Cloud Services Benefits
Common attributes of cloud offerings include massive scalability, near-immediate availability and provisioning, increased cost management controls, and more. However, while we consider the benefits here, a number of dark linings lurk around our silver clouds, and throughout this book we examine them in relation to the usage models of cloud services. Each organization will determine different sets of benefits and risks however. So, your mileage will vary.
The definitions of cloud services and related cloud computing architectures—and there are many—span a huge range of opportunities and architectures. You may choose to source cloud services internally or externally to your organization, and it is our position throughout this book that most organizations will end up with a hybrid mix of options. Therefore, not all the benefits, or risks, will apply to your situation. Part of the goal in this book is to try to isolate those areas that vary and provide tools to determine your best path forward.
Therefore, as with all things, the benefits and risks attributed to cloud should be considered relative to your current circumstances and measured against your capabilities in relation to any strategic constraints and opportunities that exist. Let's consider building cloud up before we break it down. So, before we detail how cloud solutions are defined, consider the potential benefits from the business and technology viewpoints.
Benefits of Cloud Services
The benefits ascribed to cloud span both business and technology spheres. For business leaders, your ability to maintain or gain agility and your management options are greatly enhanced. For an IT department trying to deliver services to support the business, cloud services offer a new way to architect and source solutions. By finding cloud services that match noncore delivery of IT services, the IT department can concentrate on finding and delivering the best services for the business more effectively.
At a high level the benefits of cloud services can be categorized as:
- Business focus
- Cost and budget control
- Scalability and capacity management
- Governance and compliance
- Optimized infrastructure
From a business perspective, there is much more to consider today beyond your ability to manage your core business and deliver great and timely products and services. Today, competitive pressures, marketing challenges, budget issues, and more are considerable requirements. Your ability to manage situations quickly and efficiently is the key. The biggest benefit of cloud computing to business today can be framed in terms of agility. Cloud services can offer huge savings in terms of time (for example, when IT capabilities must be delivered quickly). Scaling up or down with cloud services does not usually require additional hardware or software. Cloud services offer minimal setup time, minimal time to scale, and less cash outlay. This is because as a business model, cloud service providers generally host massively scaled systems' capacity that can be switched on upon request.
Suppose, for instance, that you need to scale rapidly for a new project or a seasonal rush. Companies can model these situations using internal resources, but likely at some point they will need to expand beyond that capacity. A decision is made whether to use an external provider to fill the gap; in the world of cloud services, this is called cloud bursting.
Cloud services, as a concept, are available over Internet technologies and enable us to interact or consume them from almost anywhere on any device. While issues of form factor and communication speed create some limitations today, the business benefit of being able to bring key resources to bear on a critical or time-sensitive problem is recognized as a huge benefit to the agility of any business. Having mobile and remote capabilities allows organizations to recruit employees/contractors who can deliver but who cannot or will not travel to their physical locations. Popularized in the 1990s, offshoring was a first example of this business transition: Business services could be offered from anywhere. However, the advent of cloud services means that more capabilities are available to you and to those providers (and from them, too).
Cultural issues aside, web conferencing services, such as the pioneering WebEx, show how product demonstrations no longer require someone to be physically in the room to represent the company. There are now a multitude of meeting options ranging from Citrix's GoTo services for remote access and support, to HP's Halo room for the "in the same room" meeting experience, and to Skype for making video and audio calls worldwide for much less than traditional telecommunication carrier costs. All of these examples illustrate the opportunity to use technology to deliver business results faster and at highly cost-effective price points.
Servicing your customers at scale is possible only through improvements to the scale and functionality of your service and support capabilities. Support over the Internet is one way to do this. In this scenario, you either expose your support model through a web application or you use a provider who will manage that support through a web application on your behalf (à la cloud). Outsourcers such as EDS/HP Enterprise Services, Centerbeam, and more have been offering these types of support services for more than a decade, but the ability to focus support into web-based solutions decreases the number of staff required to answer phones and deal with people directly.
By using the best service from a cloud service provider, a business can potentially focus more energy and talent on optimizing existing revenue streams and aggressively pursuing the development of new ones.
For example, cloud services can enable businesses to gather information, ideas, feedback and so forth from a much wider set of sources (such as customers, partners) than was ever possible by traditional means. This approach is known as crowdsourcing.
