Introduction - Johnson County

pullfarmInternet and Web Development

Nov 3, 2013 (3 years and 7 months ago)

112 views


Cloud Computing

A Compilation of Facts, Ideas, and Recommendations from Various Sources

Department of Technology and Innovation




Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
2

of
21


Introduction

The term “cloud” is used to describe a multitude of services and products available today. Nearly every technology vendor
has some product that they tout as “cloud ready” or “in the cloud”. Careful review and analysis are necessary to
understand precisel
y what each vendor means by “cloud” and
if

the product is a fit for Johnson County. Not all “clouds”
are the same.

CONTENTS

Introduction

2

Executive Summary

4

What is Cloud Computing?

5

Clou
d Characteristics

5

Advantages and Disadvantages of Cloud Computing

7

Service Models

9

Software as a Service
-

SaaS

9

Platform as a Service
-

PaaS

10

Infrastructure as a Service
-

IaaS

10

Deployment Models

11

Private Cloud

12

Community Clou
d

12

Public Cloud

12

Hybrid Cloud

12

Cloud Adoption

13

General Adoption

13

Government A
doption

14

Cloud Considerations

15

Security

15

Staff Skills

15

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
3

of
21


Cultural Factors

16

Impact to Ot
her Applications and Processes

17

Cost

17

Vendor Experience

18

Legal Issues

18

Personal Clouds

19

Conclusions

21

Resistance is Fu
tile

21




Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
4

of
21


Executive Summary

Cloud computing delivers technology as a service rather than a product. In the cloud model, access to software, data, and
technical resources like servers and storage is delivered like a utility (think electricity or water) over a network. Techno
logy
users do not need to know the location and other details of the underlying computing infrastructure.

According to the National

Institute of Standards and Technology, c
loud computing is a model for enabling convenient, on
-
demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly pro
visioned and released with minimal management effort or service
provider interaction. This cloud model promotes availability and is composed of

five essential characteristics:

1.

On
-
demand
self
-
service,

2.

Broad network access
,

3.

Resource Pooling
,

4.

Rapid
elasticity
,

5.

Measured Service
.

Cloud computing can offer an organization several benefits but as with most things, there are also disadvantages to
consider when making decisions about using cloud services or choosing a cloud provider. Due diligence is requ
ired in each
situation involving a cloud computing decision to ensure benefits are maximized and the risks of the associated
disadvantages are mitigated. Some of the disadvantages can be addressed as legal contract issues.

Cloud computing comes in three d
ifferent services models, Software as a Service (SaaS), Platform as a Service (PaaS), and
Infrastructure as a Service (IaaS). Each model has advantages and disadvantages and no one model can serve all the needs
of Johnson County. Each service model offer
s differing levels of control for the organization.

The service models are:

1.

SaaS


Software as a Service,

2.

PaaS


Platform as a Service,

3.

Iaa
S


Infrastructure as a Service
.

Cloud services can be implemented in a multitude of different configurations
;

private cloud, community cloud, public
cloud, and hybrid cloud
. These are called cloud deployment models and an organization can

utilize more than one model.

News stories of public sector organizations moving to the cloud are common. Many have claimed ex
treme cost savings by
implementing a cloud solution. A close look at these cases shows that the vast majority were organizations that had
outdated, multiple, disparate systems supporting the same business function, i.e. multiple email systems. These grou
ps
were able to substantially improve their technology using a cloud solution for less than it would have cost for an on
premise solution. For other organizations with current technology stacks, the cost benefits are harder to find. These types

of organi
zations are finding that the flexibility offered by cloud products is the biggest benefit for them.

Any organization preparing to use a cloud computing resource has many things to consider and decisions to make. While
actually purchasing these services is

in many cases extremely easy, answers to the
question

of who owns the data, what
kind of security provisions are in place,
and
how is the service accessed are just the beginning of several issues to be
addressed before using a cloud solution.

Other issue
s include cultural factors, staff skills, cost, vendor experience, impact
to the existing technology environment, legal issues, and even the use of personal cloud services by individual employees.

The use of cloud services and technologies is an issue that

every organization must address. This issue will be forced by
vendors that only offer their products as cloud services and by the increasing use of personal devices by employees.
Organizations may choose to limit their use of cloud technologies, but wil
l miss out on the many benefits these services
have to offer.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
5

of
21


A well thought out strategy for using cloud resources is the best plan for moving forward and exploiting all this emerging
technology has to offer. Organizations that take this approach will be

in the best position to take advantage of this shift in
computing technology. However, time is of the essence. Vendors and employees will not wait for an organization to
make decisions about cloud computing. These two groups will move to fill the vacu
um created by any lack of direction or
corporate strategy in this area, perhaps with negative consequences for the organization.

What is Cloud Computing?

Cloud computing delivers technology as a s
ervice rather than a product.

In the cloud model, access
to

software
, data, and
technical resources like servers and storage is delivered
like

a utility
(think electricity or water)
over a network.
T
echnology
users do not need to know the location and other details of the underlying computing infrastructure.

