Home > Articles > Networking

This chapter is from the book

Cloud Services Benefits

Common attributes of cloud offerings include massive scalability, near-immediate availability and provisioning, increased cost management controls, and more. However, while we consider the benefits here, a number of dark linings lurk around our silver clouds, and throughout this book we examine them in relation to the usage models of cloud services. Each organization will determine different sets of benefits and risks however. So, your mileage will vary.

The definitions of cloud services and related cloud computing architectures—and there are many—span a huge range of opportunities and architectures. You may choose to source cloud services internally or externally to your organization, and it is our position throughout this book that most organizations will end up with a hybrid mix of options. Therefore, not all the benefits, or risks, will apply to your situation. Part of the goal in this book is to try to isolate those areas that vary and provide tools to determine your best path forward.

Therefore, as with all things, the benefits and risks attributed to cloud should be considered relative to your current circumstances and measured against your capabilities in relation to any strategic constraints and opportunities that exist. Let's consider building cloud up before we break it down. So, before we detail how cloud solutions are defined, consider the potential benefits from the business and technology viewpoints.

Benefits of Cloud Services

The benefits ascribed to cloud span both business and technology spheres. For business leaders, your ability to maintain or gain agility and your management options are greatly enhanced. For an IT department trying to deliver services to support the business, cloud services offer a new way to architect and source solutions. By finding cloud services that match noncore delivery of IT services, the IT department can concentrate on finding and delivering the best services for the business more effectively.

At a high level the benefits of cloud services can be categorized as:

  • Agility
  • Business focus
  • Cost and budget control
  • Scalability and capacity management
  • Governance and compliance
  • Security
  • Optimized infrastructure
  • Isolation
  • Mobility
  • Refactorization

Agility

From a business perspective, there is much more to consider today beyond your ability to manage your core business and deliver great and timely products and services. Today, competitive pressures, marketing challenges, budget issues, and more are considerable requirements. Your ability to manage situations quickly and efficiently is the key. The biggest benefit of cloud computing to business today can be framed in terms of agility. Cloud services can offer huge savings in terms of time (for example, when IT capabilities must be delivered quickly). Scaling up or down with cloud services does not usually require additional hardware or software. Cloud services offer minimal setup time, minimal time to scale, and less cash outlay. This is because as a business model, cloud service providers generally host massively scaled systems' capacity that can be switched on upon request.

Suppose, for instance, that you need to scale rapidly for a new project or a seasonal rush. Companies can model these situations using internal resources, but likely at some point they will need to expand beyond that capacity. A decision is made whether to use an external provider to fill the gap; in the world of cloud services, this is called cloud bursting.

Cloud services, as a concept, are available over Internet technologies and enable us to interact or consume them from almost anywhere on any device. While issues of form factor and communication speed create some limitations today, the business benefit of being able to bring key resources to bear on a critical or time-sensitive problem is recognized as a huge benefit to the agility of any business. Having mobile and remote capabilities allows organizations to recruit employees/contractors who can deliver but who cannot or will not travel to their physical locations. Popularized in the 1990s, offshoring was a first example of this business transition: Business services could be offered from anywhere. However, the advent of cloud services means that more capabilities are available to you and to those providers (and from them, too).

Cultural issues aside, web conferencing services, such as the pioneering WebEx, show how product demonstrations no longer require someone to be physically in the room to represent the company. There are now a multitude of meeting options ranging from Citrix's GoTo services for remote access and support, to HP's Halo room for the "in the same room" meeting experience, and to Skype for making video and audio calls worldwide for much less than traditional telecommunication carrier costs. All of these examples illustrate the opportunity to use technology to deliver business results faster and at highly cost-effective price points.

Servicing your customers at scale is possible only through improvements to the scale and functionality of your service and support capabilities. Support over the Internet is one way to do this. In this scenario, you either expose your support model through a web application or you use a provider who will manage that support through a web application on your behalf (à la cloud). Outsourcers such as EDS/HP Enterprise Services, Centerbeam, and more have been offering these types of support services for more than a decade, but the ability to focus support into web-based solutions decreases the number of staff required to answer phones and deal with people directly.

Business Focus

By using the best service from a cloud service provider, a business can potentially focus more energy and talent on optimizing existing revenue streams and aggressively pursuing the development of new ones.

For example, cloud services can enable businesses to gather information, ideas, feedback and so forth from a much wider set of sources (such as customers, partners) than was ever possible by traditional means. This approach is known as crowdsourcing.