Popular crowdsourcing approaches have primarily evolved from the world of Web 2.0 solutions. One business that relies on crowdsourcing is Wikipedia, an online encyclopedia. Wikipedia employs a small organization of less than 50 employees, while utilizing several thousand key volunteers and tens of thousands of other contributors from around the world. While some entries are questionable in terms of veracity, substance or even legality, the overall effort resulted in a much more dynamic and comprehensive set of data than traditional printed encyclopedias could ever match.
Yelp offers the ability to source a set of opinions on a wide range of vendors, from restaurants, to retailers, and more. From this, others can view ratings and comments about those vendors and decide whether to use them. Yelp also shows that these types of solutions can be manipulated (for example, when they gain notoriety, or, when not enough people provide opinions).
Consider a company in crisis. On April 20, 2010 British Petroleum's oil drilling platform, the Deepwater Horizon in the Gulf of Mexico suffered a series of catastrophic failures and collapsed into the water with devastating results to life and nature. The amount of oil escaping was immense. Estimates ranged wildly from 5 to 200 thousand barrels of oil a day, flowing non-stop for over three months. The point here is that BP used crowdsourcing as one approach to deal with the cleanup efforts by creating a "Deepwater Horizon suggestions" page.4 As of July over 20,000 suggestions had been submitted, and at least 10 had been tested for use. The US federal government also set up a site with information on volunteering to help with the clean-up effort.5
This is not to say that crowdsourcing is all perfect. Using services in the cloud like this opens up the potential for anyone in the world with Internet access to "join in" with the crowd. The majority of participants are likely to offer positive input, whereas other individuals or groups are less valuable; some are trolls seeking to make noise, and some are vandals seeking to abuse the system. Mitigation against these and similar issues is centered on access controls, the ability to curate the input, verification processes, and so forth.
Vendors such as Ning, Big Tent, SocialGo, and many others enable for community-based social networking solutions, even crowdsourcing, in a more controlled environment with stricter access controls to the various parts of their services in the cloud. These additional controls can make crowd-based efforts more compelling to community-based or vertical-focused organizations.
Cost and Budget Control
Although the initial costs of using cloud services may appear less, a better expectation should be that cloud services offer more control over costs or better budget management capabilities. Most cloud services enable you to pay on a monthly, weekly, or per-use basis. Choosing a cost-effective cloud service provider can result in significant savings, but more important is finding a cloud service provider than can accurately report usage patterns to you so that you can confirm the accuracy of your billing based on use.
One noted advantage of using public cloud services is the use of operational expenditure (OpEx) over capital expenditure (CapEx). However, understanding the implications of CapEx and OpEx is critical to effectively managing budgets. The difference between buying a house and renting one is the amount of cash that (usually) goes out the door at one time, and the same concept applies here. IT data centers are generally CapEx-intensive, because they require initial outlays of cash upfront to build out. Cloud services are generally booked as OpEx because they are consumed through a services agreement over time. Although CapEx can be depreciated over time, essentially allowing costs to be defrayed against profits, the initial drain on cash at hand is often seen as detrimental and to be avoided in the business world. Having flexibility of where to spend OpEx versus CapEx enables an organization to better manage expenditure such that the costs occur over time rather than in one big lump sum, which enables for better cash-flow management.
The concept of Green IT illustrates the significant costs borne by many organizations. The operational costs associated with building and maintaining data centers and with scaling power, cooling, and even basic hardware requirements are significant. Over time business workloads fluctuate and data centers are often left fully powered on, o whether the infrastructure is used. For example, some organizations run financial systems all year, but they hit peak load only once a quarter or once a year during financial reporting periods. There are many ways that organizations can look to benefit from cloud deployments as they try to optimize and approach a Green IT model. For their own private clouds, the goal is to optimize their usage requirements and cycling systems when needed. Organizations use community or public cloud services when needed, essentially pushing their workloads to the cloud when their internal capacity is reached, or cloud-bursting. Although many cloud service providers do not provide utilization data, there is an assumption that cloud service providers have optimized their infrastructure and management tools to maximize usage.
In many cases, organizations no longer have to hire people to manage system updates and backups and therefore can save on staffing costs and on storage management.
Scalability and Capacity Management
The capability to scale quickly to extreme capacity is not a common attribute or goal of traditional data centers and IT departments. As a result, many businesses experience times when they are hampered by a process that takes weeks or months, sometimes even years, to get new compute resources and applications online. This is despite that many large enterprises have already spent millions on computer hardware and have thousands of servers under management (at least on the books). Cloud computing promises the capability to scale massively in terms of systems, connections, bandwidth, storage, and more on an almost immediate basis. The converse is also important, where the service will shrink back down just as quickly if the need is no longer there. These benefits support cost management goals and enable you to grow in line with your requirements in a linear rather than a reactive mode.