Clou
d computing is not a fundamentally new idea. Cloud computing draws on existing technologies and approaches, like
utility computing, Software
-
as
-
a
-
Service, distributed computing,
virtualization,
and centralized data centers
. C
loud
computing combines and
integrates these approaches

allowing organizations to
get IT services in a very simple way
.

As with many buzzwords, ‘
cloud computing’ has been
used to mean

anything that’s based on the
Internet
, which
is no
t

entirely accurate
. Cloud computing is more about the resources behind the business. It

i
s about scalability in the
technology
or

the ability of a particular system

or network of systems to handle an increasing amount of traffic or data
with ease, without needing much, or any, resource investment.

C
loud can also mean any digital product that performs a sophisticated task without the need for desktops or downloading.

Smartphones and tablets are everywhere and they are making the Internet a truly mobile experience. The Internet is
ubiquitous, which is fertile ground for cloud technology to flourish.
Spotify, YouTube, Google Docs, DropBox, Facebook,
EverNote, Skype mak
e it possible to live, engage and interact entirely in the cloud.

According to the National Institute of Standards and Technology, c
loud computing is a model for enabling convenient, on
-
demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal manage
ment effort or service
provider interaction.
This cloud model promotes availability and is composed of five essential characteristics.

Cloud Characteristics

1. On
-
d
emand Self
-
Service

A consumer can unilaterally provision computing capabilities, such
as
server time and network storage, as needed
,

automatically
without requiring human interaction with each service’s provider
.



Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
6

of
21



2. Broad Network Access

Capabilities are available over the network and accessed through
standard mechanisms that promote use

by heterogeneous thin
or thick client platforms (e.g., mobile phones, laptops, and
PDAs).


3. Resource Pooling

The provider’s computing resources are pooled to serve multiple
consumers using a multi
-
tenant model, with different physical and
virtual
resources dynamically assigned and reassigned according to
consumer demand. There is a sense of location independence in that
the customer generally has no control or knowledge over the exact
location of the provided resources but may be able to specify
lo
cati on at a hi gher l evel of abstracti on ( e.g., country, state, or
datacenter). Exampl es of resources i ncl ude storage, processi ng,
memory, network bandwi dth, and vi rtual machi nes.




4
.
Rapid elasticity

Capabi l i ti es can be rapi dl y and el asti cal l y pr ovi si oned, i n some
cases automati cal l y, to qui ckl y scal e out and rapi dl y r el eased to
qui ckl y scal e i n. To the consumer, the capabi l i ti es avai l abl e for
provi si oni ng often appear to be unl i mi ted and can be purch
ased
i n any quanti ty at any ti me.


5.
Measured Service
.

Cl oud systems automati cal l y control and opti mi ze r esour ce use by
l everagi ng a meter i ng capabi l i ty at some l evel of abstracti on
appropri ate to the type of servi ce ( e.g., storage, processi ng,
bandwi dth, and acti ve user accounts). Resour ce usage can be
moni tor ed, contr ol l ed, and repor ted pr ovi di ng transparency for both
the provi der and consumer of the uti l i zed ser vi ce



Al though a vendor may associ ate a product or ser vi ce wi th cl oud computi ng, not al l “cl oud” products have
al l
fi ve character i sti cs.

Many c
l oud pr oducts
are

based on vi rtual i zati on technol ogi es
.
Vi r tual i zati on faci l i tates many of the
advantages of cl oud
c
omputing and allows cloud providers to manage vast pools of computing resources efficiently.

Cloud vendors

provide standard offerings that allow them to take advantage of large economies of scale, which in turn
limit variation in many aspects of service p
rovision like software customization, contract terms, and service level
Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
7

of
21


agreements. These vendors are working with massive numbers of customers and will have no incentive to change their
models for
a single organization
. These products are provided as on
e size fits all, take it or leave it.

Advantages and Disadvantages o
f Cloud Computing

Cloud computing can offer an

organization several benefits

but as with most things, there are also disadvantages to
consider when making decisions about using cloud services or choosing a cloud provider. Generally, any specific product
will not de
li
ver all the benefits listed, nor will it have all the drawbacks
described below.

Due diligence is required in each
situation involving a cloud computing decision to ensure benefits are maximized and the risks of the associated
disadvantages are mitigated.

Some

of the disadvantages can be addressed as legal contract issues.

BENEFITS

DRAWBACKS



REDUCED UPFRONT COST
S

Cloud technologies are paid for overtime, eliminating
large upfront costs associated with hardware, software
licensing, and storage procurement. Thi
s moves these
types of costs from capital expenses to operational
expenses.



VENDOR LOCKIN

Once a cloud solution is implemented, significant effort
may
be required

to change to another vendor’s
se牶rces⸠ 䍬Cud c畳瑯te牳 a牥r
li浩med
瑯t瑨e s潦瑷t牥r
fea瑵tes

瑨t
vend潲ooffe牳

and c畳瑯浩穡ti潮o a牥r
ei瑨e爠n潴o灯ssible 潲ove特 ex灥nsive.



