considerations around the degree of adoption; Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), much will depend on the business (and its leadership), level of IT maturity and its dependence upon a legacy infrastructure. In this respect do not be fooled into thinking that a certain type of Company (age/size/industry) will automatically map to any one cloud model. Corporate enterprises may see IaaS as a strategic necessity as it would allow rapid integration of any company acquisitions, yet others may be so wed to their legacy infrastructure that selective SaaS adoption, such as SAP Business One, becomes the cautious viable start-point. IaaS, which may be considered an extreme, will benefit those organizations struggling to prove compliance and governance due to legacy infrastructure. In IT service management, for example, there will be benefits operationally in extending the reach across a distributed enterprise to running up the service desk on a SaaS model yet to retain certain systems management capabilities on-premise where an appropriate level of data exchange will ensure core ITIL processes remain seamless and services deliver continuously to the business. Some may call this a hybrid model. In a similar vein, service centric organizations, may look to a vendor such as EasyVista, to provide a solution through which one-tomany service desks could be designed and run for IT and non-it disciplines. Additional/complementary service management applications could be developed/extended and rapidly deployed. The private cloud facilitates high levels of automation and integration so disciplines such as DevOps can become a centralised and collaborative function that advances core service delivery. The scenarios for moving to Cloud are endless and whether it is a pragmatic slice of SaaS or full IaaS, all organizations will begin modernising their approach to service delivery, embracing consumerization of IT and improving their customers experience of IT, their communication and collaborative channels, in a moderately short timeframe. Increasingly these conditions are helping to mature decision making and regardless of the degree of Cloud adoption, simple benefit statements exist, and around these Cloud justification can be built. Budget In 2013 world economies are still recovering, and for any organization the benefit of reducing capital expenditure from infrastructure by moving to a subscription model, typically over 3 years, to mirror cashflow and use, makes viable sense. Additionally, by truly offsetting cashflow, this allows businesses greater financial flexibility when considering the adoption of further technologies. User-Acceptance Although arguably cosmetic, vendors are rapidly developing Cloud applications that mimic accepted web storefronts and social media channels, consequently user acceptance of these business and applications platforms tends to be high. Equally the anything, anywhere, anytime mentality of today s Generation Y users will drive higher productivity from employees and its 3rd party service providers and generate communication and collaboration with customers. Agility SaaS means faster time-to-market. The ability to develop and rapidly deploy new applications through a Cloud platform that provides an adaptive design environment will operationally advance an organizations enterprise management. DevOps has found its mainstream home.
Orchestration Cloud Computing is effectively built through a well-constructed chain of web services and the orchestration of these services allows organizations to build truly robust processes like never before. Largely because in the cloud it is possible to automate, arrange and control systems and enterprises through cross-domain protocols. Consequently, the management of systems and services on a single agnostic platform becomes a reality. True best-of-breed without the hard-coding integration hassle. IT Operations Increasingly, Cloud is proving to be the most cost-effective method of doing IT heavy lifting basically running resource-intensive, processes and procedures. For example, the database management concerns relating to application servers are removed once the solution resides within a Cloud Data Center. Final Thoughts Legislation, such as the Patriot Act, is no reason to block any business decision relating to cloud confidence and adoption, it is simply a case of due diligence and data residency. Standards exist that will satisfy governance and compliance around data center operations and information management security. Be pragmatic, consider all options as Cloud is not exclusive in any one solution class, hybrid adoption or full IaaS. Build for your business and adopt what is needed by the business against what traditionally has been sustained by IT. IT is now the broker of services. Cloud allows rapid technology adoption, IT must navigate these as services to determine what is best-of-breed for the organization. Removing this burden alone, releases IT to concentrate on which services it should broker for further adoption by the business. Business Continuity & Disaster Recovery Vendors like EasyVista, have made the investment in multiple cloud management centers and data centers around the world. Because of this, they have the infrastructure needed to ensure businesses continue to operate no matter how disruptive an event - natural, accidental or political. About EasyVista: EasyVista Inc. is a leading provider of Cloud-based IT Service, IT Asset and Organizational & Customer Service Management solutions. The Company serves customers in every vertical sector and has direct operations around the world with offices in the United States, Canada, France, UK, Germany, Italy, Spain and Portugal. With tier 1, multi-lingual support and Network Operation Centers worldwide, our award-winning Cloud based approach and unique service management codeless design environment, EasyVista Neo allows companies to transform IT services for the 21st century. Our mission is to empower organizations to streamline and simplify the management and control of in-house, out-sourced and Cloud-based service management. We are the broker of Service and Support for New IT, we are Service Management by Design.
Contact us Americas EasyVista USA (USA HQ) 3 Columbus Circle 15th Floor, Suite 1532 New York, NY 10019 Phone: +1 (888) EZV ITSM Fax: +1 (646) 736-6967 EasyVista San Francisco 71 Stevenson Street Suite 400 San Francisco, CA 94105 Phone: +1 (888) EZV ITSM Fax: +1 (646) 736-6967 EasyVista Dallas 14785 Preston Road Suite 550 Dallas, TX 75254 Phone: +1 (888) EZV ITSM Fax: +1 (646) 736-6967 EasyVista Canada Logiciels EasyVista Inc 2001 McGill College Avenue Montreal, QC, H3A 3P9 Phone: 888-EZV-ITSM EMEA EasyVista France (EMEA HQ) Immeuble Horizon 10, Allée Bienvenue 93885 Noisy-le-Grand Cedex Phone: +33 1 55 85 91 00 Fax: +33 1 55 85 91 11 EasyVista United Kingdom Berkhamsted House 121 High Street Berkhamsted HP4 2DJ Phone: +44 1442 200 120 Fax: +44 1442 200 121 EasyVista Spain Avenida de la Industria N 4 Edif. 3 2 B 28108 Alcobendas Phone: +34 902 430 412 Fax: +34 902 430 527 EasyVista Portugal Av. Eng. Duarte Pachero, Torre 2-6 Andar Escritorio 7 1070-102 Lisboa Phone: +351 21 805 13 20 Fax: +351 21 800 71 66 EasyVista Italy Via Conservatorio, 22 20122 Milano Phone: 02 77297552 Fax: 02 779240