The appearance of unlimited capacity is quite appealing. Cloud services need to be tuned to carefully manage actual capacity against expected requirements, yet deal with unexpected demands when necessary, too. Predictive analysis is critical in this respect, and offering those delivery and management capabilities to customers is something that both IT and cloud service providers must do to deliver this benefit to businesses.
Governance and Compliance
Governance is the process used to ensure that regulations, rules, and mandates are followed within an organization. Compliance refers to the facility to monitor and validate that the organization is meeting the governance requirements. Although cloud services introduce potential challenges in matching these requirements, the opportunities to improve an organization's governance and compliance stance can be greatly improved.
Taking a service-based approach to delivering both business and IT functionality that incorporates the governance processes allows for closer alignment to compliance reporting. Sourcing specific, metered services from cloud service providers that specifically match governance models allows for better reporting, more accurate alignment between service usage and fluctuations in business workflow, and ultimately, faster time to market. This also brings up the need for a service catalog and related management tools to ensure usage matches expectations. We will talk about this in Chapters 7 through 10 as this closely relates to overall operations management and security as well.
In some cases, organizations have found that by using a third party to manage their IT services they are better able to deliver services within their governance models and compliance mandates. For small businesses in particular, the cost of hiring to manage these requirements can be significant itself, much like security. Using pooled resources and services allows business to capitalize on the best of that common capability.
It is important to note that although cloud services provide potential improvements to your governance and compliance position, you cannot abdicate responsibility for compliance. While different models of cloud computing architecture actually vary the amount of "control" you and the service provider have over the service, none of them changes your responsibilities to protect data, privacy, or service levels.
This is a critical point made that is reiterated throughout the text: Although you can look to the cloud for specific capabilities and functions to support governance, compliance, and even security, you cannot abdicate these obligations. For example, if a breach of your customer or employee data occurs, the responsibility to report and rectify remains yours. The cloud service provider may help deal with the issue. The cloud service provider may suffer some of the same financial repercussions. However, the cloud service provider is not the owner of the problem. Therefore, any reliance on the cloud's controls and safeguards, and on the governance and compliance practices of a cloud service provider, must be carefully evaluated in line with your governance, and compliance needs to ensure that the solution enhances your posture, instead of increasing either direct or ancillary risks.
Whereas many potential users of cloud services have a visceral or gut reaction that suggest cloud services are not secure, that is certainly not always the case. We discuss security opportunities and challenges in much more detail later in the book, but for now consider many organizations find significant improvements in their security posture by using cloud services. Often, because of their size or financial limitations, small and even medium-sized businesses cannot hire security specialists or respond quickly to security incidents. Using specific best-of-breed capabilities in the cloud to prevent or identify fast-moving or specific threats is a benefit to all organizations, perhaps best illustrated by the vendors who provide antivirus and antispam solutions outside the traditional IT environment.
The ability to host multiple capabilities in the same hardware, software, or service allows for the follow-on benefit of optimized use of the infrastructure. Multitenancy as a model for using compute resources has existed since the 1960s, when IBM challenged traditional time-sharing models by adding virtualization with its VM/370 series.
Multitenancy can occur at any or all levels of the architecture, as follows:
- Virtual layer: Virtualization provides the ability to create specific environments for each process, application, or operating system. This model isolates everything above the virtual layer itself but allows for the use of pooled resources below that layer, most commonly hardware such as networking, processor, memory, input/output, and storage resources.
- Application layer: The user interfaces of most web applications allow for specific fixed graphical and behavioral elements alongside customized elements associated with a specific organization, individual, or function. If one component or functional element fails in the delivery of the interface, it is easier to replace because those elements derived from other parts of the application and can be easily reconstructed.
- Database layer: Data for multiple applications, through to multiple customers, can be stored in the same database, and thus allow for the focus on optimal data structures rather than entire infrastructures to support each individual requirement.
To gain the best advantage of cloud requires that each of these architectural layers be considered carefully to determine the best layer or layers to optimize for multitenancy.
Almost a corollary to multitenancy is both the ability and requirement for isolation at each of the layers. While an application vendor such as Salesforce.com may use a common database layer for managing customer data, it is essential that the security mechanisms around the application layer maintain isolation between the various customers. Fundamental for any type of cloud provider is the requirement to offer isolation at each level of service exposure to their cloud users. This may be the infrastructure, platform, or software applications. In addition, APIs and management tools must also ensure that isolation exists in terms of identity management and access models, key management and encryption, and user interfaces. This is a specific set of technical requirements that need to be carefully evaluated when using a third-party solution in a private cloud and in any public cloud.
