embracing cloud computing · 3 table of contents figures 8 introduction 9 what is the cloud? 10...

1

Embracing Cloud Computing How to migrate your ICT Services into the Cloud

2

Ian Apperley

Copyright © 2013 by Ian Apperley.

All rights reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means,

including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the

publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses

permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions

Coordinator,” at the address below.

Registered office of Isis Group Ltd

Strathmore Park

Wellington

NEW ZEALAND

6022

www.isisgroup.co.nz

Cover image Sean Gillespie ©2013

Twitter @SeanDG Instagram @SeanDGI

www.seangillespie.org

Ordering Information:

Quantity sales. Special discounts are available on quantity purchases by corporations, associations, and others. For details,

contact the “Special Sales Department” at the address above.

Book Title/ Author Name. —1st ed.

ISBN 978-0-0000000-0-0

http://www.isisgroup.co.nz/

http://www.seangillespie.org/

3

TABLE OF CONTENTS

Figures 8

Introduction 9

What is the Cloud? 10

“The Cloud” 10

Cloud Deployment Models 10

Cloud Opportunity 17

Introduction 17

Traditional ICT Model 17

Value Proposition Characteristics - The Future State 17

Cloud Targeting 19

Introduction 19

How to Group ICT Services into Clusters for Cloud 19

Graduated Complexity 19

Legacy Systems 21

Introduction 21

Advantages of Legacy Systems 21

Issues with Legacy Systems 21

Cloud Legacy System Migration Options 22

Back Office Systems 23

Introduction 23

Advantages of Back Office Systems 23

Issues with Back Office Systems 23

Back Office System Migration Options 24

Supporting Systems 25

Introduction 25

4

Advantages of Supporting Systems 25

Issues with Supporting Systems 25

Supporting Systems Migration Options 25

Common Cloud Misconceptions and Roadblocks 27

Introduction 27

How to Manage Risk 27

The Technology is Unproven 27

The Two Evil Stepsisters; Privacy & Security 28

Maturity of the Enterprise 28

Loss of Control 30

Network Performance 30

Vendor Lock In 30

Cloud Washing 30

Cloud will fail 31

Data Sovereignty 31

Other Barriers to Adoption 31

Cloud Readiness 33

Introduction 33

Governance 33

Consider 33

Internet Edge 33

Consider 33

Single Sign On 33

Consider 34

Complete an ICT stock take 34

Consider 34

IT Management vs ICT Service Management 34

Consider 35

Revolution not Revolt 35

Consider 35

Cloud Service Design 35

5

Consider 35

Early pitfalls, traps, and mines 37

Consider 37

Standardise, Virtualise, Consolidate 37

Consider 37

Selection of Cloud Providers 37

Transition to Cloud – Project Plan 39

Introduction 39

Define 39

Assess 39

Design 41

Select 42

Government Specific Notes 42

Integration 43

Implementation 44

Operate 47

Control, Adapt, Evolve 47

Cloud Reference Architecture Lite 48

Introduction 48

Cloud Definition 48

Reference Architecture Lite 48

A platform 48

A presentation layer 49

Security and Privacy (Identity) 49

Integration 49

Data 49

Service Resilience 50

Deployment 50

Operation 50

The Future of Cloud 51

Summary 51

Gartner 52

6

Forrester 56

Cloud Playbook Summary 56

Further Reading 59

IDC 60

IDC Cloud Decision Framework 60

ISIS Group Ltd 61

Introduction 61

The Cloud War will continue 61

Small to Medium Business will challenge enterprise 61

Some traditional Global ICT companies face extinction 61

Tax 62

The rise of integrators and brokers 62

Security, Privacy, and Data Sovereignty will drive new innovations 62

Big Data 63

Smart Cities 63

The Internet of Things 63

Balkanization of the Internet 63

The Death of the Data Centre Cloud construct 66

Other Trends 66

Cloud Service Delivery Framework 67

Introduction 67

Cloud Service Strategy 67

Build Components 68

Challenges, dangers, and The Golden Pony 69

Service Design 69

Build Components 70

Challenges, dangers, and the role of Architecture 70

Service Transition 71

Service Operation 71

Continual Service Improvement 72

The Bare Minimum - Global Service Levels 73

Global Service Levels 73

Summary 75

7

Appendix A – Risk & Assurance Sample Model 76

Introduction 76

Bibliography 79

Glossary 81

Further Reading 84

Acknowledgements 91

Index 92

About the Author 94

8

Figures Figure 1 - High Level Timeline of Cloud Provider Selection ................................................................................................. 38

Figure 2 - Gartner Cloud Hype Cycle .................................................................................................................................. 52

Figure 3 - Gartner Priority Matrix for Cloud Computing ...................................................................................................... 54

Figure 4 - Forrester Future Look ......................................................................................................................................... 57

Figure 5 - Forrester Business Impact Model ........................................................................................................................ 58

Figure 6 - ITIL Service Organisation Chart .......................................................................................................................... 68

Figure 7 - ITIL 7 Step Improvement Process ........................................................................................................................ 73

9

Introduction

This book deals with the migration of ICT services to the Cloud. Potentially risky, costly, and time intensive given that each

ICT system is an evolved eco-system that has been largely defined by the company that it services. It is defined by the life

of the company, the developers, the changing business rules, the wider ICT eco-system that it exists in, the architecture,

age, and a host of other factors that standard off-the-shelf back office software and the new breed of “Born in the Cloud”

services.

The book is broken into various sections that will assist you with planning and migrating to Cloud. We start with the

definition of Cloud services and the opportunity that the present for business. We look at how to select ICT Services for

Cloud transition and the various types of ICT services that we will move along with high-level options for migration.

Then we look at all of the risks, roadblocks, and traps that Cloud presents before starting on readying our business and ICT

organisation for Cloud along with a sample Risk & Assurance Model for Cloud. After that we look at the move to Cloud in

more detail laying out a high-level project plan to move services and a brief Cloud reference architecture to assist with

design.

To finish, we look at the future of Cloud from the perspective of three analysts and the author himself. We also look at how

to build a Cloud Service Delivery Framework so that the business and ICT organisation have a foundation to operate and

consume Cloud services into the future.

Cloud is a maturing ICT service across the globe that requires careful planning to avoid the minefields that exist in its

uptake and deployment.

Through the last twenty years ICT services have tended to develop and evolve into one of three areas; standard off-the-

shelf applications and infrastructure potentially heavily integrated into the enterprise, bespoke legacy systems that are

often deployed on non-standard hardware, middleware, and software that are largely developed by the enterprise, and

new ICT services that are pure “Born in the Cloud, having been born there and developed there as opposed to the

enterprise.

The book focuses generally on enterprise scale companies. Those that are in excess of two hundred or more staff. These

are companies that are most likely to have complex, bespoke, legacy systems, and larger ICT services.

This is a guide to moving any ICT service into Cloud or taking up a new service, regardless of the size of your company. It is

written for any member of the ICT Organisation who wants a better understanding of the factors and processes of moving

to Cloud services, from the CIO to the Service Desk.

The actual move of the ICT service to a Cloud environment is a small part of the overall process. The planning makes up the

large part of the move. Investigation, design, process re-engineering, risk management, project management, education,

business cases, handover to production, and other planning make up approximately eighty percent of the migration.

Cloud is disruptive. As well as the opportunity it presents, it also is a significant threat. As the large, global ICT providers

move toward Cloud as the whole of their service offering, those who don’t plan a path to Cloud in the next few years will

find that they are left behind.

10

What is the Cloud? Sources: (Wikipedia, Cloud Computing, 2013) , (National Institute of Standards and Technology, 2011), (Haukioja, 2013)

“The Cloud”

The Cloud is seen as a reformation in the delivery of ICT Services. Other major evolutionary steps in the past few years

have included the distributed ICT model, the Internet, and some would argue, Social Media.

The Cloud reflects a paradigm shift from capital / asset centric delivery of services to delivery of services as an operational

expense, analogous to a utility such power or water.

Cloud computing has the potential to deliver significant benefits in a number of areas. These include both quantitative

financial benefits and qualitative benefits related to service quality, timeliness and consistency.

There is a time factor to the uptake of the cloud that represents a potential risk to ICT Services. It is expected that within a

few years that the majority of large, global ICT services companies will only deliver their services via a cloud model.

That means that as well as the opportunities that cloud brings today, it brings a risk that if the enterprise does not position

itself for a potential environment where the majority of its ICT services can only be delivered via cloud, then it will fall into

an ICT backwater where services become increasingly expensive and ability to change and adapt ICT services in total, will

be slowed or impossible.

Cloud computing is a term used to describe services that are:

- On-demand.

- Elastic.

- Operating cost vs Capital Cost.

- Share resources.

- Provide portability.

Cloud Deployment Models

Cloud comes in four general models though a fifth is emerging.

The four accepted Cloud Deployment Models are:

PRIVATE CLOUD

This is a cloud that is deployed for the exclusive use of a single organisation. As a result it is a cloud that can be most

customised and controlled, while it has the lowest economy of scale.

COMMUNITY CLOUD

This is a cloud that is shared by a number of organisations with common needs. It is less able to be customised, is

potentially more secure, and has greater economy of scale than a private cloud.

An example of this could be multiple enterprises within a company group sharing a single instance of Microsoft Exchange

in order to deliver email services.

PUBLIC CLOUD

This is a cloud that is available to anyone via the Internet. It is the most commoditised, has the greatest economy of scale,

and the least amount of control.

11

An example of this could be Dropbox

HYBRID CLOUD

This is a cloud model that comprises a mixture of public, private, and / or community clouds. It has the advantages of other

models however is likely to be the most complex and difficult to manage.

EMERGING – CONSUMER CLOUD

The consumer cloud is loosely defined as any cloud service that an individual can access and pay for as opposed to an

organisation. It is likely that this model will strengthen as we see the slow move from the organisation defining an

individual’s identity as opposed to the individual being recognised as a valid and authorised identity in their own right.

There are many examples of this type of cloud; iCloud, Google Drive, Evernote, Amazon Cloud Drive, Outlook, SkyDrive,

to name a few.

This is the primary area where we see the opportunity, and risk, of bring your own device (BYOD) arise.

CLOUD SERVICE MODELS

It is important to note that when we use the word “service” in context with cloud it relates to the ICT services that can be

delivered from a cloud service as opposed to the method and process by which those services are managed, i.e. ITIL.

Cloud service models are then:

- Infrastructure as a Service (IaaS) – a provider supplies raw computational capacity (memory, processor, storage)

and the customer is responsible for everything that is delivered from that infrastructure.

- Platform as a Service (PaaS) – a provider supplies computational capacity, an operating system and middle-tier

software components. The customer is responsible for the application and any client access devices.

- Software as a Service (SaaS) – a provider supplies computational capacity, operating systems and the application.

The customer is only responsible for the client access device.

- Network as a Service (NaaS) – capability provided to the cloud service user is to use network/transport

connectivity services and/or inter-cloud network connectivity services. NaaS involves the optimization of resource

allocations by considering network and computing resources as a unified whole.

- Storage as a Service (StaaS)- a business model in which a large service provider rents space in their storage

infrastructure on a subscription basis. The economy of scale in the service provider's infrastructure allows them to

provide storage much more cost effectively than most individuals or corporations can provide their own storage,

when total cost of ownership is considered.

- Security as a Service (SECaaS) - a business model in which a large service provider integrates their security

services into a corporate infrastructure on a subscription basis more cost effectively than most individuals or

corporations can provide on their own, when total cost of ownership is considered. These security services often

include authentication, anti-virus, anti-malware/spyware, intrusion detection, cryptography, and security event

management, among others.

- Data as a Service (DaaS) - a cousin of software as a service. Like all members of the "as a Service" (aaS) family,

DaaS is based on the concept that the product, data in this case, can be provided on demand to the user

regardless of geographic or organizational separation of provider and consumer. Additionally, the emergence of

service-oriented architecture (SOA) has rendered the actual platform on which the data resides also irrelevant.

This development has enabled the recent emergence of the relatively new concept of DaaS.

- Database as a Service (DbaaS) – hosting of a Database within the cloud.

- Test Environment as a Service (TeaaS) - sometimes referred to as "on-demand test environment," is a test

environment delivery model in which software and its associated data are hosted centrally (typically in the cloud.

- API as a Service (APIaaS) - is a service platform that enables the creation and hosting of APIs (application

programming interfaces).

12

- Backend as a Service (BaaS) - also known as "mobile backend as a service" (MBaaS), is a model for providing web

features such as user management, push notifications, and integration with social networking services and mobile

devices.

There are a number of other services that have emerged and matured, or emerged and died. Generally, the three top-level

services are; IaaS, PaaS, and SaaS.

CLOUD READY CHARACTERISTICS

Characteristic Notes

On-demand self-service End user can manage their own services, via a portal or tool, with no human interaction required.

Broad network access Services are available over any network and consumed in standard ways on standard devices. (e.g., mobile phones, tablets, laptops, and workstations).

Resource pooling The provider’s service is a shared (multi-tenanted) architecture that the end user does not have control of except in the broadest terms.

Rapid elasticity Services can be rapidly provisioned and decommissioned by the user.

Measured Service Services are a “pay-as-you-go” and “pay-per-use” model. Usage can be controlled, reported, and monitored in order to provide transparency for both the provider and end user.

Supports IaaS Infrastructure as a service

Supports PaaS Platform as a service

Supports SaaS Software as a service

Supports XaaS “Anything else” as a service. I.e. Desktop, Voice, and Database.

Supports Private Cloud Single tenant model.

Supports Community Cloud Multi-tenant model.

Supports Hybrid Cloud Integration with other Cloud services the end user may consume outside of the IaaS.

Supports Public Cloud Allows for Public Cloud services to be delivered.

Heterogeneous In order to reduce provider lock-in it is important that any service is built on technology that is heterogeneous.

13

Auditable The service and its components are able to be audited by an agreed authority utilising a common standard. I.e. CoBIT.

Standard Service Delivery Lifecycle

The service and its components are managed by an agreed service delivery lifecycle utilising a common standard. E.g. ITIL.

Standard Service Levels The services have common service levels. For example, Platinum, Gold, Silver, and Bronze.

Common / Open Toolsets Tools for the monitoring, measurement, and performance of the service are common and open.

Common Architecture The service is built on a common architecture.

Workload Portability The service has the ability to be moved from provider to provider or provider to private, controlled by the end user, at will. This is an emerging characteristic.

CLOUD READY HIGH LEVEL SERVICE PRINCIPLES


Commoditised Services have value to the consumer, are of uniform quality, (as distinct from capabilities), and could be delivered by multiple suppliers. From one service consumer’s point of view, services providing more or less the same capability are consumed as utilities – complexity is fully hidden from the consumer and use of the service is intuitive.

Configurable not Customisable Services are pre-packaged in terms of the capabilities the service delivers. Services are configurable but not customisable. Configuration is a capability provided by the service, whereas customization requires a change to the actual service.

Augmentable Services are able to be augmented, meaning that the service provides capabilities allowing additional capabilities to be introduced without changing the service itself.

Technology Independent Services are independent of underlying technology. Independence is achieved by way of interoperability, open standards, and formats.

Device Independent Within the constraints of a device’s physical capabilities, services are able to be consumed on any device (tablet, mobile smart phone, PC).

Transportable Service workloads are able to be moved between different Cloud deployment instances, i.e. between community and private instances.

14

Compliant Services comply with known and accepted standards.

Discoverable Services are able to be “advertised”, promoting awareness of the service’s existence and key information, such as capabilities, to potential consumers.

Well-Defined and Understandable

Services are expressed by way of capabilities delivered not functionality. The service’s capabilities are well-defined, allowing easy evaluation and comparison by the consumer, and understandable by the consumer irrespective of their technical knowledge.

Secure Delivery Services are delivered in a manner that complies with standard security models, architectures, and tools.

Secure Content Information (in the broadest context) accessed and manipulated (in any way) via the service occurs in a way that complies with information security requirements as defined by the organisation or company.

Reliable Consumers can be assured that the service is available when required and meets agreed and defined service levels.

Scalable Consumers can be assured that performance will continually meet agreed and defined service levels.

Measured Services are able to be measured against their service levels.

Subscription / Usage Consumers are charged on a subscription or usage basis.

On-Demand Services are able to be measured against their service levels.

Self-Provisioned Services are able to be configured by the consumer (defined as someone with the financial authority to do so.)

Self-Configurable Services are able to be configured by the consumer without the need for service provider involvement.

On-Line Services are accessible via the Internet.

Self-Managed The service is able to be managed and monitored by the consumer without the need for service provider involvement.

Self-Supported Sufficient resources are available on-line by which the consumer can self-support without the need for service provider involvement.

Re-Brandable The service is able to be re-branded / white labelled.

15

Graceful Retirement The consumer is able to gracefully de-provision the service and be assured that all information (broadest context) associated with the consumer's ’se of the service is able to be extracted and, if required, removed.

16

IMPACT ON APPLICATION DEVELOPMENT


New Services The Cloud provides an entirely new range of programmable (primarily web) services. For the application this provides opportunity and complexity. For example, Single Sign On services to a Cloud service provides ease of use for the enterprise, increased security, however integration is likely to be complex and challenging.

New Platforms New platforms are emerging in the Cloud services space that provide opportunity (such as elasticity) and challenge (such as the movement off proprietary onto open platforms).

New Development Environments Changes in development platform will have a significant impact on coding, testing and deployment. Opportunities present themselves in terms of scalability and cost.

New Architectures Developing applications that can scale exponentially will require changes in development approach. For example, scaling web-front end to manage millions of instances or building to manage a DDoS1 attack.

New Partners & Evolution of Existing Partners

In order to leverage Cloud development, you may need to pick new partners. In addition, in order to transition Legacy systems, you will need to ensure existing partners are evolving to Cloud themselves.

1 Distributed Denial of Service

17

Cloud Opportunity Introduction

Cloud represents opportunity and threat. This section deals with the opportunities that Cloud present against the

traditional ICT model that is pre-Cloud. These opportunities are often used as the basis for business case planning for the

move of ICT services to the Cloud environment.

Traditional ICT Model

Current state ICT service delivery is characterised by the following:

- Siloed; information is not easily shared or reused.

- Capital Intensive; enterprises build, support, and maintain their own capital equipment, which must be periodically refreshed at a high cost.

- Inflexible; enterprises find it difficult, and costly, to respond rapidly to legislative, market, or technology change. - Complex; enterprises have tightly integrated, often bespoke solutions with high maintenance and operational costs as

a result. - Duplication of administrative effort.

- Limited standardisation or use of common solutions.

- Current solutions do not meet business needs in the most cost effective or productive way.

- Over capitalised; in order to cater for ICT demands, such as end of year processing, the enterprise must purchase for peaks. This often means an over provisioning of infrastructure to cater for very short periods of high usage.

- Traditional; investment in enterprise ICT mainly supports existing functionality as opposed to improving service.

- Small in economy of scale; an enterprise in isolation has limited economy of scale in purchasing and provision of service.

- Proprietary; enterprises frequently find (often due to their age) that legacy systems are built on proprietary infrastructure, operation systems, databases, and potentially virtual environments.

Value Proposition Characteristics - The Future State

- Operational cost oriented; deploys “pay-as-you-go” basis. Costs are easier to control and pass on to consumers of a

service.

- Demand driven; the enterprise only pay for the capacity it consumes.

- Agile; service, system, and environments are able to be commissioned quickly, and decommissioned quickly.

- Consolidated; significant reduction in duplication of effort via consolidation.

- Able to leverage economies of scale; this appears as cost reduction. Cloud providers can offer significant cost reduction

compared to traditional given their massive scale.

- Innovative; investment and resource is freed up to innovate.

- Standards compliant; standards compliant approach enables greater re-use, service portability, and choice.

- Cloud computing offers opportunities to realise savings, or improve services, at all levels of the technology stack.2

- In addition to lower costs, outcomes will include qualitative or intangible downstream benefits resulting from improved

efficiency and agility, greater sharing and less duplication of effort.

- Risk reduction; enterprise’s ICT services fit into the new delivery model of Cloud and away from the technical cul-de-

sac of the traditional model.

2 Those opportunities lower in the stack are sometimes simpler to realise without high transition costs (due to the

greater levels of commoditisation that occur lower in the stack).

19

Cloud Targeting Introduction

The next three chapters deal with grouping of Cloud services. It is likely that you will end up with a hybrid model as this is

the most common Cloud deployment type in the world today.

How to Group ICT Services into Clusters for Cloud

If you look at your organisation’s ICT Services, they can generally be broken into three categories:

1. Legacy Systems (The Golden Calculator)

These are the bespoke, core applications that a company has invested in heavily over time and are often non-

standard, complex, much customised applications that are very difficult to migrate to Cloud. Usually built on

proprietary systems they tend to be the “Golden Calculator”, the very ICT services that underpin the company.

2. Back Office Systems (Near and Dear)

Highly integrated systems that are reasonably standardised, for example Email and Document Management

systems. More easily able to move to Cloud, however can often be integrated with the Legacy Systems making

this a greater challenge. These are ICT services that are “Near and Dear” to us.

3. Supporting Systems (Flexible Services)

Supporting systems are largely services that are of less importance to us and these generally are standardised.