HIGHLY AUTOMATED

Software patches and updates are applied by the cloud
provider eliminating the need for IT staff to perform
these tasks. Expanding services is also
automated so
that more capacity can be added very quickly.



LOSS OF CONTROL

A

cloud deployment
can
put the organization’s
瑥t桮潬o杹gasse瑳 and da瑡 unde爠瑨t c潮瑲ol 潦 a 瑨楲d
灡牴礮y A si杮楦ican琠a浯畮m of 瑲畳琠is inv潬ved.

In 瑨e
even琠of a dis牵灴io
n of the vendor’s service, the
潲条oi穡瑩tn 浵m琠牥r礠s潬el礠潮o瑨t vend潲o瑯tre浥d礠
瑨t 潵瑡来 si瑵t瑩潮o



GREATER FLEXIBILITY
AND SCALABILITY

The elastic nature of cloud computing provides greater
flexibility, allowing organizations to expand and
collaps
e computing resources as demands change.



PRIVACY AND SECURITY

Using cloud resources means hosting applications and
data on the Internet. Cloud vendors must be upfront
about issues like virus protection, intrusion detection,
and access control.



FREE UP IT

RESOURCES FOR INNOVA
TON

IT staff are relieved of the day to day maintenance and
support requirements for hardware, operating systems,
storage management, and many other tasks required
just to “keep the lights on”. This allows staff to focus
潮ob物湧楮朠i
nn潶ati潮oand ne眠s潬畴u潮o 瑯t瑨t
潲条oi穡瑩tn.



TOTAL D
EPENDANCE ON INTERNE
T

While accessing business applications through the
Internet allows great flexibility, any outage can cause
major disruptions in business processes

Locations
with slow speed con
nections to the Internet will
struggle with this application delivery method.



GREATER ACCESSIBILIT
Y

Business applications that are hosted in the cloud can
be accessed from anywhere there is an Internet
connection.



TECHNOLOGIES AND MAR
KET NOT FULLY MATURE

Although cloud products have been marketed for the
last 3 or 4 years, these technologies and vendor
experience are not fully mature and will see significant
changes over the next few years.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
8

of
21


BENEFITS

DRAWBACKS



DEVICE INDEPENDENCE

Applications that can be delivered from the c
loud are
available from any computing device. Mobility and
portability are greatly enhanced.



PHYSICAL LOCATION OF

HARDWARE, SOFTWARE

AND DATA IS UNKNOWN

Organizations using cloud services to provide
applications and data have little control over the
physi
cal location of these assets. An entity in Kansas
City may be fine with services provided from Chicago,
but what if those services are transferred to New York
or even out of the United States when the vendor
adjusts resources based on consumer demand?



Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
9

of
21


Service Models

Cloud computing comes in three different services models, Software as a Service (SaaS), Platform as a Service (PaaS), and
Infrastructure as a Service (IaaS). Each model has advantages and disadvantages and
no one model can serve a
ll the nee
ds
of Johnson County.

Each service model offers differing levels of control for the organization.

All business applications, from email, to Oracle Financials, to specialized departmental software like the Appraiser’s Orion
application are delivered by thr
ee primary layers of technology. Cloud Service models can be equated to these layers.

Each layer encompasses the components of the layers beneath it.

Servers
,
Storage
,
Network
Database
Email
-

Exchange
Messaging
Email
-

Outlook
Oracle
Financials
Orion Appraisal
(
APR
)
Basic
Consumer
Information
(
JCDS
)
SaaS
PaaS
IaaS
Operating
Systems
-

Windows

Software as a Service
-

SaaS

Software as a Service
,

or SaaS
,

is
the
most
complete service

model offered by vendors under the cloud umbrella.
It can
provide an entire set of business applications running in the cloud.
This model consists of software and it
s

associated data
hosted
in the provider’s data center and

accessed
acro
ss the Internet
through a browser, like Internet Explorer
.


The
organization does not manage or control the underlying cloud infrastructure including network, servers, operating
systems, storage, or even individual application capabilities, with the possib
le exception of limited user specific application
configuration settings.

Many general business office applications are available as a SaaS
product
. Accounting, customer relationship
management, email, calendaring, and human resources management applicati
ons are all readily available through SaaS
offerings.
Some well
-
known products in this space include Google’s Gmail, Microsoft’s 360 offerings, and Salesforce.com.

Johnson County already uses some applications that are delivered through this model. Thes
e include the Motor Vehicle
QLESS application that provides customer line management and Human Services SAMS application used by Aging. The
County’s
HR department is also currently implementing HRSmart
for job applicant tracking using
the SaaS model.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
10

of
21


Plat
form as a Service
-

PaaS

Simply stated, PaaS
provides a

“platform” and
the capability to build or deploy applications on

top of
hardware and
operating systems provided by the PaaS vendor.

