Tag Archives: CIO

Realizing Business Virtualization Benefits

Leave a reply

I think the enterprises of the future will look very different from those of today. Organizations will become leaner and more virtualized as their business processes grow more reliant on ecosystem partners. Process boundaries will transcend a specific entity.

Many macroeconomists believe that real shareholder value (and, ultimately, economic growth) will be driven by the speed and quality of innovation. Historically, enterprises have been successful by capitalizing on a disruption (market transition) that plays into their core strengths, competency, and market position.

However, as new disruptions occur, companies that once had competitive advantage must adapt to “the new normal.” Many have struggled to keep pace with those disruptions, often due to legacy culture as well as out-of-date process and infrastructure.

This has enabled smaller, more nimble innovators to enter markets and disrupt business models, competing on a different basis of advantage. Most companies on the Fortune 500 list and S&P 500 were not on these lists 25 years ago.

To counter this disruption, we see some enterprises creating more dynamic business process architectures in which they seek out partners who can offer compatibility-as-a-service. With their partner ecosystems, they call upon partners for what they need, when they need it, and for as long as they need it.

This approach exploits everything-as-a-service. CrowdFlower is a great example of a partner who offers “people-as-a-service” with its crowdsourcing platform.

Businesses can become leaner and rely less on legacy infrastructure or business process. Success will be defined by how well enterprises can adapt and innovate. At the same time, they can rely on the domain expertise of their partners.

Cisco IBSG calls this Business Virtualization—the ability of corporations to engage and disengage with internal resources or ecosystem partners in a dynamic and real-time fashion, without regard for ownership or location of physical and human assets.

In our research, we have identified 10 principles for success:

1. Choose your path of differentiation: product, experience, or cost?

2. Move decision making closer to the customer.

3. Advocate the use of partnerships to speed innovation across your value chain.

4. Align your business toward a greater share of annuity revenue models.

5. Utilize your virtualization infrastructure to enter new markets and lower risk.

6. Drive a “Work Your Way” environment with flexible IT consumption models.

7. Implement an open innovation model to increase speed and shorten the ideation-to-cash process.

8. Shift noncore services and operations to an on-demand, limited fixed-cost model.

9. Build a listening infrastructure, creating sensing mechanisms that allow for immediate reactions to customer feedback.

10. Instill the use of customer lifetime value as your key decision influencer.

Technology is making it possible for enterprises to be more dynamic and focus on accelerating their innovation by investing in their core competency. Senior technology leaders (CIO, CTOs, and VPs) will lead this transformative change and need to drive their CEOs towards this imperative.

Author: Scott Puopolo
Source

CIOs Worried By The Cloud

Leave a reply

CIOs are worried: cloud computing is being used as a way for businesses to dodge the IT department and get services delivered more quickly. But as well as giving the CIO sleepless nights, this attempt to side-step the IT department is causing additional cost and complexity along the way.

I recently wrote about how cloud computing deployments are kicking off without the CIO’s knowledge, and only coming to light when sys admins put their expenses through. Inside a large organisation this can mean uncontrolled spending on cloud computing that rapidly reaches tens or hundreds of thousands of dollars.

And according to research by Forrester Consulting, two thirds of CIOs now believe their business sees cloud computing as a way to circumvent IT.

“The simultaneous pull of cost reduction and simplification in one direction and better, cheaper, faster in the other is putting a strain on IT’s ability to meet expectations. CIOs are concerned that cloud provides their business a way around IT, which undermines the strategic partnership they are trying to build with business leaders,” said the report ‘Delivering On High Cloud Expectations’.

According to the report, one in three CIOs strongly agreed with the statement, ‘business executives perceive cloud as a means to be less dependent on IT,’ while only one in five non-CIO respondents felt the same way.

“This contrast indicates CIOs are more concerned than their teams that public cloud challenges, and maybe even undermines, their organisation. We agree with their concern; unbridled public cloud acquisition by shadow IT circumvents carefully planned strategies to reduce complexity, control costs, and provide reliable services.”

The survey also found that ’shadow IT’ acquisition of cloud services is adding to confusion: 48 per cent of firms surveyed officially support deploying mission-critical applications to managed public cloud services, even though these services were being deployed by 80 per cent of organisations. “The 32 per cent difference suggests that many firms circumvent IT to get the services they want, confirming CIO worries.”