Popular crowdsourcing approaches have primarily evolved from the world of Web 2.0 solutions. One business that relies on crowdsourcing is Wikipedia, an online encyclopedia. Wikipedia employs a small organization of less than 50 employees, while utilizing several thousand key volunteers and tens of thousands of other contributors from around the world. While some entries are questionable in terms of veracity, substance or even legality, the overall effort resulted in a much more dynamic and comprehensive set of data than traditional printed encyclopedias could ever match.

Yelp offers the ability to source a set of opinions on a wide range of vendors, from restaurants, to retailers, and more. From this, others can view ratings and comments about those vendors and decide whether to use them. Yelp also shows that these types of solutions can be manipulated (for example, when they gain notoriety, or, when not enough people provide opinions).

Consider a company in crisis. On April 20, 2010 British Petroleum's oil drilling platform, the Deepwater Horizon in the Gulf of Mexico suffered a series of catastrophic failures and collapsed into the water with devastating results to life and nature. The amount of oil escaping was immense. Estimates ranged wildly from 5 to 200 thousand barrels of oil a day, flowing non-stop for over three months. The point here is that BP used crowdsourcing as one approach to deal with the cleanup efforts by creating a "Deepwater Horizon suggestions" page.4 As of July over 20,000 suggestions had been submitted, and at least 10 had been tested for use. The US federal government also set up a site with information on volunteering to help with the clean-up effort.5

This is not to say that crowdsourcing is all perfect. Using services in the cloud like this opens up the potential for anyone in the world with Internet access to "join in" with the crowd. The majority of participants are likely to offer positive input, whereas other individuals or groups are less valuable; some are trolls seeking to make noise, and some are vandals seeking to abuse the system. Mitigation against these and similar issues is centered on access controls, the ability to curate the input, verification processes, and so forth.

Vendors such as Ning, Big Tent, SocialGo, and many others enable for community-based social networking solutions, even crowdsourcing, in a more controlled environment with stricter access controls to the various parts of their services in the cloud. These additional controls can make crowd-based efforts more compelling to community-based or vertical-focused organizations.

Cost and Budget Control

Although the initial costs of using cloud services may appear less, a better expectation should be that cloud services offer more control over costs or better budget management capabilities. Most cloud services enable you to pay on a monthly, weekly, or per-use basis. Choosing a cost-effective cloud service provider can result in significant savings, but more important is finding a cloud service provider than can accurately report usage patterns to you so that you can confirm the accuracy of your billing based on use.

One noted advantage of using public cloud services is the use of operational expenditure (OpEx) over capital expenditure (CapEx). However, understanding the implications of CapEx and OpEx is critical to effectively managing budgets. The difference between buying a house and renting one is the amount of cash that (usually) goes out the door at one time, and the same concept applies here. IT data centers are generally CapEx-intensive, because they require initial outlays of cash upfront to build out. Cloud services are generally booked as OpEx because they are consumed through a services agreement over time. Although CapEx can be depreciated over time, essentially allowing costs to be defrayed against profits, the initial drain on cash at hand is often seen as detrimental and to be avoided in the business world. Having flexibility of where to spend OpEx versus CapEx enables an organization to better manage expenditure such that the costs occur over time rather than in one big lump sum, which enables for better cash-flow management.

The concept of Green IT illustrates the significant costs borne by many organizations. The operational costs associated with building and maintaining data centers and with scaling power, cooling, and even basic hardware requirements are significant. Over time business workloads fluctuate and data centers are often left fully powered on, o whether the infrastructure is used. For example, some organizations run financial systems all year, but they hit peak load only once a quarter or once a year during financial reporting periods. There are many ways that organizations can look to benefit from cloud deployments as they try to optimize and approach a Green IT model. For their own private clouds, the goal is to optimize their usage requirements and cycling systems when needed. Organizations use community or public cloud services when needed, essentially pushing their workloads to the cloud when their internal capacity is reached, or cloud-bursting. Although many cloud service providers do not provide utilization data, there is an assumption that cloud service providers have optimized their infrastructure and management tools to maximize usage.

In many cases, organizations no longer have to hire people to manage system updates and backups and therefore can save on staffing costs and on storage management.

Scalability and Capacity Management

The capability to scale quickly to extreme capacity is not a common attribute or goal of traditional data centers and IT departments. As a result, many businesses experience times when they are hampered by a process that takes weeks or months, sometimes even years, to get new compute resources and applications online. This is despite that many large enterprises have already spent millions on computer hardware and have thousands of servers under management (at least on the books). Cloud computing promises the capability to scale massively in terms of systems, connections, bandwidth, storage, and more on an almost immediate basis. The converse is also important, where the service will shrink back down just as quickly if the need is no longer there. These benefits support cost management goals and enable you to grow in line with your requirements in a linear rather than a reactive mode.

