Conclusion: Cloud Computing and the New Role of the IT manager

Read Part 1 and Part 2 (IaaS) and Part 3 (SaaS) here.

In the previous entries we discussed the possible impact of IaaS (Infrastructure as a Service), SaaS (Software a as a Service) and even briefly PaaS (Platform as a Service) on the role of our Cloud IT Manager separately.

It is, however, important to realize these three models are not happening separately; they are all happening at the same time and as result are influencing each other. As all three models are delivered "as a service", vendors are preparing themselves to play their role in 1, 2 or even all 3 of these markets. Will our Cloud IT Manager only be a consumer of services provided by these vendors or will he retain other responsibilities as well? Sourcing services will certainly be a core activity, not only for end user services (like CRM) but also for IT services like Infrastructure, security and support as a service.  Before reaching a preliminary conclusion about our IT manager's future role, one of the questions I'd like to ask is:

Will a Cloud IT Manager be a more Lean IT manager?
Connecting Cloud Computing and Lean IT may at first glance seem farfetched, but both Cloud Computing and Lean IT are leveraging the concept that mass produced is almost always cheaper than custom made. Cloud Computing offers mass produced standardized services to millions of users, and as a result monthly amounts per user can be relatively low. The proverbial Ford Model T was all about using standardization to drive cost down - any color as long as it is black! Toyota perfected Lean manufacturing to be able to offer choice at affordable cost. They did so by using highly standardized components and combining these into unique, desirable automobiles, by using standardized processes in the last phases of their manufacturing process.

More on the relationship between Cost and Cloud at a later date, but at minimum, what our Cloud IT manager can do today is use the Lean IT mantra of Maximizing Value (only do what adds value to the end customer) and Minimizing Waste (eliminating steps that do not add value) to guide his  current decisions on Cloud Computing. Just take any cloud proposal and evaluate it against these two criteria.  More long term I'd like to think that a Lean IT approach will help our Cloud IT Manager to combine standardized low-cost cloud services, into unique desirable and differentiating - customer relevant - services.

This last sentence sounds a bit too much like brochure talk, so let's explore this a bit further: Imagine a sporting goods manufacturer that traditionally ran a planning application to manage its logistical operations. This manufacturer outsourced most of its manufacturing to third parties. It may however still offer this planning application to help this "Extended Enterprise" go to market more efficiently than its competitors. Or one could think of an electronics manufacturer that differentiates itself with "unmatched customer service". This manufacturer runs a return-and-repair management system even though 90% of the repairs and returns are handled by third parties.  The traditional idea that internal applications are intended primarily for internal staff is increasingly no longer sustainable. A number of forward thinking companies therefore no longer provide their business applications (exclusively) on their own network. They take their applications and offer these on the Internet as a service. In some sense they have become cloud service providers, like a bank offering home banking or a travel agent offering online booking to its business customers. In some organizations the synergy between the original activities and providing the service makes them more competitive, others may at some point spin off this new activity as a new venture, while for some running the service is all they will be doing (having outsourced manufacturing, logistics, design, etc.). Our Cloud IT Manager is no longer just aligned or even integrated with the business, he is becoming the business.

Reaching conclusions on Cloud Computing is not easy. To some the whole cloud thing may be a bit overwhelming, providing yet more acronyms and complexity; to others it may seem the best idea since sliced bread. IT magazines continue to talk almost exclusively about Cloud Computing, as if there is nothing else left to invest in. For larger organizations Gartner disagrees with that and recently predicted that through 2012, IT will invest more in private than public cloud providers. Last month the US government announced a major many billion dollar large cloud computing initiative, while at the same time in Europe the Dutch Government basically forbids any use of the Cloud by government.

So when and where should your organization start?  Several organizations have started building Private Clouds. Not as a pilot, but as a first real project. Disentangling existing applications is way too expensive and labor intensive to just have a look; you need to build a business case. Others have started with SaaS for some less business critical applications (somehow CRM and sales force automation still seem to classify as such).  If you are serious about engaging with the business I would encourage you to investigate some PaaS platforms (like Force.com) and some technology for connecting Cloud and non Cloud applications (like Dutch based "Cloud Orchestrator" Cordys).

But no matter what you decide to do first; deployment will be more successful if you have a relative high level of maturity in your existing processes. Cloud Computing offers more options, more flexibility, more opportunities for efficiency and automation. But just like in the past: automating chaos will only give you one thing: automated chaos. If this four part blog only gave you one insight, I hope that it is that frameworks like ITIL and COBIT with their best practices for service portfolio management, security and risk management, configuration and asset management. etc.  are crucial to our Cloud IT Manager's chances of success, now maybe more than ever.