Most often these are the supporting environments that we need to do development and testing.

Graduated Complexity

The following table shows the difference between a small to medium business versus an enterprise in terms of ease of

migration to Cloud services. Services that are at the top of the table are easier to move to Cloud and as you move down to

the bottom of the table, the complexity increases.

Small to Medium Business Enterprise

Email Environmental sandpits

Office Tools Testing environments

File Services Development environments

Disaster Recovery Archive (last tier storage)

Software as a Service Disaster Recovery Data

Voice Office Productivity

20

Any Legacy Systems Email

Software as a Service

Legacy Systems

21

Legacy Systems Sources: (Wikipedia, Legacy Systems, 2013), (Thomspon, 2011)

Introduction

“A legacy system is an old method, technology, computer system or application program that continues to be

used, typically because it still functions for the users’ needs, even though newer technology or more efficient

methods of performing a task are now available.”

Legacy Systems tend to have several major characteristics. These are:

- Critical. Legacy systems tend to be the “golden calculator” of an ICT system. For example, the core financial and billing

system, the core GIS system, the calculator that defines tax rules, or the center of all other ICT services.

- Aged. They are old in terms of systems often created at the point where a company came into existence or during

some reformation of an enterprise.

- Bespoke. Even if the system started as an off-the-shelf application at some point, it has evolved to a point where it no

longer resembles the original mainstream product.

- Proprietary. As a result of the bespoke nature of the system, legacy tends to have a high-degree of reliance on

proprietary systems whether infrastructure, operating system, database, virtual layer (if any), middleware, and end-

point applications.

- Integrated & Tightly Coupled. Due to the bespoke nature of the legacy system and its usual seat at the center of ICT it

is likely to be heavily integrated and tightly coupled to other services.

Advantages of Legacy Systems

There are some advantages to legacy systems:

- They work. Due to the investment in the system one of the compelling reasons to retain them is that they simply work.

- Total control. The enterprise has total control and ownership of the system.

- Known quantity. Cost, resource, change, service and other ICT elements are readily understood and manageable for

the system.

Issues with Legacy Systems

There are a number of challenges with Legacy Systems:

- Complexity. As a legacy system evolves organically, often over years, its complexity can increase to the point where

even reverse engineering is a difficult proposition.

- Ageing infrastructure. It is not unusual to find legacy systems homed on ageing, and proprietary, infrastructure. The

risk of remaining on that infrastructure can be high, operationally, and expensive.

- It is critical. Service of the legacy system can be difficult due to its critical nature.

- Intellectual Property Silos. As a system ages into legacy, it is not unusual to find that there is a very small group of

people left who actually understand it.

- Vulnerabilities. In some cases legacy systems are aged to the point where they are not patched or protected against

known vulnerabilities.

- Integration. As time passed, integration with newer systems becomes increasingly difficult, which means the use of

complex middleware, or worse, the creation of bespoke interfaces.

22

Cloud Legacy System Migration Options

Cloud is one option to manage legacy systems into an enterprise’s future and it comes in various options. This section

looks at the high-level options that are open to manage a transition of legacy systems to a future state.

Option Notes

Full Replacement This option sees the entire legacy system being replaced, whether in a “big bang” or phased approach whereby the new service is built entirely on Cloud whether it is public, private, community or hybrid3.

IaaS Port This is a transition step that sees the underlying infrastructure replaced. Generally this ports the entire infrastructure, regardless of operating system, onto an IaaS service. This reduces the impact of underlying infrastructure issues and risks.

PaaS Port This is an option that replaces the infrastructure, operating system, and virtualisation if it exists with a standard Cloud platform service. It retains the database and application layers, however moves them onto PaaS.

SaaS Port Depending on the nature of the legacy system there are some companies that will take your entire stack over to their Cloud service and sell it back to you as a pure SaaS service. This is one step removed from a full “As a Service” model.

AaaS Port This is a combination of outsourcing and Cloud management. Effectively an outsource company with Cloud capability can take all of your infrastructure (often the entire data centre), move it to their premises, and sell this back to you as an integrated service, including Cloud. The company becomes responsibility for the development, management, and deliver of the service however they choose with the enterprise managing it via standard outsource methodology. This is known as “move and migrate.”

3 Most legacy system Cloud transitions are to a hybrid model.

23

Back Office Systems Introduction

Back Office Systems tend to have several major characteristics. These are:

- Off the Shelf. Back office systems, even at an enterprise scale are likely to be off the shelf, standardised products.

- Modern. Back office systems are likely to be more modern than their legacy counterparts and are more likely to be

updated frequently.

- Supporting versus Critical. Back office systems tend to be less critical than legacy systems, however, using email as an

example, they are still very important.

- Integrated. Most back office systems are coupled to the legacy systems in some way, for example, document

management.

- Known capacity. Generally, Back Office systems are less open to fluctuations in demand and capacity can be readily

planned for.

Advantages of Back Office Systems

There are some advantages to back office systems:

- They work. They are an off the shelf standardised product that is market tested and just works.

- Low investment requirement. These systems are fighting in a very competitive market, this drives down costs.

- Known quantity. Cost, resource, change, service and other ICT elements are readily understood and manageable for

the system.

Issues with Back Office Systems

There are a number of challenges with Back Office Systems:

- Integration. Often Back Office Systems are loosely coupled to legacy systems, this can pose challenges to an

organisation when either system requires change. It can be a problem when moving to Cloud services, such as software

as a service, because the mapping of interfaces, their design, and subsequent deployment can be complex.

- One size may not fit all. In some cases a back office system can be limited in its functionality, particularly once it

becomes a Cloud service, and this reduce its usefulness.

- No control. As this is an off the shelf product, you get what the software company develops.

- Near and Dear. These systems are highly transactional in nature, which means that when selecting a Cloud provider,

they need to be near to us to keep latency low.

- Options to migrate are limited. Most often sold as Software as a Service, options are limited for migration.

24

Back Office System Migration Options

Cloud is one option to manage back office systems into an enterprise’s future and it comes in various options. This section

looks at the high-level options that are open to manage a transition of back office systems to a future state.

Option Notes



SaaS Port This option moves your data into a SaaS offering leaving you to decommission the back office systems once the move is complete.

25

Supporting Systems Introduction

Supporting Systems tend to have several major characteristics. These are:

- Non-critical. Supporting systems often sit on the edge of the ICT eco-system. Designed to support future changes they

are most likely to be development and testing environments. These are less critical by nature.

- De-coupled. Because it is likely to be sandpits and other non-production services, they are unlikely to be coupled to

legacy or back office systems.

Advantages of Supporting Systems

There are some advantages to legacy systems:

- Total control. The enterprise has total control and ownership of the system.

- Allows for experimentation with Cloud. Environments can be cloned and used as test beds for Cloud migration.

- Less requirement for latency. Because these are not usually highly transactional systems, they can be further away

physically.

Issues with Supporting Systems

There are some challenges with Supporting Systems:

- Fluctuating capacity requirements. The nature of the supporting systems means that is it difficult to predict expansion

and contraction.

- Less process. Supporting systems tend to have less process around their management.

Supporting Systems Migration Options

All options are open in terms of migration in addition to some that do not exist for legacy or back office systems.

Option Notes

Experimentation One of the best options for companies to start into Cloud is by cloning development or test environments and migrating them to the Cloud to experiment with. There are many Cloud brokers who will, for a minimal fee, establish sandpit environments for organisations, so, the opportunity to access and have direct experience with Cloud is easy.

Full Testing By migrating the test environments into Cloud, you can test how your back office and legacy environments are going to work.

26

Full Replacement The supporting systems can be ported directly to Cloud, whether in a “big bang” or phased approach whereby the new service is built entirely on Cloud whether it is public, private, community or hybrid4.



27

Common Cloud Misconceptions and Roadblocks Sources: (Apperley, 2013), (National Institute of Standards and Technology, 2011), (New Zealand Institute of Information

Technology Professionals, 2013)

Introduction

The reality is that for most of the ICT world, Cloud Computing is a new service. We see this in global trends with the United

States only stepping into Cloud in a meaningful way this year, carefully, while other countries are still in the education and

investigation cycle.

With all new technology comes misconceptions, concerns, fear, uncertainty, and doubt, which collectively can stall an

enterprise thinking and cause roadblocks. Cloud is no exception to this, in fact, of all modern ICT technology it is probably

the one that suffers the most from this effect.

In order to transition to Cloud, we must understand it and as practitioners be educated so we are ready to answer these

concerns and manage real risk.

How to Manage Risk

Before we get into the concerns with Cloud computing it is worth noting how risk should be managed. There are three

steps to this process with Cloud. Let’s use Security as an example:

- Objectively review your own security today using a checklist. It is not uncommon to find that security infrastructure is

ageing, that software is not entirely up to date, that the intrusion detection systems are only monitored nine to five,

and that your ingress and egress points are visible to the public. Buy a penetration test if you can afford it. The point

being that you need to understand, factually, what level your security is at today.

- Next, apply the same test to your Cloud provider. Ask your Cloud provider to answer the checklist you created in the

first step. Ask your Cloud provider to come and specifically present to you on their security measures. Ask them for a

list of their other customers. This allows you to objectively match what you do today, with what the Cloud provider has

available.

- The last step is to write that up into an objective risk document. It should show your security level today and the

associated risks versus the security level you will have if you take up the Cloud provider’s service. This then becomes

the factual, objective, position that you can lean on whenever the security issue comes up.

The outcome you are looking for is a decision that is based on factual, objective, well-understood information as opposed

to the opposite. You will hit this again and again through a transition project, so it is worth creating the templates and the

process up front to deal with it.

The Technology is Unproven

This is an older concern that has persisted for the past two or three years. It says that the technology is new, bleeding

edge, unproven, and as such, risky.

The reality is that the technology itself is quite old, the service delivery mechanism is new, and Cloud computing itself is

quite mature. While the technology is going through a phase of extreme marketing, it’s been around in its current form

since 20065 and as a concept since 1950.

5 When Amazon launched EC2.

28

The risk here is less about the technology itself and more about the management of it. Cloud computing demands a

different approach to ICT Service Management and this needs to be managed as a risk in any transition project.

The Two Evil Stepsisters; Privacy & Security

This is probably the most widely held risk about Cloud services, along with Data Sovereignty. The risk is that by placing our

data into the ubiquitous Cloud, it will be less secure and as a result you will be more likely to suffer a privacy breach.

Security and privacy are two separate things:

- Privacy is a business (non-ICT) responsibility that is often placed onto the ICT organisation due to a lack of education. It

is the responsibility of the business proper to categorise their data from business operations into levels of privacy. This

should be a functional requirement for the build of all ICT services that handle data.

- Security is the method by which both the business and ICT organisation protect privacy. We only care about ICT so we

can say that security is the toolsets that ensure the privacy requirements, that the business have documented and

agreed, can be safely met.

I would argue that security in the Cloud is likely, in most cases, to be better than what the enterprise does themselves

today given the massive economy of scale that allows providers like Amazon to bring security and frameworks that are

extremely strong. We know that the CIA for example trusts Amazon enough to have purchased $615 million USD of

services from their Cloud.6

Further, the rise of encryption gateways, homomorphic encryption, and tokenization will further secure Cloud services to

an almost impenetrable level.

Enterprises can have as much security as they can afford.

A word of caution, it is worth creating a security list as part of your Cloud risk and assurance process to ensure, objectively,

that the Cloud service you are buying will meet your requirements. A sample check sheet is included in Appendix A.

Maturity of the Enterprise

This is a risk that is often missed and is critical to manage.

Cloud services are not just about compute power. The way they are delivered and managed is critical.

For example; if you choose to buy a SaaS product from the United Kingdom and you live in New Zealand then what

happens when it fails? From the user picking up the phone to call the service desk through to the management of that

event with the provider needs to be understood and process put in place to manage it.

Another example; how do you manage the performance of the Cloud service provider month on month from a contractual

perspective against stated service levels?

Service Design is a key component of any transition to Cloud with legacy services.

It is not unusual to find enterprises that want to take up Cloud services but require transformational work in ICT Service

Delivery before it is safe to do so.

As we work through the planning for transition of your legacy service, you will see the various elements that are important

to be in place prior to deployment.

6 At the time of writing this deal was subject to a lawsuit between IBM, Amazon, and the CIA.

30

Loss of Control

More of a cultural reaction than an actual risk the older IT Department (vs the newer ICT Service Delivery Organisation) will

raise this as a concern. This is far less to do with the Cloud service model and much more to do with letting the go of the

reigns of the old “command and control” style of IT management.

The reality is that with careful planning and design, most organisations will find they have increased control.

Cloud services usually come with a slew of monitoring and management tools along with “single pane of glass” portal

control. In addition, the provision and decommission of service is far more rapid than the traditional model. Contract

terms, if there are any, are easier to manage. The “only pay when you use it” model allows for much better cost control and

if necessary, internal enterprise billing.

Network Performance

This is a clear risk, particularly if you live in a country where bandwidth is low and latency high. In the United States and

United Kingdom we know that the bandwidth is very high and cross-city, county, state, and country latency is low. The

cost of the network is low.

However, in countries like New Zealand and Australia, due to poor, or slow, investment in ICT network infrastructure,

bandwidth can be expensive, slow, and due to wide geographic distribution of the population, latency can be high.

When you are consuming services from a Cloud provider this is the one area that is worth carefully managing through

investigation and design. The best Cloud service in the world could cripple your enterprise if it is slow, unresponsive, and

unreliable.

In the case of legacy services, it is often better to find a Cloud provider close to you physically, if you suffer poor national

infrastructure, then deploying dark fibre or other high-speed connections directly in a private Cloud model.

Vendor Lock In

This is a real risk that needs active management during the design stages, however, it is worth noting that vendor lock-in,

in some cases, is an advantage.

The risk states that if you move your ICT services to Cloud then you will be at the whim of the provider that you choose. In

some cases, which we will get to, this is true, however generally, this is not the case.

As the war by Cloud providers for the enterprise dollar has increased, they have become more open, more standardised,

and more agnostic. With careful selection of your Cloud providers, you will be able to move workloads and data between

them. In the future, we know that the large providers are likely to have a single Cloud market that allows you to move your

workloads around the world to get the best price for your money that day.

There are Cloud providers that you will find yourself locked into. For example, Oracle provides one of the largest,

proprietary, SaaS offerings on earth, as does SAP. For an organisation that has committed to and invested heavily in either

of those technologies, there is still advantages to moving into that service.

Cloud Washing

Less of a risk today but still something to keep an eye on, Cloud washing is the re-selling of services that are not Cloud,

under the Cloud marketing banner.

31

All Cloud services meet the characteristics described in earlier chapters. Where the Cloud provider does not meet those

characteristics, the enterprise should be very wary. Utilising information such as the NIST definition of Cloud Computing

and New Zealand’s offering to the Cloud world, the Cloud Computing Code of Practice, will help manage this risk.

Ultimately, as part of your planning, you will build a risk and assurance model that will help you select Cloud providers

appropriate for your enterprise.

Cloud will fail

This is a valid risk. We have seen all the major global Cloud providers have an outage in the past months.

However, this is a risk that needs to be objectively measured, like security, against what service your ICT organisation

delivers today.

While Amazon may have had an outage of minutes on its storage in the past five years (they guarantee 99.999999999

uptime with some services), how much time, including maintenance (which you will never see in a Cloud), has your

enterprise suffered?

Data Sovereignty

Often confused with both privacy and security, data sovereignty is the risk associated of where your data is stored

physically. Specifically, it is about which country (legal jurisdiction) your data is in.

This is ultimately, a question for the enterprise legal team and a decision that your executive should be making. Data

sovereignty is far more about the law than the Cloud service itself. However, it is not always easy to get this risk right.

For example, in New Zealand, the Inland Revenue Department (tax), requires that all tax records be stored on shore.

However, we have tens of thousands of New Zealand companies that use Xero, a New Zealand Cloud company that sells

accounting software where all data is stored in the US.

If you examine the letter of the law. It says that you must be able to recreate your tax records in New Zealand. That means

that as long as you keep all the paper, despite the fact I use an overseas Cloud provider, you am compliant.

Having a conversation with your legal department is the best approach to this risk.

Other Barriers to Adoption

Component Notes

Skill shortage Resource is scare and it will cost enterprise to buy it. This will be material not only in the investigation stage, but also in the subsequent stages. Project, programme, and transition managers with Cloud skills are few and far between.

Complexity The cloud service required may be overly complex. This is particularly true for legacy systems.

Vendor lock-in Vendors see the Cloud eating into their sales as the world moves from an infrastructure-centric investment pattern to a service based model. Vendors will seek to retain their customers with the legacy investment pattern by locking them into proprietary systems that are not heterogeneous thereby increasing the complexity of a Cloud solution while reducing the economic benefit.

32

Investment cycle If an enterprise has recently invested in infrastructure, legacy systems or outsourced services then the time to cycle to a new service, such as Cloud based, could be years.

Integration ICT systems in the enterprise are often tightly coupled with each other using a mixture of middleware and other transport tools. Integration is then a complex problem where one or more of those systems are moved out of their environment into Cloud.

Commercial agreements

Enterprises may be bound by contracts or other commercial and legal agreements that forbid the uptake of Cloud services for a period of time.

Government policy Government policy may forbid the use of certain Cloud services.

33

Cloud Readiness Sources: (Apperley, 2013), (Forrester, 2012)

Introduction

In order to start the process of moving legacy systems to Cloud based services, some preparatory work is advisable.

Effectively Cloud Readiness allows you to gauge how close you are to being able to transition to Cloud services, regardless

of the service.

In a project framework, this could be defined as the investigation stage. The information that is gathered here is needed

for the future stages of the transition process including design and Cloud provider selection. Cloud readiness is not just

about legacy systems, it’s a pre-requisite for all Cloud service uptake.

Governance

Governance is how the ICT organisation will manage the relationships with Cloud Providers, the enterprise, other ICT

suppliers & partners, Cloud Brokers, and external customers. The movement of legacy systems into Cloud will require

changes to your governance as a result.

I can’t stress this enough. Governance is King. Understanding this and building an appropriate governance structure will

allow you to move forward regardless of challenges.

Consider

- Documenting your current governance structure.

- How your current governance will change when legacy systems are moved into Cloud.

- Resolving the data sovereignty issue with your executive now.

- Creating a Risk and Assurance Framework that allows you to start thinking about how you will select Cloud providers.

Internet Edge

Moving legacy systems into the Cloud will impact the edge services that you have today and significantly alter your

network traffic patterns.

In addition, security comes into play at this point. Defining your security requirements is critical to the success of the

transition.

Consider

- Updating your Security Policy or creating one if it does not already exist.

- Capacity planning for the Internet edge in terms of bandwidth, latency, availability, reliability, reducing single points of

failure, and quality of service for specific services.

- Now is the time to consider using encryption engines.

- Create a design document utilising this information and start building.

Single Sign On

34

In order to provide security and a good experience for your user community, single sign on is necessary. Rather than the

customer having to remember multiple user names and passwords for your various Cloud services, single sign on utilises

their credentials once, so once logged into your enterprise can then access what they are entitled too.

Consider

- Creating a design for single sign and a federated model.

Complete an ICT stock take

In order for Cloud providers, partners, developers, and other ICT stakeholders to assist with Cloud, they will require a lot of

information.

The ICT stock take needs to collate what is likely to be asked for by stakeholders for the legacy system design process and

ongoing management.

Consider

- A complete list of all the ICT assets. Including software, hardware, and access to a Configuration Management

Database (CMDB) if available.

- A list of all your enterprise and solutions architecture documentation, particularly in reference to your legacy systems

and the interoperability of services. This is critical.

- Network maps and information.

- Internet service levels that the ICT organisation has agreed to deliver to their customers. This often appears as a set of

SLA’s that define, service be service, metrics such as reliability, availability, recoverability, and the like.

- A total cost of ownership for your ICT services. While not mandatory, when it comes time to create business cases to

move your ICT systems, this information is material to an executive making a decision that they will see in monetary

terms.

- Documented support processes for the ICT organisation including event & incident management, service desk

processes, problem management, and other core support maps.

- Policies. Security in particular, but any other polices that the ICT organisation holds.

IT Management vs ICT Service Management

This is a “soft” requirement, as is the next section, however can be important depending on what state your organisation is

on this spectrum.

IT Management represents the older “command and control” structure that existed (and still exists) whereby the IT

organisation is largely in charge of delivering what they think is the right thing for their customers.

ICT Service Management is the end result of moving from IT Management to one where the ICT organisations is effectively

a “broker of services”, including Cloud, for their customers. They have service level agreements with the business proper

and are find technology to act as an enabler for business direction. Often, ICT Service Management is underpinned by an

industry standard such as ITIL7.

7 ITIL is a hotly debated set of processes. There are two points with ITIL. The first is that it’s a common language. So when you have many partners and providers of services, you all speak the same language. The second is that it is not all mandatory. Picking the processes that you need rather than throwing the manual at the ICT organisation is a pragmatic way to pick the parts that work for you.

35

Forester has noted in recent studies that “the gap between the ICT organisation and the Business has never been greater.”