Typically, a cloud computing provider offers multiple application
components that align
with specific

development models and programming tools. For the most part, PaaS offerings are
built
upon either

a Microsoft
-
based stack (i.e., Windows, .NET, IIS, SQL
Server, etc.) or an open source
-
based
stack (
i.e.,
the “LAMP” stack containing Linux, Apache, MySQL, and PHP).

The organization does not manage or control the
underlying cloud infrastructure including network, servers
, or

storage, but has control over the

deployed applications and
possibly configuration settings for the application
-
hosting environment.

Vendor PaaS products include Microsoft’s Azure platform, Google’s App engine
, and Salesforce.com’s Force.com. Other
large well know vendors are expected to

enter this market, including HP, Dell
,

and Oracle.

Johnson County ITS does not currently use any PaaS products, but there are certain circumstances where these types of
services could benefit the County. Development and test servers needed to build, test

and deploy new software are one
potential use of a PaaS product. Another situation might be using PaaS products during the early implementation phases
of a software deployment project, allowing the implementation team time and experience to understand th
e real
hardware requirements of
a

new system.

A PaaS solution might be a very good fit for hosting Johnson County’s static
websites.

Infrastructure as a Service
-

IaaS

IaaS

is the

most basic cloud

service model, aligning the on
demand resources of the clo
ud with
tactical IT needs.
IaaS is
similar to managed services

offerings of the Internet era (i.e., hosting serv
ices, storage service providers
, etc.). The primary

difference is that cloud
resources can

be consumed on an as

needed

basis. In other words, e
nterprise consumers pay for
virtual machines (VMs), storage capacity, and network

bandwidth for a variable amount of time rather than servers,
storage arrays, and switches/routers on a

contractual basis.
The organization does not manage or control the unde
rlying
cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited
control of select networking components (e.g., host firewalls)
.


IaaS can be utilized as a temporary resource or used for
years at

a time. IaaS prices are

based upon two factors: IaaS resource consumption and the duration of use.

Amazon’s EC2 product, Rackspace Cloud, AT&T, and HP are just a few of the large vendors that operate in the IaaS arena.
Johnson County ITS has not yet vent
ured into the IaaS environment, but possibilities include using IaaS storage to meet
the County’s ongoing demand for storage or even bare metal servers that some County applications could operate on.
This might work particularly well for the County’s disa
ster recovery site, because of the elastic nature of these types of
cloud offerings. This type of cloud product might also work well to handle cyclic peak demands for computing power
needed by some
work

processes seen in
d
epartment
s

like the County

Appraiser.



Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
11

of
21


Deployment Models

Cloud services can be implemented in a multitude of different configurations. These are called cloud deployment models
and
an

organization
can

utilize more than one model.

Private Cloud
Public Cloud
Community Cloud
Private Cloud
Hybrid
Cloud
Private Network

These models can be
differentiated based on who owns and/or manages the components of the cloud.

As with the service
models, the deployment models offer varying amounts of control. The diagram below illustrates the ownership and
management of components for the three cloud
deployment models.


Source:
http://www.rati onal survi vabi l i ty.com/bl og/?p=743

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
12

of
21


Private Cloud

A private cloud deployment allows a single organization access to the cloud’s computing resources
.

Private clouds may be
hosted by the owning organization or hosted by a third party across the Internet.
They may be hosted on premise
or

off
premise.
Private clouds do not offer all of the benefits associated with cloud computing, but can eliminate man
y of the
risks and disadvantages.

Clouds hosted on an
organization’s

internal network

require the purchase and management of the hardware and
supporting software. The organization gains the flexibility and scalability of cloud computing without incurring
the
security risks or having to rely on a third party vendor.

Community Cloud

A community cloud
can
support the needs of

several organizations
.
Generally, organizations that
cooperate to
deploy
community clouds have common concerns: e.g. mission, security

requirements, privacy issues, compliance requirements,
etc. Like the private cloud model,
community clouds can be built and operated

by members of the community or
by
third

party providers.

A community cloud deployment spreads the infrastructure and mana
gement costs among the community’s members,
make it less expensive than a private cloud deployment. Security and privacy can still be an issue, but with fewer
organizations access
ing

the cloud, these concerns are reduced over a public cloud deployment.

Pu
blic Cloud

Public clouds are owned by organizations selling cloud services and serve many clients. The cloud infrastructure and
computing resources are made available to the general public over the Internet.

The public cloud offers state
-
of
-
the
-
art
techn
ology, elastic and (theoretically) unlimited scalability, and the potential for genuine pay
-
per
-
use pricing. This
model,

again theoretically, provides the highest degree of cost savings while requiring the least amount of overhead.

Hybrid Cloud

The cloud
infrastructure
can
combine private or community clouds with public clouds.