Part 3: SaaS and the New Role of the IT Manager

Read Part 1 and Part 2 here.

Cloud purists would argue that a true Cloud IT organization exclusively uses services (SaaS) and owns no software, let alone platforms or infrastructure. And if these purists started a brand new organization today, they might have a point, at least until their first takeover or merger. This not having an installed base, allegedly enabled God to create the world in six days, but just for the sake of argument, let's examine what the responsibilities of our Cloud IT Manager would be in such a green pasture, pure SaaS environment.

First thing that comes to mind is the service or application portfolio. Our Cloud IT Manager will need to be involved with selecting which applications and services the organization will use. Not because he feels users need to ask him (he may feel that way, but the users most likely won't) but simply because he will be held responsible for any associated risks. What if the vendor goes belly up? What if the vendor's data center burns down? What if the vendor uses his market power to increase his prices beyond what is reasonable? Vendor Lock-in has plagued us for too long; let's make sure we prevent Cloud lock-in while we still can. So if nothing else our Cloud IT manager will need to provide a disaster recovery and exit strategy for each application. Portfolio Management suddenly becomes his core business.

Now our Cloud IT Manager monitors the portfolio, he is also the best person to offer a catalog of available approved Cloud Applications (one recent and highly visible example of this approach is apps.gov). And of course our Cloud IT Manager will be involved with rolling out (implementing) new services throughout the organization. His portfolio perspective will help him oversee the project and program management of these organizational change efforts. Having a view of both the pipeline of new services and the catalog of available services enables him to calculate, manage and monitor the integral cost of these services. All is supported by ITIL processes like Service Portfolio and Catalog Management, that were further defined in the most recent incarnation of ITIL, but were basically already foreseen in earlier versions.

The next topic to discuss has been the core part of ITIL for years: Support. If our Cloud IT Manager's organization uses ten different SaaS applications from five different vendors, does he want his users to go to each individual vendor for support, entering their issues in many different places. Apple reportedly offered 10.000 Macbooks to a corporate client with as recommended support procedure: "users visiting the Apple Store and lining up to talk to an Apple Guru on duty". Would your organization be ready for that? Or do we keep first line support under one roof, either in-house or via a SaaS Service Desk.

But our Cloud IT Manager responsibilities do not stop here. If his organization uses CRM from one vendor and ERP from another vendor, our Cloud IT manager would be expected to connect or integrate these two. In fact: "connectability" may need to be the prime criteria for selecting these vendors in the first place. Balancing the need for integration with the risk of vendor lock-in becomes a core capability of our Cloud IT Manager. Connecting business processes across different (cloud and none-cloud) applications becomes essential (more about this later).

Aren't we forgetting something? Yes, Security! Security (or Risk) is the most cited reason organizations are not going with the public cloud yet (one reason our upcoming Cloud Academy starts off with a session called: Security First!). Good old COBIT is very suited to be used as guidance here. Security should be seen in a broad sense, from defining users to data protection and disaster recovery. In many cases the specific solutions to address these concerns can itself again be cloud services. For example an identity service provider can offer a cloud service to define users and offer a single sign-on experience. Single Sign on across cloud services is something our Cloud IT Manager probably wants to provide, if only to prevent users from putting sticky notes with all their different passwords at the bottom of their keyboards.

Cloud Security also includes protecting the organizations data. A common concern is Data Loss Protection/Prevention (DLP). So far most known data loss incidents were caused by memory sticks or laptops going astray, not by Cloud providers being hacked, but better to be safe than sorry. But also good old backup and recovery need renewed focus in a cloud environment.

Talking about Security and Risk management brings us to something like "cloud escrow". With traditional IT we get a compiled working copy of the software. In case the vendor goes out of business we can get a copy of the sources via escrow. This way we can still make changes to his software, for example for a new upcoming version of the underlying database or operating system. The typical timeframe between start and finish of such a procedure here is months.

How different for SaaS. If the vendor goes out of business today, the application stops working today. And even if the vendor has a service provider hosting the software, the curator (the new "owner" of the IP) may tell the hosting company to discontinue the service immediately in order to reduce cost or liability. May seem farfetched but there are examples of exactly that happening. To address this some SaaS vendors offer a copy off their working code and a regular backup of the customer's data. That is all fine and good, but our Cloud IT manager better be able to recover the service in a reasonable time frame. Reasonable can vary from a couple of days to a couple of minutes.

