How To Decide If You Should Buy Cloud Computing For Government



Similar documents
Strategic Coverage 29 Cloud Services Common Assessment and Considerations

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

On Premise Vs Cloud: Selection Approach & Implementation Strategies

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Cloud Computing. P a n a g i o t i s F o u z a s I T S o l u t i o n s M a n a g e r

How To Secure Cloud Computing

Guideline on Implementing Cloud Identity and Access Management

MyBills. Unclassified. Bank Merchant Account Creation Procedure

Moving Applications To Cloud

Windows Server Your data will be non-compliant & at risk on

Getting Started with Collaboration Services and the Cloud. Tyson Hartman, Chief Technology Officer

How to ensure control and security when moving to SaaS/cloud applications

Key Considerations of Regulatory Compliance in the Public Cloud

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

MOVING SECURITY TO THE CLOUD. pandasecurity.com

6 Cloud strategy formation. 6.1 Towards cloud solutions

White Paper. Cloud Computing. Effective Web Solution Technology Investment. January

How to Choose an Economic Cloud Deployment Model

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

perspective Microservices A New Application Paradigm Abstract

Top five lessons learned from enterprise hybrid cloud projects

JISC. Technical Review of Using Cloud for Research. Guidance Notes to Cloud Infrastructure Service Providers. Introduction

Cloud Computing: The Next Computing Paradigm

OpenStack in the Enterprise: A Potential Foundation for Your Cloud Strategy

Meeting the needs of Healthcare

RESEARCH PAPER. Integrating the hybrid cloud. It s time for IT to get full value from the cloud. February Sponsored by

Africa Set for Cloud Market Expansion

Document title. Using Cloud Based Storage Services. Introduction

Are your legacy applications suitable for the cloud?

APPLYING LESSONS LEARNED TO FEDERAL CLOUD COMPUTING

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

1 The intersection of IAM and the cloud

SaaS - Advantages of Product Development

Cloud Adoption. The definitive guide to a business technology revolution. shaping tomorrow with you

The cloud - ULTIMATE GAME CHANGER ===========================================

A CIO s Cloud Decision and 7 Lessons Learned From Peers

Lean IT Transformation

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

IT Services. Capita Private Cloud. Cloud potential unleashed

Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration

CLOUD COMPUTING An Overview

Hybrid Cloud Architecture: How to Streamline Hybrid Cloud Migration

The Cloud Seen from the U.S.A.

Cloud Computing. Bringing the Cloud into Focus

ICT Advice Note - Procurement of Open Source

When IT Leaders Should Select Private Over Public Cloud Services

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

iscripts Top 10 challenges to consider before testing SaaS based applications

Managed Services Market in South Africa Mapping Opportunities in the Data Centre and Cloud Markets

Oracle Trading Community Architecture Modeling Customer and Prospect Data TCA Best Practices V.2. An Oracle White Paper January 2004

The Cloud at 30,000 feet. Art Ridgway Scripps Media Inc. Managing Director Newspaper IT Operations

WHITE PAPER: Broadband Bonding for VoIP & UC Applications. In Brief. mushroomnetworks.com. Applications. Challenge. Solution. Benefits.

Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

Cloud Infrastructure as a Service Market Update, United States

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

Shaping Your IT. Cloud

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

How To Understand Cloud Computing

Inside the Cloud The Supporting Architecture of Cloud Computing. Jack Hanison

Cloud Catalyst. Programme

Starting the Journey to Managed Infrastructure Services

The Cloud-Enabled Enterprise Developing a Blueprint and Addressing Key Challenges

Enterprise Resource Planning (ERP) in Cloud

Realizing the Value Proposition of Cloud Computing

OIT Cloud Strategy 2011 Enabling Technology Solutions Efficiently, Effectively, and Elegantly

Cloud Business Value. Francis Magann Senior Customer Solutions Architect. 20 th April 2011

Will Cloud Computing Work for the Life Sciences Industry?

Cloud Testing: A Review Article

How To Run A Cloud Computer System

Cloud Computing in a Government Context

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

Securing Your Data In The Cloud: an insiders perspective

CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?

Interoperate in Cloud with Federation

The NREN cloud strategy should be aligned with the European and national policies, but also with the strategies of the member institutions.

