As cloud computing finally starts to become mainstream within the UK social housing sector, Kevin Doran, chief technology officer at Sovereign Business Integration Group, outlines some of the key considerations to contemplate when appraising the options for IT service delivery.
It seems everyone has their own idea of what cloud computing means, so for the purposes of this article, I’ll share what we here at Sovereign think of as ‘cloud’. Cloud computing currently falls into three discreet categories:
Infrastructure as a Service (IaaS)
- Compute, network, storage, power and data centre services available on demand, operated by a specialist provider
- Self-service or operator-serviced
- Hosted off-premise
- Provider owned and maintained
- Shared or dedicated
Platform as a Service (PaaS)
- Includes IaaS
- Provides software tool stack to end-users
- Self-service development and deployment
Software as a Service (SaaS)
- Includes IaaS
- Applications, often available on demand
- Hosted externally, owned by provider
- Licenced for use to end-users by a variety of methods (as with non-SaaS)
Following the path well-trodden in other sectors, housing providers are looking at cloud as part of a broader strategy to deliver what the sector needs in terms of cost savings, value for money, efficiency of operations and improved availability of systems. Some of the benefits include:
- Expenditure switched from large-scale capital budgets to ongoing operating budgets;
- Better utilisation of computing and shared services, reducing costs;
- Improved ability for ‘elastic’ infrastructure – scaling on demand;
- Less business downtime, improved operational processes and change management, and better responses to service failures;
- Staff deployment from traditional infrastructure management to more value-adding tasks and services, such as business and systems analysis.
There are several different ways to get your ‘cloud’: private cloud; public cloud; community cloud; and hybrid cloud. The reluctance by housing providers to deploy public, rather than private cloud services is an understandable caution regarding sensitive data residing on shared infrastructure, despite reassurances on the sophistication and reliability of security arrangements through software solutions and architecture design. However, a private cloud is dedicated (unshared) by definition and therefore offers none of the economic benefits of a shared infrastructure.
For this reason, Sovereign has established a Housing Cloud – a community cloud for its housing sector clients – which offers the financial benefits of a shared infrastructure while ensuring that only those with a similar sensitivity of data and associated security requirements are sharing. A community cloud feels instinctively safer for a traditionally risk-averse sector.
What generally needs to be considered?
- Data theft – a breach of regulatory governance and reputational damage
- Data loss – e.g. through accidental or malicious deletion
- Account hijacking – e.g. through malware imports and ‘denial of service’ attacks
- Insecure APIs – e.g. an interface on one tenant (of the shared cloud infrastructure) could open a vulnerability to all tenants
- Abuse of cloud services – e.g. the demand on services of one organisation is detrimental to the performance experienced by others.
Mitigation – top considerations
First stop – is the cloud right for me?
- What are the software implications? Will the application providers support a cloud-based installation? Not all software licenses are portable
- Does my current network have sufficient capacity and resilience? Cloud services are dependent on WAN. Hence the WAN must meet the availability and performance needs; this can be expensive, especially for many (larger) locations to support.
- Are we using desktop virtualisation (thin-client delivery)? Cost and performance is usually much better when using a virtualised desktop solution to deliver cloud-based services.
- Are my applications and data secured to the right level of governance standards in the cloud?
- Can I retire some traditional applications? Reducing the number of applications managed in the cloud may reduce operational overheads.
Other recommendations I would make to any housing provider considering cloud include:
- Buy wisely: do due diligence and choose your partner carefully, examine financials and on-going growth trends.
- Consider: what would happen to my data if the worst case happened? Are there backup and DR processes in place, and tested regularly?
- Be wary of cheap: check contractual terms, penalty clauses, rights of termination as the cheapest is often not the best value and there may be good reasons for a low headline cost.
If nervous, go gradually and learn lessons along the way. Here are a few areas where cloud should deliver easy wins:
- Development/test environments: these are typically temporary, with sporadic use and therefore lend themselves well to a non-dedicated infrastructure. The ability to commission new servers and databases quickly, and to shut them down equally fast, should prove very cost-effective.
- Disaster recovery: as an alternative to replicating to secondary infrastructure located off premise but managed in-house, those with a virtualised environment can commission online back-ups in the cloud. This is a lower risk entry level to cloud computing relative to deploying elements of the production (or live) environment.
- Remote access services: cloud deployment enables a Martini approach to service availability – anytime, anyplace, anywhere. By definition, cloud providers should have excellent network connectivity, supporting a mobile and flexible workforce.
- New business or new services within existing organisations: we are seeing an increasing variety in off-the-shelf, cloud-based applications such as CRM, intranet and email services. These can be deployed quickly, delivering benefits much faster than traditional on-site application delivery.
- Services with highly volatile demand: a traditional on-site infrastructure and applications set must have sufficient capacity to cope with maximum demand. Not so cloud services, which can be scaled up and down to cost-effectively match peaks and troughs.
Finally, and most importantly, select your cloud provider carefully. The sensitive nature of the data held, and the need to offer sustainability in services means that housing providers should consider commissioning not just a remote, faceless entity but a strategic partner.
Thoroughly investigate the organisation’s approach to: data integrity; infrastructure security; data encryption; location of data; and back-up methods and routines.
Reliance on 3rd-party supply chain
Do they own their own data centre? This is a key advantage, as it means everything is within their control, offering maximum flexibility and responsiveness. There are also fewer links in the chain to break. Beware the ‘white label’ – some cloud operators offer a comprehensive service from a single source which in reality is a stable of services offered from multiple sources delivered under a single contract. While this provides a single point of contact, your partner is reliant on others in order to deliver its service to you. How comfortable would that feel? By contrast, a simple and shallow supply chain usually offers the lowest risk and greatest flexibility.
Where do the services actually sit, and how are they operated? Don’t be afraid to ask searching questions; as a minimum, expect to see highly robust DR policies and procedures, with evidence of external validation through accreditation and testing, and check the supplier lock-in period.
Establish beyond doubt the most feasible and cost effective methods of exporting and managing your data when in the cloud. If you need to extract your data at short notice, how will that happen and at what cost? Crucially, have they invested in implementing a culture of rigorous data security?
Return on investment
Select a partner who understands the housing sector and is more likely to be able to work with you to build the business case for investment, to describe the business impact and value of deployment via the cloud.
Take time to understand the provider’s staff structure. Who will you be dealing with? Establish who’s in charge of which areas. Question the organisation’s approach to working efficiently; how closely do they deliver according to established best practice in data centre operations? This is likely to be an indicator of how they react during the course of the partnership.
The cloud is growing in popularity. It offers clear benefits – so be open-minded to take advantage. It comes with risks – which can be mitigated. Therefore, identify the right cloud service to go with at the outset. Crucially, pick the right partner, go and see the facilities for yourself, and if you need to – take advice.
Kevin Doran is CTO of Sovereign Business Integration Group.