It will be clear that our Cloud IT manager can only accommodate this if he has automated this procedure and tested it regularly! So do we still need a hibernating datacenter in the basement? Better not, as this would eliminate most of the cost savings from going cloud. We could cater for this recovery again by using the Cloud, for example by mandating that the cloud provider regularly delivers a set of tested images that can be automatically deployed on Amazon or another IaaS provider within an hour. The early adopter will need to negotiate this himself, while late adopters will have the benefit of this being offered as standard feature by the service vendor or by a third party. Having a good understanding of the portfolio (risks, cost, benefits, and criticality) will help our Cloud IT Manager to make the right decisions and set the right priorities.

So even with 100% SaaS our Cloud IT Manager still has an important role to play. But did we not say in the earlier part of this blog that with SaaS our Cloud IT Manager may not even be aware of which cloud applications the users are deploying? How can he monitor, manage and secure a portfolio he does not even see. There is no simple answer here. One aspect he could monitor however is his network. Appropriate network and security tooling could tell our Cloud IT Manager - by interpreting the network traffic - what URLs (applications) are visited or even what typical response times are.

In the distant future, however, it becomes more unlikely that users will be accessing all their applications via a corporate network as on the one hand application to application communication happens directly between virtual machines (bypassing the network) while users maybe no longer accessing their applications primarily via corporate network but more and more directly through public networks such as their home fiber connection or free wireless at their office campus or local starbucks or from the back of a commercial airliner. Would we require them to VPN first to the corporate network and then visit these applications from there? Not likely as this may significantly decrease speed and increase cost, especially with rich content like video and 3D. Or can we put something on their access device to monitor their behavior. Also not likely as these devices may be of the shelf iPhones or netbooks, with preconfigured and prepaid 3G access build in. Welcome to the wonderful world of consumerisation, a trend going hand in hand with Cloud Computing. More on this in a later blog.

In general one could say our Cloud IT manager may need to learn to use the carrot more than the stick. Simply blocking a service will less and less become an (accepted or viable) option. Off course our Cloud IT Manager can still set procedures and policies that users are asked to adhere to, like the US Army is contemplating with regard to "personal" and/or "off-duty" use of facebook and twitter. Or more forensically he could "follow the money" by asking accounting to monitor (credit card) payments to unapproved cloud service providers. A more positive approach is to make the use of approved services significantly easier, for example by offering a catalog of prepaid services, all under single sign-on. Also he can agree with any cloud providers he has contracts with to give (real time) insight into usage and service levels using standardized reports and reporting API's.

In my next blog post: Conclusions on the role of the IT Manager: is a Cloud IT Manager also a more Lean IT Manager?

Part 2: IaaS and the New Role of the IT manager

Read Part 1 here.

How does Infrastructure as a Service (IaaS) impact the role of our Cloud IT Manager? Well, first of all, he will need to learn some new skills, the first one being virtualization management. Second, to have any chance of deploying his current intertwined spaghetti of applications into the cloud he needs to find a method to disentangle these applications. Deploying virtualization on an in house infrastructure (an internal cloud) can be a very workable catalyst here. Also he needs to find a way to offer his applications just as cost effective and scalable as "competing" SaaS providers. Again virtualization may be the way to do so.  Does this mean virtualization is all that matters? No, but without it, any "cloud" attempts are the same as plain old outsourcing, hosting or time sharing.

This virtualization needs to go hand in hand with Automation, together they form the building blocks of any cloud. A cloud environment implies dynamically scaling up and down capacity, based on demand. This is not possible fast enough if we create and configure our virtual machines manually.  That is where automation comes in. Doing automation without virtualization would not work, as the complexity of the provisioning tasks to be automated would be just too high.  This is not the only reason for deploying automation, apart from cost savings we want our Cloud IT manager to spend more time on business and less on technology, or if you like more time with users and less with plumbing,  as this is a crucial cloud benefit. 

Probably just as important as virtualization and automation for a successful cloud strategy is a reliable infrastructure for accessing the cloud (a.k.a. the network). Unlike with traditional PC applications, users of cloud applications are very unforgiving for any network outages or delays. A provider of SaaS bookkeeping applications in the Amsterdam area lost a significant number of his SME customers after a two-day outage of the major local Internet provider. Our Cloud IT manager is likely to lose his job if he allows for similar mishap in an enterprise environment. Together with Security this is one of the reasons why companies are starting today with an "Internal Cloud", even if their long term strategy is to leverage the public cloud (see question 4 in this Wall Street Journal Cloud pop quiz).

