Organisations with a global presence considering a move to infrastructure as a service (IaaS) must match their needs with a service provider that can guarantee a high-quality service to all employees, wherever they are located and whichever device they use to access services.
Companies are showing growing interest in IaaS, says Roy Illsley, principal analyst at Ovum, and many see it as a way of re-aligning their IT function more closely to business needs.
“Having a third party to manage all the organisation’s infrastructure services frees up internal resources so IT can become more business-focused,” he says.
Chris Harding, director for interoperability at The Open Group, which brings together suppliers and users of IT, says choosing the right global provider involves many elements to ensure employees get access to applications that work, and are not slow.
Set service level expectations
It is vital to find a partner that can deliver, and to nail down a service level agreement (SLA) for contracted service levels. “The choice of supplier is made by trading off the factors of cost, risk, ability to meet requirements, exit strategy and terms of contract,” says Harding.
The CIO does not surrender accountability, so the right partner is essential to ensure the user receives an excellent service.
“Workloads should be categorised and segmented to see what should run where, and how it should be accessed,” says Illsley.
He says the organisation’s crown jewels must be properly protected and the business must be consulted about how it values applications – whether gold, silver or bronze – in terms of key criteria such as speed or availability, so the IaaS provider knows what is required.
Having a third party to manage infrastructure services frees up internal resources so IT can become more business-focused
Roy Illsley, Ovum
A global CIO will want a provider to contractually agree levels of service for speed and availability, irrespective of where employees work.
“A fully managed end-to-end system stands a better chance,” says Clive Longbottom, founder of analyst group, Quocirca.
“Work with the provider as a partner – not as a supplier. Source everything via one contract and make the main contractor responsible for the SLA. Get it to report to you on a regular basis on trends and overall performance.”
A global organisation may want to opt for a more robust private network to connect to its IaaS provider’s datacentre servers, rather than an internet connection, to guarantee service levels.
“A private network connection makes sense, not only for lower latency, but also for manageability, security and SLA management. Bear in mind that a single connection is a weak link in the chain, and that an IaaS solution is only as good as the network on which it’s delivered,” says Longbottom.
Evidently, cost is a major consideration and dedicated lines are more expensive than shared lines.
“If money is an issue, you may want to take a dedicated line as the main connection, with failover to a public line on the understanding that performance will be hit if the main line goes down. Work through what is a necessity and what is a nice to have – drop the nice to haves and see what the cost is then,” says Longbottom.
Consider geographic location
Organisations with a global presence want to ensure a consistent service for employees in each country, and may prefer a global service provider to ensure a consistent technology stack and service wrap in all regions. The location of physical infrastructure has to be an important consideration for any IaaS contract.
“End-to-end latency is what matters – and the farther away the facility is, the more latency begins to bite, due to physical laws which are pretty hard to get around. For WAN traffic, network optimisation can help, but a datacentre 12,000 miles away will always be slower than one next door to you,” says Longbottom.
He advises asking about end-to-end SLAs, including user experience. With the wide choice of devices available today to do effective business in a mobile world, this is particularly important. Users want to access cloud services from their desktop, laptop, tablet or smartphone.
Using an IaaS service is much less risky than establishing a datacentre for a new venture, and it requires much less management overhead
Chris Harding, The Open Group
“Make sure that any performance figures both sides agree to are from the point of access to the point of service, i.e. from device to datacentre,” says Longbottom.
Beyond performance considerations is the issue of legality, which encompasses data sovereignty.
A multinational company needs to ensure it has sound knowledge of how data protection laws and regulations differ from region to region, and will require a provider that has a strong presence in, and knowledge of, the different countries it is operating within.
Ovum’s Illsley points out that even within the EU, data protection laws vary. “German data laws, for example, require that no customer details are stored outside the country,” he says.
On the other hand, standards of data privacy and data protection in other regions may not match the stringency of European and US standards. Standards in Asia vary widely, for example.
Trust is a key word in conversations about cloud computing services in Asia, according to the Asia Cloud Computing Association. This includes trust in the service provider, government and the security of the data.
A number of Asian markets are now implementing data protection and privacy laws or are updating and reforming existing laws to meet the challenges of the cloud, the association’s Cloud Readiness Index (CRI) report reveals.
More about Cloud infrastructure
But although work is being carried out, it is not uniformly spread throughout the region, and discrepancies remain in data protection and enforcement, consistency of laws and regional best practices.
For example, Singapore fell in the CRI index in 2012 due to its relatively low score for data privacy – protecting the confidentiality and integrity of personal data – whereas Korea, Taiwan and New Zealand rose in the ranks due to progress in policies around data privacy.
Other issues to consider are intellectual property protection, freedom of access to information and data sovereignty which determines how data’s movement is allowed or restricted. All need looking at.
This makes it paramount that these issues are thoroughly addressed before any IaaS contract is signed. The Open Group’s Harding says CIOs must ask themselves the following questions when reviewing global cloud infrastructure requirements:
• Where will the data be located?
• What detail needs to be known about data location to comply with relevant regulations?
• What security systems and processes should be implemented?
• What jurisdiction applies to supplier contracts?
• What impact does the contract have on SLAs?
For multinational companies, trying to grow in regions such as Asia, the right IaaS partner can make all the difference.
“For any company, using an IaaS service is much less risky than establishing a datacentre for a new venture, and it requires much less management overhead. Choosing a local IaaS supplier, if there is a reliable one, may help in some situations. For example, with government contracts,” says Harding.
At the heart of every decision is governance, risk and compliance. If you understand them, the contract will work
Roy Illsley, Ovum
Ask the right questions
The global CIO must ask the right questions to choose the right supplier.
“It often means a new role for the IT chief as someone who must federate and manage the supply of IT resources – the buck stops with the organisation so due diligence is necessary before any contract is signed,” says Illsley.
He suggests developing a corporate governance policy which allows for local regulations within regions under the guidance of the corporate policy.
“Drill down and see what the regulations are for each region. Due diligence is essential. Global organisations want an IaaS partner that has the network and the datacentres, as well as the management service, so they can sort out the management and the billing side of the service,” he says.
He says finding the right partner can be a “big learning curve” for the organisation and will involve input from the business, IT and the legal department, but getting the governance in place is critical before the correct person signs up for and accepts the terms and conditions of any contract. “At the heart of every decision is governance, risk and compliance. If you understand them, the contract will work,” says Illsley.
This was first published in September 2014