There is a risk with Cloud that the business proper, if it sees the ICT organisation as a road block, will simply procure

services directly, often with disastrous results. This is known as “Shadow IT.”

Consider

- How you can be seen as a broker of ICT services to your customers rather than an old IT department that controls their

user tools.

- Benchmark what you do today against an industry standard such as ITIL.

- Pick key processes that support the broker service model and implement them.

- Don’t try to reach a higher-level of maturity in your first few months. Start slow and evolve.

- Create a service catalogue for your customers with one to four service levels that describes the experience they will

receive.

Revolution not Revolt

Change scares people and Cloud represents the largest change to the ICT industry since the development of the Internet

itself. This is a journey that you have to carefully take your ICT organisation on. Older style IT organisations will naturally

be wary of Cloud and sometimes be very outspoken about why it is not an option.

This will appear as critical, unfounded, subjective analysis of Cloud services and their providers along with unqualified fear,

uncertainty, and doubt.

In earlier sections we’ve covered the barriers to Cloud and how to manage risk.

Consider

- Education. Teach your ICT organisation about what Cloud is.

- A champion. Give a senior ICT Manager the role of Cloud champion.

- Examples. Show your ICT organisation practical, pragmatic, working examples of Cloud.

- Sandboxes. You can stand up sandboxes in the Cloud for minimal cost. Do this and allow your ICT organisation access

to experiment with them.

- Cloud is inevitable. Most large ICT organisations are moving to a full Cloud model in less than five years. That means

that eventually services will only be able to be procured and consumed via Cloud technology.

Cloud Service Design

Cloud Service Design starts to push into the actual mechanics of a programme of work to transition your legacy systems,

however you can start a little early with it and complete it in detail as part of the programme or project.

It is critical that you engage your architecture teams, if you have them, to support this activity. If you don’t have architects,

look to a partner for assistance.

Consider

- Catalogue management.

- Service level management.

- Capacity management.

- Availability management.

- ICT service continuity management.

- Information security management.

- Supplier management.

36

- Understand how Cloud will change your operating model.

37

Early pitfalls, traps, and mines

There are a number of areas of risk in the initial Cloud planning stages. These risks can be managed up front through good

planning.

Consider

- Cost savings. There is often a high expectation that moving to Cloud will save a lot of money. This is rare. It should save

money, however the cost of getting to Cloud is the same as any other transition project. Set expectations on cost

savings early.

- Cloud will still fail. Just like everything, Cloud will still fail, however, statistically if fails less than other models. Those

failures will have to be managed as all ICT services failures are.

- It’s still your risk. You still have to manage security, risks, environments, operations, and all the other daily ICT

administrative tasks depending on how much of the technology stack you have given over to the Cloud provider.

- Capacity Management is critical. Failure to manage the elasticity of Cloud services can result in running up costs very

quickly. There is still an operational cost to Cloud that must be managed via capacity planning.

- Educate yourself. Understand what Cloud is, inside out. Not only will this prepare you for the coming transition, it will

also make you a very marketable commodity in a market that is suffering a distinct lack of Cloud specialists.

- Consider the move from a capital spending regime to one of operational spending. Capital will drop, however

Operational will likely increase. This model does not suit all enterprise types and needs to be talked through with the

accountants early on.

Standardise, Virtualise, Consolidate

Assess your current infrastructure in order to determine where you are in terms of the architectural readiness to move to a

Cloud platform. This is a critical step as it will identify work that needs to be completed prior to any Cloud uptake. It is not

mandatory, there are services available that will support moving your legacy system in whatever state it currently is.

Consider

- If your ICT system is operating on a proprietary platform, consider re-platforming it to an open and standardised

service.

- Virtualise your ICT system to a standard will be an immensely powerful step in terms of Cloud readiness. The ability to

move workloads from your environment to a Cloud provider will be significantly easier if you are virtualised.

- Consolidation is an entirely optional step to consider. As you virtualise and move toward Cloud, you can decommission

behind you.

Selection of Cloud Providers

This section is optional for two reasons. The first is that you may have already selected your Cloud provider and the second

is that it is geared particularly to government sector which has stringent probity requirements.

This is a standard timeline of high-level milestones, utilising some of the information gathered in the Cloud readiness

exercise.

38

Timeframe

Figure 1 - High Level Timeline of Cloud Provider Selection

39

Transition to Cloud – Project Plan Sources: (Rhoton, 2013), (Bentley, 2010), (Mateos, 2011), (The Efficiency & Reform Group, 2011)

Introduction

This section deals with the process of creating a project to manage the transition of your legacy system to the Cloud, or

any Cloud service for that matter. It is based on a number of different methodologies, which are listed in the sources. The

template is generic enough that it can be modified to fit most project methodologies.

We’ve already covered elements of the project in the material and you will see reference back to those chapters. The

project is split into define, assess, design, select, integrate, implement, operate, control, adapt, and evolve. These can be

shorted to a more traditional model, which is; investigate, design, deploy, and operate with a stage gate between each

that would likely take the form of a business case.

Define

We’ve largely covered the define stage in the preceding chapters. Define needs to cover topics such as:

- The creation of a Cloud strategy. A simple strategy that the executive to front line staff can understand that is signed

off by the business proper.

- What is Cloud? More importantly, what is Cloud for your company? It differs between enterprises and it is important to

create a definition that can be understood by the company board of directors down to front line staff.

- Provide an overview of the Cloud Architecture including defining the different kinds of Cloud deployments, standards

& interoperability, and the overall Cloud ecosystem and topology.

- Each of the Cloud deployments, Infrastructure as a Service, Platform as a Service, and Software as a Service, need to

be extrapolated out and understood. This is also a time to understand which specific Cloud services, such as Amazon or

Rackspace may be of interest for the ICT system move. Thought can be given to staging, whether the infrastructure is

moved first, or if the entire ICT system can be moved onto a Platform as a Service in entirety.

This section ends with a broad definition of what Cloud is and the potential target Cloud services that may be targets for

your legacy system along with a request to fund the Assess stage.

Assess

The assess stage, at a broad level, is the thinking that allows for the business case to be created in order to move to future

stages. Again, we’ve already covered a lot of this in our earlier thinking.

- Outline the benefits of Cloud, along with the challenges. We’ve covered benefit and risk in preceding chapters.

- Assess and understand your current platform on which the legacy system resides. Is it proprietary? Will it need to be

standardised and potentially replatformed first? Is it virtualised?

- Complete analysis on the strategic impact of moving your legacy service to Cloud. Does it align with the Information

Systems Strategic Plan (or similar), does it have implications for your technology roadmap, does it have an impact on

your business strategy? How does Cloud support all three?

- Assess risk formally. Establish the risk register for Cloud and bind it into the overarching Enterprise Risk Management

process. Understand and document what risks both moving, and operating, your legacy system in Cloud brings.

- Analyse how the financial model will change. Costs will move, broadly, from Capital to Operational. The finance teams

need to understand the impact of that model change on the way that ICT operates. Consider resource costs, return on

investment, and changes to the asset base. Benchmark your TCO today, and model your TCO post legacy system

transition.

40

The assess process must seek to understand where the ICT organisation is in relation to the rest of the business

organisation and if Cloud services are appropriate to the support of the business moving into the future.

These are some of the components that an enterprise can also consider prior to the move toward consuming Cloud

services. Not all are mandatory, but all are desirable.

Component Notes

Business demand on ICT

ICT demand needs to be empirically measured against business growth and direction. Where demand is increasing opportunities to support that growth may be satisfied by Cloud services.

Cloud services tipping point

At some point in the near future all new applications are likely to be delivered via Cloud services regardless of location. As time progresses, Cloud services will replace existing technology on the desktop and device. The ICT organisation must understand their ICT service lifecycle and when those tipping points occur in order to reduce the risk of being left with expensive legacy systems. This will likely drive the uptake of Cloud services far more than anything else.

Service Maturity As an ICT organisation do I know what my ICT Service Schedule is that I deliver to the rest of the enterprise? Is it measurable? Are their service levels agreed with my business? Is there a strong Service ethos? If there is not, then this must be built before ICT can evaluate Cloud services against existing services in terms of delivery.

ICT Culture It is an anathema for internal ICT stuff to relinquish control to external providers. How mature is the ICT organisation and how much change will be required to bring about the cultural changes required to support the inevitable people change that will come?

Cloud disruption to traditional roles

Cloud services allow the business to buy external services (shadow IT) with little or no interaction with the ICT organisation. Business leaders will push fast for what they see as agile functionality that is delivered at speed in deference to the need for risk balance and accurate compliance. ICT must have a strong relationship with the business, sourcing staff, developers, providers, development managers, other agencies, and CFO’s in order to ensure that a balanced path is taken underpinned with clear communication and strong leadership.

Consolidate, virtualize, transition, transform

The standard process for moving to Cloud services is recognised as consolidate, virtualise, transition, and transform. Consolidate data centres and infrastructure footprint. Virtualise and further reduce footprint. Transition services and transform your ICT. Where on this path is the ICT organisation?

Target services Over time it is likely that new applications and services will be delivered via cloud. ICT organisations should recognise that with their suite of ICT services today, not all will be transitioned or should be. Services need to be analysed and targeted on a case by case basis to understand the value in a move to a Cloud based platform.

Cloud economics It is necessary for an enterprise to understand in detail the economy of Cloud services. As a general rule, moving to Cloud services does not save the money that the business thinks it will. ICT organisations must understand, and model, their business costs or ICT. ICT organisations must model Cloud services costs against that operating model. This model must be industry standard and stable.

41

Performance analysis ICT needs to understand the performance profile of its services, particularly the application layer. This allows for profiling of that service against a provider’s Cloud offering in order to ensure it is scaled correctly and economic.

Business modeling The costs of ICT should be passed onto the organisation as the consumer. It is important that as part of the investigation into Cloud services a strong business model is built, agreed, and implemented in order to ensure the true cost of Cloud, and ICT, is understood and managed.

Business strategy ICT must understand the long term roadmap for the organisation and seek to investigate how Cloud services can support that roadmap at a business unit level.

Cloud in its place Cloud is an eventual replacement method of delivery for ICT services as well as an opportunity to support the organisation in its goal. It is not all or nothing. Cloud is another service that forms part of the overall ICT Service Schedule, when appropriate. It is important to consider Cloud service as part of an overall portfolio. Build Cloud into your ICT roadmap.

Beware cloud washing

ICT organisations need to understand that repackaging old services by moving them into a vendor datacenter is simply cloud washing and has little value. Cloud services have customer autonomy, excellent economies of scale, are commoditised, are standardised, are automated, are flexible, and are managed appropriately. Understand the business elements that Cloud brings when evaluating offers.

Executive understanding

Cloud is confusing. The ICT organisation must ensure that the executive understands what it is, how it is measured, the benefits it brings, the complexity, and the steps to unlock that potential. Without a full understanding and support at a senior level unlocking the opportunity that Cloud presents will be very difficult.

Functional requirements

It is imperative that any service that is transitioned to Cloud is equal to or better in terms of functionality of the existing service. This requires functional mapping and analysis of target services.

Non-functional requirements

Any ICT organisation transitioning services to the Cloud model must understand and agree their non-functional requirements with a provider and their customer, the business. As a minimum service levels should be established for the following non-functionals: Capacity, scalability, performance, security, availability, reliability, recoverability, and usability.

Business process re-engineering

Each transition from an internal or outsourced provider, to a Cloud service will require careful business process mapping to ensure that the move is seamless.

ICT maturity & standards

A strong ICT organisation is one that is founded on industry standards in order to deliver services to a business. ICT is no longer in charge of ICT, ITIL and CMM allow for ICT to adopt a service based ethos at a very mature level if necessary. In order to interact with providers and companies outside of their own, ICT must speak a common language. That common language is standards based.

This section will end with a request for finance to fund the design phase.

Design

42

This is a comprehensive step that will require a great deal of business analysis and supporting architecture design.

- Now is the time to assign the Business Analysts to create the formal requirements for the project. Depending on the

nature of your ICT system, this could take some weeks or months. It is a critical step because the requirements that you

define will drive the selection step, what provider you use.

- The architecture team, utilising as standard Cloud reference architecture, need to create business process models, an

overall architecture model, and a high-level design.

- This section will allow you to narrow down on your approach. See the chapter on ICT service migration options as a

reminder. Effectively the design should provide options through staging (which is effectively a hybrid cloud model)

through to a full SaaS port.

- Costs should be starting to become apparent at this stage and will be refined in the next stage.

The section ends with a request for funding to finance the select stage.

Select

Traditionally this phase is concerned with target selection for Cloud services, i.e. if I look at all of my ICT services what is a

good target to move into Cloud, or retire while I take up a new Cloud service.

This stage then is about selecting the best option for our service. Whether it is a hybrid solution, or full SaaS, or the

decommission of the ICT system with a transition to an entirely new product.

This can be run as a request for proposal, where you take all of your requirements including your high-level design and

previously gathered collateral and ask the market for options, which you can then score and select. That is the approach

we will take in this section, you should note, you can replace a “go to market” approach by working with your existing

partners or even your internal ICT organisation. It largely depends on your end solution the legal and contractual terms you

are required to work within.

- You should by now have a very clear view of your ICT system. As part of the Cloud Readiness you will have gathered all

the various information that you need to work with to start selection. All of that information will be required by any

companies that respond to a proposal.

- As per the Timeframe in Cloud Readiness, set out a simple plan to gather your requirements, sign them off, package

them into a request for proposal (or similar), finishing with signoff for release to the market (if required).

- Your high-level design will provide a wide target solution for responders.

- Those companies will come back with proposals and you need to score and weight them. That means that you need to

create a set of selection criteria that you release as part of the proposal. It’s critical to get this right first time as any

subsequent changes could force you to go back to the market, given that is an expensive exercise, its better to do some

good planning up front.

- If you are NOT going to market, then you need a strong architecture and business team to create the solution that will

be passed to the next stage.

At this end of this stage you should have chosen a provider you can work with and / or have a detailed solution you’ve

created yourself. The next stage, integration, is complex and critical.

Government Specific Notes

There are some peculiarities to the government environment that are worth highlighting.

- If you are in Government, you are more than likely going to be forced to go to market given the probity rules. Plan for

it. Do not underestimate the length of time this will take. Use the Timeframe as a guide for selection time.

- If you can avoid it, then you can work with existing partners to create the target Cloud design, which will reduce the

time to integration and then deployment.

43

- The Cloud market within government is relatively immature. IaaS is well established, however PaaS and SaaS are still

new. Be very cautious of the government offerings, they can be the least mature of all Cloud services available and

while it is evolving Cloud, it is happening very slowly.

- Lastly, I recommend the use of a broker for any offshore services whether Azure, Amazon, Rackspace, or similar. Those

three Cloud providers are now global so they are a good option, particularly if you live in outlying countries. However,

asking your ICT organisation to work in isolation with one of those providers is a significant challenge. It is much better

to pick a broker who can work between you and the Cloud provider, someone who has experience with them. It is well

worth the overhead in cost.

Integration

Now that you have chosen your Cloud provider and solution, you’re going to need to do a block of work on integration

prior to deployment. This is not insignificant, however if you have the information from your Cloud Readiness work and the

proceeding stages, you are in good shape to complete this step.

The steps in this stage will again be dictated on the original design and target solution. I.e. IaaS, PaaS, SaaS, or Hybrid. We

assume that it is a full transition of your ICT system to SaaS. You can remove the components that you don’t need if you

have chosen a hybrid or other solution.

You’ll now need a complete end-end-design. Consider the following areas to cover as mandatory:

- Complete technical design. Choose a standard reference architecture, which can be used as is, or as a guide to your

own process.

- Consider what devices are going to attach to your service. Will you allow any device or only company devices?

Understand that mobile and “bring your own device” (BYOD) are on the rise and it is likely that you will need to offer

this to your user community at some stage. Now is the time to plan for it, if not actually deploy it.

- Network connectivity. This is obviously critical. If you have completed Cloud Readiness then your Internet Edge

requirements should be known, if not implemented.

- Consider physical infrastructure that will NOT be Cloud based. For example printers and point of sale systems. These

will need to be integrated.

- Management, metering, and billing design and acceptance should be made at this step.

- If you have a chosen a hybrid model, consider your integration at this point and ensure it leaves you open to moving to

a different model at a later date. I.e. you may start with IaaS, how do you ensure that what you buy or build can be

upgraded to PaaS and possibly SaaS at a later date?

You’ll need to establish or agree some standard service levels for the end solution.

- I would strongly recommend that you integrate any Cloud service into your own standard operating levels. If you don’t

have them, create them. This is a standardised set of service levels; Platinum, Gold, and Silver that describe to your

customers what service they will get for each ICT system. There are freely available models available for this purpose.

- Set service levels for availability, reliability, and recoverability as a minimum. We’ll get to security as a separate item.

Availability is the times of day that the service will be available, reliability is the amount of time the service is up during

those hours (expressed as a percentage), and recoverability has two metrics; restore time following a failure and

acceptable data loss.

Security continues to be the biggest roadblock to enterprises taking up any kind of Cloud services. This is an area that does

need to be treated cautiously given that your ICT service is likely critical to your organisation.

I would recommend, that as part of your Risk and Assurance framework described in Cloud Readiness, you have a specific

section with detailed metrics on security. There is an example of this in Appendix A. Specifically ensure that you cover:

44

- Network security, any telecommunications security, physical security, data location, application security, access

control, federation, active monitoring (i.e. intrusion detection) and access to security audits (such as penetration

testing results).

- Ensure the service meets your internal security policy.

There is an emerging service that is worth considering at this point, which is cryptography. It is now possible to put a

cryptographic engine on your Internet edge that will allow you to process your data in encrypted form within most of the

major Cloud providers. This means that the Cloud provider will never have access to anything other than your encrypted

data. This places a reasonable overhead on the cost of your project (between 10 and 20%), however for sensitive data, is an

excellent option. Tokenization is also available to assist with privacy and data sovereignty.

The next section is implementation, the actual physical and logical deployment of your legacy system to Cloud.

MOVE AND MIGRATE

One of the options open to organisations is “move and migrate.” It is an option that I have seen several customers

undertake with great success.

- A tender is put out to the market asking for services as described, also expressing that the enterprise wants to get rid of

its infrastructure and data centres.

- A local Cloud provider is selected.

- The Cloud provider buys all of the infrastructure from the enterprise, which uses that money to part fund transition.

- The Cloud provider literally picks up all the infrastructure in the enterprise data centres and moves it into their own

Cloud service.

- The enterprise customer receives all services back via a Cloud model. The Cloud provider is now responsible for all

infrastructure and in cases I have seen, application development.

This is a good model for the smaller enterprise, however the potential downside is that it’s an all-or-nothing model. I.e.

Every ICT service is transitioned to the Cloud.

Implementation

This is usually the part of the process that fails. If it does, it will be often spectacular as you find yourself stuck between

your old legacy service and your new Cloud service.

Governance, as we have seen earlier, is King. Without good governance the risk of transitioning your legacy system is

increased exponentially.

- Establish a formal project or programme structure using a standard methodology. Do not cut corners. Do not use any

kind of “Agile” methodology. You are moving the heart of your enterprise into the Cloud and it’s a risky proposition.

- Projects and programmes normally fail for one reason, the members of the group think it is a job that they can do via a

board meeting once a fortnight. It’s not. The definition of a programme is the establishment of a temporary business

unit that is an extension to your current structure with the express purpose of carrying out that work. It’s a new job.

- You need a sponsor that is active, interested, and well plugged into the executive of your enterprise. Better yet, you

need a sponsor that is part of the executive.

- Choose a project manager with plenty of demonstrable project success in this area. They will be expensive, however

they will be a factor to success.

- Test test test and test some more. This is not always possible with Cloud transition of legacy systems. However, if you

can move some develop and test environments into the Cloud provider early, it will ease the path of the production

service.

- Migration planning and execution will be entirely based on the solution you have chosen.

45

Manage your staff and contractors. The move of an ICT system to Cloud will significantly impact your people, do not

underestimate the effects.

- Communicate communicate communicate and communicate some more. Make your project board meetings open.

Distribute information. Assign champions to spread the message.

- Retrain early. It is inevitable that new technology will be introduced to support the Cloud service. Train your people

early, don’t make the mistake of trying to train them during implementation.

- Watch stress levels. During implementation and into the next stage, operate, your people are going to have to work

long and hard. Particularly post implementation. Do not make the mistake of shutting your project down early.

The following table summarises the elements of transition to Cloud that are important, though not all mandatory.

Component Notes

Sponsorship With sponsorship at an appropriate level, preferably with a dedicated8 Senior Responsible Owner9 the transition will fail.

Programme or Project management

It is essential that the transition of any service from existing source to a Cloud based service has the full support of the ICT and wider organisation. The size of the structure would be determined by the size of the service transition.

Transition management

Depending on the size of the transition this may be a requirement for the enterprise. This can be delivered by the provider in most cases. If the enterprise is embarking on a long period of transition from internal ICT services to Cloud then this role should be employed as a full time resource.

Integration management

As the service moves through transition to a Cloud based service integration with existing ICT services becomes paramount. This is complex and integration covers both the technical aspects as well as the business processes impacted. A large programme of work will require an integration team to manage this process.

