There have been some excellent comments to-date on what we need to
consider in “Moving to the Cloud” for the Cloud Computing Use Cases
White Paper (http://groups.google.com/group/cloud-computing-use-
cases). Rather than trying to put explanations in place for each of
the suggested considerations, it is worth stepping back and look at
establishing a process on how cloud services could be identified.
NOTE: The Cloud Consumer (CIO / CTO / CFO) will want to see a ROI from
moving a service to the Cloud and the Cloud Provider needs to make
money from hosting the service. Both those thoughts are valid.
Therefore, It is important to consider the business implications of
moving to the cloud first before applying rules to minimize risk.
Bottom line, if moving to the cloud does not have a positive impact on
the success of the business, then it's probably not worth doing.
Take a look at the following suggestions and let us know if this logic
makes sense and identify what you feel may be missing from the
Step 1 – Identify existing or new processes, services and data as
candidates to “Move to the Cloud”
Not all processes, services or data are candidates for the Cloud. If
we are going to use business criteria to identify cloud candidates,
the following are possible examples:
- Save money?
- Increase flexibility to handle fluctuating volumes ?
- Improved customer access / satisfaction ?
- Off-load work from existing IT environment ?
- Consolidate like work with other enterprises within the cloud?
- Other considerations ?
If the candidate, either, new or existing meets one or more of the
above then that candidate could potentially move to the Cloud.
Step 2 – Manage the risks for those candidates to be moved to the
To get through managing the risk and make it easier, one needs a
starting point. If one considers the data aspect of the candidate,
then hopefully, all the other considerations become dependent on the
characteristics of the data to be considered to be moved. Examples of
data types are:
- Public access (think parts in a catalogue )
- Private access (info that is either confidential or needs to be
kept private or both)
- Shared data between enterprises
- Data that needs to be accessed 7 x 24
- Data that needs to have sub-second access time
- Other types of data
Once the data step has been considered and applied against the
identified candidates from Step 1, it is very important to identify if
that candidate can be separated from other processes, services or data
from services which are not identified as candidates. If the
identified candidate(s) can be executed independently then the risk
level can be assigned. As part of assigning the risk level one has to
consider the security policies assigned to the data. Other risk
considerations are SLA, Single Sign-on capability, availability,
disaster recovery, etc. can be determined. (Pull from the list that
the group has already created.) As part of validating the risk
assessment, one may also want to be able to test the candidate in a
Private Cloud environment, ensuring that the security policies
established by the enterprise are intact before deploying the service
to a Cloud Provider.
Step 3 – Metering
In parallel to ensuring that the risk issues have been determined and
addressed, then comes the cost of doing business in the Cloud based
based on data volumes and risk management.
For a service in the cloud, a cost factor will be assigned for
accessing the data. It is important to understand the cost equation
for the data access. The cloud consumer needs to project the average
access rates, the peaks and the valleys. By understanding the volume
projections and the access patterns, a cost can be estimated.
Remember, the CFO does not want any surprises at the end the month or
quarter, especially when the cost of running the cloud service exceeds
the budgeted amount.
The three steps represent an overly simplified approach to identifying
the right cloud candidates to migrate to the cloud. If these steps
make sense, then we can use these steps as a base.
It is important to have a repeatable process to qualify the value
and the risk of Moving to the Cloud, otherwise the wrong decision can
be easily made.
I look forward to your comments as we begin to build the “Moving to
the Cloud” portion of the Use Cases White Paper at