Another important thing to realize is that in the majority of cases "the Cloud", internal or external, will initially be an additional set of infrastructure. In most organizations the introduction of Mini's did not replace the Mainframe and neither did the WinTel space heaters replace all Unix Servers. Anyone who believes "the Cloud" will replace all in house systems, may also believe we can fix the climate problem by everybody driving electric cars by 2015. In addition companies will not have "one cloud". They will source cloud resources from multiple vendors, to optimize cost and balance risk. This means that, instead of reducing complexity, any cloud effort may initially increase complexity.

If you felt having good change processes and reliable configuration data was important in today's relatively stable datacenters, guess how crucial this will be is in a dynamic "provision to order" cloud environment, where virtualization enables a certain process to use different (virtual) resources every day, hour or even minute.  We all know the stories about IT departments that are afraid to switch off a certain server, because they have no idea what it does. Imagine this being a virtual server that we are paying for by the minute. We better understand which (business) processes this server is supporting, so we can decide whether it is safe to switch it off or not.

Helping understand and manage all this complexity if of course exactly where frameworks like ITIL and COBIT come in.  Ideally they help us to build an understanding of goals, risk, cost, configurations and especially interdependencies to offer a transparent view, also across these various infrastructure platforms.  But we need more than just a view. Ideally we want to be able to dynamically move applications to the (cloud) platform that is the most cost or energy efficient. This demands an integrated view across platforms, and although frameworks like ITIL and COBIT are infrastructure agnostic, most of us unfortunately deployed these frameworks with platform or department specific procedures and processes. Some integration of these procedures will need to be done. Let's make sure we do not create yet another set of cloud procedures to be filed next to our mainframe and windows procedures, especially as virtualization enables us to eventually move applications - more or less freely - across these platforms.

Last item to mention here separately is Risk. Last week the Times online addition spoke about Stormy times for cloud computing in the context of Microsoft and T-Mobile's Sidekick data loss mishap.  Dismissing cloud because of risk would be throwing out the baby with the bathwater. I know of no companies that build their own hard disks, because they do not trust hard disk vendors. They do take precautions:  they don't buy the cheapest, keep a backup, and have a recovery plan. That is why any cloud IT investments, not just IaaS, should go through the proper (IT) channels. So they can be screened for risk, security and cost issues. Risk management and Cloud Deployment have to go hand in hand and COBIT is a good way to connect them.

In my next blog post: SaaS and the role of our Cloud  IT Manager.

Cloud Computing and the new (leaner?) role for the IT manager, Part 1.

In last week’s blog post I suggested we already were at the top of the Publishing hype cycle for Cloud. Little did I know that just about every magazine to hit my doormat this week would be a dedicated special issue about Cloud Computing. The most innovative was a double feature that when read from front to back- gave a management perspective, while turning it upside down and reading it back to front gave a technical perspective, with the two target audiences metaphorically meeting in the middle. Highlights included the classification of the traditional CIO as Chief Infrastructure Officer (by Salesforce) and the conclusion that IT staff in a Cloud Environment need to have “Know-What” instead of “Know-How.”

So how is the role of the IT manager changing? SalesForce.com has been marketing its solutions under the slogan "NO SOFTWARE" and Amazon's Elastic Cloud promises virtually (pun intended): "NO HARDWARE.” Does this mean for the IT Manager: "NO JOB?” No, certainly not! But what does a Cloud IT Manager do then? And will a Cloud IT manager be a Lean(er) IT Manager. First, let me state I do not have all the answers and that I welcome your ideas and feedback. Second, to discuss the role of a Cloud IT Manager we need to distinguish different types of Cloud Computing. The often quoted NIST definition (mind you, version 15) of Cloud computing distinguishes three models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure of a Service (IaaS).

To keep this blog readable I am not going to define and describe each type here in detail but it is worth noting that with Infrastructure as a Service (IaaS), users do not need to know or be aware that our Cloud IT Manager is using the IaaS cloud, while vice versa - with SaaS - the IT Manager often is not aware that users are already deploying this (so much for our Holy Grail of IT Alignment). As a result I will discuss these separately.