Enterprise architecture

The move from an internal ICT service to a Cloud based service requires enterprise architecture oversight to ensure that all intellectual property is maintained, artifacts are updated, and no decisions occur that give rise to issues with other aspects of the enterprise architecture. If an organisation is moving on a path of heavy Cloud sourcing then a full time resource is recommended.

Security management

A security resource will need to be involved to ensure that all relevant policies, practices, guidelines, and other security imperatives are complied with.

Risk management Risk must be managed during transition using a standard model. Failure to do so will lead to delays and potential risks being missed that could be critical.

Commercial management

The Cloud service may require an adjustment to existing contracts or the creation of a new ones.

8 Underestimation of the amount of time a sponsor must spend on a programme or project is common. 9 Prince2.

46

Service delivery The Cloud service will need to be integrated into the ICT Service Schedule and the customer receiving the service will also need to be managed through transition.

Financial analysis It is important to track the financial benefits of the transition.

ICT operations A full handover will be required as part of transition of any services and should be based on a pre-agreed Handover to Production checklist. This would also manage first level support arrangements.

47

Operate

If you’ve made it this far it’s time to celebrate. Your ICT system is now transitioned to Cloud in full or part, and the day to

day operations are underway. This section should largely be about enacting process that you created in early stages. If you

are not ready with these steps and processes then the first few months of the new service are going to be very difficult.

There are four components to operations that you need to establish with the team up front; service management,

administration, monitoring, and ongoing support. As a tip, earlier in the project cycle these can be defined and agreed with

your operations team via a standard handover to production document.

We talked earlier about the need for service management to support the Cloud service. This is the point where you should

now implement your service design. That administration as a minimum should include processes for:

- Moves, adds, and changes (MAC’s) otherwise known as service request fulfilment this also include access

management.

- Production change management. Now made more complex, particularly if you have chosen an offshore Cloud

provider. Your operations team need to have a process that informs bilaterally of intended impacting changes to

production.

- Release management. If you have moved to a full SaaS model this is critical as the Cloud provider is now responsible

for product upgrades and development.

- Capacity management. Failure to have control over the capacity of the service could have catastrophic consequences

for your finance. Some of the strongest advantages are also the highest risks. Having the ability to scale your platform

for millions of instances in seconds is a distinct advantage, however, not managing that properly is a high operational

risk.

- Availability management. Less of a concern, this will now be managed by your provider, however don’t forget that you

still own the infrastructure chain up to the provider (i.e. Internet or network edge) and it still has to be managed.

Monitoring and its connected service, support, are integral to the end experience of the customer for your now

implemented Cloud service.

- Event management is mandatory. The ability to manage any event that occurs as a result of planned or unplanned

events.

- Ensure there is a well-documented operational manual and process. The service is just like any other ICT system, it

requires maintenance and daily operational tasks.

- Disaster recovery is important. Not just from your enterprise perspective (what you do in in a disaster) but also from

the Cloud provider’s perspective (what they do in a disaster). Have a tested plan that is regularly maintained.

- Incident management needs to be in place and well tested.

- Problem management as a process becomes far more important, particularly if you have chosen a hybrid model for

your Cloud service. The number of “moving parts” is likely increased as is the number of providers the operators will be

working with. Problem management must be fast in a world with that many variables.

Control, Adapt, Evolve

These are the final three stages of your legacy Cloud system build. They are important for a variety of reasons.

- Control is the auditability and oversight of your service. It is the policy and process by which you will ensure data

privacy, answer any requests for electronic discovery, and assure the service against some kind of common standard

such as CoBIT.

- Control also involves the active managing of risk in line with your enterprise framework.

- Ensure that governance is altered to manage the service moving forward, if necessary.

- Adaptation is the process of continuous improvement for your service.

48

- Finally, the process of evolution is largely a risk type activity whereby you monitor the market, your Cloud provider, the

future of Cloud, and other strategic areas to ensure that you are safe and that you can take advantage of any evolving

technologies.

Cloud Reference Architecture Lite Source: (Haukioja, 2013)

Introduction

This section is a high-level reference architecture for Cloud. There are a number of detailed books about this already, and

this chapter represents an amalgamation of those. Again, I have covered some of this earlier in the book, so some items

are noted for completeness only.

Cloud Definition

This has been covered at the beginning of the book. As part of the reference architecture you should include information

on:

1. Cloud attributes

2. Cloud services

3. Private Cloud

4. Community Cloud

5. Hybrid Cloud

6. Consumer Cloud

7. Public Cloud

8. Cloud Maturity

Reference Architecture Lite

The reference architecture is comprised of:

A platform

This section needs to select a platform, or platforms on which your Cloud services will be based. A selection criteria should

be developed for the platform that takes into account the various needs of the ICT service. There are a number of global

platforms available currently that can help support your move into Cloud. Each comes with its own advantages and

disadvantages. As a starter for ten, these are platforms worth investigating:

Amazon

Google

Microsoft Azure

Private (build it yourself)

Intuit

Facebook

Salesforce

Engine Yard

Rackspace

GoGrid

49

There are many other providers of platforms that are also country specific.

It is worth bringing the Appendix A – Risk and Assurance Sample Model into play at this point to assist in selection.

A presentation layer

The direct interface between your users and the Cloud requires a presentation layer. Remember to consider items such as:

Browser support, now, and in the future. This is critical, particularly for SaaS deployments.

How your current clients will need to be managed from mobile applications through to company desktop clients.

Other end device support.

This is a complex piece of work given the proliferation of devices, operating systems, browser types, all with their own

particular quirks, roadmaps, and versions.

Security and Privacy (Identity)

The ugly step sisters are commonly known by the name “identity”. This section requires a significant amount of thought as

it is still the number one area that puts companies off utilising Cloud services. Ensure you consider:

Authentication.

Federation.

Single Sign on (including personalisation).

Identity architecture.

Identity service providers.

Access controls.

Application management.

This area is extremely complex, especially if you intend on a hybrid model across multiple Cloud providers.

Integration

One of the greatest impediments to the wholesale adoption of Cloud services is the lack of skilled integrators in the

marketplace. Because it touches every layer of the technology stack, it further increases the complex web that allows you

to integrate with Cloud services. Ensure that you cover:

Network connectivity from LAN, WAN, Internet gateways, mobile access, and any other content delivery

mechanisms.

Integration with your ICT services including Legacy systems, back office, and any other external Cloud systems you

have.

A data model is essential.

Consider the use of Application Integration services.

Middleware.

Getting integration right is the difference between success and failure.

Data

A section broken into three parts, this called also be called “Information.” Consider:

Storage. Capacity planning, other storage requirements, analysing the various storage (IaaS) options that are available

along with planning your interfaces, and, most importantly, defining your Information Lifecycle policies.

Relational Databases. Ensuring that these are able to be transported and supported.

Non-Relational Data. Analysis the demand for this and completing a capacity plan while ensuring that the services you

take up are fit for the type of data. I.e. Documents versus images.

50

Understanding and building for data is important for three reasons. Firstly, performance. Secondly, capacity that increases

without planning will cost you. Lastly, it drives a conversation (information lifecycle management) with your business

about what is important and what is less important. Beware the organisation that has a policy of “keeping everything.”

Service Resilience

This is an often missed component of architecture (or often ignored by the sponsors) which is critical. What happens when

something breaks? Resilience planning needs to include:

Availability. What hours must the service be up and running?

Reliability. What percentage of the availability metric must the service be reliable? I.e. 99.999% between 9am and

5pm.

Recoverability. How long will the service take to restore post disaster and how much data will be lost? I.e. Recovery

Time Objective (RTO) and Recovery Point Objective (RPO).

Elasticity. Ensure this covers vertical and horizontal scaling along with sharding particularly where high performance

burst computing is important.

These metrics in particular need to be agreed with your business as part of the architectural process.

Deployment

Largely covered earlier in the book, you should still consider these high-level processes:

Development.

Testing.

Staging.

Productionisation including:

o Release

o Data Migration

o Ongoing Release Management and Cycles

o Rollback

Operation

This is largely covered as part of the Service Design chapter in this book. However, it is worth noting for completeness the

following areas to be covered:

Configuration of the Service. Including a potential CMDB, how provisioning works, and other automation of the

service.

Administration. This covers the ICT operations of the services and needs to include:

o Portals

o Operations Processes

o Service Request Fulfilment

o Change Management

o New Release Management

o Monitoring

o Capacity Management

o Availability Management

o Access Management

When it breaks. Ensure that incident, problem, and event management are catered for.

Continuous improvement. Define the process, ensure the business is included in the circle, and keeping an eye on

the technical horizon.

51

The Future of Cloud Summary

Gartner, Forrester, and IDC have been researched in terms of the Future of Cloud. This section was researched toward the

beginning of 2013, however the guidance has remained largely unchanged in that time.

In general:

- Cloud is seen as the future; however uptake, particularly by Government, has been slow, but is increasing.

- Cloud is not about solely about saving money.

- In order to deploy Cloud services successfully a great deal of strategy, resource, and research is required.

- There is a natural process that needs to occur prior to Cloud transition. In general, at an ICT level, this is; rationalisation

of data centres, rationalisation of hardware, virtualisation, targeted research of ICT services that are likely to benefit

from Cloud transition.

- That the same natural process must occur at the business level as well. Forrester notes an organisational risk that is

relevant. That is that in their opinion “CIO’s and businesses have never been further apart in thinking.” They believe

that if the CIO does not provide leadership to the business in adoption of Cloud services then the business will do it

regardless, with less than optimal results (shadow IT).

- In order to research, design, transition, and operate Cloud services the ICT organisation must be transformed. Each of

those stages requires new resource and different organisation structures to support them.

- There is a danger of organisations buying services that have been “Cloud Washed”, that is services that are not truly

cloud but have been rebranded to be so.

- The risk profile of delivering ICT services via Cloud services is quite different to that of outsourcing or insourcing the

same services.

- Without ICT best practice in place and a basic level of service maturity supported by industry models then the

transition too Cloud will be very risky.

- There is likely a tipping point coming in the next five to ten years where organisations will be forced to use Cloud

Services as large global companies only deliver services via that channel. For organisations that are not ready this will

be expensive, disruptive, and problematic.

In short, the Cloud is here to stay and provides significant benefits to organisations provided it is very carefully managed.

52

Gartner

Gartner has an active release schedule for Cloud related information with an update at least once per quarter. The most

recent information that has been released for public consumption is the “Cloud Hype Cycle” below.

Figure 2 - Gartner Cloud Hype Cycle

Gartner effectively states that while large organisations and companies are starting to see Cloud Service as a serious

transformation technology they are not so quick to leap to consumption of that service. This would seem to mirror the

stance of governments. That is; a cautionary approach recognising that Cloud is not a fad and represents both an

opportunity and risk.

In relation to Gartner’s Hype Model Forbes notes that:

“Based on an analysis of the Gartner Hype Cycle for Cloud Computing, 2012, the best results are being attained by

enterprises that focus on a very specific strategy and look to cloud-based technologies to accelerate their

performance. Leading with a strategic framework of goals and objectives increases the probability of cloud-based

platform success. Those enterprises that look to cloud platforms only for cost reduction miss out on their full potential.”

This further reinforces that in order to engage with and consume cloud services in an effective way, a great deal of

planning, strategy, resource, and research is required to get it right. It would seem that the same rule is appearing to hold

true for Cloud as it does for outsourcing, that being; you don’t move to cloud, or outsource, to save money.

Forbes notes in summary that:

53

“Gartner’s latest Hype Cycle for Cloud Computing shows that when cloud-based platforms are aligned with well-defined

strategic initiatives and line-of-business objectives, they deliver valuable contributions to an enterprise. It also shows how

Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) are the catalysts of long-term market growth.”

There are a number of other extractions from the report that can be made:

- Virtualisation is king. Currently all virtualisation is home on x86 architectures, Gartner expects this to increase to 75%

by 2015.

- By 2015 50% of all enterprises will consume some kind of SaaS service.

- PaaS continues to be one of the least understood Cloud services. Gartner attributes this to a lack of middleware

capability in this area.

- By 2014 the personal computer will have been replaced by the [consumer] cloud.

- Big Data10 is an emerging risk and opportunity for enterprises.

10 Big Data is a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools.

54

Figure 3 - Gartner Priority Matrix for Cloud Computing

Earlier in the year a press release from Gartner predicted five Cloud computing trends that would affect strategy through

2015. In full those trends are summarised below:

- Formal Decision Frameworks Facilitate Cloud Investment Optimisation

The cloud promises to deliver a range of benefits, including a shift from capital-intensive to operational cost models,

lower overall cost, greater agility and reduced complexity. It can also be used to shift the focus of IT resources to

higher-value-added activities for the business, or to support business innovation and, potentially, lower risks. However,

these prospective benefits need to be examined carefully and mapped against a number of challenges, including

55

security, lack of transparency, concerns about performance and availability, the potential for vendor lock-in, licensing

constraints and integration needs. These issues create a complex environment in which to evaluate individual cloud

offerings.

- Hybrid Cloud Computing Is an Imperative

Hybrid computing refers to the coordination and combination of external cloud computing services (public or private)

and internal infrastructure or application services. Over time, hybrid cloud computing could lead to a unified model in

which there is a single "cloud" made up of multiple cloud platforms (internal or external) that can be used, as needed,

based on changing business requirements. Gartner recommends that enterprises focus near-term efforts on application

and data integration, linking fixed internal and external applications with a hybrid solution. Where public cloud application

services or custom applications running on public cloud infrastructures are used, guidelines and standards should be

established for how these elements will combine with internal systems to form a hybrid environment.

- Cloud Brokerage Will Facilitate Cloud Consumption

As cloud computing adoption proliferates, so does the need for consumption assistance. A cloud services brokerage

(CSB) is a service provider that plays an intermediary role in cloud computing. Interest in the CSB concept increased

last year, and Gartner expects this trend to accelerate over the next three years as more individuals, whether they are

in IT or a line-of-business unit, consume cloud services without involving IT.

To address this challenge, Gartner believes that IT departments should explore how they can position themselves as CSBs

to the enterprise by establishing a purchasing process that accommodates cloud adoption and encourages business units to

come to the IT organization for advice and support. The enterprise CSB approach can be implemented by modifying

existing processes and tools such as internal portals and service catalogs.

- Cloud-Centric Design Becomes a Necessity

Many organizations look first for opportunities to migrate existing enterprise workloads to a cloud system and/or an

application infrastructure. This approach may provide benefits where the workload has a highly variable resource

requirement, or where the application naturally lends itself to horizontal scalability. However, to fully exploit the

potential of a cloud model, applications need to be designed with the unique characteristics, limitations and

opportunities of a cloud model in mind. Gartner advises enterprises to look beyond the migration of enterprise workloads

to the creation of cloud-optimized applications that fully exploit the potential of the cloud to deliver global-class

applications.

- Cloud Computing Influences Future Data Center and Operational Models

In public cloud computing, an enterprise is acting as a consumer of services, with the cloud services provider handling

the implementation details, including the data center and related operational models. However, to the extent that the

enterprise continues to build its own data centers, they will be influenced by the implementation models used by cloud

services providers. Gartner recommends that enterprises apply the concepts of cloud computing to future data center and

infrastructure investments to increase agility and efficiency.

Sources:

- Gartner Hype Cycle for Cloud Computing 2012 - (Gartner, 2012)

- Hype Cycle for Cloud Computing Shows Enterprises Finding Value in Big Data, Virtualization - (Columbus, 2012)

- Big Data - (Wikipedia, n.d.)

- Gartner Outlines Five Cloud Computing Trends That Will Affect Cloud Strategy Through 2015 - (Gartner, 2012)

56

Forrester

Forrester has published, and updates regularly, the “Cloud Computing Playbook.” This is seen as a practical strategy, if

high-level, for organisations to reference when planning the adoption of Cloud services.

This section references and comments on the high level findings of the “Futures” section given that inclusion of the full

detail of the strategy is not practical.

Cloud Playbook Summary

Forrester notes that Cloud services are now a reality for businesses and organisations, going as far to say that Cloud

solutions are often better, particularly in the area of market responsiveness, than internal ICT services.

However in order to consume and leverage the opportunity that the Cloud offers, organisations must change. In particular,

your ICT units must change.

Cloud services are best consumed in a Hybrid model. Public, private (internal and outsourced), and community working

together in a complex model to allow best leverage of opportunity while maximising risk management.

FUTURE LOOK

The future look at the Cloud notes a number of interesting findings:

- Many enterprises are not ready to consume Cloud services.

- Cloud computing is NOT the future of IT11. “It is instead a new means of delivering IT capability that expands enterprise

service options. Even long term, you will continue to have traditional legacy systems and services.”

- The business will use Cloud services regardless of your ICT organisation.

One of the key points of this report is How Cloud services differ from traditional outsourcing which is tabled below. This is an

important piece of research, and critical distinction, which needs to be absorbed by any organisation looking at consuming

Cloud.

11 This sound-bite spawned a significant amount of media attention at the time of the publication of the Cloud Playbook that unfortunately painting Forrester as being the only analyst organisation who did not see Cloud as a long term technology, which is incorrect.

57

Figure 4 - Forrester Future Look

BUSINESS IMPACT

58

The business impact of Cloud on an organisation is significant. While business leaders see the value in Cloud services,

primarily in terms of cost reduction, the ICT organisation prefers business as usual. I.e. No change from status quo.

The reason that your ICT organisation will resist Cloud is noted as:

“Seeing external cloud services as a threat to their role, I&O professionals show a preference for in-house private clouds.

CISOs fear placing corporate data in third-party hands while sourcing and vendor management professionals complain

about negotiating contracts of SLAs.”

Forrester suggests that the CIO must take the leading role in the management of the introduction of Cloud services

striking a balance between the business moving ahead quickly and the ICT organisation dragging their heels.

This will be a significant challenge for many CIO’s.

Figure 5 - Forrester Business Impact Model

ASSESSMENT FRAMEWORK

The final finding as part of the Futures section of the Forrester Cloud Playbook heartily endorses building a strong

assessment framework before leaping to the adoption of Cloud services.

59

The reasons for this are cited as; most organisations are not ready for cloud, cloud is not the answer for everything, and

“the divide between business and IT has never been greater.”

The last reason is worth examining in full, Forrester states that:

“The business demands agility to take advantage of a recovering market, and as our surveys show, the business doesn't

think corporate IT can deliver on this need. That's why the business is increasingly turning to public cloud services and

away from you. Start with realigning your staff to fit within the needs of your overall cloud strategy.”

Sources

- The Cloud Computing Playbook - (Forrester, 2012)

- Make the Cloud Enterprise Ready - (Forrester, 2012)

- Improve Productivity with the Cloud – (Forresster, 2012)

- Assess your Cloud Maturity - (Forresster, 2012)

Further Reading

It is worth spending the time to read the entire Cloud playbook. It moves through a practical process of discovery,

planning, acting, and then optimising the services.

Business planning, strategic planning, road maps, skills & staffing, policy & procedures, capabilities, performance

management, financial management, and change management are covered in depth.

60

IDC

IDC has released research that notes while Cloud services are likely to provide healthy business benefits to organisations

that government organisations do not necessarily understand what Cloud actually is.

“Shawn McCarthy, IDC research director, said that overall progress in cloud adoption will only accelerate once agencies

increase cloud funding, knowledge and when changes in enterprise architecture start moving to the cloud.”

Further:

- IDC surveyed 400 government IT employees in late spring 2012 for its cloud report, released Aug. 6, and found that a

third of respondents lacked cloud budgeting knowledge.

- Surveyors found that local government employees were the least optimistic about cloud computing.

- IDC also [found] that 60 percent of chief financial officers are not familiar with their enterprise’s cloud strategy and 15.2

percent of agencies would dedicate one to ten percent of their IT budget to cloud services.

- Many agencies also preferred to select large IT vendors as cloud providers, according to the survey.

On the business benefits side:

‘Chris Morris, associate vice president for Asia/Pacific cloud services and computing at IDC, claimed that there has been

important changes in the way in which cloud services have been adopted over the past 12 months. "In 2011, the cloud was

seen as a very useful way to cost-effectively replace aging or augment existing IT infrastructure. But in 2012, the cloud has

taken on an additional function as a marketplace for the sourcing of enterprise IT and business services by both IT and LOB

managers."’

IDC Cloud Decision Framework

IDC has published an online tool that outlines organisations to enter metrics in order to determine whether ICT services are

good candidates for Cloud transition.

While the tool is simplistic it outlines the type of process, similar to Forrester’s Play Book, once again demonstrating that

the move to Cloud is not easy.

Elements that the framework tool examines are:

- Organisation information.

Covers the number of employees, number of ICT workers, average cost of ICT workers, the level of maturity of the ICT

organisation’s governance, the current state of the ICT services including virtualisation, and target services for Cloud

analysis.

- Other service information.

This is an extensive list that covers user locations, external parties who consume the service, performance information,

capacity planning, devices that can access the service, service levels, infrastructure types, and other detailed

information.

- IT Operations Group information.

Which best practices are being used, which service management models are being used, standard provisioning

processes, management tools, risk profile, security, encryption, integration with the business, and software licensing.

- Business assessment.

61

Capital funding models, service information in relation to business process, criticality, budgeting, and expectations of

what the Cloud may offer.