The appearance of unlimited capacity is quite appealing. Cloud services need to be tuned to carefully manage actual capacity against expected requirements, yet deal with unexpected demands when necessary, too. Predictive analysis is critical in this respect, and offering those delivery and management capabilities to customers is something that both IT and cloud service providers must do to deliver this benefit to businesses.

Governance and Compliance

Governance is the process used to ensure that regulations, rules, and mandates are followed within an organization. Compliance refers to the facility to monitor and validate that the organization is meeting the governance requirements. Although cloud services introduce potential challenges in matching these requirements, the opportunities to improve an organization's governance and compliance stance can be greatly improved.

Taking a service-based approach to delivering both business and IT functionality that incorporates the governance processes allows for closer alignment to compliance reporting. Sourcing specific, metered services from cloud service providers that specifically match governance models allows for better reporting, more accurate alignment between service usage and fluctuations in business workflow, and ultimately, faster time to market. This also brings up the need for a service catalog and related management tools to ensure usage matches expectations. We will talk about this in Chapters 7 through 10 as this closely relates to overall operations management and security as well.

In some cases, organizations have found that by using a third party to manage their IT services they are better able to deliver services within their governance models and compliance mandates. For small businesses in particular, the cost of hiring to manage these requirements can be significant itself, much like security. Using pooled resources and services allows business to capitalize on the best of that common capability.

It is important to note that although cloud services provide potential improvements to your governance and compliance position, you cannot abdicate responsibility for compliance. While different models of cloud computing architecture actually vary the amount of "control" you and the service provider have over the service, none of them changes your responsibilities to protect data, privacy, or service levels.

This is a critical point made that is reiterated throughout the text: Although you can look to the cloud for specific capabilities and functions to support governance, compliance, and even security, you cannot abdicate these obligations. For example, if a breach of your customer or employee data occurs, the responsibility to report and rectify remains yours. The cloud service provider may help deal with the issue. The cloud service provider may suffer some of the same financial repercussions. However, the cloud service provider is not the owner of the problem. Therefore, any reliance on the cloud's controls and safeguards, and on the governance and compliance practices of a cloud service provider, must be carefully evaluated in line with your governance, and compliance needs to ensure that the solution enhances your posture, instead of increasing either direct or ancillary risks.

Security

Whereas many potential users of cloud services have a visceral or gut reaction that suggest cloud services are not secure, that is certainly not always the case. We discuss security opportunities and challenges in much more detail later in the book, but for now consider many organizations find significant improvements in their security posture by using cloud services. Often, because of their size or financial limitations, small and even medium-sized businesses cannot hire security specialists or respond quickly to security incidents. Using specific best-of-breed capabilities in the cloud to prevent or identify fast-moving or specific threats is a benefit to all organizations, perhaps best illustrated by the vendors who provide antivirus and antispam solutions outside the traditional IT environment.

Optimal Infrastructure

The ability to host multiple capabilities in the same hardware, software, or service allows for the follow-on benefit of optimized use of the infrastructure. Multitenancy as a model for using compute resources has existed since the 1960s, when IBM challenged traditional time-sharing models by adding virtualization with its VM/370 series.

Multitenancy can occur at any or all levels of the architecture, as follows:

  • Virtual layer: Virtualization provides the ability to create specific environments for each process, application, or operating system. This model isolates everything above the virtual layer itself but allows for the use of pooled resources below that layer, most commonly hardware such as networking, processor, memory, input/output, and storage resources.
  • Application layer: The user interfaces of most web applications allow for specific fixed graphical and behavioral elements alongside customized elements associated with a specific organization, individual, or function. If one component or functional element fails in the delivery of the interface, it is easier to replace because those elements derived from other parts of the application and can be easily reconstructed.
  • Database layer: Data for multiple applications, through to multiple customers, can be stored in the same database, and thus allow for the focus on optimal data structures rather than entire infrastructures to support each individual requirement.

To gain the best advantage of cloud requires that each of these architectural layers be considered carefully to determine the best layer or layers to optimize for multitenancy.

Isolation

Almost a corollary to multitenancy is both the ability and requirement for isolation at each of the layers. While an application vendor such as Salesforce.com may use a common database layer for managing customer data, it is essential that the security mechanisms around the application layer maintain isolation between the various customers. Fundamental for any type of cloud provider is the requirement to offer isolation at each level of service exposure to their cloud users. This may be the infrastructure, platform, or software applications. In addition, APIs and management tools must also ensure that isolation exists in terms of identity management and access models, key management and encryption, and user interfaces. This is a specific set of technical requirements that need to be carefully evaluated when using a third-party solution in a private cloud and in any public cloud.

