Buyer's Guide

Cloud computing services selection guide for Indian organizations

Jasmine Desai, Special Correspondent

Requires Free Membership to View

Cloud computing services – it is no more an evolving concept or just a buzzword for India Inc. Today for organizations — big and small — it is the easiest means to save on costs, as well as leverage on advantages such as security, reliability and scalability. For example, when broadcasting major Star India opted to implement private cloud architecture, availability of resources on the fly and low-cost were the motives behind the move. As Balvinder Singh, the vice president of IT at Star India Pvt Ltd explains, “Cloud computing is a very concrete solution that you can select when you want to make IT infrastructure available on-demand without any management headaches. It is the most efficient technology in handling the demand immediately at low-cost.”

While these seem to be the key motives in most cases, Indian organizations have a variety of reasons for adoption of cloud computing services. In fact, the current adoption rate is such that spending on IT cloud services will triple in the next five years, reaching $42 billion and capturing 25 per cent of IT spending growth in 2012, mentions the IDC blog. But going in for cloud computing services is not easy. Being a multi-layered task, it needs nothing less than a clearly mapped out strategy for enabling its proper implementation. However, this adoption can be simplified (as well as precisely enabled) with the help of this comprehensive guide.

Evaluation of benefits first

Cloud computing services, as we know, is a general term for any model that involves delivering hosted services over the Internet. These services are divided into Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) that are made available over the Internet. What differentiates cloud computing services from traditional computing is that the former are sold on demand and highly scalable.

Cloud architecture is further dissected into public, private and hybrid clouds. In a public cloud, resources (storage or applications) are made available by a service provider over the Internet—the organization can pay as per its use. On the other hand, a private cloud provides such hosted services behind a firewall to a limited number of people. In a hybrid cloud computing services scenario, an organization makes provision for some resources in-house and procures others from outside.

So what are the main attractions toward adopting cloud? Sometimes, running applications in-house requires lot of capital hardware and infrastructure. That is where cloud computing services come in handy. The main draw towards cloud computing has been the capability to avoid management hassles. There’s no need to employ people internally to upgrade and maintain the software (in many cloud models).

Further, allotting servers and storage as per need and usage proves very convenient and cost- effective and enables conservation and optimization of resources. For instance, Diptarup Chakraborti, the Principal Analyst for Client Computing at Gartner Inc. observes that cloud computing equals to a greener architecture. He points out that technology like server virtualization (as well as modular data center designs) plays a predominant role in the cloud architecture to ensure power and space savings. Another key reason for companies to go in for cloud computing services could be leveraging all the latest technologies as per requirement without having to chart out their own technology roadmap, in-house implementation and the ensuing upgrades. Once your organization is sure about the reason for opting for cloud computing services, it can begin its evaluation journey.

Making the right decision

The cloud computing services buying process involves two factors: selection of applications to be put on the cloud and zeroing in on the right vendor. While there is no set formula for determining which cloud computing services need to be put on the cloud, a rule of thumb is not to put mission-critical applications. The safest method is to put applications, which are not required 24/7, on the cloud.

In this regard, Vilas Pujari, the CIO of ACG Worldwide points out, “Let’s assume that an ERP application is used by 80 percent of the organization. It does not make sense to put it on the cloud. Instead, a lesser used application like CRM on the cloud makes more sense.” ACG Worldwide is planning to go for cloud computing services for its mailing system and CRM application. It’s in the process of evaluating cloud service providers for the same.

When it comes choosing cloud computing services, Singh of Star India is also a firm believer in assessment exercises. He states, “You have to answer the fundamental question about whether a certain application can be put on the cloud or not. Is there a peak-load or not? Or is it lean usage? In case of latter, it would become a prime prospect to be put on the cloud.”