Th
is

cloud
model

consists of a
number of clouds of any type, but the clouds have the ability through their interfaces to allow data and/or applications to
be moved from one cloud t
o another. This can be a combination of private and public clouds that support the requirement
to retain some data in an organization, and also the need to offer services in the cloud. Private or community cloud
services can have the capability to extend
or “burst” to consume public cloud resources when demand for resources rise.



Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
13

of
21


Cloud
Adoption

General Adoption

With more vendors offering cloud products every day
, this

technology space is
still changing very rapidly. The

market
still
will see

some growing pains,
and will likely see some vendor con
solidation
. M
anagement and monitoring products

need to
improve and mature. Other concerns include security and regulatory compliance issues. But the market is growing and
a

new survey by channel
-
fo
cused service provider

Rise

(a division of FastHosts Internet Group) indicates that the
United
States

is the

faste
st growing market for the cloud resources.
Rise
surveyed

“400 senior IT and business decision
-
makers in
enterprises, small
-
to
-
medium businesses (SMBs) and public sector organizations.” These survey
-
takers were asked about
topics including extent of cloud adoption, cloud service satisfaction, role of IT in the cloud and common hurdles.

According
to
the Rise press release about the survey, r
esponses indicated the following trends:



Migration toward cloud services has been rapid, with three
-
quarters of organizations polled (76 per cent) citing
use of cloud computing for at least one service.



Adoption

of cloud computing in the private sector leads at 83 percent, compared to the public sector at 63
percent.



Organizations that employ fewer than 20 people and those that employ more than 10,000 have highest adoption
rates (just over 80 percent) as opposed
to the mid
-
market adoption at 65 percent.



Nearly all organizations polled (98 percent) that already use cloud
-
based services rate their satisfaction as
extremely high.



Ninety
-
four percent of IT departments expect to expand their use of cloud services in th
e next 12 months to other
IT operations including e
-
mail, asset management and security.

Forrester
, a

global research and advisory firm
,
predicts that

SaaS will out
grow all other cloud services,
growing to 50% by
2012.

In previous studies Forrester has sh
own that SaaS is a major growth catalyst of ongoing investment i
n IaaS and PaaS
in enterprises.


Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
14

of
21



Government Adoption

News stories of public sector organiz
ations moving to the cloud are
common. Many have claimed extreme cost savings by
implementing a

cloud solution. A close look at these cases shows that the vast majority

were

organizations that had

outdated,
multiple, disparate systems supporting the same business function, i.e. multiple email
systems. These groups
w
ere able to substantially improv
e their technology using a cloud solution for less than it would have cost for an on
premise solution.
For other organizations with current technology stacks, the cost benefits are
harder

to find. These types
of organizations
are finding that the flexibi
lity offered by cloud products is the biggest benefit for them.

CDW LLC (CDW), a leading provider
of technology solutions to business,
government, education and
healthcar
e released the results of a
survey on cloud adoption in May of
2011. The graphic at
the right shows
the state of cloud computing for state
and local governments at that time.

The same survey also contained
forecasts of what the survey
participants expected to spend on
cloud services and the savings they
were expecting from those
deploym
ents
.




Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
15

of
21


Cloud

Considerations

Any organization preparing to use a cloud computing resource has ma
n
y things to consider and decisions to make. While
actually purchasing these services is in

many cases extremely easy, answers to the
question

of who owns th
e data, what
kind of security provisions are in place,
and
how is the service accessed are just the beginning of several issues to be
addressed before using a cloud solution.

Security

Security and privacy concerns are most often cited as the reason
some
or
ganizations have not moved to the cloud for
technology resources
. A

public cloud provider’s security practices should weigh heavily in the decision
-
making process.

The cloud vendor’s security policies and measures must correspond to the organization’s security requirements.

The
following security protocols should be a part of any cloud service offering.



Data Access

The cloud provider should be able to
demonstrate

the
technology
which
prevents clients from gaining access to
each other’s data. The access allowed to the provider’s employees should also be clearly described. All instances
of data should be considered, live data, backups, files extract
e
d for transfer
, etc.



Encryption

At the minimum, data should be

encrypted while in transit
.

Encryption

of data at res
t should be considered as
well.



Security Infrastructure

Firewalls, intrusion detection, virus protection, as well as
other typical

security

measures shou
ld all be in place in
the cloud provider’s
infrastructure
. The use of
authentication

and secure passwords to access the
organization’s

services should be requ
ired.



Audits and review

Regular

reviews of the provider’s security practices should be allowed.

Staff Skills

Technology staff will find their role changing as an organization begins to utilize cloud resources. Depending on the
deployment model used, the need for server management, network management, storage management,
database
management,
and secu
rity skills may be reduced if these services are provided in the

cloud
. The SaaS model will also
change the types of skills needed in the application support areas.


According to Info
-
Tech Research Group,
cloud computing will significantly disrupt intern
al IT roles and processes. They
advise organizations to track total costs, build an internal cloud, and realign roles to support cloud computing in the futur
e.