ISIS Group Ltd

Introduction

Beyond the large analyst houses views on the future of Cloud Computing, there are a number of trends and new variables

starting to emerge into the market as of mid-2013. These trends are worth watching in the coming months as the rate of

change in Cloud is still extremely rapid both from a pricing and functionality perspective.

The enterprise is still wary of Cloud, though we see increased adoption rates in the U.S., U.K., and parts of Europe, the rest

of the world is still somewhat suspicious of, or investigating, Cloud services.

This section is opinion based on several years of market scanning, talking to companies directly, and commenting in the

media on Cloud growth.

The Cloud War will continue

Amazon has dropped its Cloud pricing over fifty times in a row in the last few years. It has the lion’s share of the market

and is now challenging the older, established global ICT companies both competitively and legally when it thinks it is

getting a raw deal.

Every day sees Cloud startups and Cloud deaths in the market, the fringes of the market are cutthroat with companies

collapsing, being bought, merging, or simply vanishing overnight.

Microsoft, Rackspace, Google, and other early to market Cloud companies (which is what they are becoming, they are

changing their business model) are likely to remain and provide continued competitive tension. Those traditional global

ICT companies that do not change their model to Cloud based will suffer and become casualties of the war.

Small to Medium Business will challenge enterprise

Cloud service are most easily adopted by small to medium businesses. This gives the SMB a distinct advantage over

established companies that cannot adapt their ICT systems fast enough to compete with the very agile SMB. As yet, the

Cloud providers have not exploited this market fully, preferring to target the enterprise as a clear source of revenue.

An SMB, less than 200 staff, has the ability to rapidly deploy competitive technology by tightly managing risk in a smaller

environment. That, coupled with the “just do it” attitude of more agile executives in those companies, is starting to see the

older business model of large enterprise become irrelevant. The cost model is easily managed using Cloud as a

subscription and the SMB does not usually have to deal with older, complex, ICT systems. Cloud gives the SMB instant

access to the global market.

The large enterprise is still commonly bound by the shareholder and suffers “short terminism” thinking. An older business

model that sees focus put on every quarter rather than the long-term strategic life of the company. Worse, the margins in

a large enterprise are high, because the structure demands that everyone, including the shareholder, take a cut. The days

of an 80% margin on manufactured ICT products are over, and the SMB is going to lead the charge.

Some traditional Global ICT companies face extinction

Companies that have come late to the Cloud market, or have not yet arrived, are likely to be made extinct. Amazon,

Microsoft, Rackspace, Google, and other mature Cloud providers have assured themselves a life in the future. Many other

companies are doing one of three things, all of which are delaying the inevitable.

62

Trying to rebrand and move their product to a Cloud that they own, manage, and control. An example of this would be

Oracle, who until recently, only allowed customers to utilise Oracle Cloud, on Oracle premises, using Oracle hardware. This

was roundly condemned as non-Cloud two years ago, and Oracle has only now started to release the controls forming

agreements with Microsoft and others. However, it may be too late for them to recover.

Similarly, Hewlett Packard has been late to the Cloud market after missing the chance to trounce Microsoft and other

global players around five years ago. HP had delivered their converged infrastructure product set to market, which at the

time was a brilliant first stage for Cloud. They had reduced their number of total datacenters as well, and were well

positioned to do the next step, which was migrating their customers from internal HP hardware to HP Cloud. Instead, they

dithered, and now find themselves trying to sell that story now in a market that is very competitive.

While there is still a strong market for mainframe and high-end compute infrastructure, proprietary is being increasingly

viewed as a bad thing, and these providers will have to face the fact that the Cloud can scale almost infinitely, meaning

that large mainframe style hardware providers will slowly lose their customers.

Tax

There are moves afoot across the world, in particular the U.S., to tax the use of Cloud services. While this is still in its

infancy, it is reasonable to expect to see taxation of Cloud services both cross-border and cross-state within a few short

years.

The rise of integrators and brokers

One of the areas that is holding back the wholesale adoption of Cloud services by companies is a lack of skilled resource

coupled with a complex Cloud front-end interface. Amazon may provide the cheapest Cloud services on the planet, but

gaining access to them can be daunting for an organisation with no skills in Cloud.

This is a major challenge for Cloud providers. Bridging the gap between what their customers do today and the promise of

Cloud.

Worse, enterprises have complex ICT systems, often with old, legacy information systems at the core. These are usually

tightly coupled, often using non-standard or aged interfaces, so moving a service individually to Cloud can be very difficult.

To bridge those gaps, we are seeing the rise of integrators and brokers. An integrator providing the design work to couple

enterprise services with Cloud while providing a roadmap to get there, while brokers work as the agent of the enterprise

managing the often complex interface a Cloud service provider presents to the world.

The time of the broker will be short, five years, as Cloud providers smarten their offerings up with standardised tools and

dashboards. The time of the integrator will be long, especially as Cloud providers move to the ability to seamlessly port

customer workloads between various providers in real-time.

Security, Privacy, and Data Sovereignty will drive new innovations

Still listed as the primary reason for suspicion of Cloud is security. This coupled with privacy concerns, as a result of

perceived security weaknesses, is holding back adoption of the Cloud. Adding to that complex mix is the fear of housing

data outside of one’s country where it may be subject to laws that allow for it to be accessed by the nation state in which it

is physically housed.

This has the most effect on Government agencies across the world who are delaying Cloud deployment until these issues

are resolved.

The U.S. Government and its “Five Eyes” partners have done nothing to help the Cloud cause with PRISM and NSA

revelations of spying causing enterprises to flee with their data from the continental U.S. in favour of countries that are

seen to be safer, such as Switzerland and other European countries.

63

This is seeing a rise in innovative security systems and tools that are being specifically created to mitigate these perceived

risks.

Encryption as a standard is growing rapidly. Cloud services that are storing static data that do NOT store their customers

encryption key along with it, are increasingly popular as the provider can’t read the customer data.

For data that has to be processed at the Cloud provider (Salesforce for example), encryption does not work as the data

needs to be in its original format. Tokenization takes care of this issue and we will increasingly see this as an offering.

Tokenization also to some extent takes care of Data Sovereignty as the data technically doesn’t leave the enterprise.

Further down the track we will see homomorphic encryption, the ability for an enterprise to encrypt AND process its data

within a Cloud provider without the provider every having access to its decrypted state.

Big Data

A much marketed term at the moment, Gartner themselves have Big Data at the very top of their hype cycle, the “peak of

inflated expectations.” The idea behind Big Data is that as we add more devices to the world, we collect more data, and as

we seek increased intelligence about our enterprise, we increase data collection.

However, the actual growth of Big Data does not seem to be occurring as swiftly as expected, and again, we see a serious

shortfall in skills that are able to manipulate and turn it into something sensible. However, there are two other emerging

Cloud powered technology trends that will certainly drive the growth of Big Data in years to come.

Smart Cities

The concept of a smart (or “sensing”) city is trending. Cisco, IBM, and Microsoft are dedicating a lot of their marketing

power to the idea, ostensibly because they will benefit at the Cloud end of the idea.

Smart cities are effectively a city where real-time data, about everything, is made freely available so that companies can

innovate to create a richer, more sustainable, better living experience for citizens. For example, real time public transport

information that allows more people to see exactly where their bus or train. Or street lights that dim or switch off on public

roads when there are no cars in the area.

Smart Cities will be driven by a large number of wireless sensors embedded in the city’s infrastructure as well as ourselves.

Our smart phones for example, will tell the city how fast traffic is moving and where problems are, as well as providing

localised information that may be relevant.

That data is fed back to a Cloud system where it can be centrally accessed by the city and used to improve services. This

will drive Big Data in turn.

The Internet of Things

The Internet of Things (IoT) is a concept whereby devices capture information in real-time and make it available via the

Internet, both private and public. If you consider the example of the Smart City using sensors, these would make up the

IoT.

What makes this interesting is the predicted growth rate of the devices, tipped to pass one trillion in the next five years. All

that data will go into Big Data, which will be powered by Cloud.

Application of the IoT are most linked with Smart Cities, sustainable environment, and home automation. Future

applications fuse IoT with augmented reality to provide a manageable stream of digital data about their environment in

real-time.

Balkanization of the Internet

64

Balkanization is the process by which larger states fracture and splinter into smaller states that are often hostile or at odds

with each other. In the context of the Internet, balkanization was coined in 2001 and describes a future state of the Internet

whereby it is fractured into smaller “states” defined by politics, national borders, religion, economic, and other interests.

The process of balkanization seems to be accelerating and the revelations from PRISM and the NSA appear to support that

view. Balkanization, or at its neatest maxim, the creation of Internet borders, is about to speed up and we need to be

prepared for it.

When the Internet was conceived, it was called the “Intergalactic Computer Network”, a phrase which was met with

ridicule but shows the ideological science fiction thinking behind its creation. The Internet was meant to be a ubiquitous

network that no one owned, that was free for all men, that was not subject to borders nor censorship. For a long time, this

was the case. It was the free world.

Today, the Internet is effectively controlled by four telecommunications companies and governments. It is increasingly

seen by government as an area that must be strictly regulated and controlled. The balkanization of the Internet is well

underway and the first place that we see this evidence is in censorship, otherwise called filtering, of content. Erich Schmidt

from Google describes this in his book The New Digital Age (Cohen, 2103) as falling into one of three models: The blatant,

the sheepish, and the politically & culturally acceptable.

It’s about creating border control points for the Internet that can be utilised to balkanise it. We also know, now, that

surveillance programmes such as PRISM and its various tentacles require border control of the Internet. The information

that they capture passes through specific physical nodes where it is copied or analysed as it is passed. It is fair to say that

this is also the place that the national firewalls reside (or close too).

So, what happens from here with balkanisation of the Internet? We have the borders in place and we are censoring

information between our various internet states along with monitoring it as well.

Part of the problem governments are facing with balkanisation is that tools exist that allow you to anonymously traverse

those border nodes either as a complete ghost, or in disguise. Governments are going to have to put an end to that and

we’ll see it from a covert and overt perspective.

Services that allow anonymity will come under increasing attack. VPN providers (anonimiser services) are suffering

increased cyber-attacks and you can be absolutely certain that they are not coming from hackers or criminals (these

services ensure their anonymity) so that logically means that it can only be coming from physical nation states who want

those services out of action.

Secondly, expect some form of Internet “passport” to be mooted, it has been discussed before, however it is starting to

trend in chatter again.

Third, expect some kind of internet “visa” to start to trend.

Effectively, we are seeing a trend to create internet borders the same as we have physical borders. It’s creeping up slowly,

but when you start to look for it, you see it. The ultimate scenario works like this.

If you don’t have a verified digital passport, you won’t be able to use the Internet. Effectively you’ll need some kind of

username and password, verified by government, which allows you to log on to the Internet. All your actions from that

point are effectively traceable once again, as any use of an anonymising tool would mean that the borders did not know

who you were, and as such, would simply block your access.

Some states may require a virtual visa for you to access services inside their Internet state. For example, if you come from

an Internet country that is seen as high-risk (a place that sees many cyber-attacks launched from it or a proliferation of

spam) then you may be required to use your Internet Passport to gain access to that virtual country, which will include you

turning over your private information along with heightened monitoring and surveillance.

65

Other countries may choose to establish free Internet states, where anything goes. The Cayman Islands of the Internet,

others may choose to have very strict security measures in place, the Switzerland of the Internet.

The impact of this on Cloud services is likely to be one of localisation. Rather than traversing internet borders, companies

are likely to favour services inside their own country. Balkanization is many years away in its full form, though we see the

beginnings of it in New Zealand where an authenticated digital ID is required to transact with government and firewalls are

already in place.

66

The Death of the Data Centre Cloud construct

The death of the traditional data centre is already underway. Even the large providers are supplementing their large, rigid,

tier 3 centres with smaller, more frequent, installations. Google build their own infrastructure as it is, further eroding the

old architecture model of the data centre.

A number of companies are developing Consumer cloud services that do not require a data centre. These are small,

autonomous devices that are installed in the user’s house or business. Files are encrypted as they join the device, and it

acts as a local file server over wireless.

The files are then “sharded” out to other devices on the Internet. Sharding is when the actual file is split into pieces and

distributed. Your files could end up scattered all over the planet across a number of devices. This gives protection in case

your device is stolen and it makes it difficult to hack or spy on your content.

This technology is in its infancy, but it is likely to see a market in the small to medium business, as well as home users,

given ease of use and the fact the data is “touchable” (you can see it sitting in your office), which lends a high-degree of

comfort to the end user.

Other Trends A number of other trends are emerging rapidly and a long view down the next few year’s providers some insight into other

impacting factors for Cloud services. It is worth tracking these trends over time as the have the potential to alter the

“Cloud industry” significantly. Each represents threat and opportunity.

Trend Notes

Privacy War With the recent revelations of whistleblower Edward Snowden, the war for privacy has started. Cloud providers are under intense scrutiny as to a) their security and b) their involvement with international spy agencies. This is driving significant investment in crypto-engines. Data sovereignty has risen to the foreground again with the U.S. and the U.K. now no longer seen as friendly and safe places to house data.

Death of Enterprise Infrastructure

As Cloud becomes more pervasive the days of an enterprise owning its own infrastructure will be over. There will be a renewed focus on the telecommunications sector as the service uptake increases. Companies that are in the business of selling infrastructure will need to adapt, or die.

Exchange Rates It is worth noting that exchange rates do fluctuate and this offers a risk or benefit depending on which way they move.

Bandwidth Congestion

It is estimated that bandwidth usage will increase sevenfold in the next two years. With bandwidth already constrained this could become an impediment to Cloud take up, particularly across international connections.

67

Cloud Service Delivery Framework Sources: (UK Office of Government Commerce, 2010), (Repenning)

Introduction

“Service management is a set of specialised organisational capabilities for providing value to customers in the form of

services.” - (UK Office of Government Commerce, 2010)

Moving legacy systems to Cloud cannot be completed in isolation of a support model.

What is critical is that regardless of the method by which a Cloud service is created, consumers will need to plug into some

kind of standardised support model. Currently, the industry standard internationally recognised most is the Information

Technology Infrastructure Library, more commonly known as ITIL.

ITIL provides common processes and language that all parties can understand as opposed to the usual practice of spending

large amounts of time trying to understand what the other parties are communicating.

ITIL is published and maintained by the United Kingdom Office of Government Commerce.

ITIL is not a panacea. In fact, it should be used lightly and where most appropriate to get the greatest value from it.

This section deals with the processes that both enterprise and provider will need to subscribe too in order to support a

fully-fledged Cloud service.

Without good service management, no matter how good your service, it will fail.

This is not an exhaustive list of processes that need to be in place. This section is designed in order to educate on the

factors that surround a potential Cloud service deployment at an enterprise or broker level.

Cloud Service Strategy

At the heart of the Cloud service design is the service strategy.

The service strategy defines the services, business processes, principles, and service lifecycle. It also defines the

organisational structure to support service management.

At a high level the organisational structure and functions are represented in the following diagram. It should be noted that

this structure can be scaled to fit a service strategy that is small to a very large organisation.

68

Figure 6 - ITIL Service Organisation Chart

Build Components

The build of a service strategy needs to include core components.

Component Notes

Define service management

- Define the definition of service management for enterprise, provider, and broker (if relevant).

- Understand and define the services. - Document the business processes. - Understand service lifecycle. - Define functions and processes across the lifecycle.

Define principles - Understand the value creation of the service. - Define the service assets. - Define the service provider types.

Define strategy - Define the market. - Define the offerings. - Develop strategic assets. - Prepare for execution.

Service economics - Develop financial management. - Understand return on investment. - Establish portfolio management.

69

- Understand demand management.

Strategy & organisation

- Organisational development. - Organisational departmentalisation. - Organisational design. - Organisational culture. - Sourcing strategy.

Strategy, tactics & operation

- Define how implementation will work through the lifecycle. - Strategy and design. - Strategy and transition. - Strategy and operations. - Strategy and improvement.

Technology and strategy

- Understand service automation. - Understand service interfaces. - Evaluate and implement tools for service strategy.

Challenges, dangers, and The Golden Pony

Developing a new service strategy from inception through to actual organisational change and transition to operations is a

risky exercise. The Golden Pony provides a good analogy of some of the dangers and challenges that an organisation can

face:

“Many of our service management programmes suffered from The Golden Pony. We would introduce a programme and a

small number of people would immediately commit and achieve good results. Others would notice, get committed, and off

goes the pony. Management would notice the results and support the programme.

As more resources were allocated, the scope of the programme grew. It was used to do things not related to the

programme. It was applied to things for which it was not designed. The programme was so popular that our training

resources were overwhelmed and training became diluted. Effectiveness of the tools inevitably declined.

As the scope grew, the programme got more visibility. The need for direction rose in the bureaucracy. The direction soon

came from such a high level that the manager in charge had no idea what the programme was really about. The quality of

decision-making fell, which hurt results. So, that is what happens to the pony: it gets loaded down with stuff it was not

designed to carry, the rider doesn’t know what he or she is doing, and it wanders aimlessly until it dies.” - (Repenning)

The other two dangers in both building a service strategy and defining an organisational structure to support are:

- A tendency to build for what is needed today, rather than looking to the future. This often results in a support structure

that is too small to begin with. If it is not easy to scale that organisation then the affect is too slow progress to a crawl.

- A tendency to build an organisation structure, no matter what size, at a higher level of maturity than the organisation can

manage. For example, building a structure that meets ITIL level 3 when the organisation is only just adopting ITIL. Start

low, refine over time, invest slowly.

Service Design

“The primary objective of Service Management is to ensure that the IT services are aligned to the business needs and actively

support them. It is imperative that the IT services underpin the business processes, but it is also increasingly important that IT

acts as an agent for change to facilitate business transformation.” - (UK Office of Government Commerce, 2010)

70

Often seen as the Architect’s domain the Service Design aspect of ITIL is critical to the large enterprise and provider as it

provides the only means of carefully fitting a new service into an existing complex environment.

For a smaller enterprise or organisation that is “just buying a service” then this section is less important. However, the

principles, goals, and practices are still critical to enterprise ICT thinking and form a core support to the overall Service

Strategy.

The role of the Service Design stage within the overall business change process can be defined as:

“The design of appropriate and innovative IT services, including their architectures, processes, policies and documentation,

to meet current future agree business requirements.” - (UK Office of Government Commerce, 2010)

Build Components

Component Notes

Establish principles - Balanced design. - Identify service requirements. - Identify business requirements. - Design aspects including activities, constraints, service oriented architecture, business

service management, and service design modeling.

Establish processes - Catalogue management. - Service level management. - Capacity management. - Availability management. - IT service continuity management. - Information security management. - Supplier management.

Other elements - What other service design technology-related activities are there? E.g. Application management.

- How does the organisation support service design and what structural support and changes will need to be made to the ICT organisation?

- What tools will be required to support the design lifecycle? - Implementation of service design including business impact analysis, risks, service level

requirements, and measurement.

Challenges, dangers, and the role of Architecture

Architecture is often touted as a “blocker” to the progress that ICT needs to make within an organisation. The reality is

that without a strong architectural governance then and service procured or built will not likely be robust and healthy.

The challenge then for the architect is to ensure that Service Design is complimentary to the process of overall service

delivery. This is extremely difficult in a profession that is largely compliance focused. That compliance focus needs to

change to one of service delivery itself. Indeed, the best place for Service Design to start is within the architectural

organisation itself.

Once the role of architecture itself is defined as a service catalogue then the rest of the ICT organisation can not only utilise

it but also understand where the Service Design practice fits within the changing delivery of ICT.

71

If architecture cannot do this then like the wider business itself and the ICT organisation, ICT will simply procure services as

it sees fit.

Service Design is crucial as a) no Cloud service is every offered in isolation of another ICT service and b) as the number of

Cloud services increases within an organisation the complexity drives a number of serious risks.

Any CIO who is willing to forgo the advice of the Chief Architect is a brave soul. Further, when seeking Architectural advice

it is imperative that you find resource that is experienced, has a track record of delivery, and will make decisions.

Service Transition

Service transition is the process by which a new or changed service is transitioned into production.

Failure to complete some type of service transition usually results in the service being unreliable as the team that the

service is being handed over to will require support to manage the service.

This is no different for the introduction of Cloud services.

It is touched on in this section only briefly.

Component Notes

Transition processes - Planning and support. - Change management. - Service asset and configuration management. - Release and deployment management. - Service validation and testing. - Evaluation of service. - Knowledge management. - Handover to production.

Service Operation

In the context of ICT Operations and Cloud service management the Service Operation aspect of ITIL is crucial.

This section decides how a service is managed once it has become operational. The language must be aligned with

business, ICT organisation, and provider, or operational issues will be commonplace.

In addition, the processes described must also be aligned. Now that a service is being procured via Cloud the process flow

extends from provider, through ICT organisation, to business as the consumer. Any misalignment in those shared

processes will cause operational issues to become critical and may drive them to crises.

Cloud services will need to be carefully integrated, via Service Transition, to be included in each of the processes listed

below.

Component Notes

Service operation processes (critical)

- Event management. - Incident management. - Request fulfillment. - Problem management. - Access management.

