Cloud in a public sector environment is an interesting proposition. In business today there is an over riding pressure to reduce IT costs and in many countries in Europe there is a central “cloud first” policy intended to encourage the adoption of cloud within the Public Sector.
Yet there are concerns about security, privacy and availability of government and citizen data stored off premise in a public cloud entity.
However the technical and commercial flexibility of cloud can offer significant business advantages.
1. Simon Greig, Executive IT Architect, IBM Global Business Services
May 2015
Public Sector Cloud
2. About the Author
Simon is an experienced IBM Executive IT Architect with 20 years experience in
designing and delivery complex projects
He has been working on complex systems integration projects since 1999 and
over the years have been immersed in SOA, ESB and more recently cloud,
mobile and agile technologies
Over his career he has delivered projects worth cumulatively about US$2Bn
His current role in IBM is Cloud Leader for the Public Sector business within IBM
Global Business Services Europe
This presentation was created following many conversations with clients and
colleagues about how cloud applies to the Public Sector
It is one person’s point of view on the subject…!
2
Simon Greig
Executive IT Architect
IBM Global Business Services
Europe
3. Contents
What do we mean by “Cloud”?
Cloud in a Public Sector Environment
Government Cloud Architecture
Implications of Cloud
Conclusion
4. What do we mean by “Cloud”?
Most people should be on the page by now…but just in case…
5. Business Process as a Service
Software as a Service
Platform as a Service
Infrastructure as a Service
Definition of Cloud according to NIST *
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g. servers, storage, network, applications and business services) that can be
rapidly provisioned and released with minimal management effort or service provider interaction.”
Delivery Models
Deployment Models
Automation Virtualisation
Standardisation
Characteristics
On-demand self-service
Broad network access
Resource pooling
Rapid Elasticity
Measured service
Public Cloud
Private Cloud
Hybrid Cloud
* NIST - National Institute of Standards and Technology
Shared Services
Off Premise
On Premise
6. Cloud Delivery Models
Infrastructure as a
Service:
• Pre-defined
standardised images
ready to use
Platform as a Service:
• Standardised
development and
deployment platform
Software as a Service:
• On-demand software to
support business
processes
Cloud Services:
• Solutions built upon
cloud platforms
IaaS PaaS SaaS Services
8. Infrastructure as a Service Options
Private Cloud
Benefits:
• Customisable
• Local control &
management
• Customised security
Benefits:
• Accessibility
• Pay-per-use
• Elasticity
Public Cloud
Benefits:
• Match applications to
best-fit infrastructure
• Balance risk and
performance
• Meet seasonal capacity
without CAPEX
Hybrid
On Premise Off Premise
10. Cloud in the Public Sector Environment
Commercial and technical
disaggregation
Cost cutting
“Cloud First” government policy
Need an ability to react quickly to
changes to policy and/or
legislation
“Provide better services with fewer resources”
Drivers
Security
Data centre location
Data Protection
Aversion to risk
Snowden revelations
US NSA data access
Vendor lock in
Concerns
Flexibility
Environmentally friendly
Cost effective
‘Strength in numbers’
security
Cost benefits through scale
On shore delivery with
security cleared staff (mostly)
Demands
!
11. Public Sector Cloud Use Cases
Public
Sector
Cloud Use
Cases
DevOps
& Agile
Disaster
Recovery
Web
Apps
Mobile
Seasonal
Apps
Big Data
&
AnalyticsPeak Load
Processing
Managed
Apps as a
Service
Business
Support
SaaS
Channel
Shift
Shared
Services
Dev/
Test/
PoC
Citizen
engagement &
Workforce
enablement
Citizen &
employee
engagement
Reduce DR
costs and
improve system
recoverability
Deliver projects
faster and more
efficiently
Outsource
management and
support of individual
applications
Encourage users to
move away from
paper and telephone
channels to digital
Pay as you go for business
supporting software. E.g.
HR, education, contract
management, procurement,
collaboration
Periodic spikes in
processing load can
be offset to a cloud.
