Roadmap about migration of public services into the cloudA step by step roadmap for Public Authorities to help them as they plan, determine effort and budget, select the appropriate services, make the required internal organisational changes and finally execute the migration into cloud.
Cloud provider selection
As public authorities transition to cloud computing, they have to choose a cloud provider to host their cloud-based virtual machines. The choice of a Cloud Service Provider (CSP) requires the evaluation of an extensive list of options, such as:
- Service Levels: This characteristic is essential as the Public Authorities in most cases have strict needs regarding availability, response time, capacity and support. Cloud Service Level Agreements (CSLA) are an essential element to choose the right provider and establish a clear contractual relationship between a cloud service customer and a cloud service provider of a cloud service. A prescriptive series of steps should be taken by Public Authorities to evaluate them when comparing multiple cloud providers (CSCC, 2015b): 1) understand roles and responsibilities, 2) evaluate business level policies, 3) understand service and deployment model differences, 4) identify critical performance objectives, 5) evaluate security and privacy requirements, 6) identify service management requirements, 7) prepare for service failure management, 8) understand the disaster recovery plan, 9) develop an effective governance process and 10) understand the exit process.
- Support: The support is a parameter to consider carefully. It could be offered online or through a call centre, and in some cases, it could be necessary to refer to a dedicated resource with precise timing constraints.
- Security: As already mentioned security is paramount. When a public entity enters the cloud, it is entrusting its information assets to a third-party provider. Although normally, the potential supplier should follow recognised security policies in line with industry best practice, Public Authorities have to formulate a number of relevant questions (i.e. what is the security level offered by the providers? which mechanisms are in place to preserve client’s applications and data? etc.) to evaluate this essential feature for the overall architecture.
- Privacy: Particular attention has to be reserved to legal requirements for the protection of the personal data hosted in the cloud service. Public Authorities should understand the data privacy and retention policies too, as well as where the CSP’s data will be located, including any transborder data transfer, if applicable.
- Open Standards: In order to avoid getting locked-in to cloud infrastructure that has restrictive contracts or proprietorial technologies (technologies that are unique to the particular supplier), Public Authorities should prefer solutions that are implemented with fully open source technologies and open cloud standards. These technologies have an elegant escape hatch built into them by their design. Public Authorities can take the entire stack and host it on another CSP or in their premises without losing productivity or data. This backup plan protects them against legislative changes, company restructuring, and much more.
- Compatibility: The requirement of the cloudified applications have to fit into the CSP’s existing pre-configured templates and may increase the cost of configuration. Moreover, the CSP’s architecture should meet scalability, availability, capacity and performance guarantees and should be sufficient for agency requirements.
- Interoperability: To maximise the value of the cloud services, the cloud provider should select a provider that enables workloads to span multiple environments. For greater interoperability value, it is best to look for a provider that offers a common infrastructure platform for public and private hosted clouds, as well as on-premises private cloud (Frost and Sullivan, 2011).
- Pricing: Although most cloud providers use the aforementioned “Pay per Use” model, each CSP has a different price system. As cloud providers disclose their pricing formulas in a complex way, it is very difficult to estimate the cost for each service in order to be able to make a meaningful comparison (Posey, 2015). Moreover, additional costs can still arise, for example through the use of extra features. Terms of the contract, payment methods and payment dates can be deciding factors as well. Public Authorities should validate the cost model against the CSP’s pricing considering the following (Australian Government, 2012): 1) transparency of pricing system, e.g. subscription or pay-as-you-go pricing, upgrades, maintenance and exit costs, 2) examine potential costs for unexpected peaks in demand, 3) require service price for upgrade and maintenance fees appropriate to the services being procured, some upgrades may be automatic and included in the service, 5) confirm the cost model is suitable and allows for scaling and changes to service, 6) look for commitment requirements, such as minimum use, 7) confirm setup, training and integration fees and 8) request references to clarify ongoing cost of service.
- Redundancy: The provision of duplicate or backup equipment that takes over the function of equipment that fails should be discussed at an early stage. The redundancy process and timeframe have to meet the agency’s requirements and especially its obligations to the citizens Thus, adequate backup procedures and robust disaster recovery plans must be incorporated into the cloud offering.
- Easy to use administration environment: Make sure your potential provider has a user-friendly client portal. It should allow you to conduct admin tasks or add storage space or services quickly. Ask for a demonstration before you choose one CSP over another.
The majority of existing cloud offerings are implemented in proprietary and highly standardised form. What presents advantages for the provider – technological knowledge, economies of scale, etc. – creates troubles and frustration for the customer. Users complain of “vendor lock-in”, where they are dependent on a given vendor with no freedom of choice. Embracing an open cloud means there is no technology lock-in, no contractual lock-in and no service lock-in. It means providers don’t dictate technologies and that competition is embraced. New, emerging standards will increase the portability and interoperability of systems across cloud service providers, and will reduce or eliminate this current barrier to cloud adoption.