Cloud Computing Security Considerations

HSCIC IT Hosting Strategy

Performance Management for Cloudbased STC 2012

The Cloud in your office

Cloud Computing. Introduction

Q & A How Government Can Achieve Cloud Gains, While Keeping Sensitive Data Protected

An Oracle White Paper in Enterprise Architecture August Architectural Strategies for Cloud Computing

SaaS Maturity Evolution for Transforming ISVs business

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

How To Operate In Cloud

Making Leaders Successful Every Day

AN OVERVIEW ABOUT CLOUD COMPUTING

Brochure More information from

New Computing Models, and What They Mean to the Small and Mid-Sized Business Consumer

ON-PREMISES, CONSUMPTION-BASED PRIVATE CLOUD CREATES OPPORTUNITY FOR ENTERPRISE OUT-TASKING BUYERS

SaaS Implementation for Technology & Business software companies

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

NSW Government. Cloud Services Policy and Guidelines

HYBRID CLOUDS DEFINING A SUSTAINABLE STRATEGY DR. RAGHU P. PUSHPAKATH KRISHNAKUMAR GOPINATHAN SACHIN KANOTH MADAKKARA

Fujitsu Dynamic Cloud Bridging today and tomorrow

Procurement Innovation for Cloud Services in Europe

Transcription:

Cloud Services Common Assessment and Considerations Date: June 2011 Department: Technology and Systems Governance Version: 2.0 Unclassified Malta Information Technology Agency, Gattard House, National Road, Blata l-bajda HMR 9010 Malta Telephone: (+356) 21234710 Facsimile: (+356) 21234701 Web Site: www.mita.gov.mt

Document Control Information 01. Document reference 02. Document type Report 03. Security classification Public 04. Synopsis This report identifies key considerations that need to be taken into account before considering any cloud computing offerings including Software as a Service solutions. 05. Document control Author Change controller Distribution controller Technology and Systems Technology and Systems Technology and Systems Governance Governance Governance 06. Authorisation Issuing authority Technology and Systems Governance Approval authority Technology and Systems Governance Signature / Date Signature / Date 07. Modification history Version Date Comments Final Draft 17/09/2010 Draft Version for internal review Final 18/11/2010 Final Version following internal review Final Draft Ver 2 10/06/2011 Draft version for internal review Final Ver 2 13/06/2011 Final Version 08. Acknowledgements Technology and Systems Governance 09. References 1. Software as a Service (SaaS) paper 2. Cloud Computing Key Considerations for Adoption (Infosys)

Executive Summary MITA will be procuring a number of services which can be categorized as potential candidates to be rolled out as Cloud Based Services (or have strong Cloud Services attributes) more prominently Software as a Service (SaaS). There are a number of shortcomings and challenges that need to be addressed from an enterprise perspective prior to embarking on such type of implementation paradigms including but not limited to legal, procurement processes, business continuity, governance, etc. The scope of this paper is to identify and highlight key considerations that one (from an organisation perspective) needs to carefully assess prior to considering the procurement of cloud computing services.

Table of Contents 01. INTRODUCTION... 1 02. CONSIDERATIONS... 2 03. CONCLUSIONS... 5

01. Introduction The introduction of cloud computing technologies and services within an organisation will bring along a number of challenges together with the associated benefits. In this respect, it is pertinent that decision makers evaluate effectively the suitability and applicability of such technologies/ services in the context of the business needs, organisation boundaries and ultimately the intended projected benefits. The aim of this document is to highlight a number of considerations that should be carefully assessed prior to the procurement of cloud based services. It is important to highlight that the considerations listed in this document are not exhaustive, but do provide a good baseline for determining whether the desired solution fits the cloud based approach given the considerations presented herein.