Seldom used apps (e.g. for
compliance) can be made
dormant to reduce costs
when not needed
Reduced costs
through elastic
storage and compute
Offer common services
across government
departments and agencies in
order to improve efficiency
and reduce costs
Rapid provisioning of dev &
test environments that scale
up and down with the team.
Fast start, low entry cost for
PoCs and Pilots.
12. System “Cloudiness”
Regulated
Open
FlexibleInflexible
Systems with
Highly
Sensitive Data
Regulated
Systems
Systems with
Consistent
Workload
Batch
processing
Social
Business Mobile
DevOps
Front Office
/ Desktop
Web
Applications
Customer
Service
HR
Management
Dev &
Test
Disaster
Recovery
Data
Archive
Systems with
Variable
Workload
Big Data &
Analytics
Pilot /
POC
Legacy COTS
Middleware
Based Systems
Systems with
Complex
Integrations
Collaboration
Mature
Systems
ERP
CRM
Good fit for
cloud
13. System “Cloudiness”
Regulated
Open
FlexibleInflexible
Systems with
Highly
Sensitive Data
Regulated
Systems
Systems with
Consistent
Workload
Batch
processing
Social
Business Mobile
DevOps
Front Office
/ Desktop
Web
Applications
Customer
Service
HR
Management
Dev &
Test
Disaster
Recovery
Data
Archive
Systems with
Variable
Workload
Big Data &
Analytics
Pilot /
POC
Legacy COTS
Middleware
Based Systems
Systems with
Complex
Integrations
Collaboration
Mature
Systems
ERP
CRM
Good fit for
cloud
A large proportion of existing
Public Sector systems fall into
this quadrant.
What do we do with them?
Replace with SaaS?
Migrate?
Transform?
14. Unlock the Legacy in order to Tap Into the Cloud
Ecosystem
TransformMigrate Wrapper
Migrate the system from dedicated hardware to a cloud
infrastructure.
Pros:
• Offers a simple way to move to an infrastructure
rental model at an appropriate tech refresh point.
Cons:
• Without alternation it is unlikely that the app will be
able to take advantage of the benefits (e.g. dynamic
scalability) that a cloud platform will provide
• Care needs to be given to interfaces and dependent
systems to ensure that their performance and
operation are not adversely impacted.
Leave the application where it is and create a cloud
compatible secure API to the app that enables the cloud
ecosystem to tap into the data and services offered by
the application.
Pros:
• Existing applications could be cloud ecosystem
enabled without the need for large changes to the
existing application
• Existing interfaces and users are unaffected by the
change
Cons:
• The application remains where it is and merely
interfaces to the cloud (might not be a con!)
Rebuild the application from the ground up to take
advantage of the cloud platform capabilities.
Pros:
• Applications that take advantage of the platform can
be more dynamic and drive a lower infrastructure
cost
Cons:
• Rebuilding the applications is a non-trivial exercise
• Applications may be in long term support contracts
that make it hard or impossible to rewrite the system
Implementation speed
Benefits realised from the cloud platform
Born on the CloudLift and Shift Hybrid Cloud
15. Other Alternatives
Radically Simplify Retire
Where there is a good fit with an off the shelf software
as a service product consider a complete replacement
Pros:
• Most SaaS products offer a per user per month
charging model
• SaaS offerings are very focussed on what they do
and tend to offer significant functional benefits over
a roll tyour own solution
Cons:
• Historic data may need to be transformed and
imported to the SaaS provider. This data move will
have an associated transition cost
• The business process will likely need to change in
order to support the way the SaaS product operates.
This change will have an associated transition cost
• Data integration between SaaS products and the
rest of the enterprise may be harder than with a
local solution
Decommission the system either immediately or at the
end of its contract term. Not as unlikely as it first
appears as in a large application estate things can fall
between the cracks when business priorities change
leaving duplication and redundancy between systems.
