Clouds in the Forecast Factors to Consider for In-House vs. Cloud-Based Systems and Services
Speakers Sam Gabal Sam Gabal is a Sales Executive with Origami Risk, based in Orange County and experienced with many California clients. These days he specializes in Claims Administration Systems and Risk Management Information Systems, and he also has 10 years of prior experience focused on Medical Bill Review technology. Bill Scribner Bill Scribner is Director of Information Technology at ALPHA Fund. Bill's team at ALPHA Fund manages an extensive set of vendor-supplied and home-grown software solutions within their proprietary data center in Granite Bay, California. Prior to joining Alpha, Bill was a principle in a Technology & Consulting Firm that specialized in SAAS solutions.
In-House Definitions Any solution or system where the data, servers, and infrastructure reside entirely on an organization s privately owned hardware. Applies to both proprietary/home-grown solutions and vendor-supplied and supported solutions. Can be located within an organization s premises or at leased data center space: On-Premise: All of the hosting infrastructure is located within the confines of the organization s physical building(s). 3 rd Party Colocation: The hosting infrastructure is located at commercially available data center facilities, but is still owned and managed entirely by an organization s own employees.
Definitions Cloud US National Institute of Standards and Technology (NIST) Defines Cloud Computing as: Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Definitions: Essential Characteristics On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service s provider. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs). Resource pooling. The provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
Definitions: Service Models Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
Definitions: Deployment Models Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
Statistics Big 4 Public cloud providers continue to gain market share: Chart Title 2013: 41% 2014: 46% 2015: 54% 0 5 10 15 20 25 30 35 Google IBM Microsoft Amazon
Comparisons/Considerations Consideration On-Premises Cloud - Hosted Cloud - SaaS IT - Resources, Infrastructure, and Investment Greatest Moderate Least Internally Managed Externally Managed Externally Managed Server & Data Security Initial Investment Greatest Moderate Least Investment Over Time (TCO) Depends Depends Depends Software License Purchase Purchase Subscription License Expiration Never Never End of Subscription Accounting Method CapEx CapEx OpEx Frequency of Upgrades 1-3 Years 1-3 Years Automatic Customization Unlimited Unlimited Conditional Service Level Agreement/Uptime Guarantee Internal Per Contract Per Contract Access to Data Direct; Local or VPN Direct; VPN Indirect Extra Storage Capacity Add Hardware Additional Fees Additional Fees
Other Considerations Scorecard: compare overall features/benefits/costs of each model Evaluate in-house expertise, capabilities, and workloads Software Vendors: Platform or Architecture model PaaS/IaaS/SaaS Instances and Tenancy System configurability Maintenance & Support Where is support team located Do updates apply to all clients at once? Experience & history How many existing customers with successful similar implementations? Access to Data Access to exports & backups Ability to apply updates Vendor s access
Cost Calculators Great tool for evaluating software costs: http://www.softwareadvice.com/tco/ Example of AWS Cost Calculator for inhouse or private-cloud deployments: http://awstcocalculator.com
Cloud Failures L Growing consensus that Private cloud projects suffer from high failure rates: Some consultants estimate as many as 75% of cloud projects fail Many private clouds require 2 or 3 iterations before success is declared Common causes of failure: Poorly defined metrics focus on cost instead of productivity Motivation and commitment just doing it to keep up with current technology Lack of elasticity in Private cloud model
Cloud Failures L Dropbox password bug With over 100 million users in 2011, a software bug for 4 hours allowed anyone to login with just an email address no need for a password! Since then, icloud, Google Drive, Microsoft OneDrive have steadily eroding Dropbox s utility and usage.
Cloud Failures L Apple/iCloud Celebrity Phone Hack August 2014 - Celebgate was widely reported as a hack of Apple s icloud security, affecting over 100 celebrities accounts. In reality, it was the result of phishing and brute-force guessing of user names, passwords, and security questions. icloud systems were never breached.
Cloud Failures L Office 365 Outages Many companies are transitioning to cloud-based Microsoft Office solution Searches reveal about 2 major outages each year Causes typically related to system upgrades or patches to infrastructure.
Cloud Failures L LastPass Cloud-based personal password database 2011 outage due to overwhelming traffic after company warned users of suspicious network activity 2015 another security breach resulted in compromised email addresses, password reminders, and authentication hashes. Passwords were encrypted in both cases.
Cloud Success Stories J Google Apps/Microsoft 365 February 2016 Gartner report shows 13% of public companies have adopted cloud-based productivity software Microsoft dominates with 8.5% market share Google Apps for Business has 4.7% Google Apps Office 365 Traditional
Cloud Success Stories J Amazon.com 2010 thwarted DDOS attack by hacker group Anonymous Attackers were upset because Amazon quit hosting WikiLeaks after the publicized release of a trove of secret US State Department documents.
Cloud Success Stories J City and County of San Francisco CCSF adopted Force.com platform to modernize its website Takes advantage of pre-built social media marketing and monitoring tools Mobile platform for its citizens
Cloud Success Stories J Netflix 2010 Netflix decided to move 100% of streaming data & services to AWS, which would push the service beyond limits at the time Completely migrated by mid-2015 Along the way, actively recruited new clients for AWS to test new features and services Created Simian Army software for stress testing, other tasks
Cloud Success Stories J Intuit Chose to go 100% into AWS to consolidate multiple data centers, and to gain elasticity for tax season Worked through initial growing pains Pushed AWS to add enterprise-grade security features for its financial-services software. Completed 6-month plan in only 2 months
Cloud Success Stories J NASA/CalTech Jet Propulsion Labs Hybrid cloud(s) multiple solutions across many platforms Public website on AWS for high-profile event traffic MS Azure platform used for speech-to-text processing of over 2,000 archived videos Mobile-enabled solution has boosted productivity exponentially
Questions/Comments?