Cloud computing seems to be finally accelerating into the fast lane. We are seeing an increasing number of organisations adopting PaaS, IaaS and SaaS to support applications ranging from disaster recovery to new projects, and analysts IDC have forecast that spending on the greater cloud ecosystem (public, private, enabling IT and services) will reach almost $200 billion in 2018.
Confidence in cloud has clearly been helped by improvements in security, which should no longer give IT director sleepless nights provided that they avoid unsecured public services. I believe most cloud service providers will implement and manage considerably better IT security controls than internal IT departments – their business depends on it, many have high level accreditations to enable them to host public sector data securely, and they can afford the best technologies and staff because the cost is amortised across multiple clients. The issue then becomes more about general risk management than security, which can be addressed by appropriate supplier due diligence.
The greatest challenge in moving to cloud is to manage a supply chain which is becoming increasingly disaggregated. Cloud is definitely not ‘one size fits all’ – different providers will be better suited to different services, so organisations will find themselves with a portfolio of cloud services which they need to integrate and manage. This is leading to growth in two new types of cloud service: migration services and cloud monitoring as a service (CMaaS).
Migration services help organisations to move part or all of their infrastructure to a cloud environment. This may include mapping the required services to realistic deliverables, verifying the capabilities of the chosen provider/s and liaison with network providers and other third parties as well as the actual migration.
Once this has been done, organisations need the ability to manage their portfolio of cloud services and monitor them against the agreed SLAs. They require an audit function to ensure that each service is and remains fit for purpose, and independent service monitoring and management either in-house or contracted through an independent third party to ensure the provider actually delivers the contracted service.
An integrated cloud offering is still a work in progress for most organisations, but management toolsets and remote management and reporting capabilities are rapidly evolving. CMaaS services are now available which aggregate a variety of information sources and consolidate events and other performance statistics across an organisation’s IT supply chain into custom service views that provide overall service health and the ability to drill down into specific services.
They enable organisations to manage complex hybrid cloud environments which may include public cloud, IaaS and PaaS services and hosted and private cloud, where agents can be deployed or gateways installed into the monitored environment.
Demand for these new types of service is already being reflected in the data for spending through the G-Cloud framework. According to the official figures, ‘specialist cloud services’ (SCS), used to support transition to Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) solutions, led demand during February, with £39.2m being spent through G-Cloud.
They are also leading to the creation of two new roles – cloud auditor and cloud service broker (CSB). These may be carried out by a member of staff or an external consultant. The role of the cloud auditor is to ensure that services are performing as they should by assessing security, performance and adherence to the agreed SLA. The role of the CSB is to negotiate relationships between cloud providers and users and, as appropriate, move services dynamically between different providers. At present, it is not easy to move between services, but the role will become increasingly important as organisations become more sophisticated in their use of cloud.