Platform as a Service (PaaS ) may very well prove to be the most interesting type of Cloud Computing, as a platform for building custom applications would allow and require the Cloud IT Manager to again actively engage with business users about what they want or need functionally. Personally I like to think PaaS may reconnect users and IT. Unlike with IaaS - where users are often unaware - and SaaS - where IT may feel left out - PaaS enables IT to build cloud functions that the users can deploy. Something we all did and loved back in the days of bespoke (custom build) software, but somehow this became a lost art when standard packages became the norm (the time we all became “Chief Infrastructure Officers/Operators”). But PaaS is also the area with the least practical experience and the most confusion (some may say really flexible SaaS is PaaS; if I can freely configure my application it becomes a platform. Others feel that PaaS could be building something on a traditional platform and then deploying it on the Cloud (IaaS) . So for now we will focus on IaaS and SaaS to examine our Cloud IT manager’s role.

Cloud Computing , another “4 P’s in a Pot” Innovation?

I guess the title of this blog post needs a little explanation. Back in college - we're talking 80's here - professor Dr. ir. G.C. Nielen gave me some insight into the laws of innovation. His 4P law of academic innovation started with P for Problem.  Next individuals would Ponder on the Problem, the third step was Publishing, after which the resulting financing was used to Pilot the idea. Pretty soon after that most ideas would disappear into a Pot never to be heard of again (4 P's in a Pot). Guess what P we are now in for Cloud Computing?

Of course, as young students we didn't believe his premise. Young and innocent as we were, it seemed a lot more logical to move the step Publish after the Pilot. So, after school and none the wiser, I began a "brilliant" career in bringing innovations to market in Europe.  I introduced - or should I say piloted - business Intelligence years before datawarehouses; MRP years before ERP;  Object Oriented years before SOA; and SOA years before XML and Java. To top things off I promoted the Mobile Web using WAP (A collegue once said "WAP" is the sound the phone makes when thrown into the Pot by the less patient users). Needless to say living on the bleeding edge was intellectually stimulating but commercially devastating.

So why a blog about Cloud Computing now? Is it past the bleeding edge? Well, the main trigger for this blog is the official "Administration Cloud Computing Announcement" by Federal CIO Vivek Kundra earlier this month (view here on YouTube). If you have not watched it, I would urge you to do so now. It is not every decade that you get to see a 19 billion dollar budget take a 90 degree turn in a live webcast. With Clinger Cohen, the US government set the tone for governmental IT spend, something we in Europe are still trying to catch up with (see lessons from a decade of Clinger-Cohen). The impact of this announcement may be tenfold bigger, although Vivek Kundra is clear that the journey will be comparable in time (10 years or more).

As you know, this is a blog about Lean IT and Service Management. What the impact of Cloud Computing exactly will be on service management is not clear yet. Anyone who leads you to believe otherwise is likely to be "Publishing before having Played with it." And I'm not talking about running large and highly scalable datacenters. There is plenty of experience with that around. And if you may think cloud services by definition are bigger than any in house applications, I suggest you have a brief look at the need for speed, Here Paul Michaud compares cloud service "Twitter - sorry we are having problems" with something really fast and scalable, like a modern bank, telco or stock exchange. 
I am talking about the everyday IT manager that works with his business users. He just got over moving from designing bespoke software to running standard of the shelf packages. Which by the way may very well may be the reason for the predominant focus of today's IT people on running infrastructure, Vivik Kundra observed.  And now another paradigm shift (have not seen that word used in a while!) is coming with the move to SaaS and Cloud. History repeats itself, as David Cappuccio of Gartner observes, just like with the first PCs, decades ago, some usage is creeping in already, whether we in IT are ready or not. Over the coming period I plan to exchange some of my personal thoughts and experiences on this topic via this blog. 

But first let's do a "level set" on some of the current thinking regarding cloud computing. The term cloud computing was first introduced in an academic context in 1997 by Ramnath K. Chellappa,  who originally defined it for the Informs conference in Dallas as "a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits.^[22]  A refreshingly more pragmatic and technology agnostics view then some of the more current ones. A recent one I saw was for example "Something remote we access over the web."  But definitions, like this one on Wikipedia  are only words. Nowadays we define concepts using animations (again on YouTube). Here are some of my favorites: Cloud Computing Explained, Cloud computing Plain and simple, Cloud Computing as defined by salesforce.com and of course the US government one - embedded in the video mentioned above.

Have a look, hope you'll be back soon to join the discussion on how this could or should impact our favorite little neck of the woods: Service Management.