Specifically, Info
-
Tech Research Group recommends the following actions:



Measure and articulat
e total costs
. The speed and low barriers to access are certainly strong positives for cloud
services;

however the
organization

needs to take into account total costs over time. In this comparison, internal
infrastructure ownership

sometimes
fairs better a
gainst long term cloud rental.



Focus on leveling the playing field to make sound decisions about internal/external hosting
. The majority of
enterprise cloud strategies are focusing on the internal cloud first. This means they are building infrastructure as

a
service capability leveraging virtualization of a consolidated infrastructure.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
16

of
21




Manage the impact on infrastructure roles including skills requirements, recruitment, and eliminating
redundancy.
The need for some infrastructure roles will diminish while
others will change their focus.
Determine
how responsibilities will change, where gaps have been created, and what roles should be downsized.

Info
-

Tech Research Group agrees with other leading industry analysts that t
he dominant view
for
the

future
is

a hybrid
IaaS model with selected applications and processes hosted in clouds while others will remain on internal IT infrastructure.
IT departments will b
ecome stewards and brokers of
cloud services
,
and

the authority on the best IaaS

cloud

host for
soft
ware and services: internal (private), external (public), or both (hybrid).

Demand for hard asset management will
shrink
, to be replaced by a
demand

for managing services across internal and external clouds.

Service and availability will
still be managed

by infrastructure professionals,
but
execution

will involve

management of both internal assets and
external services (through service level agreements).

In a hybrid cloud
environment,
it may make sense to manage
all
infrastructures
as

IaaS.
Some will

be
internally based, and
some externally hosted.

By building

an internal cloud, organizations will be in better positioned to take full advantage of
the external cloud in the future.

To function efficiently in this environment, internal infrastructure needs
to

be

seen as an
internally managed service with metrics and processes similar to externally managed services.
Organizations need to
u
nderstand which services are best served by the cloud and which are not
. Being able to determine

which
applications
should be
hosted internally or externally will be a critical
factor
.


The circles represent the importance of each role pre and post cloud adoption.

The larger the circle, the more important the role.

Source: Info
-
Tech Research Group

Cultural Factors

Johnson County also has some cultural factors that will influence the use of cloud computing. The s
ense of responsibility
that

County departments
have towards their services and data
may

be an obstacle to
allowing

control to pass to third

parties

suppliers
.

Security, access to data, and connectivity are all reasonable concerns that department will require
assurance about before
public
cloud computing becomes wide spread in the County’s technology infrastructure.

Another issue will be the
County’s willingness to accept standard software and offerings from cloud vendors. Standard
products allow cloud vendors to take advantage of massive economies of scale, but limit variations
in many aspects of
service provision like software customization,

contract terms, and service level agreements. These vendors are working
with
substantial

numbers of customers and will have no incentive to change their models for Johnson County. These
products are provided as one size fits all, take it or leave it. T
his will be a primary challenge for the SaaS model and
somewhat in the PaaS model, but less so for the IaaS model.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
17

of
21


I
mpact

to Other Applications and Processes

Another aspect of cloud computing that must be considered is the interaction of a specific system
with other applications
and systems in an organization

s technology portfolio. Applications supporting business processes that are tightly
connected to other applications supporting related business processes would require special handling to ensure that
the
systems still interact properly. O
rganization
s

may require advanced support
from the cloud vendor when moving such an
application to the cloud to obtain the data connections and feeds required to keep all applications intact. Specifically, th
e
service provider may need to assist with or provide application integration techniques and services for a successful
migration.

Other considerations include the services offered by the vendor to hel
p in porting data to its cloud

and the impact to the
organ
izations Internet infrastructure from moving applications to a cloud service.

Cost

Cloud vendor cost models vary widely depending on the service provider.
In some cases a component based pricing
scheme is used. Amazon Web Services is a good example of co
mponent pricing. There are separate charges for CPU per
hour, incoming and outgoing data charges for the servers, separate changes for use of the local disk on the server, charges
for storage volume and bandwidth, charges for the message queue service, et
c.

Subscriptions are another model used by some vendors. Pre
-
paying for services can provide great value and prices, but
requires a long term commitment to the vendor. This model can provide
predictability in the cost of IT services,
but the

flexibility
to terminate for convenience at any time may be needed. Offering lower pricing in exchange for a longer term
commitment is a popular approach to enticing customers into contract terms more favorable for the vendor.

Subscription
pricing may be based upon
parameters such as annual revenues, empl
oyee count or office locations.

Many vendors offer
price brackets which guarantee fixed fees if a customer’s usage varies within a certain range
.

Organizations must determine

whether the cost of transition to an ext
ernal compute cloud will be low enough to benefit
from any medium
-
term savings. That process might be costly enough in itself to delay any significant ROI by outsourcing
to the cloud.

There may also be “hidden costs”. Add on costs for testing, support, a
nd integration may not be apparent in
the initial sales process.