The idea of web-based services has been around for many years, as have application hosting and outsourcing. The ability to get to the services from anywhere from any device has been a goal that is finally being broadly realized, and it threatens business models and IT departments who must contend with the security issues associated with data being available on devices either temporarily or long term.
In August 2009, ABI Research6 released a report that said mobile cloud computing subscribers would total nearly one billion by 2014. The ABI report contained the following reasoning:
- There are two primary reasons why ABI believes cloud computing will become a disruptive force in the mobile world. The first is simply the number of users the technology has the power to reach: far more than the number of smartphone users alone. The second reason has to do with how applications are distributed today. Currently, mobile applications are tied to a carrier. If you want an iPhone app, for example, you have to first have a relationship with the mobile operator who carries the iPhone. If you want a Blackberry app, the same rule applies. But with mobile clouding computing applications, as long as you have access to the web, you have access to the mobile application.
Although there are many arguments against this position, the general direction in cloud services is to support more open standards and therefore the dependence on specific carriers is certainly less than in years previous. This means that offering employees, customers, and partners better access and links to your organization via an exploding mobile world is absolutely possible.
Some like to think of cloud computing as an opportunity to do away with all their existing infrastructure challenges and costs—a "burn it to the ground" or rebuild scenario. This is truly not the real option, especially for any enterprise with more than a year under its belt with existing IT, and especially not for medium to large enterprises with many current or legacy systems in place. The reality is that cloud services allows an IT department to refactor some or all of their existing systems over time and usually take advantage of cost-effective new ways to deliver IT services to the business as a result.
The same concept can also be applied to data center design. Historically, IT has designed data centers using the model of high availability, focusing on repair as a core requirement instead of considering the best mode for recovery to availability. This includes using certified hardware with comprehensive support and maintenance contracts. This includes concepts such as fail-fast, highly integrated systems, and deploying on stable QA tested solutions on a prepared basis with massive change control to ensure the ability to roll back failures.
Large cloud service providers are approaching infrastructure design with a qualitatively different approach. They focus on low-cost commodity hardware where possible. Faults should be simply routed around until some standard recovery can be achieved on a scheduled or even ad hoc basis. This is much more cost efficient in many modes, yet requires a change in thinking that may benefit IT. Modeling can be important here, but if you are not prepared to consider alternative approaches, you will never get to model it. Also note that it is often difficult to model third-party cloud services well, given the potentially vast array of failures that can occur. Traditional IT approaches do not immediately match well to these new architectures and will require some refactoring. We all know that hardware will fail, networks will fail, and an entire data center may fail. Truly, any part of the stack, including the human components (from operators to users), may fail in some way. So what does that mean? We need to monitor different things. It is common to model small failures in a larger system and monitor for those failures (e.g., disk out of space, router offline). Cloud services are modeled as services, and therefore if you refactor how to manage them in this context, you begin to see dependencies across the whole system rather than in terms of just the data center itself, which in turn allows you to focus on core services rather than all services. This change can truly impact IT's ability to deliver and maintain high-availability services.
Summary of Benefits
Using cloud services to supplement or replace IT functions should allow an IT department to deliver more innovative capabilities to the business by focusing more on the service delivery and less on the hardware and software updates. Most benefits derive from the pooled nature of cloud services being offered through multitenancy architectures (or more simply, economies of scale). Costs, risks, controls, and more are aggregated across thousands of customers rather than one individual organization's data center.
Many definitions of cloud computing identify self-service or self-provisioning as a benefit. Although self-service can help make cloud services easier to use, the reality is that self-service requires a mode of operations that includes service catalogs, automated provisioning and deprovisioning, and more to be effective. Therefore, we consider self-service as something that although beneficial in small environment is in reality a result of delivering good service-oriented architectures that may or may not be cloud based in nature.
In summary, cloud computing provides significant opportunities. Thinking these through in relation to your own business challenges is important. Perhaps even more critical, you want to remember that your competitors are also considering how to capitalize on these opportunities.
However, cloud computing has challenges. Your organization may already be ready to adopt and adapt to new technologies or ways of achieving your business goals, but finding success with cloud services may require a mindset that allows you to change how you manage risk and control. To achieve success with cloud, regardless of internal or external options, IT needs to be the service broker and aggregator for the business, providing guidance, cost management, and governance in this new model.