Four out of five respondents said setting a cloud strategy is a high priority, but IT organsations are struggling with complexity: four out of ten respondents said they had five or more virtual server pools, and three or more hypervisor technologies, making reducing cost and complexity a priority. The survey, sponsored by BMC Software, polled 327 enterprise infrastructure executives and architects across the US, Europe and Asia-Pacific.

Author: Steve Ranger
Source

Cloud Computing Vital For CIO Career Prospects

1 Reply

CIOs have tied their future career prospects very much to the mast of cloud computing, with recent research revealing that they believe cloud computing is shifting the focus of their role away from primarily technology onto vital business services, and increasing their chances of promotion to CEO.

In a global survey of 615 CEOs, including Australian CIOs, 57 percent of the Australian respondents said that’s what they believed about the affects of cloud computing on their careers, with 70 percent of the Aussie CIOs feeling “ideally positioned” to move specifically to the CEO role. The research was commissioned by CA and undertaken by reseasrch firm, Vanson Bourne.

CA’s report, however, contrasts the feedback from CIOs about their prospects of moving up to a CEO role, with the “global reality.” CA points out that, in theory, the more strategic focus increases the likelihood of CIOs making the transition to CEO, but in reality globally only four percent of CEOs have risen from the CIO ranks, “illustrating the prevalence of a barrier to career progression.”

According to CA’s managing director at CA Australia & New Zealand, Bill McMurray, the Future Role of the CIO’ report by CA Technologies has uncovered that those CIOs who have adopted cloud computing are “more ambitious than non-cloud adopting CIOs.”

“Demonstrating the extent to which CIOs view their position as a route to more general roles, approximately 93% who have adopted cloud computing, see their position as an opportunity or stepping-stone to other management roles compared to only 30% of non-cloud adopting CIOs of those surveyed, 46% of cloud adopting CIOs versus 13% of non-cloud adopting CIOs saw their current job as a stepping stone specifically to the CEO position. This illustrates the extent to which cloud computing reveals CIO ambition.”

According to McMurray, “there’s no doubt that cloud computing is revolutionising business particularly in these strained economic times,” and he also says it is breeding a “new type of technology leader – one who understands that by using the cloud to innovate, increase speed to market and reduce costs in providing strategic business services, he or she will be in a position to make a significant impact on the business and potentially be positioned to lead it.”

While more than half of the CIOs surveyed said they felt “ideally positioned” to move to the CEO role because cloud computing allows them to spend more time on innovation, business strategy and driving business effectiveness, CA’s McMurray says, however, they face “fierce competition.”

McMurray says the research reveals that 43 percent of CIOs acknowledge that whilst they do have the necessary skills to step up to the CEO role, other job roles have greater experience in using those skills. “How do you marry this ambition with the stark reality today where only ‘4’% of current CEOs has risen from the CIO ranks, 29% have risen from the Chief Financial Officer position and a further 23% were previously Chief Operating Officers?”

McMurray also says that the CIO role today is still viewed as a technical role according to 43 percent of CIOs, and this is the reason why relatively few CIOs have successfully made the transition to the CEO role. McMurray also suggests that a lack of ‘digital literacy’ in the boardroom is compounding this problem with 40 percent of CIOs stating that their board was ’digitally illiterate’ and did not understand the impact of new and emerging technologies. A further 42 percent of CIOs said that the board did not understand the value that IT brings to the business, causing a lack of responsiveness to the market and missed business opportunities.

And, McMurray cites comments by Martin Retschko, national practice director at executive search specialists, Hudson ICT, that the role of the CIO is no longer “purely about technology”, and who further remarked: “In Australia, we are seeing that this position is evolving from the traditionally technical role of a CIO to one that is more strategic and business focused. CIOs that show an understanding of, and commitment to developing the business, are much more likely to evolve beyond their traditional role.”

CA’s McMurray says that the research reveals that ambitious CIO cloud adopters are not complacent either, with 93 percent saying they need new skills to remain effective compared to 63 percent of ‘non-clouders’. Specifically, 48 percent of CIOs, says McMurray, deemed skills in commercial procurement to be vital, while cloud CIOs also prioritised service performance skills and negotiation and sales skills compared to their non-cloud adopting counterparts.

“In many ways, CEOs and CIOs share the same skill-set, particularly in terms of managing budgets, new projects and communicating their plans and strategies with internal and external stakeholders. The role of CIO will continue to extend beyond its technical attributes and we expect to see an increase in the number of CIOs taking on broader, C-Level roles,” Retschko says.