02. Considerations While cloud based services promise to deliver many benefits and innovative ways of working, these might not be applicable or may be difficult to adopt in certain cases. The applicability of such services is dependent on a number of factors including but not limited to; nature of the organization, size of the organization, maturity of the organisation, intended audience of the service, criticality and security of the service, etc. For example, certain services may be applicable to a small organisation that may require little usage of a service, whilst the same service might not be applicable to a larger organisation that would require heavy usage of a service due to cost, service level agreements, performance, etc. Factors such as economies of scale play a major role in determining the viability of particular cloud services. Following are some key considerations that one needs to carefully assess prior to considering the procurement of cloud computing services. It is important to highlight that this list is not an exhaustive list of considerations, but does capture in our opinion the more prominent considerations. 1. What are the business continuity considerations in view of the scale and magnitude of the solution? What are the Exit Strategy considerations? Business continuity is of prime importance to Government, especially when considering that with such cloud services, Government will be bound to the terms and conditions of the service, with limited degree of flexibility and control. Therefore one needs to see that the necessary contractual / procedural obligations are in place in the event that the supplier goes out of business, breaches the service contract, does not meet SLAs or Government decides to move away from the service provider. Furthermore, Government would require an exit strategy which leads to the establishment of an exit plan which guarantees business continuity at the least cost and impact possible. 2. How do Government s high level technology and architecture building blocks impact the cloud service? For example Corporate identity needs to be serviced through the Corporate Directory, based on a claims based architecture; can such integration be offered by the cloud service? 3. What is MITA s experience in consuming (and eventually delivering) cloud based solutions? Does MITA have the capacity and knowledge (operational, legal, procurement, etc.) to manage such services on behalf of Government? Cloud services require new skill sets and procedures therefore training to build up such skills sets are mandatory. 4. How is demand for using the cloud services provided by the vendor? Is it mostly constant or widely varying? Cloud based services are more appropriate for varying demands than for constant demand as one of the benefits is a cost model based on usage. 5. What is the frequency of usage? How frequent is the usage of the service? In most cases very frequent usage makes less economic sense to go for Cloud based payper-use type of models. Similarly, cloud based models usually target varying demands whereby an enterprise may take advantage of variable costing models based on usage fluctuations. 6. Are customized services or interfaces to be exposed by the vendor required? Cloud vendors may not find it economically attractive to provide highly customized services and hence price for end users might also not be very attractive.

7. How mission critical is the application or service? A mission critical application would need very stringent Service Level Agreements (SLAs), which most probably cloud vendors will not be able to satisfy as yet. 8. What are the compliance requirements? The cloud vendor might not have support for the specific compliance needs enforced by Government. 9. What are the preferred technologies and development platforms? What are the long term plans in this regard? Vendor lock-in is one of the major issues in cloud based services. Migration from one cloud environment to another would be much more challenging than migrating within on-premise software up till now, as interoperability standards in this regard are still immature. 10. What are the integration requirements of the SaaS based solutions with other applications/processes within Government? The integration between SaaS offerings from different vendors is a challenge unless provided by the vendor out of the box through open standards such as web services. 11. What are the internal IT and industry regulations for sharing data outside of the enterprise and Government? Are there any legal jurisdictions in this regard? What is the security classification of the data in question and how does this impact the location of the data? Some industry segments have very stringent data privacy and security needs, whilst there are legal jurisdictions of where data resides based on data classification. What is the tolerance level of risk in this regard? 12. How are expenses preferred to appear in the balance sheet? As capital expenditure (CAPEX) or operating expenditure (OPEX)? From a procurement perspective is Government mature enough to support such a model? If Government s strategy is to prefer OPEX type of models, a cloud computing model would be more suitable. Having said this, is MITA s and Government s procurement process mature enough to handle such type of procurements? 13. What are the performance requirements and SLAs of applications and services that are required from the Cloud by Government? The reality is that performance levels of services will be impacted if cloud services are chosen as compared to on-premise implementations - even if they have distributed data centers. In spite of certain high performance SLAs, vendors may still not be able to satisfy the performance levels at all times due to inherent network latency of the Internet. Are the tolerance levels of the business processes far below-par performance levels? Does Government s infrastructure support the requirements to service such services such as bandwidth, latency, etc.? 14. What are Government s network and international bandwidth roadmaps and usage? In most cases cloud services mandate reliable levels of latency as well as reliability and capacity on the network and international bandwidth so as to provide a seamless user experience? Does Government have the appropriate mechanisms in place to cater for such needs? 15. Should a solution/service be implemented through an off-premise cloud service or should it be serviced through a Government on-premise cloud? Assuming Government has the necessary resources to service the solution within its onpremise cloud, the decision to host a solution on-premise or off-premise will depend on a number of risk factors which will be tackled on a case by case bases. These risk factors include but are not limited to proximity requirements, revenue generation, mission criticality, security classification, technology, European Union obligations, legal obligations and political sensitivity. 16. In the case a solution is to be migrated to a cloud platform, do the existing solution licensing models facilitate such a transition?

17. What are Government s security requirements? Do the cloud service providers and their service offerings meet Government s security requirements? When using off-premise cloud services, Government and its entities may have limited ability to define their security requirements, having said this Government still remains responsible for the information that is stored and processed in the cloud. Therefore one needs to make sure that the security provided by the cloud provider is in line with the security requirements of Government.

03. Conclusions Whilst there are a number of advantages and challenges in the adoption of cloud based services, the key considerations provided in this paper can be used as a starting point by MITA to assess the viability of such cloud services and the respective paradigm. There are surely other considerations which are specific and should be catered for on a case by case basis when analysing the viability of cloud based services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information