I recently saw a blog post from Jim Townsend (President of InfoStrat) which did a fantastic job of articulating some of the concerns around cloud computing in the public sector. This is a topic that has been and will continue to be widely debated within and outside of government IT. Rather than pose a number of reasons why I think government should (or why they shouldn't) be "moving into the cloud", I think it's even more important that we ask the right questions. Inspired by Jim's post, I think these are a few of the critical questions that we should be asking before we make the "leap" into the cloud.
Why should I be considering "the cloud"?
There are hundreds of answers (if not more) for this question, but I think it is extremely valuable to have an answer aside from "because its what everybody is talking about". For some this may be to look for ways to reduce costs, or maybe a better way to put it is to become more efficient. I think the cloud is beneficial because it turns technology into a true asset rather than a utility or commodity within an organization. For example, I remember when I started in IT over 15 years ago it was because it made the possibilities almost unimaginable. It was easy to find ways that IT could actually improve the way we did business. Now, so much of IT is just supporting the business. Moving to the cloud gives us the opportunity to spend less time just "keeping the lights on", and more time inventing and adopting solutions that actually change the way we do business and even the way we live our lives, for the better.
What does "the cloud" mean for my organization?
I think a lot of us will agree that the term "cloud" is used a little too loosely already, which is why I usually put it in quotes. The fact of the matter is that what is offered in "the cloud" isn't new; it's just a new way of offering it. For example, if you're looking at moving email, collaboration, or applications to "the cloud", shouldn't it be the same types of industry proven solutions that are offered today? By that I mean that we shouldn't be looking at a solution as being "the cloud", but we should be asking how can I provide the best of breed email, collaboration, or application in "the cloud"? This makes the adoption of the cloud a little less ominous. There are already solutions from vendors that are prevalent in the market today, and most of these vendors offer the same solution in "the cloud". You already know what works, you are simply offered what might be a better, more efficient (maybe more secure?), and most often a more cost effective way of providing it.
What am I getting and what am I giving up?
This is one of the most, if not the most important question for those seriously considering adopting cloud technologies. The fact of the matter is, no matter what anyone tells you, the cloud gives you a great number of advantages, but it is also at the expense of "giving up" a few things, to put it simply. It would be nice if every "improvement" (and I'm being a little presumptuous) didn't come at the expense of change but I think it's important to realize what you are gaining and what you are giving up. For example, you might be able to provide improved SLAs and availability, but you are making a "leap of faith" in trusting Tier 3 support to a vendor, instead of your local IT support staff (although in most cases vendor escalation is already a part of on-premises solutions). Fact of the matter is, you’re going to have to make some concessions, but ultimately this will lead to greater benefits.
Does "the cloud" mean I will have to compromise security?
The number on concern I hear about "the cloud" in government is security. Is the cloud really "less secure" because it is not on-premises? If the vendor has a "best of breed" approach to all aspects of security, both inside and outside of their data center, is this really less secure than an on-premises solution? Are the levels of auditing, physical security, logical security, and change management inferior to those that exist in your data center today? The answer to this question lies with the vendor or solution you choose. In some cases (although in government, this may be fewer than private sector), when organizations take an honest look at the levels of security and change control they have today, the cloud offers a significant improvement in security and accountability.
Is "the cloud" more cost effective?
It's true that the more "standardized" the offering, the lower the cost. But the real question is what are the costs associated with that particular on-premise solution today? There are vendors out there that present a number of different options and in order to find out if reducing costs is a benefit, it's necessary to determine what the costs are today. It's also necessary to factor in the additional costs associated with the implementation. In addition to that there may be significant costs associated with training end users and IT staff in the event you are moving to a different platform or solution altogether. This is difficult as specific solutions have been so far entrenched in an organizations line of business that it is difficult to determine what the overall costs of the current solutions is.
What are the impacts to the end users?
This is always a very important question to ask when considering any solution. This is also something that could significantly impact costs, both with regards to the implementation and the loss of productivity that occurs while your users learn how to use the solution. Again, there is always the necessity to weigh the benefits. For example, if your users will see a marked improvement in performance or a richer experience the gains may outweigh the losses. However, when it comes to end user impact, it is often the solution that provides the least amount of disruption that proves most beneficial.
What type of control will I have if I move part or my entire environment to the cloud?
This question is a difficult one to answer because as with most questions, it depends on the vendor and solution you choose. Inherently, you will have to give up some control as there will be a 3rd party maintaining some part or your entire infrastructure. But another type of control that some people overlook is control over the direction of their IT solution that they are essentially providing to their customers, or end users. For example, what happens if a month, year, or more down the road the vendor decides to make a change to their offering and it is no longer acceptable to you the customer? What if the vendor decides to upgrade to a newer version of the offering which causes you to lose functionality that is important to you, but may not be deemed important to the larger number of customers? Do you have any recourse? Will it be simple and cost effective to move off of that vendor's solution and perhaps take the solution back on-premises? If the answer to any of these questions is "no" or "I'm not sure" then you may be giving the vendor more control than you would like, so this is a good question to ask. I can always remember my second grade fire safety instructions, "always know your exits, because sometimes finding your way out, is more important than how you got it."
Obviously there are a lot of other things to consider when considering cloud computing, especially with regards to the details and levels of service provided. Also, different organizations, both within and outside of government, have different types of requirements. I just thought these would be a few good questions to help us frame the discussion as more and more government organizations start to look towards "the cloud" as an alternative solution to providing services to both their users and their citizens.