The concept of market
-
based pricing takes on a new me
aning in cloud business models.
Amazon.com recently introduced
a spot market for its EC2 services, which resembles the securities exchanges used to trade
commodities

such as orange
juic
e, crude oil and pork bellies.

When computing and storage resources are in high demand, the spot marke
t will drive

the
price of services higher.
Conversely, when resources are in low demand, the spot market will drive the price lower offering
oppo
rtunities for bargain hunters.
Such a model is more efficient for some types of clouds services than others
.


Specific cost models are better for certain circumstances.



Usage Pricing: Best for highly variable but generally sparse commitments



Reservation: Best for predictable, periodic use



Allocation: Best for continuous availability and stable predictable perform
ance



Dedicated: Good f
or most
-
stringent uses
.

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
18

of
21


Vendor Experience

The vendor’s experience in operating a cloud infrastructure is very important when making the decision to move services
to a cloud platform. Important points to consider include guaranteed av
ailability and reliability, experience with
regulations, and
the long term prospects of the vendor.

Service level agreements
,

or SLA’s
,

are the most common way cloud providers define their availability and reliability. But
just as not all clouds are the s
ame, not all SLA’s are the same.

While all SLA’s state the service availability, usually in terms
of 99.99# % of
up
time, the ways that providers calculate outages can vary widely.
Terms like downtime, scheduled
downtime, and uptime need to be precisely de
fined so that it is very clear when the SLA’s conditions have been met.

Most
providers put the onus on the cloud consumer for reporting outage start and stop times and there are sometimes very
specific circumstances that define an outage. Applying credit

for outages is also specific to the various providers. Some
vendors provide credits at the end of the service agreement, elongating the agreement. Few vendors’ offer an actual
reduction in terms of dollars to a client’s account. With some providers, SL
A’s can be quite confusing to decipher and
organizations need to be sure that they fully understand the terms of the service.

Because cloud vendors have a vested interest in honoring service level agreements, they theoretically provide a higher
degree of r
eliability than on premise installations. Unfortunately, even the largest most experienced cloud vendors still
experience massive outages that can leave an organization with no access to their data and software services for extended
periods of time. Micr
osoft, Google, and Amazon customers have all been victims of these outages from time to time.
Given the inevitability of these outages, very careful consideration must be given to which applications can be hosted on
public cloud platforms.

Organizations
should

expect continuous monitoring with automated alerts, real
-
time dashboard visibility into provided
services and access to performance statistics, as well as trends analysis.

Organizations should look for providers that offer
24 x 7 support from well
rounded, experienced staff.

The cloud provider’s backup and disaster recovery facilities should also be examined. Considerations like where backups
reside and where disaster recovery sites are located
are

important aspects to think about.

As with all vend
ors, financial stability is also a prime aspect to consider. Given the dependence placed upon the cloud
provider, less financially secure operations may bring added risk to the organization

s ongoing business.

Depending on the organization

s requirements,

the cloud provider’s experience with a variety of government regulation
should be considered. Factors like HIPAA compliance and PCI expertise need to
be examined. Certifications lik
e FISMA
2002 and SAS 70 are highly desirable.

Legal

Issues

The legal asp
ect of cloud computing is far more complex than the traditional third party hosting service or contracts for on
premise products. To protect an organization’s interests, several
facets
should be covered in the contract. Cloud
customers are strongly advis
ed to seek legal counsel from specialists in this area to avoid major surprises.

One of the f
oremost legal considerations has to be data ownership.
Contracts should clearly state that the organization
retains ownership of any data hosted in the cloud and
the results of any computations on the data. It should also address
whether the cloud provider
can

aggregate the organization’s data with others and sell or use it for any other purpose. The
return of data upon contract termination and the format of that

data is another
area that should be addressed in contract.

It is important to define the level of service the cloud vendor will provide in porting the data back to the organization or
to
Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
19

of
21


another cloud provider.

In the case of extremely critical data tha
t is har
d

to reconstruct, data escrow should be considered.

Cloud vendors should be required to destroy any copies of an organization’s data at the termination of the contract.

Security of the organization’s data is a critical consideration when negotiati
ng a cloud hosting contract. The organizations’
data

security responsibility and that of
the

cloud service provider must be well defined, understood, and communicated to
all parties involved.

Cloud vendors should be able to demonstrate the facilities tha
t enable an organization access to their
data while preventing any other client’s access. The contract should clearly spell out which vendor’s employees will have
access to the data and for what purposes they will use that access. The right to audit info
rmation security practices of the
provider should also be included. Lastly, some contracts may need to address the provider’s security certifications like SAS

70 or the Statement on Standards for Attestation Engagements (SSAE) No 16 or equivalent certific
ations.

The physical location of the organization’s data once it is turned over to the cloud provider is also important. Some
organizations may be concerned about data residing outside of their home country. This can also impact the legal
governance over

the data. The location of data backups and disaster recovery sites should also be discussed in the
contract.