72

Common service operation processes

- Monitoring and control. - IT operations. - Mainframe management. - Server management. - Network management. - Storage and archive. - Database administration. - Directory services management. - Desktop (device) management. - Middleware management. - Internet / web services management. - Facilities and datacenter management. - Information security management.

Organisation structure

- Map and list functions. - Service desk. - Technical management. - IT operations management. - Application management. - Roles and responsibilities.

Continual Service Improvement

The Continual Service Improvement aspect of ITIL is important to the ongoing health of and ICT service. This will be no

different with Cloud services.

While it is not crucial in the initial planning and thinking about Cloud services, it is worth at least understanding the 7-Step

Improvement Process for reference.

73

Figure 7 - ITIL 7 Step Improvement Process

The Bare Minimum - Global Service Levels

Putting aside all of the ITIL structure there is still a bare minimum requirement for any enterprise when it comes to the

transition to and management of Cloud services12.

That requirement is the ability to:

- List each ICT service the ICT organisation delivers to the business.

- Fit each ICT service into one of no more than four non-functional service levels. I.e. Platinum, Gold, Silver, and Bronze.

- Agree with the your business on which SLA belongs to which ICT service.

- Monitor and report on the performance of the service level for each service level on a periodic basis.

This is a base requirement for Service Deliver Management as without this in place the ICT organisation cannot

demonstrate that they understand what services they are delivering and how important those services are to their

business.

Global Service Levels

At a high level the Global Service Levels describe the following non-functional requirements for an ICT service:

- Availability. The hours in which the service is available to the business.

12 Or indeed, any ICT services.

74

- Reliability. The percentage of time the service must be up within the availability window.

- Recoverability. The time it takes to restore the service to normal operation following a declared disaster and the amount of

data that can be lost.

- Security. Requirements for securing data and information.

- Performance. Expressed as a time for various transactions.

- Scalability. How far the service needs to scale.

- Usability. An expression of the gross end user experience of usability.

- Interoperability. The number, and complexity, of interfaces between the service itself and other services.

- Traceability. The level of monitoring, audit, and traceability the service requires.

Each ICT service is then set, via business impact analysis with the relevant business service owner, into one of four levels.

Platinum, Gold, Silver, and Bronze. The Global Service Levels are then signed off by the executive leadership team within

the enterprise.

As an example, a Financial Management System Service could then be expressed as requiring a Global Service Level of

Gold. This would mean that:

- Availability would be High at 23.5 hours X 6.5 days per week.

- Reliability would be Enhanced at 99.50%.

- Recoverability would be Tier 3; restoration of the system within 8 – 24 hours with no more data loss than 15 minutes.

- Security would require that data and information was Authenticated Level 2. Able to manage “in-confidence” and

“enterprise official.”

- Performance would be High; with a target completion time of 1.6 seconds per transaction.

- Scalability would be High; able to manage a growth rate in capacity of 50 – 250% per annum.

- Usability would meet Primary Role Function; a set of criteria that caters for a user who is likely to use the service heavily

during their daily business.

- Interoperability would be described as Complex; due to the heavy level of transactions and messaging between this service

and others.

- Traceability would require Close Monitoring.

As a bare minimum, some kind of service level management is required at enterprise level in order to determine whether a

Cloud service is actually going to work for them.

75

Summary Cloud is not new. However it is undergoing a period of rapid change. This change is disruptive as it threatens the current

architectural standards for ICT along with the front-line business models of companies.

Globally, the technology as it stands today, is being rapidly adopted by western countries, with outlying nations in

investigation stage. There is a point where most ICT services will be delivered using Cloud, which means that organisations

that do not prepare for it at least, are likely to struggle in the future.

The Cloud promises much. Agility, lower cost, innovation, and a host of other benefits. However it is not easy for an

enterprise with legacy systems and a high-investment in traditional ICT to unlock. Significant planning is required to

manage a careful transition to Cloud.

Governance and Planning are everything. Technology is ancillary to the business impact that Cloud has, whether it is

positive or negative is in the management of it. Without business support and sponsorship along with strong thinking and

leadership, Cloud will fail to deliver the benefits an enterprise want.

Risk and assurance is critical in a volatile market where providers come and go by the week. Understanding the risk of

adopting a Cloud provider is very important. Even the larger, more dominant players, should be able to tell you their road

map and give confidence to the enterprise that they are a wise choice.

Currently, skilled Cloud staff are far and few between. It will cost to engage the ones that are available in the market,

however if you do not, then your chance at success is lessened.

Security and privacy remain the key impediments to Cloud adoption, unnecessarily. Public perception of Cloud is poor in

this respect and the mainstream media are notorious for selling content based on failures. The reality is that with good risk

management, your Cloud experience is likely to be far more secure and safe than what you do today.

Cloud is here to stay. The gap between the enterprise and the benefits of Cloud is wide. This book is designed to help you

bridge that gap.

76

Appendix A – Risk & Assurance Sample Model Introduction

This is provided as a short sample list of the type of questions and information you should use to select your Cloud

providers. It is provided at a summary level only as each situation demands a different set of sub-questions and headings.

A risk and assurance model is an excellent tool by which all potential Cloud service providers (CSP) can be measured. It is

recommended each section be given a weighting. The sample is ordered by weight with the top components being the

most important through to the latter sections being less so.

The Risk and Assurance model is not about ruling CSP’s either in, or out. The model is about understanding the risk of the

CSP and its service so that the enterprise can make an informed decision about whether to take up its offerings, or not.

Component Notes

Legality - Ensure the CSP complies with all relevant local law. In particular, ensure compliance with tax and privacy legislation.

- Where, physically, and within what legal jurisdiction, will the data be stored?

Company - Ensure that you take all necessary steps to investigate the viability of the CSP. - Which legal jurisdiction is the CSP incorporated?

Standards - What industry standards does the CSP adhere too? - Consider using the Cloud Code of Conduct developed by the New Zealand Institute of IT

Professionals as a de-facto standard. If you happen to be in Australia, ask if the CSP is a signatory to the Cloud Code of Conduct.

- Does the CSP adhere to CoBIT and ISO270001?

Data - How can the enterprise extract the data from the CSP should it want too? This is particularly critical with a SaaS service.

- How is data secured within storage systems? - Is data within PaaS and SaaS multi-tenanted services segregated?

Workload Portability - Is it possible to move your virtualised workloads in and out of the CSP at will?

Virtual Machine (VM) Security

- How is security managed in a multi-tenanted environment? How are VM’s kept separate? - To what level are VM’s hardened at their creation? - How is patch management completed on the VM’s?

Connective Security - Is penetration testing routinely deployed against the CSP and are the result of that made transparent to customers?

- How are vulnerabilities managed, tracked, and secured? - How is network security managed? - How are DDoS attacks managed? - Does the CSP use intrusion detection or similar? How does this operate?

Business Resilience - Does the CSP have a formal business continuity plan and process? - How regularly is that plan exercised?

77

- Following a disaster, how long would be it before your services are restored?

Sub-Contractors - Does the CSP outsource or other sub-contract services to other providers? If so, what and how?

- Are the sub-contractors held to the same standards as the CSP and are they audited? - Are the sub-contractors in the same legal jurisdiction as the CSP?

Software Management

- What standards, guidelines, or best practice are used to manage software?13 - How are identified vulnerabilities managed?

Identity Management

- How is administrative access to the Cloud service managed by the CSP? - How will the enterprise’s users connect and authenticate with the CSP? - How many levels of authentication are available to the enterprise? I.e. Single, two-factor,

or complex authentication.

Resource Management

- How are resources managed to insure against exhaustion, over subscription, congestion, or other issues that cause performance issues or outages?

Incident Management

- Can the CSP demonstrate they have a standard incident management process? - Does the CSP utilise the data generated by incident management for problem

management and continuous service improvement? If so, how?

Operations Management

- How does the CSP manage disaster recovery? - Are environments separated (SaaS) into standardised areas such as staging, production,

testing, sandboxes, development, and UAT? - Is there a formalised operations process including manual?

Data Centre Management

- What is the process for allowing physical access to data centres? - Do the data centres include redundant power and telecommunications? - Do the data centres include backup power? - Are all environmental system implemented to industry standards, tested, and regularly

maintained? - Does the CSP utilise an asset management and or configuration management database

for all items inside the data centre including physical and logical? - How are staff security vetted for any role that supports and manages the CSP? - How many staff carry security clearances and to what level?

Cryptography - Does the CSP keep a copy of the enterprise’s encryption keys? If yes, how are these protected?

- Does the CSP allow for processing of tokenized data (SaaS) via crypto engines on the enterprise side?

Transparency - How does the CSP manage breaches of security? - How does the CSP manage breaches of privacy?

13 Software includes; firmware, applications, middle-ware, databases, operating systems, and other like services.

78

- How does the CSP work with law enforcement in its legal jurisdiction in the case of warrants or requests for access to data being made?

- Does the CSP publish outage information publicly?

Service Retention - What guarantees can the CSP give that their services will be retained and improved over time?

79

Bibliography Apperley, I. (2013, May 1). Embracing Cloud – Cloud Computing impact on the New Zealand ICT Industry. Retrieved from

What is IT Wellington: http://whatisitwellington.com/2013/05/02/embracing-cloud-cloud-computing-impact-on-

the-new-zealand-ict-industry/

Bentley, C. (2010). Prince2 Revealed. Elsevier Ltd.

Cohen, E. S. (2103). The New Digital Age. London: John Murray.

Forresster. (2012). Assess your Cloud Maturity - Assessment Framework - Cloud Computing Playbook.

Forresster. (2012). Improve Productivity with the Cloud - Business Impact - Cloud Computing Playbook.

Forrester. (2012). Make the Cloud Enterprise Ready - Future Look - Cloud Computing Playbook.

Forrester. (2012). The Cloud Computing Playbook - Achieve Cloud Economics for Operations and Services.

Gartner. (2012, April 2). - Gartner Outlines Five Cloud Computing Trends That Will Affect Cloud Strategy Through 2015 .

Retrieved October 9, 2012, from Gartner: http://www.gartner.com/it/page.jsp?id=1971515

Gartner. (2012). Hype Cycle for Cloud Computing. Gartner. Retrieved from http://www.gartner.com/id=2102116

Haukioja, J. R. (2013). Cloud Computing Architected. Recursive Ltd.

Ian Apperley & Demmy Hrudey. (2006, July). Accident Compensation Global Service Levels. Wellington: The Accident

Compensation Corporation.

IDC. (2012, August 30). Cloud computing delivers real business benefits, says IDC. Computer Futures. Retrieved from

http://www.computerfutures.com/page/newsfeed/cloud-computing-delivering-real-business-benefits

IDC. (2012). IDC Government Insights Report Finds Growing Demand for Cloud Services Among Government Agencies. IDC.

Retrieved 2012 16, October, from http://www.idc-gi.com/getdoc.jsp?containerId=prUS23637312

IDC. (2012, August 9). IDC Report: IT Pros Believe Future of Cloud Uncertain. ExecutiveGov. Retrieved October 16, 2012,

from http://www.executivegov.com/2012/08/idc-report-it-pros-believe-future-of-cloud-computing-uncertain/

IDC. (n.d.). IDC Cloud Decision Framework Tool. Retrieved October 16, 2012, from IDC:

https://roianalyst.alinean.com/IDC_Cloud_Decision_Framework/

Mateos, J. R. (2011). The Cloud at Your Service. Greenwich: Manning Publications Ltd.

National Institute of Standards and Technology. (2011). The NIST Definition of Cloud Computing.

National Institute of Standards and Technology. (2011). US Government Cloud Computing Technology Roadmap Volume 1

(DRAFT).

New Zealand Institute of Information Technology Professionals. (2013, July 21). New Zealand Cloudcode. Retrieved from

Cloud Computing Code of Practice: http://www.thecloudcode.org/

Repenning, N. P. (n.d.). The Golden Pony. MIT Sloan School of Management.

Rhoton, J. (2013). Cloud Computing Explained. Recursive Ltd.

The Efficiency & Reform Group. (2011). Managing Successful Programmes. London: The Stationery Office.

80

Thomspon, O. (2011, October 1). Legacy Systems: Weighing the Costs, Benefits and Risks. Retrieved from Food Engineering:

http://www.foodengineeringmag.com/articles/88768-legacy-systems-weighing-the-costs-benefits-and-risks

UK Office of Government Commerce. (2010). ITIL Service Design. Norwich: The Stationery Office.

UK Office of Government Commerce. (2010). ITIL Service Strategy. Norwich: TSO - The Stationery Office.

Wikipedia. (2013, January 16). Cloud Computing. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Cloud_Computing

Wikipedia. (2013, July 31). Legacy Systems. Retrieved July 31, 2013, from Wikipedia:

http://en.wikipedia.org/wiki/Legacy_systems

Wikipedia. (n.d.). Big Data. Retrieved October 9, 2012, from Wikepedia: http://en.wikipedia.org/wiki/Big_data

81

Glossary

Glossary Term Definition

Broad network access

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g. mobile phones, tablets, laptops, and workstations)

Cloud A cloud computing business model is most often characterised by the individuals’ or organisations’ ability to use a service (or range of services) from multiple providers on a pay-per-use or subscription basis, without needing to invest in the underlying capability that delivers those services. Such a model provides a government the potential to reduce capital investment in ICT and reduce associated ongoing operating costs

Cloud Computing Cloud Computing is on-demand scalable resources which are provided as a service, such as networks, servers and applications that are accessible via the internet by the end-user and can be rapidly provisioned and released with minimal effort or service provider interaction. Users do not need to have specialist knowledge of the technology or infrastructure that supports them.

Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This cloud model is composed of five essential characteristics, three service models, and four deployment models:

Essential Characteristics:

On-demand self-service;

Broad network access;

Resource pooling;

Rapid elasticity;

Measured service.

Service Models:

Software as a Service (SaaS);

Platform as a Service (PaaS);

Infrastructure as a Service (IaaS).

Deployment Models:

Private cloud;

Community cloud;

Public cloud;

Hybrid cloud.

82

Community Cloud A group of organisations share cloud infrastructure to meet common needs.

The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organisations that have shared concerns (e.g. mission, security requirements, policy and compliance considerations). It may be owned, managed and operated by one or more of the organisations in the community, a third party or some combination of them and it may exist on or off premises

Hybrid Cloud Two or more of the cloud models co-exist, bound together by common integration technologies.

The cloud infrastructure is a composition of two or more distinct clod infrastructures (private, community or public) that remain unique entities, but are bound together by standardised or proprietary technology that enables data and application portability (e.g. cloud bursting or load balancing between clouds).

Infrastructure as a Service (IaaS)

Also known as utility computing, IaaS is where processing power, storage, networks, memory capacity and similar computing resources are made available as a service upon which the customer may deploy arbitrary operating systems and application software.

The capability provided to the consumer is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run arbitrary software which can include operating systems and applications. The consumer does not manage or control the underlying infrastructure but has control over operating systems, storage and deployed applications; and possibly limited control of select networking components (e.g. host firewalls).

Integration The connection between ICT systems which facilitate sharing or transfer of data.

App Store A common interface providing access to services and to information about them. At its simplest, an on line service catalogue. At its most advanced a context and identity aware application store (analogous to the Apple AppStore) from which services can be accessed and / or procured on-demand by state servants, or even potentially, by the wider public.

Measured service Cloud systems automatically control and optimise resource use by leveraging and metering capability at some level of abstraction appropriate to the type of service (e.g. storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled and reported providing transparency for both the provider and consumer of the utilised service.

Office productivity Includes email, word processing, speadsheets, presentations, associated collaboration tools and services

On-demand self-service

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Platform as a Service (PaaS)

Standardised operating system and tools are supplied by the cloud provider, upon which the customer develops or deploys compatible - but otherwise arbitrary application software.

83

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services and tools supported by the provider. The consumer does not does not manage or control the underlying cloud infrastructure including network, servers, operating systems or storage but has control over the deployed applications and possibly configuration settings for the application hosting environment.

Private Cloud The cloud exists for the benefit of a single organisation, its customers being organisational units within the organisation.

The cloud infrastructure is provisioned for exclusive use by a single organisation comprising multiple consumers (e.g. business units). It may be owned, managed and operated by the organisation, a third party or some combination of them and may exist or off premises.

Public Cloud The cloud is available to the general public and is owned by an organisation or organisations selling cloud services.

The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed and operated by a business, academic or government organisation or some combination of them. It exists on the premises of the cloud provider.

Software as a Service (SaaS)

Complete commoditised applications are made available to the customer through thin client such as a browser.

The capability provided to the customer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface. The consumer does not manage or control, the underlying cloud infrastructure including network, servers, operating system, storage or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Rapid elasticity Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

Resource pooling The providers computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and re-assigned according to user demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resource but may be able to specify location at a higher level of abstraction (e.g. country, state or data centre). Examples or resources include storage, processing, memory and network bandwidth.

84

Further Reading

1. ^ a b c Mariana Carroll, Paula Kotzé, Alta van der Merwe. 2012. Securing Virtual and Cloud Environments. In: Cloud

Computing and Services Science, Service Science: Research and Innovations in the Service Economy), edited by I.

Ivanov et al., DOI 10.1007/978-1-4614-2326-3 4, © Springer Science+Business Media, LLC 2012

2. ^ a b c d e f g h "The NIST Definition of Cloud Computing". National Institute of Standards and Technology. Retrieved 24

July 2011.

3. ^ a b "What is Cloud Computing?". Amazon Web Services. 2013-3-19. Retrieved 2013-3-20.

4. ^ "Baburajan, Rajani, "The Rising Cloud Storage Market Opportunity Strengthens Vendors," infoTECH, August 24,

2011". It.tmcnet.com. 2011-08-24. Retrieved 2011-12-02.

5. ^ Oestreich, Ken, (2010-11-15). "Converged Infrastructure". CTO Forum. Thectoforum.com. Retrieved 2011-12-02.

6. ^ Strachey, Christopher (June 1959). "Time Sharing in Large Fast Computers". Proceedings of the International

Conference on Information processing, UNESCO. paper B.2.19: 336–341.

7. ^ Simson Garfinkel (3 October 2011). "The Cloud Imperative". Technology Review (MIT). Retrieved 31 May 2013.

8. ^ Ryan; Falvey; Merchant (October 2011). "Regulation of the Cloud in India". Journal of Internet Law 15 (4)

9. ^ "July, 1993 meeting report from the IP over ATM working group of the IETF". CH: Switch. Retrieved 2010-08-22.

10. ^ Corbató, Fernando J. "An Experimental Time-Sharing System". SJCC Proceedings. MIT. Retrieved 3 July 2012.

11. ^ a b "Jeff Bezos' Risky Bet". Business Week

12. ^ "Amazon's early efforts at cloud computing partly accidental". IT Knowledge Exchange. Tech Target. 2010-06-17

13. ^ B Rochwerger, J Caceres, RS Montero, D Breitgand, E Elmroth, A Galis, E Levy, IM Llorente, K Nagin, Y Wolfsthal, E

Elmroth, J Caceres, M Ben-Yehuda, W Emmerich, F Galan. "The RESERVOIR Model and Architecture for Open

Federated Cloud Computing", IBM Journal of Research and Development, Vol. 53, No. 4. (2009)

14. ^ D Kyriazis, A Menychtas, G Kousiouris, K Oberle, T Voith, M Boniface, E Oliveros, T Cucinotta, S Berger, "A Real-time

Service Oriented Infrastructure", International Conference on Real-Time and Embedded Systems (RTES 2010),

Singapore, November 2010

15. ^ Keep an eye on cloud computing, Amy Schurr, Network World, 2008-07-08, citing the Gartner report, "Cloud

Computing Confusion Leads to Opportunity". Retrieved 2009-09-11.

16. ^ Gartner Says Worldwide IT Spending On Pace to Surpass Trillion in 2008, Gartner, 2008-08-18. Retrieved 2009-09-11.

17. ^ "Launch of IBM Smarter Computing". Retrieved 1 March 2011.

18. ^ Andreas Tolk. 2006. What Comes After the Semantic Web - PADS Implications for the Dynamic Web. 20th Workshop

on Principles of Advanced and Distributed Simulation (PADS '06). IEEE Computer Society, Washington, DC, USA

19. ^ "Cloud Computing: Clash of the clouds". The Economist. 2009-10-15. Retrieved 2009-11-03.

20. ^ "Gartner Says Cloud Computing Will Be As Influential As E-business". Gartner. Retrieved 2010-08-22.

21. ^ Gruman, Galen (2008-04-07). "What cloud computing really means". InfoWorld. Retrieved 2009-06-02.

22. ^ "The economy is flat so why are financials Cloud vendors growing at more than 90 percent per annum?". FSN. March

5, 2013.