On this front, most Indian organizations face challenges while performing a complete test cycle after an application has been put on the cloud. For instance, Star India recently opted for a private cloud deployment (which is currently in the test environment). While opting for the private cloud, Singh evaluated aspects like the vendor’s experience and alignment of the offerings with Star India’s specific requirements. When Star India decided to opt for a private cloud (as part of its IT infrastructure migration from Hong Kong to India), on-demand infrastructure availability on a 24/7 basis was its topmost requirement.

This brings us to the selection of vendor for procurement of cloud computing services. This needs to be done while keeping in mind few critical points. As Pujari of ACG Worldwide elaborates, “Information security levels provided by the vendor will be a key criterion while making the selection. Asking questions on various fronts such as the vendor’s reputation in managing such a deployment, the track record he has in providing the solution, and redundancy built into the system are key aspects.” It also helps to look at other customer references and their experience with the cloud. Referring to the vendor website is a good way to start the research.

Pricing is an important variable to go by for most organizations. Typically, cloud computing services are priced on storage, CPU and bandwidth (data transfer rate). You can always compare the prices of different vendors to come to a conclusion.

When the India Infoline Group chose Google Apps for its email system, it looked at the service provider’s user-friendliness. Sankarson Banerjee, the CIO of India Infoline states, “It integrates really well with Outlook, and has low predictable TCO. The best part was that everyone was familiar with it.” India Infoline has also opted for the Netmagic cloud to host servers which run its trading software.

Yet another example is Hungama Digital Media, which leverages AWS (Amazon Web Services) for its constantly growing storage needs. For Hungama, vendor selection was an easy step as there were not many choices available in the Indian market in 2008. So Hungama took its call depending on the vendor’s experience and trust.

Matters of SLAs, licenses and law

There are times when the most detailed research may not be enough for selection of cloud computing services provider. There are several issues and challenges worth considering before you make your go for the cloud and the relevant cloud computing services. The main roadblocks to circumvent include access, governance, security and integration.

The challenge of going in for cloud computing services comes with a lot of complications. For instance, the user organization may not know where its data resides, availability, or aspects such as the servers being used in various parts of the world. In such scenarios, the Service Level Agreement (SLA) becomes critical. Such complications may even make it necessary to redefine the SLAs. The silver bullet while defining (or redefining) an SLA is information security.

According to Sanchit Vir Gogia, the Associate Research Manager at Springboard Research, organizations should make it clear that the provider replicates and constantly updates data. “Organizations with a lot of sensitive and regulated data like banks and financial institutions should actually ask the provider for real-time data streams — even from controls like the intrusion detection system. This ensures that they know about real-time intrusions, so that it can be curbed on an immediate basis,” says Gogia.

Another aspect with regard to SLAs for cloud computing services is performance. Average application response time, transactions per second, and monthly downtime figures comprise the performance matrix that needs to be considered on this front. Gogia of Springboard Research states, “The levels stipulated in the contract should balance the importance of cloud resources to the company’s core mission. The company needs to understand that there can be faults as well. Thus, enterprises need to question themselves as what do they need and what do they pay for. You might not actually need 24/7 support. The division should be made very carefully between core and non-core applications.”

SLAs for cloud computing services need to be considered with regard to auditing rights as well. For instance, when data is not residing within the firewall, how does one audit? Do you have the rights and the tools to audit? A mix of technology to do on-site visits is critical. Typically, there is documentation of time, processing rates, monthly reports and other dashboards. These enable customers to get a feel of real-time situations. Your organization should be given the right to audit the provider’s electronic as well as physical security services. Also, if you as the customer can talk to the cloud computing services provider’s employees, it really helps dispel such doubts.

With regard to SLAs for cloud computing services, it is critical to consider what will happen in case the promised SLAs are not met. Hence, organizations should avoid contracts that do not have consequential pointers. Gogia of Springboard Research points out, “You should always think of financial obligations. If the downtime happens more frequently, then can your enterprise terminate the contract? This aspect needs to be made clear.”