According to the research by CA, perceptions are changing since 54 percent of CIOs report that the C-level management team sees the role of the CIO as becoming increasingly important within the organisation which, according to McMurray, suggests that the boards view of the CIO is already changing.

“This research finds that cloud computing is positively impacting the ambition of today’s CIO and giving rise to a new breed of business savvy technology leaders. To ignore this trend or what these leaders could bring to the leadership of an organisation may well hinder business competitiveness and growth,” McMurray concludes.

Author: Peter Dinham
Source

The CIO Versus Users Who Buy Their Own IT

Leave a reply

The CIO as we understand the role is under threat from Cloud Computing and ICT professionals need to start getting smart about their function.

That was the stark warning from Oracle, a company whose conversion to the Cloud has taken time to go public. While once dismissed by CEO Larry Ellison as “just water vapour”, Cloud is now firmly on the Oracle road map as a top priority.

Hence the appearance of John Abel, chief architect for Oracle, at the firm’s Cloud Conference in London this week where he told delegates that they had to get closer to the business side of the organisation – and at an earlier stage in order to stop non-techies from procuring their own ICT services.

Such ‘land and expand’ strategies have been commonplace in private sector Cloud Computing where departmental heads in, for example, sales have grown tired of waiting for an official ICT department roll out of new functionality and instead subscribed to Salesforce.com off their own backs.

“CIOs need to make sure that they are part of the business conversation early on. For the first time, thanks to Cloud Computing, the business is able to sub-navigate IT,” warned Abel. “Project control is becoming increasingly important for CIOs, because now the business thinks that it doesn’t need IT and it can go and procure its own IT capabilities with SaaS.

“The business person of the future is the same person that will be used to using Facebook and Twitter. They will be used to instant access, they want IT now,” he added. “That’s the challenge that IT has with Cloud, because if IT can’t give the business that instant capability, they will go and get it from somewhere else.”

This isn’t necessarily a threat though, he argued as it gives the ICT Professional a new form of engagement with the organisation. “A good CIO will use this as an opportunity, whereas CIOs that are more conservative, or more risk adverse, will see it as a threat,” he said. “The IT department can capture this problem early and initiate discussions with the business.

“They will work with the business to understand what direction they are moving in, to understand how the IT capability and Cloud can be used to get it there. If they haven’t had that conversation and captured those requirements early, they will be in trouble.”

Author: Stuart Lauchlan
Source

Wish Upon A Cloud

Leave a reply

It seems that every networking event this year, every tech magazine issue, and every vendor worth its salt is talking about “the cloud.” The cloud, in one of its many forms – public, private, or mixed – has become ubiquitous! I’ll confess: I started off my cloud gazing with little interest and several doubts, but I’ve learned a lot over the past year about the potential benefits of obtaining software, platform, and infrastructure as cloud services. I’m not quite ready to “drink the kool aid” yet, but it’s starting to look pretty tasty. Still, I have five wishes that need to be granted before I can consider a major move into the cloud.

Wish #1: Service Comparable to What I Provide Now.
When our CEO says jump, well . . . you get the picture. As CIO, I have to provide the level of service that our senior management and board expect from the IT team. So, how do I create SLAs that really ensure that a cloud provider will meet these demanding standards? When a cloud provider doesn’t meet the SLA, the reimbursement is generally a partial rebate of the provider’s fee. When the internal IT staff doesn’t meet the SLA, the “price” can be much higher. So, for example, if I want to have “bursting” support for high levels of availability at peak times, how do I know I can rely on the cloud to provide it? If my cloud provider doesn’t provide the support for the load at the time I need it, I will be compensated with a portion of my hosting fee, whereas if the internal IT team were to fail in this example, we’d be accountable for the lost revenue. That high internal price results in a great motivation to deliver service. Then there are the service issues that are, frankly, out of the control of most cloud providers. The last mile connectivity from premises to data center can be fraught with latency. When users are accustomed to running heavy applications over a private network, accessing them over commodity Internet lines can really impact their perception of system performance.

Wish #2:The Ability to Customize.
We’re all unique, right? Every organization has its – dare I say? – “secret sauce” – the customized software applications and systems that are a major part of the value we bring to our customers. Being able to establish and support a custom implementation in the cloud is still a challenge. For example, we are implementing Microsoft Dynamics CRM. But we need a special search capability that has to be either developed or added as a bolted-on application from a third-party provider. We need such ability to customize standard applications in order to make them effective for us, and that means in the cloud as well as on premises. I’d like to have applications delivered for us to customize and then be maintained in the cloud.