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Mariana_Carroll_2012_1-0



http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-nist_2-0








http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-aws.amazon_3-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-aws.amazon_3-1

http://aws.amazon.com/what-is-cloud-computing/

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-4

http://it.tmcnet.com/channels/cloud-storage/articles/211183-rising-cloud-storage-market-opportunity-strengthens-vendors.htm

http://it.tmcnet.com/channels/cloud-storage/articles/211183-rising-cloud-storage-market-opportunity-strengthens-vendors.htm


http://www.thectoforum.com/content/converged-infrastructure-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-StracheyTSO_6-0


http://www.technologyreview.com/news/425623/the-cloud-imperative/


http://ssrn.com/abstract=1941494


http://mirror.switch.ch/ftp/doc/ietf/ipatm/atm-minutes-93jul.txt

http://en.wikipedia.org/wiki/Switzerland

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-MITCorbato_10-0

http://larch-www.lcs.mit.edu:8001/~corbato/sjcc62/

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-amazon_11-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-amazon_11-1

http://www.businessweek.com/magazine/content/06_46/b4009001.htm

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-AWS_12-0

http://itknowledgeexchange.techtarget.com/cloud-computing/2010/06/17/amazons-early-efforts-at-cloud-computing-partly-accidental/


http://en.wikipedia.org/wiki/Ignacio_M._Llorente



http://www.networkworld.com/newsletters/itlead/2008/070708itlead1.html

http://en.wikipedia.org/wiki/Gartner


http://www.gartner.com/it/page.jsp?id=742913


https://www-304.ibm.com/connections/blogs/IBMSmarterSystems/date/201102?lang=en_us



http://www.economist.com/displaystory.cfm?story_id=14637206

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-gartner_20-0

http://www.gartner.com/it/page.jsp?id=707508

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-really_21-0

http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031

http://en.wikipedia.org/wiki/InfoWorld


http://www.fsn.co.uk/channel_outsourcing/the_economy_is_flat_so_why_are_financials_cloud_vendors_growing_at_more_than_90_percent_per_annum#.UbmtsPlJPGA/

85

23. ^ Figure 8, "A network 70 is shown schematically as a cloud", US Patent 5,485,455, column 17, line 22, filed Jan 28, 1994

24. ^ Figure 1, "the cloud indicated at 49 in Fig. 1.", US Patent 5,790,548, column 5 line 56-57, filed April 18, 1996

25. ^ Antonio Regalado (31 October 2011). "Who Coined 'Cloud Computing'?". Technology Review (MIT). Retrieved 31 July

2013.

26. ^ a b c HAMDAQA, Mohammad (2012). Cloud Computing Uncovered: A Research Landscape. Elsevier Press. pp. 41–

85. ISBN 0-12-396535-7.

27. ^ "Distributed Application Architecture". Sun Microsystem. Retrieved 2009-06-16.

28. ^ "Sun CTO: Cloud computing is like the mainframe". Itknowledgeexchange.techtarget.com. 2009-03-11. Retrieved

2010-08-22.

29. ^ "It's probable that you've misunderstood 'Cloud Computing' until now". TechPluto. Retrieved 2010-09-14.

30. ^ Danielson, Krissi (2008-03-26). "Distinguishing Cloud Computing from Utility Computing". Ebizq.net. Retrieved 2010-

08-22.

31. ^ "Recession Is Good For Cloud Computing – Microsoft Agrees". CloudAve. Retrieved 2010-08-22.

32. ^ a b c d "Defining "Cloud Services" and "Cloud Computing"". IDC. 2008-09-23. Retrieved 2010-08-22.

33. ^ "e-FISCAL project state of the art repository".

34. ^ Farber, Dan (2008-06-25). "The new geek chic: Data centers". CNET News. Retrieved 2010-08-22.

35. ^ He, Sijin; L. Guo, Y. Guo, M. Ghanem,. Improving Resource Utilisation in the Cloud Environment Using Multivariate

Probabilistic Models. 2012 2012 IEEE 5th International Conference on Cloud Computing (CLOUD). pp. 574–

581. doi:10.1109/CLOUD.2012.66. ISBN 978-1-4673-2892-0.

36. ^ King, Rachael (2008-08-04). "Cloud Computing: Small Companies Take Flight". Businessweek. Retrieved 2010-08-22.

37. ^ Mao, Ming; M. Humphrey (2012). "A Performance Study on the VM Startup Time in the Cloud". Proceedings of 2012

IEEE 5th International Conference on Cloud Computing (Cloud2012): 423. doi:10.1109/CLOUD.2012.103.ISBN 978-1-

4673-2892-0.

38. ^ He, Sijin; L. Guo, Y. Guo (2011). "Real Time Elastic Cloud Management for Limited Resources". Proceedings of 2011

IEEE 4th International Conference on Cloud Computing (Cloud2011): 622–629.doi:10.1109/CLOUD.2011.47. ISBN 978-0-

7695-4460-1.

39. ^ "Defining and Measuring Cloud Elasticity". KIT Software Quality Departement. Retrieved 13 August 2011.

40. ^ "Economies of Cloud Scale Infrastructure". Cloud Slam 2011. Retrieved 13 May 2011.

41. ^ He, Sijin; L. Guo, Y. Guo, C. Wu, M. Ghanem, R. Han.Elastic Application Container: A Lightweight Approach for Cloud

Resource Provisioning. 2012 IEEE 26th International Conference on Advanced Information Networking and

Applications (AINA). pp. 15–22.doi:10.1109/AINA.2012.74. ISBN 978-1-4673-0714-7.

42. ^ "Encrypted Storage and Key Management for the cloud". Cryptoclarity.com. 2009-07-30. Retrieved 2010-08-22.

43. ^ Mills, Elinor (2009-01-27). "Cloud computing security forecast: Clear skies". CNET News. Retrieved 2010-08-22.

44. ^ David Perera (2012-07-12). "The real obstacle to federal cloud computing". FierceGovernmentIT. Retrieved 2012-12-

15.

45. ^ "Top 10 Reasons why Startups should Consider Cloud". Cloudstory.in. 2012-09-05. Retrieved 2012-12-15.




http://www.technologyreview.com/news/425970/who-coined-cloud-computing/

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-HAM2012_26-0



http://www.stargroup.uwaterloo.ca/~mhamdaqa/publications/Cloud_Computing_Uncovered.pdf

http://en.wikipedia.org/wiki/International_Standard_Book_Number

http://en.wikipedia.org/wiki/Special:BookSources/0-12-396535-7


http://java.sun.com/developer/Books/jdbc/ch07.pdf


http://itknowledgeexchange.techtarget.com/mainframe-blog/sun-cto-cloud-computing-is-like-the-mainframe/

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-It.27s_you.27ve_29-0

http://portal.acm.org/citation.cfm?id=1496091.1496100&coll=&dl=ACM&CFID=21518680&CFTOKEN=18800807


http://www.ebizq.net/blogs/saasweek/2008/03/distinguishing_cloud_computing/


http://www.cloudave.com/link/recession-is-good-for-cloud-computing-microsoft-agrees

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-idc_32-0




http://blogs.idc.com/ie/?p=190


http://www.efiscal.eu/state-of-the-art

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-yarmis_34-0

http://news.cnet.com/8301-13953_3-9977049-80.html

http://en.wikipedia.org/wiki/CNET_News


http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6253553


http://en.wikipedia.org/wiki/Digital_object_identifier

http://dx.doi.org/10.1109%2FCLOUD.2012.66


http://en.wikipedia.org/wiki/Special:BookSources/978-1-4673-2892-0


http://www.businessweek.com/technology/content/aug2008/tc2008083_619516.htm

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-vmstartuptime2012_37-0

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6253534&isnumber=6253471














http://digbib.ubka.uni-karlsruhe.de/volltexte/1000023476


http://www.youtube.com/watch?v=nfDsY3f4nVI





http://dx.doi.org/10.1109%2FAINA.2012.74




http://www.cryptoclarity.com/CryptoClarityLLC/Welcome/Entries/2009/7/23_Encrypted_Storage_and_Key_Management_for_the_cloud.html




http://www.fiercegovernmentit.com/story/real-obstacle-federal-cloud-computing/2012-07-12


http://cloudstory.in/2012/07/top-10-reasons-why-startups-should-consider-cloud/

86

46. ^ "BMC Service Catalog Enforces Workload Location". eweek.com. 2011-08-02. Retrieved 2013-03-10.

47. ^ "HP's Turn-Key Private Cloud - Application Development Trends". Adtmag.com. 2010-08-30. Retrieved 2012-12-15.

48. ^ a b c Babcock, Charles (2011-06-03). "RightScale Launches App Store For Infrastructure - Cloud-computing".

Informationweek.com. Retrieved 2012-12-15.

49. ^ a b "Red Hat launches hybrid cloud management software - Open Source". Techworld. 2012-06-06. Retrieved 2012-

12-15.

50. ^ Brown, Rodney (April 10, 2012). "Spinning up the instant cloud". CloudEcosystem.

51. ^ Riglian, Adam (December 1, 2011). "VIP Art Fair picks OpDemand over RightScale for IaaS management".Search

Cloud Applications. TechTarget. Retrieved January 25, 2013.

52. ^ Samson, Ted (April 10, 2012). "HP advances public cloud as part of ambitious hybrid cloud strategy". InfoWorld.

Retrieved 2012-12-14.

53. ^ "HP Cloud Maps can ease application automation".SiliconIndia. Retrieved 22 January 2013.

54. ^ Voorsluys, William; Broberg, James; Buyya, Rajkumar (February 2011). "Introduction to Cloud Computing". In R.

Buyya, J. Broberg, A.Goscinski. Cloud Computing: Principles and Paradigms. New York, USA: Wiley Press. pp. 1–

44.ISBN 978-0-470-88799-8.

55. ^ "Tony Shan, "Cloud Taxonomy and Ontology"". February 2009. Retrieved 2 February 2009.

56. ^ "ITU-T NEWSLOG - CLOUD COMPUTING AND STANDARDIZATION: TECHNICAL REPORTS PUBLISHED".

International Telecommunication Union (ITU). Retrieved 16 December 2012.

57. ^ Amies, Alex; Sluiman, Harm; Tong, Qiang Guo; Liu, Guo Ning (July 2012). "Infrastructure as a Service Cloud

Concepts". Developing and Hosting Applications on the Cloud. IBM Press. ISBN 978-0-13-306684-5.

58. ^ Hamdaqa, Mohammad. A Reference Model for Developing Cloud Applications.

59. ^ Chou, Timothy. Introduction to Cloud Computing: Business & Technology.

60. ^ "HVD: the cloud's silver lining". Intrinsic Technology. Retrieved 30 August 2012.

61. ^ a b "ITU Focus Group on Cloud Computing - Part 1". International Telecommunication Union (ITU)

TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU. Retrieved 16 December 2012.

62. ^ "Cloud computing in Telecommunications". Ericsson. Retrieved 16 December 2012.

63. ^ "Network Virtualisation – Opportunities and Challenges". Eurescom. Retrieved 16 December 2012.

64. ^ "The role of virtualisation in future network architectures". Change Project. Retrieved 16 December 2012.

65. ^ "Is a Private Cloud Really More Secure?". Dell.com. Retrieved 07-11-12.[dead link]

66. ^ Foley, John. "Private Clouds Take Shape". InformationWeek. Retrieved 2010-08-22.

67. ^ Haff, Gordon (2009-01-27). "Just don't call them private clouds". CNET News. Retrieved 2010-08-22.

68. ^ "There's No Such Thing As A Private Cloud". InformationWeek. 2010-06-30. Retrieved 2010-08-22.

69. ^ Metzler, Jim; Taylor, Steve. (2010-08-23) "Cloud computing: Reality vs. fiction," Network World. [1]

70. ^ Rouse, Margaret. "Definition: Cloudbursting," May 2011. SearchCloudComputing.com. [2]

71. ^ Vizard, Michael. "How Cloudbursting 'Rightsizes' the Data Center", (2012-06-21). Slashdot. [3]

72. ^ Stevens, Alan (June 29, 2011). "When hybrid clouds are a mixed blessing". The Register. Retrieved March 28, 2012.


http://www.eweek.com/reviews/bmc-service-catalog-enforces-workload-location


http://adtmag.com/blogs/watersworks/2010/08/hps-turn-key-private-cloud.aspx

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Babcock_48-0



http://www.informationweek.com/news/cloud-computing/infrastructure/229900165

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Jackson_49-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Jackson_49-1

http://www.techworld.com.au/article/426861/red_hat_launches_hybrid_cloud_management_software


http://www.cloudecosystem.com/author.asp?section_id=1873&doc_id=242031


http://searchcloudapplications.techtarget.com/news/2240111861/VIP-Art-Fair-picks-OpDemand-over-RightScale-for-IaaS-management


http://www.infoworld.com/t/hybrid-cloud/hp-advances-public-cloud-part-of-ambitious-hybrid-cloud-strategy-190524


http://www.siliconindia.com/shownews/HP_Cloud_Maps_can_Ease_Application_Automation-nid-103866-cid-7.html

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Buyya_54-0

http://media.johnwiley.com.au/product_data/excerpt/90/04708879/0470887990-180.pdf




http://cloudonomic.blogspot.com/2009/02/cloud-taxonomy-and-ontology.html


http://www.itu.int/ITU-T/newslog/Cloud+Computing+And+Standardization+Technical+Reports+Published.aspx

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-DHAC_57-0

http://www.ibmpressbooks.com/bookstore/product.asp?isbn=9780133066845

http://www.ibmpressbooks.com/bookstore/product.asp?isbn=9780133066845



http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-hamdaqa_58-0

http://www.stargroup.uwaterloo.ca/~mhamdaqa/publications/A%20REFERENCEMODELFORDEVELOPINGCLOUD%20APPLICATIONS.pdf

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Chou_59-0

http://www.scribd.com/doc/64699897/Introduction-to-Cloud-Computing-Business-and-Technology


http://www.intrinsictechnology.co.uk/FileUploads/HVD_Whitepaper.pdf

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-ITU_Focus_Group_61-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-ITU_Focus_Group_61-1

http://www.itu.int/en/ITU-T/focusgroups/cloud/Documents/FG-coud-technical-report.zip


http://www.ericsson.com/res/thecompany/docs/publications/ericsson_review/2010/cloudcomputing.pdf


http://archive.eurescom.eu/~pub/deliverables/documents/P1900-series/P1956/D1/P1956-D1.pdf


http://www.change-project.eu/fileadmin/publications/Presentations/CHANGE_-_The_role_of_virtualisation_in_future_network_infrastructures_-_Warsaw_cluster_workshop_contribution.pdf


http://www.dell.com/Learn/us/en/rc956904/large-business/private-cloud-more-secure

http://en.wikipedia.org/wiki/Wikipedia:Link_rot

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-iwpc_66-0

http://www.informationweek.com/news/services/business/showArticle.jhtml?articleID=209904474




http://www.informationweek.com/cloud-computing/theres-no-such-thing-as-a-private-cloud/229207922


http://www.networkworld.com/newsletters/frame/2010/082310wan1.html


http://searchcloudcomputing.techtarget.com/definition/cloud-bursting


http://slashdot.org/topic/datacenter/how-cloudbursting-rightsizes-the-data-center/


http://www.theregister.co.uk/2011/06/29/hybrid_cloud/

http://www.theregister.co.uk/

87

73. ^ [4]

74. ^ "Building GrepTheWeb in the Cloud, Part 1: Cloud Architectures". Developer.amazonwebservices.com. Retrieved

2010-08-22.

75. ^ Bernstein, David; Ludvigson, Erik; Sankar, Krishna; Diamond, Steve; Morrow, Monique (2009-05-24). "Blueprint for

the Intercloud - Protocols and Formats for Cloud Computing Interoperability". Blueprint for the Intercloud – Protocols

and Formats for Cloud Computing Interoperability. IEEE Computer Society. pp. 328–

336.doi:10.1109/ICIW.2009.55. ISBN 978-1-4244-3851-8.

76. ^ "Kevin Kelly: A Cloudbook for the Cloud". Kk.org. Retrieved 2010-08-22.

77. ^ "Intercloud is a global cloud of clouds". Samj.net. 2009-06-22. Retrieved 2010-08-22.

78. ^ "Vint Cerf: Despite Its Age, The Internet is Still Filled with Problems". Readwriteweb.com. Retrieved 2010-08-22.

79. ^ "SP360: Service Provider: From India to Intercloud". Blogs.cisco.com. Retrieved 2010-08-22.

80. ^ Canada (2007-11-29). "Head iaaan the clouds? Welcome to the future". Toronto: Theglobeandmail.com. Retrieved

2010-08-22.

81. ^ Bobby Johnston. Cloud computing is a trap, warns GNU founder Richard Stallman. The Guardian, 29 September

2008.

82. ^http://www.morganstanley.com/views/perspectives/cloud_computing.pdf

83. ^ Challenges & Opportunities for IT partners when transforming or creating a business in the Cloud. compuBase

consulting. 2012. p. 77.

84. ^ Cloud Computing Grows Up: Benefits Exceed Expectations According to Report. Press Release, May 21, 2013. [5]

85. ^ Cauley, Leslie (2006-05-11). "NSA has massive database of Americans' phone calls". USATODAY.com. Retrieved

2010-08-22.

86. ^ "NSA taps in to user data of Facebook, Google and others, secret files reveal". Guardian News and Media. 2013-06-

07. Retrieved 2013-06-07.

87. ^ Winkler, Vic (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics. Waltham, Massachusetts:

Elsevier. p. 60. ISBN 978-1-59749-592-9.

88. ^ "Feature Guide: Amazon EC2 Availability Zones". Amazon Web Services. Retrieved 2010-08-22.

89. ^ "Cloud Computing Privacy Concerns on Our Doorstep".

90. ^ "FISMA compliance for federal cloud computing on the horizon in 2010". SearchCompliance.com. Retrieved 2010-08-

22.

91. ^ "Google Apps and Government". Official Google Enterprise Blog. 2009-09-15. Retrieved 2010-08-22.

92. ^ "Cloud Hosting is Secure for Take-off: Mosso Enables The Spreadsheet Store, an Online Merchant, to become PCI

Compliant". Rackspace. 2009-03-14. Retrieved 2010-08-22.

93. ^ "Amazon gets SAS 70 Type II audit stamp, but analysts not satisfied". SearchCloudComputing.com. 2009-11-17.


94. ^ "Assessing Cloud Computing Agreements and Controls". WTN News. Retrieved 2010-08-22.

95. ^ "Cloud Certification From Compliance Mandate to Competitive Differentiator". Cloudcor. Retrieved 2011-09-20.


http://personal-clouds.org/


http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1632&categoryID=100


http://www2.computer.org/portal/web/csdl/doi/10.1109/ICIW.2009.55

http://www2.computer.org/portal/web/csdl/doi/10.1109/ICIW.2009.55


http://dx.doi.org/10.1109%2FICIW.2009.55



http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-kk_76-0

http://www.kk.org/thetechnium/archives/2007/11/a_cloudbook_for.php


http://samj.net/2009/06/intercloud-is-global-cloud-of-clouds.html


http://www.readwriteweb.com/archives/vint_cerf_despite_its_age_the.php?mtcCampaign=2765


http://blogs.cisco.com/sp/comments/from_india_to_intercloud/


http://www.theglobeandmail.com/servlet/story/LAC.20071129.TWLINKS29/TPStory/Business






http://online.wsj.com/article/PR-CO-20130521-906501.html?mod=googlenews_wsj


http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm


http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Securing_The_Cloud_Winkler_87-0

http://www.elsevier.com/wps/find/bookdescription.cws_home/723529/description

http://en.wikipedia.org/wiki/Waltham,_Massachusetts




http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1347&categoryID=112


http://cacm.acm.org/magazines/2011/1/103200-cloud-computing-privacy-concerns-on-our-doorstep/fulltext


http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1377298,00.html


http://googleenterprise.blogspot.com/2009/09/google-apps-and-government.html


http://www.rackspace.com/cloud/blog/2009/03/05/cloud-hosting-is-secure-for-take-off-mosso-enables-the-spreadsheet-store-an-online-merchant-to-become-pci-compliant/

http://www.rackspace.com/cloud/blog/2009/03/05/cloud-hosting-is-secure-for-take-off-mosso-enables-the-spreadsheet-store-an-online-merchant-to-become-pci-compliant/


http://searchcloudcomputing.techtarget.com/news/article/0,289142,sid201_gci1374629,00.html


http://wistechnology.com/articles/6954/


http://www.youtube.com/watch?v=wYiFdnZAlNQ

88

96. ^ "How the New EU Rules on Data Export Affect Companies in and Outside the EU | Dr. Thomas Helbing – Kanzlei für

Datenschutz-, Online- und IT-Recht". Dr. Thomas Helbing. Retrieved 2010-08-22.

97. ^ "FedRAMP". U.S. General Services Administration. 2012-06-13. Retrieved 2012-06-17.

98. ^ a b Chambers, Don (July 2010). "Windows Azure: Using Windows Azure’s Service Bus to Solve Data Security

Issues]". Rebus Technologies. Retrieved 2012-12-14.

99. ^ Cohn, Cindy; Samuels, Julie (31 October 2012)."Megaupload and the Government's Attack on Cloud

Computing]". Electronic Frontier Foundation. Retrieved 2012-12-14.

100. ̂ Maltais, Michelle (26 April 2012). "Who owns your stuff in the cloud?". Los Angeles Times. Retrieved 2012-12-14.

