The
benefits of cloud are numerous and familiar to most in the IT sector by now. It
is more cost-efficient than having in-house infrastructure, as organisations
only pay for what they need and use. It is more flexible, enabling
organisations to scale up as and when required, instead of making upfront
investments. It enables them to be more innovative, developing and deploying
applications faster.
But with
increasing popularity of cloud, different models have evolved. There are the
so-called public clouds, where large-scale resources are owned and operated by
the service provider. Some organisations prefer to deploy resources
on-premises, using virtualisation and resource management tools.
Most of the
listed benefits of ‘cloud’ are usually applicable to the public clouds.
OpenGov had
the opportunity to speak to Mark
Ryland, Director, Public Sector Solutions Architecture, at Amazon Web
Services (AWS) to learn about the current trends in the
adoption of public cloud by governments and the perceived challenges from
migrating workloads to the cloud. Mr. Ryland serves as a key interface between
the public sector team and the engineering, security, and compliance teams at
AWS.
Data centres and private and public clouds
In view of
the proliferation of many different cloud models, such as public, private and
hybrid clouds, we asked Mr. Ryland as to when can an organisation say that they
are genuinely using cloud.
He responded with an industry joke about an
organisation with a data centre. One day the sign says ‘data centre’, the next
day it says ‘cloud’. He said that cloud is such a strong marketing term that
people use it to describe things that are pretty far from cloud.
But in most
private clouds built through in-house data centres, chargebacks are not done.
Mr. Ryland
explained the criticality of chargebacks, “If you’re not doing chargeback, then
you’re not building the incentives to use the infrastructure efficiently. The
workload owner is not paying, someone else is paying and very, very few
organisations ever achieve chargeback within themselves.”
He
expressed his preference for the term ‘multi-tenanted’ cloud for the so-called
public clouds. Because they are not public in the sense that anyone can go and
access the organisation’s data. Specific permissions are required. It is these
large-scale clouds which provide the benefits of efficiency and scale.
“If you
want to take some of the lessons of that and apply it to the private
environment, that’s fine, but most of the big projects where I’ve seen people
try to do that in their own data centers, they generally don’t succeed,” Mr.
Ryland said.
Concerns heard from governments
Security
compliance is an initial barrier for many governments. A few years ago, there
were similar security concerns about virtualisation. But then people developed
familiarity with it, everyone started using it, third-party auditors gave their
stamp of approval regarding safety. Now people are using it, without even
thinking about it as a risk.
Cloud is
going through a similar cycle. But Mr. Ryland said that in his experience, if
there is deep engagement with customers, and they really understand how the
cloud works, then they end up using the platform and realise the benefits very
quickly.
Nonetheless,
security is a point of friction and it takes time to assuage those concerns.
Another
point of friction is acquisition.
Use of a multi-tenanted cloud means shifting
of IT expenditure from planned capital investment to variable operating
expenses. Government agencies already buy some services with variable costing,
like electricity or even certain labour services. But IT procurement has
traditionally been done on the basis of fixed price contracts, capital
investment, systems that were put in place to save money because of cost
overruns.
“If you
look back 20-30 years ago, you have costs-plus contracts, people will have massive cost
overruns and the government felt that vendors were taking advantage of them. So
they placed a regime and said, ‘Look, we’re just going to pay this much and no
more.’”
“So, now if
I come to you and say I have a variable costing model – I can tell you
approximately what it’s going to cost but I can’t tell you exactly, that makes
them uncomfortable,” said Mr. Ryland.
But if they
look at the overall savings, the agility and the speed, then those concerns are
overcome.
To get comfortable
with this variable costing model, two things are required: Fee transparency
from the cloud providers and the ability on the government’s side to set up a
model to monitor usage and adjust according to their requirements.
In fact, if
done the right way cloud could provide governments with an unprecedented degree
of transparency regarding IT spending. Using dashboards, alerts and alarms,
they could discover if some project is going over-budget and take the necessary
corrective actions.
In this new
operating model, cost is dynamic, trackable and transparent and if governments
pay attention, they can use it to cut costs.
Data
sovereignty is one other concern we heard. AWS has a very strong notion of
regions and they do not replicate data outside of a region. It is done by the customer.
But
countries are becoming more sophisticated in understanding what the real
threats are from a cybersecurity perspective.
“When it
comes to more sensitive data, then it can be more challenging. But even there, many countries, you know,
once they've become more sophisticated in their understanding in what the real
threats are from a cyber security perspective, it's not about physical
location. Nobody has ever done a major cyberbreach by walking into a data
centre and stealing a hard disk, it doesn’t happen that way. So if an
application is connected to the Internet, you have a whole set of threats that
are the same, it doesn’t matter where you are physically located. And it’s
building the systems to protect you against the network-based attacks, that’s
where you should invest,” Mr. Ryland elaborated.
Migration patterns
Governments
start with things which are considered less sensitive, that they’re less
concerned about, such as public facing websites.
By building the experience and
gaining the knowledge of how to operate securely on a cloud, that helps to
build up the confidence to use and bring more sensitive workloads to the cloud.
They start
thinking this could be useful for workloads like tax collection, that are not
public but have big swings and cycles in infrastructure requirements.
Some
governments are using the opportunity of cloud migration to in-source, as in
cloud applications are being built by their on-staff engineers who would
develop the cloud skills. Entire environments are becoming API-driven, software
defined where engineers are just now calling APIs (Application programming
interfaces) and not building physical things.
It's about re-skilling people to do more high value things, which means
mostly focusing technical talent on application development and not
infrastructure management – because there's no value creation in
infrastructure. Application is where
value is created.
Mr. Ryland believes that cloud is now the new
normal and it benefits a wide range of government workloads. It is progressing
towards the point where governments could use multi-tenanted cloud for anything
short of top-secret workloads.