Wish #3: High Security.
Our data is an “attractive nuisance” – people are interested in it because we have personal information on very public figures. Controlling access to that data is critical. No matter what security promises are in our agreement with a cloud provide, and regardless of the amount of SAS 70-2 control in place, we will be loathe to release control over our member data to an outside firm. Although security can be a selling point for Microsoft’s products, abdicating our control over this information poses a significant risk that must be addressed. In addition, the cloud providers I have investigated do not encrypt data in motion or at rest, requirements that have begun to crop up in data security and privacy legislation. Bottom line – I need to be able to affirmatively state that my cloud provider is better and more knowledgeable about data security than I am.

Wish #4: Easy Integration.
Not only are our systems highly customized, they are extensively integrated. I need an end-to-end integration of solutions; in particular, hybrid solutions that support only certain user groups and are integrated via web services with locally hosted options. I haven’t yet seen a hybrid solution that provides easy manageability between on-premises and hosted solutions. And I want to manage performance, access, and the like seamlessly, whether that data or application or user resides in the cloud or on premises. And by the way, which cloud? Just as there are many clouds in the sky, there are many cloud providers. Will information in Oracle On-Demand play easily with enterprise applications developed in Azure?

Wish #5: Clarification of Legal Issues.
Our data is part of our intellectual property. Access to that data creates a risk that it will be used in ways that negatively impact our organization. For example, we control access to determining who is eligible to work under a SAG contract. Providing access to work history data could enable other entities to try to make such decisions about our members. E-discovery is another big issue, both in terms of our own need to provide access to electronic assets as well as concerns about allowing inadvertent or unauthorized access to our data in the cloud. If a subpoena is served for access to our data, how will our cloud provider respond? Will we be notified of what data was delivered? Further, what is our obligation to report the remote storage of customer data? As laws surrounding electronic data continue to change, I want to be certain that I’m in compliance and that our organization continues to be served by operating in the cloud.

Despite the fact that my wishes aren’t yet a reality, I’ve decided it’s prudent to assess what steps we can take, and when, to avail ourselves of cloud computing’s potential to save on infrastructure costs and to increase computing capabilities. I’m looking forward to putting together my cloud computing roadmap, and I encourage other CIOs to create their own cloudy forecast.

Author: Erin Griffin
Source

Federal Risk and Authorization Management Program Issues

Leave a reply

Industry experts and cloud service providers are hopeful about the prospects of a new federal program that sets cloud computing security standards, but they also note some potential pitfalls. For one security expert, the program represents a lost chance to improve cybersecurity.

The Obama Administration last month launched the Federal Risk and Authorization Management Program (FedRAMP), which sets a standard approach for assessing the security of cloud services and products against a baseline of controls. The goal is to cut the cost and time spent on redundant agency security assessments and cloud authorizations.

“What it is going to do is provide government agencies and organizations with an easier way of acquiring public and private cloud computing authorizations, which means they can start using cloud a lot easier than they could have through the older FISMA process,” said Dan Philpott, a federal information security specialist and member of the Cloud Security Alliance.

Under FedRAMP, a cloud service provider goes through authorization with one agency and other agencies can leverage that authorization. If an agency has additional requirements, then only the delta between the baseline and those specific requirements needs to be addressed, which provides a more economical model for security, he said.

The “do once, use many times” approach promised by FedRAMP will save both government and industry a lot of money by cutting down on the number of certifications – provided it truly happens, said Jennifer Kerber, vice president for federal and homeland security policy at TechAmerica, a Washington, D.C.-based industry advocacy organization.

The problem will be if a growing number of federal agencies tack on additional requirements to a provider’s certification, she said. “If no one really accepts it and it’s all FedRAMP ‘plus,’ then you have to pay all this extra to get certified, I’m not sure it’s worth it.”

Alan Paller, director of research at the SANS Institute, is highly critical of FedRAMP, which he views as a lost opportunity.

“FedRAMP could have been the breakthrough that enabled the government to lead by example in cybersecurity — demonstrating how to do it right,” he said in an email. “FedRAMP provided that opportunity because it has the leverage of contracting — no company could provide FedRAMP services if they did not meet FedRAMP security rules so had they done the right rules they could have radically improved security and lowered the cost of effective security.”

