Just as with outsourcing before it, cloud will not fix underlying operational complexity, according to Richard Blanford of Fordway
The costs of using public cloud are continuing to fall as providers increase capacity and improve their security capabilities. And cloud promises many benefits which are extremely appealing to public sector organisations wrestling with tight budgets, including a transfer of costs from CapEx to OpEx, limitless capacity, almost total flexibility, and increased efficiency.
However, that does not mean cloud is the solution to every IT issue.
Once an organisation has got rid of its in-house infrastructure and staff, it will have to use whatever the cloud provider offers, unless it undertakes another migration. This is likely to be time-consuming and risky, and will bring further interruption to day-to-day activities. Many public-sector organisations are still suffering from the results of the trend to outsource their IT, and no-one wants to see a repeat of that scenario with cloud.
Any move to cloud – and indeed any major infrastructure change – should be driven by a ‘compelling event’. This could be anything from the need to upgrade key applications, to replacing core infrastructure, or relocating a datacentre.
But the response to such an event should not be an immediate move to cloud.
Organisations first need to get their own house in order by reviewing and optimising their existing infrastructure, applications, and processes before making any major changes. Most will have complex infrastructures – built up through many valid, but separate, decisions – which consume a large amount of resource and cost while providing little business benefit. If this is not addressed and rationalised, they will have an unnecessarily complex environment that will be expensive to operate and is unlikely to achieve the benefits desired from the change.
This is one of the key reasons outsourcing failed to deliver on its promise.
In most cases, the outsourcers simply took on the existing infrastructure and contracted to manage it, using the existing staff. No wonder it was often referred to as ‘your mess for less’. Simply transferring an existing service to cloud, without first reviewing its fitness for purpose, will negate many of the potential benefits.
A good place to start is a business and IT alignment review to ensure that the organisation has accurately defined the service levels it requires for the key operational processes that IT supports and fully understands their cost, performance and availability implications. We find that many organisations operate their IT without defined and agreed service levels, or have defined service levels, but no way of measuring them to ensure they are being met.
Armed with a definition of what services are needed, it is time to decide which services can usefully be provided by, or hosted on, public cloud, or alternatively migrate to private cloud or optimise and retain in-house. It may be appropriate to start by configuring IT as a private cloud, helping the organisation get more from its existing resources, and make any mistakes on the organisation’s own terms. There may be an opportunity to extend the life of existing infrastructure by moving disaster recovery to cloud, which can be a very useful first step in a journey to cloud.
Commodity services, such as email and user productivity, and where suitable SaaS options exist, can then be transferred to public cloud. Organisations may also choose to hand over responsibility for areas where they lack in-house skills. They need to consider whether they simply want capacity and equipment to be provided by a third party, or would like management too.
Some services can and should run in public cloud, some in private cloud, and some should remain on-premise, creating a hybrid infrastructure that needs managing and monitoring. Every organisation should therefore retain key skills in-house to control both the costs and the security of its hybrid-cloud environment. Organisations also need to take responsibility for asking their cloud providers to deliver the appropriate levels of information security and need to measure and audit these themselves to ensure that the relevant security is applied.