Pros:
• Low cost option
• Simplify the estate
Cons:
• Likely to be a very limited number of systems that
fall into this category
• The likelihood is that *something* will need to
replace the functionality
SaaS Enablement Turn Off
X
17. SolutionPlatformOptions
Government AccessPublic Access
Traditional
Hosting
On Premise
IaaS
Government
IaaS
Public
IaaS
Public
PaaS
Government
PaaS
Secure
Data
G2G
Interfaces
On Premise
PaaS
Traditional
Platforms
Compute Storage Network
DevOpsAnalyticsMobile
Interaction
Data
Public
Data
Infrastructure
as a Service
Platform
as a Service
Cloud
Services
API
API
Transaction
Data
Core Business
Applications
Citizen
Interaction
Web Apps
Citizen
Mobile
Apps
Government
User Web
Apps
Government
Mobile Apps
Application
Services
Data
Services
Secure Access
API API
G2C
Interfaces
Public SaaS
G2B
Interfaces
External
Ecosystem
Government Cloud
Architecture
Security Enforcement
Security
Integration
Data
Integration
Data
Security
Integration
Services
Service
Security
Integration
Bus
Integration
Bus
Other
Channel
Apps
Other
Channel
Apps
Public API
Analytics
18. Key Messages on the Architecture
Cloud may not be the only answer
– Complex enterprises and systems require different solutions for
different situations
– Non-functional policy and rules may require that the master data is
kept local
– The secure and dependable integration of legacy systems and
data to a cloud platform is key to the success
Unlocking appropriate access to enterprise data creates opportunities
– Potential to increase digital adoption or citizen engagement with
citizen centric solutions delivered via modern cloud based
platforms
Enables “Government as a Platform”
– Creating API interfaces into each layer of the application improves
separation but also provides fine grained access control
– The use of APIs allows for an ‘ecosystem’ approach to system
development rather than relying on a single supplier
20. Cloud Benefits
•Deploy new instances in
minutes or hours rather
than weeks or months
•Projects can start much
quicker as development
and test environments
can be stood up quickly
•Changes can be
delivered very quickly and
sometimes automatically
Agility
•“Safety in Numbers”
security
•Cloud is a bank vault
security concept opposed
to a safe in your office.
The security controls on a
vault are more efficiently
delivered with scale
Security
•Costs of infrastructure,
monitoring and support
can be much more
efficiently delivered
•Costs are transparent and
the spending controls are
much more powerful
Economy of Scale
€
21. Cloud Risks
• Pay for what you use risks
costing a lot of money without
governance and controls over
the XaaS deployments
• The performance difference
between physical and virtual
may increase software licencing
costs
Utility Costs
• Integrating existing applications
into the cloud environment may
not provide cost or scaling
benefits if the applications are
not designed to take advantage
• Software licencing from
software vendors of migrated
applications may not be flexible
or elastic to match the hardware
• The integration of multiple cloud
suppliers with data transfer
times/costs and security
integration may be non-trivial
Integration
• Solutions and contracts risk
being fragmented which could
make SLA and service
management a challenge
• The more fragmented the
environment the greater the
data integrity and performance
challenges
Fragmentation
22. Scale Up
Which Compute Workload Patterns Might Benefit From
Cloud?
Steady State
The application workload is steady state
and constant most of the time.
Applications that fit this profile are quite
rare.
Moving an application such as this risks
increasing the costs of operating the
application. Cloud rental rates tend to be
higher than on-premise self build costs.
Cloud flexibility benefits may not apply in
this case.
Daily Variable
This application profile is the most typical.
Peaks in processing are predictable and
occur at similar times each day.
It is possible that an hourly cloud rental
model could provide a more cost effective
platform as extra compute power can be
provisioned when needed and only paid for
when utilised.
= Likely to be a good fit for cloud = May not be a good fit for cloud
Annually Variable
This application profile is typical of large
compliance based systems with an annual
deadline. There is a constant background
level of use but an annual spike at
particular times of the year.
Hosting an application such as this on a
cloud platform could save a significant
amount of money as the extra compute
power is only provisioned when needed.