But officials missed that opportunity by providing guidance that did not require six measures known to provide effective security, including using common security configurations and implementing daily continuous monitoring and mitigation, Paller said. “Instead, the guidance called for people to write reports that could easily be written without effectively implementing any of the six [measures]. It’s a throwback to FISMA at its worst and it is inexcusable,” he said.

FedRAMP elements

White House officials expect FedRAMP to be operational by June after they complete a number of steps, including publishing the security controls, a concept of operations and a charter.

This week, they released the security control requirements, which are based NIST Special Publication 800-53 Revision 3 and include controls that address the unique risks associated with cloud computing, such as multi-tenancy and shared resource pooling.

A key component of FedRAMP are third-party assessment organizations (3PAOs), which will assess cloud providers’ implementation of the security requirements. The FedRAMP program management office plans to publish an initial list of FedRAMP accredited 3PAOs in the second quarter.

In response to criticism that FedRAMP will be a report-based compliance program that doesn’t implement effective security, a FedRAMP program office spokesperson said in an email that FedRAMP will assess and authorize cloud solutions based on implementation of the NIST SP 800-53 security controls and independent validation by an accredited 3PAO. “Once these cloud solutions are assessed and authorized, FedRAMP will coordinate the continuous monitoring activities with federal agencies and DHS, with a focus on real-time data and automation, giving agencies a better ability to view the risk posture of a cloud solution in near real time,” the spokesperson said.

Philpott said having accredited third-party assessors will make it easier for agencies and cloud service providers to know who truly has the technical expertise to evaluate cloud security. He welcomed the final release of the FedRAMP security controls, which he said the CSA plans to quickly adapt to its Cloud Controls Matrix to help the cloud computing industry adopt them.

Falls Church, Va.-based CSC is well prepared for FedRAMP after taking its cloud services through a federal certification and accreditation process, said Yogesh Khanna, North American public sector chief technology officer at CSC. The technology provider recently deployed IaaS and a cloud-based service for development and testing for DHS, he said.

“We’ve gone through the wickets with DHS, taking our system through a pretty comprehensive C&A process,” he said. “We understand the 800-53 goals. … I feel as a company and one that is a strategic partner of one of the leading federal agencies playing a significant role in FedRAMP, we have a lot of experience already under our belt.”

Khanna said FedRAMP will benefit service providers, vendors and cloud customers by providing a benchmark for cloud computing security standards. “You’re letting go of some level of control as a cloud consumer. Unless there’s some industry standards and third parties reviewing it, we’ll always be stuck in a mode where people use security as a barrier,” he said.

Potential FedRAMP issues

While optimistic about FedRAMP, Khanna said he hopes federal officials are prepared to handle the volume of demand the program may generate. “Right out of the gates, they don’t want to create an impression that they’re a stodgy bureaucracy,” he said.

Cloud service providers have a role in the program’s success by making sure they have polished packages that are ready for evaluation, but he would have liked to have seen some commitment to a time limit for FedRAMP’s governing agency to review a cloud service that’s been approved by a 3PAO.

“What we can’t have – and we have a role to play to make sure this doesn’t happen – is the traffic being so great and the staff at FedRAMP not being adequately situated to handle the traffic, creating the perception that things go into the FedRAMP office and nothing comes out,” Khanna said.

Philpott said he sees a potential issue with how a federal initiative, Trusted Internet Connections (TIC), will work under FedRAMP. TIC requires that agencies limit the number of Internet connections they operate, and that traffic be routed so DHS can monitor it for security threats. Routing network traffic to meet the requirements of TIC may not be feasible under some cloud service models, Philpott said.

Overall, though, the baseline of cloud computing security standards established by FedRAMP has the potential to improve cloud security overall, Philpott said. Commercial customers will be able to ask cloud providers to provide the same security they provide the government.

“A lot of cloud providers are very security conscious. Not all of them, but most of the major ones are,” he said. “We hope and expect this is going to provide a level playing field.”

Author: Marcia Savage
Source

Three Myths Clouding CIO Judgment

Leave a reply

For today’s CIO, the perceived barriers to cloud computing remain security, regulation and compliance. The danger that data loss poses to brand equity, customer trust and share price is just the same whether data is stored in a cloud computing or traditional infrastructure model.

