Before you start thinking about moving into Cloud there are a number of steps that allow you to reduce risk for your organisation. The first and foremost is understanding as an ICT organisation within your business, who you are. In order to prepare for Cloud, you need to do a stocktake.
Since the global financial crash and the increasing monetary pressure by government on agencies, it is normal to see ICT organisations that do not have an effective view of their assets. In order to buy, or build for that matter, ICT services including the Cloud, you must have an in-depth picture of your ICT state.
When you go to buy Cloud services, and transition from your own internal service, providers are going to have a long list of questions around how you operate today. While providers will tell you that they can do this on your behalf, for probity and trust reasons you probably want to manage it yourself.
Further, depending on the size of your organisation it is likely that you will need to consolidate and rationalise before you start to look at Cloud services. In order to complete that exercise you will need all your asset information.
Your stocktake will need to cover things such as;
- Asset and configuration information
- Interoperability architectural information
- Business service level agreements
- Total cost of ownership for services
- Management tools
- Support processes
These will be covered in some detail in later blogs, however as a basic minimum, this type of information should be collected before you even start to consider Cloud services. Even if you are introducing a new service, as opposed to transitioning a service, these are aspects that need to be managed.
I am going to use Email as an example to show why the information is necessary and also because it is often touted as the perfect Cloud candidate to start with. I think the reason for that is that everyone understands the idea of web (Cloud) accessible email and it’s been in the market for a number of years.
Asset and Configuration Information
While it isn’t strictly necessary to have an asset and configuration management database, it’s certainly preferable. Without that, you’re going to have to send your ICT staff on a fact-finding mission to gather the information.
In the example of email, providers are going to need to know what versions of email systems you are running and volumes. A picture of your email assets will be necessary before a provider can tailor a solution to meet your current system.
Interoperability Architectural Information
No system is an island. Every ICT asset you have interacts with other ICT assets. This piece of the stocktake is essential for a provider to ensure that they understand how to fit the solution to your existing environment.
In the case of email this can be complex. Does your email interface to other applications? A lot of organisations have created hot links within applications that allow an email client to be automatically used and automatically populated. Does your email connect to a document management system? If it does, then the Cloud service needs to be able to cater for the ability to store emails back in your document management system. What kind of virus and anti-malware tools are you using? The providers need to make sure they can either plug-in to that service, which is already heavily cloud based in a lot of organisations, or provide the same level of surety. SeeMail is a feature that most agencies have in place, how does that work with Cloud service?
Today’s networks are complex and critical. Information relating to topology is not necessary, unless you want to create a direct link between your organisation and the provider. If you are using an internet connection, then information relevant to the gateway and firewalls will be all that is required.
In relation to email, clearly the network is a critical factor. Bandwidth, addressing, latency, security, and quality of service are all elements that will affect an email service.
Business Service Level Agreements
In order to evaluate any potential Cloud service you will need something to evaluate them against. It is important to have service level agreements (SLAs) with your business customers. As a minimum those SLAs should cover availability, reliability, recoverability, and security arrangements. The business needs to know when the service will be available, how reliable it is (expressed as a percentage of availability), how long it will take to recover should there be a disaster, and any security requirements that might be needed.
In the case of email, you would probably also like to add performance to the mixture of SLAs.
Total Cost of Ownership for Services
If you don’t understand what you pay today, you won’t understand what you will be paying tomorrow. TCO is essential for any investigation into Cloud services and it needs to be extensive. As a minimum, take the Cloud service cost model offered by the provider (i.e. a monthly subscription) and work out what your monthly cost is today using the same metric. I.e. What does it cost you a month to provide the service?
With email, most services come on a scale. The lesser the SLA the lesser the cost. You can get Cloud email for nothing, but you will be severely constrained. If the Cloud service is $3.95 per month per user, the only way you can tell if that is a good deal is if a) you are getting the same or better service levels than you are currently getting and b) you know what the price is per user per month today.
This is potentially not important however it depends on how large you are and what the Cloud service is, so don’t discount it out of turn. Management tools should be in place to show uptime, downtime, when a problem is occurring, performance information (if you are lucky) and other metrics that line up with those SLAs you have with your business. If you are a large organisation with a well-established set of management tools you will need to make sure that the Cloud provider can integrate those tools into their service so you can see, not necessarily control, what is happening. Especially if your tools are providing reporting and performance information to your organisation. The provider will need to know what those tools are in some detail.
Email is a bad example of a service in this case as you probably will never need any detailed monitoring and reporting on its performance.
Your support processes should be documented and at the least include management of events, incidents, changes, releases, request, and access. Your Cloud provider is going to need to understand and integrate with every single one of these and other processes. If you are not using a standardised support model, like ITIL, then be prepared for process re-engineering and potential restructuring depending on the depth of Cloud service uptake by your business. Basically, when something needs to be moved, added, changed, or is broken, there needs to be a single process that stretches from Cloud provider to your ICT organisation to your business.
In the case of Email this holds true. The service will undergo changes that impact your internal systems that will need to be managed. Users will need to call you, or the provider, to request moves, adds, changes, and issues. The provider will need to understand how your processes work today for email, and how they will need to be changed to accommodate the service.
A list of policies that relate to general ICT management and wider information management should be available and up to date. The Cloud provider will need to understand what rules they need to follow in order to deliver the service and you need to know how to evaluate the service to ensure that policy is maintained.
Email is a tricky service in this case because it opens the Pandora’s box of information policy and if you are a large organisation you are going to have to work with your Knowledge Management or Archive departments. The provider will want to know how long email must be kept. They will want to know what requirements there are for sensitive information and how that can be identified. They will need to know the level of audit and logging required on the activity surrounding email and its content.
- If you don’t have a current stocktake of your ICT services then you will not be able to evaluate Cloud services adequately. I.e. You are not ready for Cloud.
- Investing in a current stocktake of your ICT services will save you a great deal of time in the long run with Cloud services as each provider will require the same information.
- Prepare a “Current View” pack for providers that has relevant, up to date, and easily accessible information in order to speed up the process of procurement.
- Start to think about how your current ICT services can be evaluated against Cloud offerings.