On/Off
Applications that fit this profile tend to me
smaller applications that are only used
occasionally and have a few number of
users.
Hosting an application such as this on a
cloud platform could save money as some
cloud providers do not charge for compute
power when it is not being used.
New applications tend to have a user growth
– either forced by a roll out programme or
unforced as user volumes increase by word
of mouth or advertising.
A cloud model allows for compute power to
be paid for when it is needed. This avoids
some of the need for complex business
volumes predictions and having to buy peak
load hardware many years in advance of
when it may be used.
Workload
Time
Workload
Time
Workload
Time
Workload
Time
Workload
Time
Scale Down
Applications that are being phased out or
have a declining user base will slowly
reduce the need for compute power over
time.
A cloud platform potentially allows for the
infrastructure to be scaled back in line with
the users. The scaling back would reduce
the infrastructure costs in a way that would
be impossible with fixed on-premise
infrastructure.
Workload
Time
23. Which Storage Workload Patterns Might Benefit From
Cloud?
AmountofData
Time
Standard System
A steady increase of stored data over time.
Cloud storage costs will rise proportionally
to the amount of data stored. Cloud will
offer virtually limitless storage on demand
without a long lead time.
Periodic archiving to lower cost storage will
reduce cloud storage costs.
AmountofData
Time
Standard Practice Analytics
Data is taken on with periodic spikes in
data for specific projects.
Periodic purging of data that is no longer
required will reduce cloud storage costs.
= Likely to be a good fit for cloud = May not be a good fit for cloud
AmountofData
Time
Real-time Streaming Analytics
Data is streamed through the analytical
engine without needing to be stored to disk.
A background level of reference data and a
small amount of results storage may
gradually increase over time.
Cloud would provide a very efficient
platform for this profile of system.
AmountofData
Time
Leading Practice Analytics
Data is loaded for a specific purpose and
then removed or archived when no longer
needed. The determination of the data that
is relevant and the data that can be deleted
is key in order to achieve maximum benefit.
Cloud would provide a very efficient
platform for this profile of system.
AmountofData
Time
Lagging Practice Analytics
Data is taken on in large volumes and used
for analytics. Data is never purged or
archived and builds up over time.
Using a pay as go storage model where
there is no downscaling risks the medium
to long term costs of the cloud storage
being greater than the costs of hosting
local on-premise storage.
25. Applying Cloud Technology to Government
• ‘Peripheral systems’ (e.g. talent mgt, HR, contract mgt, supplier mgt, CRM) that are not
fundamental to the business can be explored to be replaced with an off the shelf SaaS offering
• Reduced costs and more efficient working
• Unlocking enterprise data and getting it closer to the citizen for less cost and increased flexibility
• Promote innovation
• Rapidly stand up new environments
• Turn on and off environments on demand
• Reduce project delivery time
• Integrated tooling to automate the build, deployment and test of applications
• Reduce time and increase repeatability
• More efficient working
Unlock Systems
of Record
Radical
Simplification
Dev/Test
Environments
DevOps
Automation
26. Where to start?
Infrastructure
as a Service
Platform
as a Service
Software
as a Service
• Business support apps that are completely standard and non-differentiating but yet require costly
management
• Often offered with very low cost of entry with monthly per user per month prices
• Go for citizen engagement applications first (e.g. form filling, mobile app, information sites)
• Java/web development productivity improvement
• Look for dev/test optimisation to play to strengths of cloud (flexibility, variable cost, short lead time)
• Opportunity for Devops platform to improve IT department productivity
• Application portfolio assessment looking for ‘low hanging fruit’ to transform to cloud platforms
• On-prem or off-prem or a mix? What are the constraints? How do we work around them?
• Is the business interested in the cloud technology? Lets assume not, so focus on time to value,
reduced project costs, flexible pricing, low entry costs for projects, ability to experiment
• Is there potential to reduce run costs estate optimisation through virtualisation and consolidation
Where to
Start?