101. ̂ a b c McKendrick, Joe. (2011-11-20) "Cloud Computing's Vendor Lock-In Problem: Why the Industry is Taking a Step

Backward," Forbes.com [6]

102. ̂ Hinkle, Mark. (2010-6-9) "Three cloud lock-in considerations", Zenoss Blog [7]

103. ̂ Staten, James (2012-07-23). "Gelsinger brings the 'H' word to VMware". ZDNet. [8]

104. ̂ Vada, Eirik T. (2012-06-11) "Creating Flexible Heterogeneous Cloud Environments", page 5, Network and System

Administration, Oslo University College [9]

105. ̂ Geada, Dave. (June 2, 2011) "The case for the heterogeneous cloud," Cloud Computing Journal [10]

106. ̂ Burns, Paul (2012-01-02). "Cloud Computing in 2012: What's Already Happening". Neovise.[11]

107. ̂ a b c d Livenson, Ilja. Laure, Erwin. (2011) "Towards transparent integration of heterogeneous cloud storage

platforms", pages 27–34, KTH Royal Institute of Technology, Stockholm, Sweden. [12]

108. ̂ a b Gannes, Liz. GigaOm, "Structure 2010: Intel vs. the Homogeneous Cloud," June 24, 2010. [13]

109. ̂ Jon Brodkin (July 28, 2008). "Open source fuels growth of cloud computing, software-as-a-service". Network World.


110. ̂ "VMware Launches Open Source PaaS Cloud Foundry". Simpler Media Group, Inc. 2011-04-21. Retrieved 2012-12-14.

111. ̂ "AGPL: Open Source Licensing in a Networked Age". Redmonk.com. 2009-04-15. Retrieved 2010-08-22.

112. ̂ GoGrid Moves API Specification to Creative Commons[dead link]

113. ̂ "Eucalyptus Completes Amazon Web Services Specs with Latest Release". Ostatic.com. Retrieved 2010-08-22.

114. ̂ "OpenStack Foundation launches". Infoworld.com. 2012-09-19. Retrieved 2012-17-11.

115. ̂ "Did OpenStack Let VMware Into The Henhouse?". Informationweek.com. 2012-10-19. Retrieved 2012-17-11.

116. ̂ M Carroll, P Kotzé, Alta van der Merwe (2011), Secure virtualization: benefits, risks and constraints, 1st International

Conference on Cloud Computing and Services Science, Noordwijkerhout, The Netherlands, 7–9 May 2011

117. ̂ a b Zissis, Dimitrios; Lekkas (2010). "Addressing cloud computing security issues". Future Generation Computer

Systems 28 (3): 583. doi:10.1016/j.future.2010.12.006.

118. ̂ Winkler, Vic (2011). Securing the Cloud: Cloud Computer Security Techniques and Tactics. Waltham, MA USA:

Syngress. pp. 187, 189. ISBN 978-1-59749-592-9.

119. ̂ "Are security issues delaying adoption of cloud computing?". Network World. Retrieved 2010-08-22.

120. ̂ "Security of virtualization, cloud computing divides IT and security pros". Network World. 2010-02-22. Retrieved

2010-08-22.


http://www.thomashelbing.com/en/how-new-eu-rules-data-export-affect-companies-and-outside-eu

http://www.thomashelbing.com/en/how-new-eu-rules-data-export-affect-companies-and-outside-eu


http://www.gsa.gov/portal/category/102371

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-rtwadc01_98-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-rtwadc01_98-1

http://rebustechnologies.com/wp-content/uploads/2011/12/WindowsAzure.pdf

http://rebustechnologies.com/wp-content/uploads/2011/12/WindowsAzure.pdf


https://www.eff.org/deeplinks/2012/10/governments-attack-cloud-computing

https://www.eff.org/deeplinks/2012/10/governments-attack-cloud-computing


http://articles.latimes.com/2012/apr/26/business/la-fi-tech-savvy-cloud-services-20120426

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-joe_101-0



http://www.forbes.com/sites/joemckendrick/2011/11/20/cloud-computings-vendor-lock-in-problem-why-the-industry-is-taking-a-step-backwards/


http://community.zenoss.org/blogs/zenossblog/2010/06/09/three-cloud-lock-in-considerations


http://www.zdnet.com/gelsinger-brings-the-h-word-to-vmware-7000001416/


https://www.duo.uio.no/bitstream/handle/123456789/34153/thesis.pdf?sequence=1


http://cloudcomputing.sys-con.com/node/1841850


http://www.neovise.com/cloud-computing-in-2012-what-is-already-happening

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Livenson_107-0




http://dl.acm.org/citation.cfm?id=1996020

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-gannes_108-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-gannes_108-1

http://gigaom.com/2010/06/24/structure-2010-intel-vs-the-homogeneous-cloud/


http://www.networkworld.com/news/2008/072808-open-source-cloud-computing.html


http://www.cmswire.com/cms/information-management/vmware-launches-open-source-paas-cloud-foundry-010941.php


http://redmonk.com/sogrady/2009/04/15/open-source-licensing-in-a-networked-age/


http://www.gogrid.com/company/press-releases/gogrid-moves-api-specification-to-creativecommons.php

http://en.wikipedia.org/wiki/Wikipedia:Link_rot


http://ostatic.com/blog/eucalyptus-completes-amazon-web-services-specs-with-latest-release


http://www.infoworld.com/d/cloud-computing/openstack-foundation-launches-202694/


http://www.informationweek.com/development/open-source/did-openstack-let-vmware-into-the-henhou/240009337


http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Zissis_10_117-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Zissis_10_117-1

http://www.sciencedirect.com/science/article/pii/S0167739X10002554


http://dx.doi.org/10.1016%2Fj.future.2010.12.006

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-Securing_The_Cloud_Winkler_2_118-0

http://www.elsevier.com/wps/find/bookdescription.cws_home/723529/description#description




http://www.networkworld.com/news/2009/042709-burning-security-cloud-computing.html


http://www.networkworld.com/news/2010/022210-virtualization-cloud-security-debate.html

89

121. ̂ Armbrust, M; Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Zaharia,

(2010). "A view of cloud computing". Communication of the ACM 53 (4): 50–58. doi:10.1145/1721654.1721672.

122. ̂ Anthens, G (2010). "Security in the cloud".Communications of the ACM 53 (11): 16.doi:10.1145/1839676.1839683.

123. ̂ James Urquhart (January 7, 2010). "Cloud computing's green paradox". CNET News. Retrieved March 12, 2010.

"... there is some significant evidence that the cloud is encouraging more compute consumption"

124. ̂ Finland – First Choice for Siting Your Cloud Computing Data Center.. Retrieved 4 August 2010.

125. ̂ Swiss Carbon-Neutral Servers Hit the Cloud.. Retrieved 4 August 2010.

126. ̂ Berl, Andreas, et al., Energy-Efficient Cloud Computing, The Computer Journal, 2010.

127. ̂ Farrahi Moghaddam, Fereydoun, et al., Low Carbon Virtual Private Clouds, IEEE Cloud 2011.

128. ̂ Alpeyev, Pavel (2011-05-14). "Amazon.com Server Said to Have Been Used in Sony Attack". Bloomberg. Retrieved

2011-08-20.

129. ̂ Goodin, Dan (2011-05-14). "PlayStation Network hack launched from Amazon EC2". The Register. Retrieved 2012-

05-18.

130. ̂ Hsu, Wen-Hsi L., "Conceptual Framework of Cloud Computing Governance Model - An Education Perspective", IEEE

Technology and Engineering Education (ITEE), Vol 7, No 2 (2012) [14]

131. ̂ Stackpole, Beth, "Governance Meets Cloud: Top Misconceptions", InformationWeek, 7 May 2012 [15]

132. ̂ Joha, A and M. Janssen (2012) "Transformation to Cloud Services Sourcing: Required IT Governance Capabilities",

ICST Transactions on e-Business 12(7-9) [16]

133. ̂ a b Gardner, Jake (2013-03-28). "Beware: 7 Sins of Cloud Computing". Wired.com. Retrieved 2013-06-20.

134. ̂ S. Stonham and S. Nahalkova (2012) "What is the Cloud and how can it help my business?" [17]

135. ̂ S. Stonham and S. Nahalkova (2012), Whitepaper "Tomorrow Belongs to the Agile (PDF)" [18]

136. ̂ George Kousiouris, Tommaso Cucinotta, Theodora Varvarigou, "The Effects of Scheduling, Workload Type and

Consolidation Scenarios on Virtual Machine Performance and their Prediction through Optimized Artificial Neural

Networks"[19] , The Journal of Systems and Software (2011),Volume 84, Issue 8, August 2011, pp. 1270-1291, Elsevier,

doi:10.1016/j.jss.2011.04.013.

137. ̂ Slavoj Žižek (May 2, 2011). "Corporate Rule of Cyberspace". Inside Higher Ed. Retrieved July 10, 2013.

138. ̂ "Cloud Net Directory. Retrieved 2010-03-01". Cloudbook.net. Retrieved 2010-08-22.

139. ̂ "– National Science Foundation (NSF) News – National Science Foundation Awards Millions to Fourteen Universities

for Cloud Computing Research – US National Science Foun". Nsf.gov. Retrieved 2011-08-20.

140. ̂ Rich Miller (2008-05-02). "IBM, Google Team on an Enterprise Cloud". DataCenterKnowledge.com. Retrieved 2010-

08-22.

141. ̂ "StACC - Collaborative Research in Cloud Computing". University of St Andrews department of Computer Science.


142. ̂ "Trustworthy Clouds: Privacy and Resilience for Internet-scale Critical Infrastructure". Retrieved 2012-06-17.

143. ̂ a b Ko, Ryan K. L.; Jagadpramana, Peter; Lee, Bu Sung (2011). "Flogger: A File-centric Logger for Monitoring File

Access and Transfers within Cloud Computing Environments". Proceedings of the 10th IEEE International Conference on



http://dx.doi.org/10.1145%2F1721654.1721672



http://dx.doi.org/10.1145%2F1839676.1839683




http://www.fincloud.freehostingcloud.com/


http://www.greenbiz.com/news/2010/06/30/swiss-carbon-neutral-servers-hit-cloud


http://comjnl.oxfordjournals.org/content/53/7/1045.short


http://ieeexplore.ieee.org/search/srchabstract.jsp?tp=&arnumber=6008718


http://www.bloomberg.com/news/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.html


http://www.theregister.co.uk/2011/05/14/playstation_network_attack_from_amazon/


http://www.ewh.ieee.org/soc/e/sac/itee/index.php/meem/article/view/240


http://www.informationweek.com/cloud-computing/infrastructure/governance-meets-cloud-top-misconception/232901483


http://eudl.eu/pdf/10.4108/eb.2012.07-09.e4

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-wired_133-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-wired_133-1

http://www.wired.com/insights/2013/01/beware-7-sins-of-cloud-computing


http://www.ovasto.com/2013/01/what-is-the-cloud-how-can-the-cloud-help-my-business/


http://www.ovasto.com/full-service-business-marketing-consultancy/strategic-agility-and-the-cloud/


http://users.ntua.gr/gkousiou/publications/JSS_Kousiouris.pdf

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-zizek_137-0

http://www.insidehighered.com/views/2011/05/02/slavoj_zizek_essay_on_cloud_computing_and_privacy


http://www.cloudbook.net/directories/research-clouds


http://www.nsf.gov/news/news_summ.jsp?cntn_id=114686

http://www.nsf.gov/news/news_summ.jsp?cntn_id=114686


http://www.datacenterknowledge.com/archives/2008/05/02/ibm-google-team-on-an-enterprise-cloud/


http://www.cs.st-andrews.ac.uk/stacc


http://www.tclouds-project.eu/

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-communications2011_143-0

http://en.wikipedia.org/wiki/Cloud_computing#cite_ref-communications2011_143-1

http://www.hpl.hp.com/techreports/2011/HPL-2011-119.pdf


90

Trust, Security and Privacy of Computing and Communications (TrustCom-11):

765.doi:10.1109/TrustCom.2011.100. ISBN 978-1-4577-2135-9.

144. ̂ Ko, Ryan K. L.; Jagadpramana, Peter; Mowbray, Miranda; Pearson, Siani; Kirchberg, Markus; Liang, Qianhui; Lee, Bu

Sung (2011). "TrustCloud: A Framework for Accountability and Trust in Cloud Computing". Proceedings of the 2nd IEEE

Cloud Forum for Practitioners (IEEE ICFP 2011), Washington DC, USA, July 7–8, 2011.

145. ̂ Ko, Ryan K. L. Ko; Kirchberg, Markus; Lee, Bu Sung (2011). "From System-Centric Logging to Data-Centric Logging -

Accountability, Trust and Security in Cloud Computing". Proceedings of the 1st Defence, Science and Research

Conference 2011 - Symposium on Cyber Terrorism, IEEE Computer Society, 3–4 August 2011, Singapore.

146. ̂ "UTM/UPES-IBM India Collaboration". 2011.

147. ̂ "Publication Download". Tiaonline.org. Retrieved 2011-12-02.

148. ̂ "Testbeds for cloud experimentation and testing". Retrieved 2013-04-09.


http://dx.doi.org/10.1109%2FTrustCom.2011.100






http://www.hpl.hp.com/people/ryan_ko/RKo-DSR2011-Data_Centric_Logging.pdf

http://www.hpl.hp.com/people/ryan_ko/RKo-DSR2011-Data_Centric_Logging.pdf


http://www.youtube.com/watch?v=bDVKQKBN8XY


http://www.tiaonline.org/market_intelligence/publication_download.cfm?file=TIA_Cloud_Computing_White_Paper


http://www.bonfire-project.eu/

91

Acknowledgements First and foremost, Sarah, who still puts up with me typing away at the kitchen table at all hours of the day and night,

listens to my grumbling, and brings me coffee.

Thanks to Jason Danner, a smart man with a smart plan, conversations, beer, ribs, lunch, and inspiration that follows.

Arrowrock will go a long way.

To the Cloud team I worked with recently. Gavin Valentine, Mike Hay, Tim Woodill, Stuart Godwin, Martin Coomber, Sarah

Casey, Doug Newdick, Paul Dolman, and Linda Kamstra. I’m sure my report is still sitting on the shelf, but if it weren’t for

you I wouldn’t have caught the bug. We made it a long way into the jungle before the natives got us Stuart.

To the New Zealand ICT Industry for being so open and supporting me. Paul Brislen, Paul Matthews, Jordan Carter, Vikram

Kumar, and others. Keep fighting the good fight.

To all of you out there who agree with me, disagree with me, and aren’t afraid to tell me what you think. The geeks will

inherit the earth.

92

Index

A

AaaS ............................................................................ 21

Amazon ..... 11, 26, 27, 29, 36, 39, 44, 57, 58, 79, 82, 83, 84

API as a Service ............................................................ 11

App Store .................................................................... 77

Availability management .................................. 33, 43, 65

B

Back Office Systems .............................................. 18, 22

Backend as a Service .................................................... 11

Balkanization of the Internet ....................................... 59

Bespoke ....................................................................... 20

Big Data ...................................................... 49, 51, 59, 75

Broad network access ............................................ 12, 76

BYOD .................................................................... 11, 40

C

Capacity management ...................................... 33, 43, 65

Catalogue management ........................................ 33, 65

Cisco ............................................................................ 59

Cloud Computing ........................ 48, 49, 50, 51, 52, 55, 76

Cloud Deployment Models .......................................... 10

Cloud disruption .......................................................... 37

Cloud Playbook Summary............................................ 52

Cloud Readiness ............................................... 31, 39, 40

Cloud Ready Characteristics ........................................ 12

Cloud Ready High Level Service Principles ................... 13

Cloud Reference Architecture Lite ...............................44

Cloud Service Delivery Framework .......................... 9, 62

Cloud Service Design ................................................... 33

Cloud Service Models ................................................... 11

Cloud strategy ............................................................. 36

Cloud War .................................................................... 57

Cloud Washing ............................................................. 28

CoBIT................................................................ 12, 43, 71

Community cloud ........................................................ 10

Community Cloud ................................................... 12, 77

Consumer cloud ........................................................... 11

Continual Service Improvement .................................. 68

Cryptography .............................................................. 72

D

Data as a Service .......................................................... 11

Data Sovereignty ........................................ 27, 29, 58, 59

Database as a Service .................................................. 11

DDoS ...................................................................... 15, 71

Death of Enterprise Infrastructure ............................... 61

E

Elastic .................................................................... 10, 80

encryption ........................................ 27, 31, 56, 58, 59, 72

F

Forrester ..................................................................... 52

G

Gartner ........................................................................ 48

GCC Service Strategy .................................................. 62

Google ....................................... 11, 44, 57, 60, 61, 82, 84

Governance ................................................. 31, 41, 70, 84

H

Hewlett Packard .......................................................... 58

hybrid cloud ................................................................ 51

Hybrid cloud ................................................................ 11

Hybrid Cloud ..................................................... 12, 51, 77

I

IaaS ................. 11, 12, 21, 23, 25, 39, 40, 45, 49, 76, 77, 81

IBM................................................... 27, 59, 79, 81, 84, 85

ICT stock take .............................................................. 32

IDC .............................................................................. 56

IDC Cloud Decision Framework ................................... 56

Infrastructure as a Service ........................... 11, 49, 76, 77

Infrastructure as a Service (IaaS) .................................. 11

Integration ............................ 12, 20, 22, 30, 40, 42, 45, 77

Internet Edge ......................................................... 31, 40

ITIL .................... 8, 11, 13, 32, 38, 62, 63, 64, 66, 67, 68, 75

L

Legacy Systems..................................... 18, 19, 20, 74, 75

M

Measured service .................................................... 76, 77

Measured Service ........................................................ 12

Microsoft ......................................... 10, 44, 57, 58, 59, 80

N

Network as a Service ................................................... 11

93

Network Performance ................................................. 28

O

Office productivity ....................................................... 77

On-demand ................................................. 10, 12, 76, 77

On-demand self-service .................................... 12, 76, 77

Oracle .................................................................... 28, 57

Other Global ................................................................ 47

P

PaaS ................. 11, 12, 21, 23, 25, 39, 40, 49, 71, 76, 77, 83

pitfalls, traps, and mines .............................................. 34

Platform as a Service ................................... 11, 49, 76, 77

Platform as a Service (PaaS) ........................................ 11

portability ......................................................... 10, 16, 77

Privacy ............................................. 27, 45, 58, 61, 82, 84

Private cloud ................................................................ 10

Private Cloud ......................................................... 12, 78

Public cloud ................................................................. 10

Public Cloud ........................................................... 12, 78

R

Rapid elasticity ................................................. 12, 76, 78

Resource pooling .............................................. 12, 76, 78

Risk .............................. 9, 16, 26, 31, 36, 40, 42, 44, 70, 71

S

SaaS 11, 12, 21, 23, 27, 28, 39, 40, 43, 45, 49, 71, 72, 76, 78

Security 11, 26, 27, 31, 32, 40, 42, 45, 58, 68, 70, 71, 82, 83,

84, 85

Security as a Service .................................................... 11

security management ....................................... 33, 65, 67

Selection of Cloud Providers ........................................ 34

service continuity management ............................. 33, 65

Service Design ............................................................. 64

Service level management...................................... 33, 65

Service Operation .................................................. 66, 67

Service Transition ........................................................ 66

Single Sign On ........................................................ 15, 31

SkyDrive ...................................................................... 11

Smart Cities ................................................................. 59

Software as a Service................... 11, 18, 19, 22, 36, 76, 78

Software as a Service (SaaS) ........................................ 11

Standard Service Delivery Lifecycle ............................. 13

Standard Service Levels............................................... 13

Standardise, Virtualise, Consolidate ............................ 34

Storage as a Service .................................................... 11

Supplier management ............................................ 33, 65

Supporting Systems .............................................. 18, 24

T

Tax .............................................................................. 58

Test Environment as a Service ..................................... 11

The Golden Calculator ................................................. 18

The Golden Pony ......................................................... 64

The Internet of Things ................................................. 59

U

Unisys ......................................................................... 46

V

Vendor Lock In ............................................................ 28

W

What is the Cloud ........................................................ 10

X

XaaS ............................................................................ 12

94

About the Author

I’ve lived and breathed ICT for over twenty years now. There is something about the complex mess of infrastructure and

applications that fascinates me. I pulled things to pieces as a child to figure out how they worked, much to the dismay of

family, friends, neighbours and anyone else that had something interesting that could be disassembled.

I live in Wellington, a small city on the edge of the world in New Zealand. I quite like it here. We have hobbits, storms, surf,

elves, orcs, movie makers, politicians, wind, craft beer, the great outdoors, a bubbling ICT industry, and everything we

need within easy reach.

I’m married and the household also includes three dogs, two black Labradors and a Spoodle (a cross between a poodle and

a spaniel), along with three chickens. I’m pretty sure that I’m a frustrated farmer.

I blog far too much, then I get in trouble with my views as they are syndicated into respectable media outlets. I won’t stop

that though I think, people in the ICT industry are too scared to stand up and express their views. They need to get over it

and start writing more. When I met the Prime Minister of New Zealand recently he said to me “Oh yes, I’ve heard of you.”

Which is good, because we need our governments to listen to us.

Most of all I am interested in people and how they use technology. Cloud is powering an astounding number of changes in

our lives and blurring the gap between the real world and the digital world more and more every day.

Ian Apperley

[email protected]

mailto:[email protected]