According to Chakraborti, the SLA has to determine clearly what will be the impact on the business if a particular delivery is down, and how it will be compensated for. “The contract should define consequences of security violations very clearly. A serious failure can result in termination. There should also be a clause mentioning that if the service provider is not able to compensate for a particular disrupted service, then the customer can take him to court,” says Chakraborti.

Licensing is another closely connected issue when it comes to SLAs for cloud computing services. The main issues on this front are usually about user, per device or enterprise licensing models. It becomes very difficult to map these in a cloud environment. While paying on a per user basis is a tried-and-tested method, the per device model can create complications (since this model varies according to concurrent devices and total device models). Enterprise licenses have their own set of complications as well. Much of these complications are dictated by the current enterprise status. In case your organization has a public as well as private cloud in place, licensing becomes dependant on the equilibrium between these two models. It is also necessary to remember that complications around end-user license agreements for cloud computing environments make it necessary to read the fine print.

Scalability, an important part of the cloud, is yet another critical issue. It needs to be defined as to the specific application uptime requirements depending on the different types of users. Gogia of Springboard Research states, “People are moving to open source as an option, but it is not really the answer. The cost of support can be really high, so there should be combination of both. As the market grows, licensing models will also mature.”

Closely linked to SLA and licensing for cloud computing services is the legal aspect. While SLA is more towards service delivery, legal aspects are all about how storage, transfer and auditing of data. Firstly, the relationship between the customer and the cloud service provider is not similar to the typical outsourcing deals. Hence, trying to protect your organization through contracts will prove difficult unless there are proper standards for cloud services. Use of cloud computing can mean copies of data being stored in different parts of the world. Thus, data is often transferred across borders. This will have significant legal implications as this is the personal data.  For example, if data is transferred from the EU to the US, there are legal issues across borders. While industries are not affected by such movement of data, government agencies have major concerns about where the data resides.

Current contracts for cloud computing services veer more towards normal outsourcing engagements. So you need to assess properly whether the vendor has the capability to deliver those levels. If a company is sharing data with another company, the provider has to ensure protection of personal and confidential data. The cloud service provider is relying on the security of each of the cloud participant’s personal information. They have limited means to conduct due diligence. More visibility from the vendor’s side ensures more proactive handling of security issues. Liability faced by a company in case of a security breach, its effects on data and the vendor’s approach to resolution are the key issues in this regard. Litigation is another problem in the legal aspect.

The implementation stage

Once the legality with regard to cloud computing services is dealt with, it is time to look at roadblocks that need to be considered at the implementation stage. The main aspect is integration, which has three aspects. This area should be dealt with properly during the testing phase itself. Integration of “current on premise to on premise”, “on premise to cloud”, and “cloud to cloud” with other applications hosted in the in-house data center is vital.

It is a fact that the better the supply side, the more demand it will create. Gogia of Springboard Research avers, “Cross-browser functionality is a crucial step. Developers have to make the application more robust to make it functional in a SaaS model. An application has to support updated browsers. Because enterprise applications are easy to move and try, the adoption is high. Consider aspects like whether the application has policy control, access control and single sign-on. Does it have policy control that goes well with company’s business compliances?” 

Handling cultural angles

Post-implementation of cloud computing services, the cultural aspect needs to be taken care of. It may be noted that implementation of any new technology kick-starts reactions in terms of acceptance. Adoption of cloud computing services is still dealing with the cultural change it has catalyzed for traditional IT set up. Cultural aspect interferes after implementation once users actually start using the solution.

There are inward-facing organizations and there are others, which believe in the value that experts bring in and are open to experimenting. Gogia of Springboard Research says that endorsement at the senior level is essential when it comes to cloud computing services adoption. “Co-ownership between business and IT is very critical today. It ensures that both parties act in a dignified way and understand requirements. The outcome can be better managed that way. Define your best sourcing approach, for the buying to start at the right level.”

 

This was first published in September 2010