Once the cloud provider’s
Service Level Agreement is understood, its terms should be matched against the organization’s
requirements. The servic
e availability, service quality, and incident response times must meet the needs of the business
and the SLA must be enforceable. Any sub
-
contracted services that support the services purchased by the organization
should be defined.

Investigating inapprop
riate or illegal activity can be very challenging in cloud computing.

Cloud services are especially
difficult to investigate, because logging and data for multiple customers may be co‐located and may also be spread across
an ever‐changing set of hosts and

data centers. Organizations must evaluate a provider’s capabilities in this area and

determine if they are adequate
.

Other important factors may include how quickly the service provider can respond to
requests involving eDiscovery

and
forensic and crimi
nal investigations.

Several standard clauses in most contracts should also be reviewed and revised as needed to fit the specifics of using a
cloud platform. Limitations on liabilities should be excluded in the event of damages suffered due to data breeche
s that
are the fault of the provider. Provisions should also be included that “indemnify, defend, and hold harmless
” the

organization should they be sued as a result of the provider’s negligence. Force majeure clauses should only apply if the
provider is in compliance with its data backup and disaster recovery obligations. Cloud users should receive credit for the
time of

interruption and should be allowed to terminate the contract if the outage lasts longer than
a
stated period.

The cloud provider’s i
nsurance and liability
provisions should be reviewed.
In the event of a natural disaster,
the
organization should be indem
nified

by the service provider’s insurance company for losses suffered
.

Personal Clouds

Personal use of cloud services is also an activity that can impact an organization. Employee use of services like Dropbox,
Apple’s iCloud, or Microsoft’s SkyDrive is b
ecoming very prevalent with the increased use of personal mobile devices.

Gartner goes so far as to predict that desktop PC’s and laptops will be replaced for most employees in the next two years.
The combination of mobile devices and individual cloud sto
rage will make this a possibility for organizations with the
ability to deliver all the applications and services needed by staff to mobile devices.

Gartner cites 5 “megatrends” that enable a “
p
erfect personal cloud storm
” by 2014.

1.

Consumerization



the use of personal devices for business purposes

2.

Virtualization

3.

“App
-
ification”



“there is an app for that”

Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
20

of
21


4.

Self Service Cloud

5.

Mobility Shift



ubiquitous Internet access from mobile devices

Steve
Kleynhans, research vice president at Gartner, said “Emerging cloud services will become the glue that connects the
web of devices that users choose to access during the different aspects of their daily life.”

While new technologies are fueling these capab
ilities, they also indicate a change in thinking and a new style of computing
that allows people to use technology to improve multiple aspects of their work and personal lives.

Organizations will need to fundamentally rethink how technology is delivered to

their work force. Everything from
application delivery to standards about which cloud services should be used will need to be addressed. Failure to consider
these issues can cause conflicts r
egarding the ownership of data and
the security of the organiz
ation

s techn
ology and data
assets.
Concerns for organizations in this area include:



The vendor’s security practices


Do they provide data encryption?



The cloud vendor’s terms of service


Can or will the vendor decrypt data for any purpose?



Cost of the
service


Free is not always the best option.



Personal Use
vs.

Corporate Use
-

Will employees be allowed to mix personal and corporate data in the service?



Service Management
-

How can the service be managed if
the
employee leaves the organization?



Employe
e Quality of Life



Johnson County
Department

of Technology and Innovation

Cloud Computing



Page
21

of
21


Conclusions

Resistance is Futile

The use of cloud services and technologies is an issue that every organization must address. This issue will be forced by
vendors that only offer their products as cloud services and by the increasing u
se of personal devices by employees.
Organizations may choose to limit their use of cloud technologies, but will miss out on the many benefits these services
have to offer.

A well thought out strategy for using cloud resources is the best plan for moving
forward an
d

exploiting all this emerging
technology has to offer. Organizations that take this approach will be in the best position to take advantage of this shift
in
computing technology. However, time is of the essence. Vendors and employees will no
t wait for an organization to
make decisions about cloud computing. These two groups will move to fill the vacuum created by any lack of direction or
corporate strategy in this area, perhaps with negative consequences for the organization.

William Eggers,

global director of public sector research at Deloitte who coined the term “Government 2.0,”
has advised
four steps

to cloud adoption for state agencies. These can also be applied to other organizations.

1.

Develop a cloud strategy tailored to your state. Cl
oud computing is not a one
-
size
-
fits
-
all solution. Tailor it to your
specific environment to garner the greatest benefit to your organization.

2.

Start small with non
-
mission
-
critical applications. Develop a business case for a simple pilot project and follow

it
closely. Plan, measure and evaluate costs and benefits before, during and after implementation.

3.

Gradually expand utilization of cloud computing. As government moves to more strategic services, be conscious
of the implications of cloud computing on empl
oyee workflow and business processes.

4.

Bring other government entities into the cloud. The big benefits from cloud computing will come from numerous
state, higher education and local entities all sharing a common computing platform