The ease in which consumers and non-IT staff within an organisation can now procure and consume an ever-increasing range of “cloud services” would appear at face value to address many of the perceived issues relating to traditional IT service delivery models such as speed of delivery, price and functionality.
However, many organisations that attempt to harness cloud services can find themselves saddled with unexpected responsibilities. What challenges can businesses expect to encounter as part of consuming cloud services, and how may these challenges be overcome?
ChallengesIt is important to first establish that many of the challenges encountered during the provisioning, integration and consumption of cloud services all exist within traditional models of IT service delivery. The key difference is that these challenges now feature far more prominently, and the penalty for not addressing them potentially more severe.
Organisations should not expect that responsibility for addressing these issues will evaporate with the adoption of cloud services, nor should they expect that the responsibility for addressing these issues sits solely with the cloud service provider.
In fact, large organisations that consume cloud services in addition to their existing legacy systems must demonstrate a higher degree of maturity around service development and delivery to counter the increased prominence of service procurement challenges.
Cost modelling Cloud service models typically account for both direct and indirect costs, forgoing large upfront procurement costs for in favour of predictable monthly service pricing over the life of the subscription.
Organisations should ensure that when comparing a potential cloud offering against existing or traditional solutions a true “apples with apples” comparison is being made as indirect costs that are included in a cloud service offering are often covered as general operational overheads for internal offerings. They also need to ensure that the proportion of budget allocated to operational expenditure is sufficient to support the service subscription, especially as the user base and number of cloud services increases.
Project governance Utilising cloud services does not absolve an organisation of the responsibility for determining if a cloud service offering will address underlying business requirements. Nor should a cloud service be selected without careful analysis of the advantages and disadvantages of the solution compared to other service delivery models. Organisations should approach cloud projects in the context of a well-developed project governance model, while allowing for variance where traditional project delivery activities are not required.
Service levels Scope of service and areas of responsibility must be defined as part of subscribing to a cloud service to ensure that an organisation clearly understands what the service will provide as part of the subscription. Established cloud operators should have standardised agreements defining the range and level of service that they will offer, but organisations should ensure that they are satisfied that all relevant requirements of service operation are contained in any contractual or service level agreements - especially in relation to price, functionality, availability, security, and access to data.
Organisations that need assistance in developing robust service agreements can turn to resources such as the New Zealand Cloud Computing Code of Practice (CloudCode). This code provides guidelines for cloud service providers to help develop a high standard around the delivery of cloud services. It also provides a high degree of transparency to cloud service consumers and reduces the risk of 'cloud washing' by service providers.
Security and risk Cloud offerings expose an organisation to a range of security risks that should be identified, ranked and controlled prior to subscription to the service. While most of these risks exist within legacy environments, the exposure of cloud-based services to untrusted networks (the internet) tends to increase the likelihood and impact of these risks. Organisations should verify that service providers are able to implement the controls necessary to address identified risks to data, the cloud service, and the organisations own IT systems.
Integration Tactical consumption of cloud services provides organisations with the opportunity to quickly address a gap in their IT service capability. If this tactical solution grows in scope to support business processes that span more than one IT system, integration with the legacy environment may pose a challenge. To minimise this risk, organisations should ensure that the cloud service provides standards-based APIs to support the integration of upstream and downstream systems with the service. Incompatibility between legacy systems and the cloud service can be overcome by message transformation and translation services typically found in enterprise message busses.
Significant benefits exist for organisations that are prepared to undertake the adoption of cloud services as part of their overall IT capability. However they should recognise that with adoption of cloud services come increased demands on their ability to effectively manage the procurement and integration of these services.
The author is a senior consultant, architecture practice, at Equinox IT.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.