Public sector organsations can reap several benefits from working together through a community cloud strategy, according to industry experts, but several concerns are slowing the adoption rate.
The National Institute of Standards and Technology (NIST) describes the community cloud as a cloud infrastructure that is shared by several organisations and supports a specific community, such as healthcare, that has shared concerns around mission, policy and compliance considerations.
With such clear issues facing the adoption of community cloud, I have to say we have serious doubts about the viability of it outside of the education and charitable sectors.
Ben Abraham, Divisional Leader of Services, Bell Micro,
The cloud may be managed by the organisations or a third party and may exist on or off-premises.
Rob Lovell, chief executive of cloud IT service provider ThinkGrid, said the shared resources model has been going for a while, within local councils and public sector organisations, so it's not surprising to hear how this approach has now been extended to cloud computing.
"At the end of the day, we all want to know that our hard-earned taxes are being stretched as far as possible," said Lovell.
Lovell said this approach would be really powerful if there were hundreds, if not thousands, of public sector organisations with the ability to share a vast range of cloud services, instead of just a restricted few.
He continued, however, by saying that building the high-quality cloud computing infrastructure needed to make this happen requires massive investment in terms of expertise, equipment and support. Hence, what we currently see is a small group of councils building and sharing their own "internal" clouds, painting themselves into a corner with both a limited set of services and the resources needed to support and deliver them.
Community cloud lessons and potential pitfalls
Ben Abraham, divisional leader of services
Abraham posed several questions to consider before undergoing any plans for a community cloud:
- How does the economic model work (who pays for support/maintenance and operational costs, infrastructure/capital costs)?
- How do they manage availability and service levels across this community cloud?
- What are the contractual and security implications/considerations of having data spread across multiple organisations (and maybe multiple geographies) and in multiple domains -- i.e. how would the obligations of the Freedom of Information Act and Data Protection work?
- What is the legal impact of a service outage, i.e. Organisation A is pursued legally due to a service outage caused by Organisation B's infrastructure within their community cloud?
Abraham added: "With such clear issues facing the adoption of community cloud, I have to say we have serious doubts about the viability of it outside of the education and charitable sectors.
"Other than for non-critical development and research projects that are formed within a group of charities or universities, where there is no ongoing legal requirement to provide the service (and no service-level agreement requirement), we can't see how this would work, certainly not in the broader business world."
Matt Hampton, chief technical officer from data centre service provider Imerja, explained that many business benefits are available to companies who transfer data into community clouds -- for starters, improved energy efficiency and significant cost savings.
Nevertheless, as the cloud is a relatively new concept and still evolving, Hampton said that some problems persist.
"The biggest issue is trust. As it stands, no formal model exists to define good practice or identify liability for the security of the information within community clouds," said Hampton.
He revealed that organisations such as the Cloud Security Alliance are now emerging to promote security assurance policies and provide education on uses of cloud computing to help secure data. But, he explained, until these organisations become mainstream, security is an important issue to be raised and considered.
Cloud and the green tax
Another issue highlighted by Hampton was green tax, as it is still unclear whether the provider or client should foot the tax bill.
He said: "I would expect that the tax would be paid by the cloud provider and re-charged to the clients, with the provider dividing costs appropriately between users. Yet given that the cloud provider should be more efficient, for instance, in terms of scalability, providers should thus ensure that the re-charged tax should be less costly for clients than if they ran the service internally."
"In a carbon-trading model," he added, "the client would be able to sell their credits to additionally offset this cost."
Tony Cotterill, chief executive of health care data management and storage virtualisation vendor BridgeHead Software, said health care is one of many public-sector industries leading the way into the community cloud, but all cloud adoption is proceeding with caution.
According to Cotterill, the industry's concern about the security of confidential and sensitive material has led to a "look before you leap" phase.
"Although health care is proceeding cautiously, many experts anticipate that a cloud and often a community cloud strategy will play an escalating role in data storage, backup and archiving," he said.
Cotterill advised companies to ensure any vendor's data is encrypted both during transmission and "at rest" within the cloud. In addition, vendors should offer sufficient redundancy of data files to guarantee that organisations can get data back from the cloud when they need it.
Software licensing in a community cloud
Martin Mutch, chief executive of Oracle licensing consultancy Rocela, said as the government moves to cloud-provisioned applications and infrastructure across its agencies, it is critical that the software licensing implications are well understood.
"Unlike servers, an enterprise software license grant, such as Oracle's, is generally specific to a stated entity and is often non-transferable. If a cloud is being deployed as a shared service across multiple agencies, it is vital that the accountability for enterprise software grants is clear. If existing licenses are to be substituted for new ones from participating bodies, the software vendor agrees on the revised contract terms," he said.
Advice on the community cloud
Simon Daykin, chief technology officer of integrator Logicalis UK, said: "Certainly, much of the public sector sees cloud as a fast-track route to delivering co-operative or shared ICT services, and rightly so. However, we are not talking about whole-scale G-Clouds here, but about regional or local community clouds, delivering secure and robust services within a shared architecture."
A government cloud infrastructure -- the G-Cloud -- is currently being developed so public sector companies can host their ICT systems from the same, secure environment. There will be several services available from several suppliers, in case companies run in to service or delivery issues and need to change suppliers quickly.
He explained that it's not about necessitating an all-or-nothing approach; instead, "the beauty of the community cloud is that it can be shaped to meet the needs and circumstances of a group, and even individual parties within that group."
This could be a collection of NHS trusts, for example, or local councils sharing what it makes sense to share and holding on to what makes sense to hold on to, all in a secure environment, according to Daykin.
Daykin said an example of the public sector mind-share shift, when it comes to shared ICT services, can be found with the Public Sector Broadband Aggregation (PSBA) in Wales.
He added: "Our experience in designing and supporting what is essentially the equivalent of Digital Britain's PSN, realised on a Welsh scale, certainly proves that multiple public agencies are willing to collaborate in this fashion. Important to this collaboration is transparency – and this is also true for shared cloud environments."
"Transparency is important, not only amongst the cloud community, but also with the technical organisation delivering the service and the underlying architecture used. The advice I'd give is that all parties must enter into community cloud architecture with their eyes open."
Ken Owens, vice president security and virtualisation technologies at Savvis, said the Software-as-a-Service (SAAS) industry is interested in public (Internet-based) cloud around software services and federation with applications that can augment their software usage.
"The downfall of the public cloud is lack of standardisation and security concerns. The Financial Services industry is interested in private (dedicated) cloud around services like market data and around restricted access to their lines of business. In this model, standardisation and lack of security can be addressed easier; however the cost to deliver private cloud could be much larger than the expected cost savings of moving to the cloud model," he said.
According to Owens the key to an effective community cloud is having a business interconnect service provider that can act as the central provisioning house for connectivity and ongoing operations.
He added: "For each party to iron out its own business relationship is a major procurement hassle. However, in the community cloud a central service provider selling IT connectivity to both the hub and the spokes has proven to be an effective model. We're seeing this take off more and more in other industries such as healthcare informatics, hospitality, and SAAS."
Kayleigh Bateman is the Site Editor of SearchVirtualDataCentre.co.uk.