1. ADOPTING THE CLOUD – HOW
WILL YOU STAY IN CONTROL?
CHIEF TECHNOLOGY OFFICERS’ COUNCIL
INTELLECT 25TH FEBRUARY 2013
John Glover
john.glover@inovem.com
3. IN-HOUSE APP STORES = CONTROL?
"Apps downloaded from public app
stores for mobile devices disrupt IT
security, application and procurement
strategies," said Ian Finley, research
vice president at Gartner.
"Bring your own application (BYOA) has
become as important as bring your own
device (BYOD) in the development of a
comprehensive mobile strategy, and the
trend toward BYOA has begun to affect
desktop and Web applications as well."
4. PUBLIC VS PRIVATE APP STORES?
• Where would the iPhone be
without the Apple App Store?
• IaaS providers look to add
value to their private cloud
clients
• Cloud service integration –
Private & Public cloud?
5. THE UK PUBLIC SECTOR G-CLOUD
Objectives
• Create CloudStore for pre-accredited services
• Simpler, quicker procurement
• Adoption of shorter-term contracts
• Improved cost transparency
• Reduce risk ICT deployment
• Try-before-you-buy
• Increased levels of business for SMEs
• Public sector cost savings
• Agility
6. COLLABORATION IS USER DRIVEN
New ways of working often require a culture
change – top-down and bottom-up
• There needs to be a reason to collaborate
• Not a one-size-fits all approach
– Project Management
– Deal Rooms
– Business Intranets
– Client/Partner Extranets
– Special interest Communities
– Bid Management Workspaces
– Virtual Committee Rooms
– Social Networks?
• Empowerment of users (web 2.0)
• Innovation, experimentation and idea generation
• Growth in users = exponential increase in value
• Start small, THINK BIG!
7. DRIVERS FOR CHANGE?
User frustrations with Top-Down approach:
• Time to specify, develop and deploy
• Paralysis by analysis
• Expensive consultants
• Procurement methods/timetable
• Control & Red Tape
• Fit-for-purpose
• Flexibility and enhancement
• Personal experiences of App Stores
• User choice
• Departmental ICT budgets
• BYOD / BYOA?
8. TOP-DOWN VS BOTTOM-UP?
ICT
?
ICT
Requirements
Policies/ Support
Pilot
Deployment
Business users
Innovation
Innovation
Innovation
Innovation
Business users Prototypes
9. THE CLOUD – IDEAL FOR INNOVATORS
Technology Adoption – don’t fight the stats!
• Early end-user involvement
• Instant deployment
• Prove and fine tune your business case
• Agility
• Flexibility
• Better cost-control
• Perfect your approach to governance
• Avoid costly mistakes
• Benefit from creativity
10. PAYING FOR UTILITY COMPUTING
• How do you pay for your utilities? “Utility computing is the packaging
of computing resources, such as computation,
• How will you pay for Cloud services? storage and services, as a metered service. This
model has the advantage of a low or no initial
• Deal making – a matter of budgeting cost to acquire computer resources;
instead, computational resources are essentially
convenience, fixed cost and certainty? rented.” - Wikipedia
• Negotiated deals often lead to
differential pricing
• Cloud pricing models differ
– Flat rates
– Bundles (users/functionality)
– Is volume discounting included?
– User activity (Collaborate/Consult/Inform)
– Request a Quote !?
• Call-off purchase orders
• Enterprise options/upgrades
– What is the Extended Enterprise?
11. ARE YOU PAYING TOO MUCH?
100.0%
Technology Adoption S-Curve
Negotiated
90.0%
Enterprise
deal 80.0%
VENDOR
Service take-up
70.0% EXPOSURE?
60.0% Saving
50.0%
CUSTOMER
OVER-PAYMENT Waste
40.0%
Units
Initial 30.0%
Flexible Purchased
obligation 20.0% pay-as-you-go
Ordered too much
10.0% contract
0.0%
Time
12. DISRUPTIVE SALES & MARKETING
• Avoid ‘Gate Keepers’
• Circumvent ITTs and lengthy
procurement
• Influence buyers/specifications
– Use in-bound B2B marketing
• Find ‘White Knights’
• Reduce barriers to entry
– Instant access
– Free trials
– Free apps
– Departmental/project spend
• Empower users where possible
• Encourage referrals
• Central record of procurement?
– Audit?
13. BUT WE HAVE RESPONSIBILITIES
Things cloud SaaS vendors should provide:
• Security accreditation
– Independently ISO 27001 audit
– Independently penetration tested
– Regular security audits
• Service reliability
– Independent and transparent monitoring
– Service credits against contractual SLA
• Total price transparency
– License cost calculator
• Responsive end-user support desk
• Web accessibility
– Helping you meet you legal obligations
• Enterprise upgrade
– To put you back in control
15. OUR CLOUD SUPPLIER CHECKLIST
• Classification of data stored? • Security breach reporting?
– Public, internal use, confidential
• Back-ups?
• ISO 27001 accreditation by UKAS?
• Business continuity?
– Service or infrastructure only?
• Insurances? • Data export?
• SLA ? • Termination costs?
• NDA?
CRM B2B
• Contract – standard terms or custom?
• Data location?
• Data protection, Safe Harbor? Help INOVEM
Desk Kahootz
• Staff vetting?
IaaS
• Levels of support? Social
Media
16. CLOUD COMPUTING PRINCIPLES
• Cloud First? • Interoperability
• Use Proven Solutions • Scalability / Elasticity
• Sharing of Cloud Resource • Business Continuity
• Level of Risk • Cloud Proof of Concept
• Transparency of Information Handling • Ongoing Management
• Data Use and Disclosure
• Information Security Management
System (ISMS)
• Data Portability / Service Transition
• Ease of Use
“The consumer of a service will identify the BIL of their
information and, from an IA perspective, will look for a service
that has security accreditation that ensures that BIL of
information will be appropriately risk managed.”
17. ENTERPRISE EXTRAS?
• Technical CTO/CIO/Procurement responsibilities?
– Single sign-on • Internal CloudStore supplier manager
– Domain IP locking
– Systems integration • Contract management
– Custom secure URL
• Data assurance
– API integration support
– Deeper site administration • Cloud use policies
• Contractual • Systems integration
– Service credits
– Improved SLA
• Performance management
– Custom terms • Promotion of best practice?
– Telephone support
• Central support desk?
• Services
– Site consolidation support
– Product white-labelling
– Data importing/exporting
– Account management
– Performance reviews
– Implementation services
18. DISCUSSION
Adopting the Cloud – How will you stay in control?
• In the short-term cloud app vendors can go around you by selling point solutions
• In the long-term we need to work together to deliver Enterprise-level solutions
• What services and support do you and your organisation want from us?
• What are your views regarding Private vs Public cloud app stores?
• How do you want to pay for Cloud resources - Deal or no Deal?