Mobility

The idea of web-based services has been around for many years, as have application hosting and outsourcing. The ability to get to the services from anywhere from any device has been a goal that is finally being broadly realized, and it threatens business models and IT departments who must contend with the security issues associated with data being available on devices either temporarily or long term.

In August 2009, ABI Research6 released a report that said mobile cloud computing subscribers would total nearly one billion by 2014. The ABI report contained the following reasoning:

  • There are two primary reasons why ABI believes cloud computing will become a disruptive force in the mobile world. The first is simply the number of users the technology has the power to reach: far more than the number of smartphone users alone. The second reason has to do with how applications are distributed today. Currently, mobile applications are tied to a carrier. If you want an iPhone app, for example, you have to first have a relationship with the mobile operator who carries the iPhone. If you want a Blackberry app, the same rule applies. But with mobile clouding computing applications, as long as you have access to the web, you have access to the mobile application.

Although there are many arguments against this position, the general direction in cloud services is to support more open standards and therefore the dependence on specific carriers is certainly less than in years previous. This means that offering employees, customers, and partners better access and links to your organization via an exploding mobile world is absolutely possible.

Refactorization

Some like to think of cloud computing as an opportunity to do away with all their existing infrastructure challenges and costs—a "burn it to the ground" or rebuild scenario. This is truly not the real option, especially for any enterprise with more than a year under its belt with existing IT, and especially not for medium to large enterprises with many current or legacy systems in place. The reality is that cloud services allows an IT department to refactor some or all of their existing systems over time and usually take advantage of cost-effective new ways to deliver IT services to the business as a result.

The same concept can also be applied to data center design. Historically, IT has designed data centers using the model of high availability, focusing on repair as a core requirement instead of considering the best mode for recovery to availability. This includes using certified hardware with comprehensive support and maintenance contracts. This includes concepts such as fail-fast, highly integrated systems, and deploying on stable QA tested solutions on a prepared basis with massive change control to ensure the ability to roll back failures.

Large cloud service providers are approaching infrastructure design with a qualitatively different approach. They focus on low-cost commodity hardware where possible. Faults should be simply routed around until some standard recovery can be achieved on a scheduled or even ad hoc basis. This is much more cost efficient in many modes, yet requires a change in thinking that may benefit IT. Modeling can be important here, but if you are not prepared to consider alternative approaches, you will never get to model it. Also note that it is often difficult to model third-party cloud services well, given the potentially vast array of failures that can occur. Traditional IT approaches do not immediately match well to these new architectures and will require some refactoring. We all know that hardware will fail, networks will fail, and an entire data center may fail. Truly, any part of the stack, including the human components (from operators to users), may fail in some way. So what does that mean? We need to monitor different things. It is common to model small failures in a larger system and monitor for those failures (e.g., disk out of space, router offline). Cloud services are modeled as services, and therefore if you refactor how to manage them in this context, you begin to see dependencies across the whole system rather than in terms of just the data center itself, which in turn allows you to focus on core services rather than all services. This change can truly impact IT's ability to deliver and maintain high-availability services.

Summary of Benefits

Using cloud services to supplement or replace IT functions should allow an IT department to deliver more innovative capabilities to the business by focusing more on the service delivery and less on the hardware and software updates. Most benefits derive from the pooled nature of cloud services being offered through multitenancy architectures (or more simply, economies of scale). Costs, risks, controls, and more are aggregated across thousands of customers rather than one individual organization's data center.

Many definitions of cloud computing identify self-service or self-provisioning as a benefit. Although self-service can help make cloud services easier to use, the reality is that self-service requires a mode of operations that includes service catalogs, automated provisioning and deprovisioning, and more to be effective. Therefore, we consider self-service as something that although beneficial in small environment is in reality a result of delivering good service-oriented architectures that may or may not be cloud based in nature.

In summary, cloud computing provides significant opportunities. Thinking these through in relation to your own business challenges is important. Perhaps even more critical, you want to remember that your competitors are also considering how to capitalize on these opportunities.

However, cloud computing has challenges. Your organization may already be ready to adopt and adapt to new technologies or ways of achieving your business goals, but finding success with cloud services may require a mindset that allows you to change how you manage risk and control. To achieve success with cloud, regardless of internal or external options, IT needs to be the service broker and aggregator for the business, providing guidance, cost management, and governance in this new model.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020