The severity of the issue is reflected in legislation like the recent Criminal Justice and Immigration Bill which states that the Information Commissioner’s Office (ICO) now has the authority to levy fines of up to £500,000 on organisations who recklessly lose confidential or personal information.

Security quite rightly should be at the top of every CIO’s agenda but there are a number of myths that lead to over-simplification or indeed dangerous assumptions about cloud computing. In light of this, we explore three myths that we have encountered recently and why they may be distracting CIOs from the real questions that need to be asked.

1. Security and compliance are “external issues”

Whether you choose to place your data “in the cloud” or create a hosting platform from dedicated servers, security must remain your concern. Security cannot be handed over wholesale to a cloud service provider because the very real question of security policies and procedures concerns your users as well. Firewalls and the rules that govern them still stand irrespective of whether infrastructure is virtual or physical. Likewise the usual security processes such as changing passwords and enforcing permission levels need to be observed within your organisation.

These are simple examples but they serve to illustrate the point. Robust data protection is critical to preserving the brand value and reputation of any company. Every week there seems to be another high profile example of a security breach undermining customers’ trust in a brand, whether that is an online gaming site; web retailer or even government department. Regulations regarding security, control and privacy of data are complex. CIOs need to be certain that their service providers can help them navigate these rules and clearly understand where the responsibility for applying each part of the security policy sits.

2. Better SLAs will give sufficient protection

To some degree, the question of SLAs reinforces the same point. If you are using a traditional managed hosting service to host your data, you will ask for a robust SLA that leaves you confident that you can deliver on your SLA to the business. Businesses adopting cloud computing need to take the same approach.

However, relying on the SLA alone does not guarantee performance. It may mean there are penalties in the event of downtime, but that is cold comfort to an ecommerce organisation at the height of their busiest season faced with a website that has been offline for hours. Uptime availability figures aren’t enough. 99.99% uptime may sound impressive until you work out the cost of 0.01% downtime.

CIOs should be asking the same questions around cloud services as they would do about any other IT service they use. What is your organisation’s tolerance to downtime? What is the disaster recovery and back up service available? What will happen in the event of a failure at any point in the service? This does not point to lowest cost, best endeavours service. Economy of scale should mean that your chosen service provider is able to invest to minimise these failures.

CIOs have to be confident their service provider is able to respond and support their business, especially in the face of a “disaster”. Furthermore this should form a key a part of your organisation’s business continuity plan.

3. Private cloud is inherently more secure than public cloud services

Cloud services have moved on since the first definition from NIST in 2009. The background of early public cloud services has contributed to the perception that this type of cloud has lower levels of security. Private cloud should not be seen as a guarantee of security. Private cloud is dedicated to your organisation. By definition this can reduce the risk of using a platform shared by many customers, but again it is only as secure as the policies and procedures that you enforce. Firewalls still need rules. Data centres still need physical security. A private cloud can be more secure than a public cloud, but like any other system it is at risk from poor housekeeping and human error. Assumptions should not be made.

The decision criteria for private or public cloud implementation should be far wider than which is perceived to be more secure. As a CIO you will be asking what your organisation wants to achieve. Is it cost savings, speed to market, or flexibility to scale up or down, or more likely, a combination of all three?

As one of the most significant changes in IT in a generation, cloud computing can deliver real benefits in the way organisations consume IT. However, like any significant business change, careful consideration needs to be given to what the organisation is trying to achieve and why. Our own annual CIO cloud research demonstrates that the majority of businesses are using or piloting cloud computing services across parts of the enterprise, but very few businesses are deploying cloud services ‘in full’.

The deployment of cloud services across the entire enterprise was only 16 per cent, while deployment of cloud services ‘in part’ averages out at 35 percent. This demonstrates that companies are engaging in cloud computing, but very few are making or will ever make the shift to cloud computing outright. Cloud computing is not simply about buying CPU cycles at the cheapest rate, it represents a fundamental change in how we consume and take advantage of IT. The consumerisation of IT is increasing this rate of change and old methods just won’t hack it. While going on this journey from old methods to new is daunting, choosing who you take with you on the journey is perhaps the most important decision any CIO can make at this stage.

Author: Steve Hughes
Source

How To Buy The Cloud

1 Reply

Next month – all being well – the UK Cabinet Office will lift the lid on what form the UK public sector Cloud Computing strategy will take.

Notably absent from the national ICT strategy announced back in April, Cloud has not been forgotten, but the grandiose plans for an over-arching G-Cloud that were being formulated under the New Labour administration have been scaled down.
Exactly what form the revised Cloud thinking will take remains to be seen, but the broad sweep commitment to Cloud as a cost-effective, scalable delivery mechanism has been articulated by both Government CIO Joe Harley and his deputy Bill McCluggage as well as being cited by Prime Minister David Cameron and other members of the political establishment. So a continued identification of Cloud as the way ahead seems like a safe bet.

In the US, the Obama administration – when not having to wrestle with keeping the bailiffs from the door – has been an enthusiastic supporter of Cloud Computing – even if some of the more died-in=the-wool Federal CIOs were not quite as keen. But the Obama ‘Cloud First’ policy has put the US federal government sector on a clear path to mass adoption of Cloud technologies, hand-in-hand with data centre closures on a mass scale.

Such is the inevitably of the Cloud advance in the US that the TechAmerica Foundation, made up of Cloud providers and academics, has now issued a Cloud First Buyers Guide for Government to provide easy, best practice steps for procurement officers in the government community to purchase and deploy Cloud services and technologies.

In its preface to the Guide, the Foundation notes: “To spur government agencies to take advantage of the benefits that Cloud Computing enables, the Obama Administration has issued a Cloud First policy. This Buyer’s Guide is designed to assist government agencies as they evaluate and purchase Cloud services and solutions in response to that policy.”

While the specifics of the Buyers Guide are inevitably highly geared to US government structures. the basic principles at their heart are eminently replicable across other nations, including the UK.

Step One: Business case

The report begins by recommending the creation of a business case – which may seem unusual given the mandated nature of the Cloud First policy, but the business case is needed to establish priorities. The report notes:

“Defaulting to a particular Cloud deployment or service model rather than using agency performance objectives to define the approach will result in missed opportunities to benefit from available Cloud services. In making the transition to the Cloud…first focus on workloads and Cloud services and solutions that have already been widely deployed in the Cloud in the private sector and government.”

In other words, don’t stick the tried and tested (and failed) practice of reinventing the wheel at every given opportunity. The Foundation identifies three main categories of Cloud offering that have proven track records already:

  • Infrastructure as a Service e.g.: storage web hosting, and backup.
  • Platform as a Service e.g. database services, identity management services, security services, geospatial information systems and customised application in areas of IT management.
  • Software as a Service e.g. email, CRM, collaboration, payment processing, and service centres.

Step Two: Establish priorities

Next, map your priorities and map them against the technology solutions on offer. Everyone will have a different set of priorities that matters, but among the most common aspects to take into consideration are:

  • Automatic upgrades and patches
  • Collaboration
  • Compliance requirements
  • In-house development and customisation capabilities
  • Ease of use
  • Sustainability and energy considerations
  • Integration with existing systems
  • Interoperability and open source
  • Portability
  • Pricing
  • Scalability
  • Security
  • Transparency of provider performance


Step Three: Think about security

The inevitable objection raised in both private and public sectors is the bug bear of security. The Buyers Guide notes: “Cloud services are not inherently more or less secure than in-house IT implementations. In both cases, security depends on technology, policies, and practices. A robust implementation of Cloud services is capable of meeting a variety of security requirements.”

But it observes that what does change is the question of responsibility: “One of the differences between cloud and in-house IT implementations is the degree of control for who manages and controls the security processes. Agencies should focus on managing the agreements between the agency and provider to ensure that a consistent security posture is maintained independent of who is responsible for the various layers of the system.”

Step Four: Implementation considerations

These are essential if the essential principle of sharing resources is to be adopted successfully. To that end, procurement officers need to ask:

  • Is the Cloud service easy to configure?
  • Does the Cloud service exist elsewhere within government and can that service be shared elsewhere within government?
  • Does the Cloud service provider enable portability of user data through an effective combination of documents, tools, and support for agreed-upon industry standards and best practices?
  • Are there third-party solutions to provide access to the data in the Cloud service?
  • Will the Cloud service provider, the government body, or third party integrate Cloud applications with in-house applications to ensure seamless end-to-end processes?

Step Five: the RFP

The topics and sections of the traditional RFP still largely apply, including background descriptions about the provider, client references, startup and ongoing cost models, and required certifications, but it is important to streamline the RFP process to reflect the rapid deployment of Cloud services.

Step Six: Take advantage of government’s scale

Are there government-wide initiatives that can help on price or best practice?

Step Seven: Don’t forget the people aspect

The Guide warns: “Cloud technology will not deliver the desired return on investment without addressing the people and process issues that are needed to manage effective systems.”

Step Eight: Look for a common approach to supplier evaluation

The Guide urges: “Use a data- driven approach to evaluate Cloud offerings.”

Step Nine: It’s all in the timing

Consider various factors to determine when is right for you to make a move to the Cloud. Factors can include:

  • Need for legacy system replacement
  • New systems upgrades that will require additional ICT investment
  • A need for testing platforms to support new development
  • A desire to run a pilot project for a programme or initiative

Purchasing Cloud services is all too often approached as a difficult new practice, but the Buyers Guide concludes: “Although the shift to Cloud Computing raises new issues that must be considered, existing Federal government procurement practices are flexible enough to enable acquisition of the new capabilities.”

Source

How Cloud Computing Will Change IT

3 Replies

If you came here for the article with the title, “How Cloud Computing Will Change IT”, unfortunately, it has been removed at the request of the publisher of the website from which it was obtained.

Asking me to remove it was within their rights, but I believe it was a shortsighted decision based on old media ideas about the copyright “protection” of assets and the imagined potential loss of ad revenue.

I am not competing with the publisher of “How Cloud Computing Will Change IT”. The articles here are gathered for the benefit of my clients and prospects who are trying to make a decision about cloud computing in their business. There are no competing ads here.

By asking me to remove “How Cloud Computing Will Change IT”, the publisher lessened the opportunity for the author to have his ideas more widely read and the publishing website lost the long term SEO benefit of the link from this page that was here to acknowledge the source of “How Cloud Computing Will Change IT”.

I invite you to check out these links to articles with information similar to “How Cloud Computing Will Change IT”

H&R Block Shifts to Virtualized Thin Clients

Leave a reply

H&R Block’s virtualization project is putting thin clients in the tax preparer’s thousands of retail stores in an effort to simplify its operating environment and cut expenses. The change should also help it to better compete with chains such as Jackson Hewitt, as well as with independent tax preparers and software-only rivals such as TurboTax and Intuit (INTU).

“Typical of any mature company, the competitive landscape is tough. You’re continually looking at ways to optimize,” says Rich Agar, CIO at H&R Block. By cutting costs, the company can lower its prices and compete more effectively, he says.

The company has spent $15 million to $20 million a year on PCs with a lifecycle of three to four years. By simplifying the IT used in its retail stores, including shifting from PCs to virtualized thin clients, the company expects to save $10 million to $15 million in hardware expenses. Plus, virtualization makes it easier to provision temporary employees hired for tax season while keeping data more secure, Agar says.

“Organizations dealing with seasonality can use desktop virtualization to manage capacity and enable quick turnaround by just plugging in thin clients instead of PCs,” says Ian Song, a senior research analyst at IDC, a sister company of CIO magazine’s publisher. “There are several benefits rolled into one.”

Ultimately, Agar wants to double the useful life of H&R Block’s hardware. Thin clients from Wyse Technology have no disk drive and fewer moving parts, which means they last longer, he says. They also use less energy; Agar estimates that the thin clients are at least 75 percent more energy efficient than PCs. With no local storage on the Wyse machines, H&R Block’s operating system and applications are refreshed every day upon log-in to the corporate network.

Technology Lockdown

Two years into the project, which is expected to last four to five years, Agar says he wishes he could move faster. He has deployed 10,000 of an estimated 80,000 seats. But because H&R Block’s business is seasonal and time sensitive, the company limits changes during tax season. Nothing can be changed from December through April.

According to the company, there are 11,000 H&R Block stores, but only 4,400 are open year-round. During tax time, the number of employees balloons from 7,700 to 100,000, and the company takes in 80 percent of its annual revenue in the five weeks leading up to April 15, Agar says. He doesn’t want to roll out new technology during that time because that could threaten the company’s primary revenue stream and the personal financial information of millions of customers. These unusual conditions “inhibit our ability to move at a rapid pace,” he says.

Agar chose Wyse in part because it bundles software with hardware, which helps the company avoid interoperability issues. He adds that he also wanted to be able to influence the product plans of the vendor he signed on with. For example, H&R Block is working with Wyse to shrink the size of the operating system to reduce the time it takes to boot up each morning.

“I wanted to control my own destiny in terms of what we needed in rollout,” Agar says.

Source