Hey! You! Get off of my Cloud

An article by Alan Nixon, Director of Training at Fox IT.  ‘Hey! You! Get off of my Cloud’, explores Service Level Management in the realm of Cloud Services.



Yes! It’s another musically-inspired article. The Rolling Stones had this hit when cloud computing was but a twinkle in someone’s eye. Actually there was a kind of remotely-hosted computer service at that time, but people weren’t electronically connected to it. To find out more, read on…

download this article on cloud computing and service level management

Cloud computing! The latest, greatest, innovation since the slicing of bread. With cloud computing, the enterprise doesn’t need to have all the infrastructure on their site, and the local IT department isn’t managing the hardware, software or other infrastructure associated with that service. Probably the only part being locally managed is the device and network link used by the customer to access it.

“Sun is shining in the sky, there’s not a cloud in sight…..”

You might remember that before the cloud, and before locally-housed servers, before even the mighty mainframes, there existed computer bureaux. When computers first came on the scene, most companies couldn’t afford, or didn’t have the expertise to deal with such technology. The external computer bureau would generally process large batches of information on behalf of the customer, and send the results to them in some manner. Over time the companies acquired their own computing resources and capabilities, but now often prefer to make use of scalable, responsive cloud services housed in some other part (or parts) of the world. This has had tremendous benefits in terms of capacity, availability, service continuity and security, if properly understood and agreed, but it also poses other challenges:

  • Capacity – the cloud service is often housed with infrastructure with huge capacity, which can be made available on an agreed ‘on demand’ basis to the customer, without the enterprise having to plan this in detail.
  • Availability – the infrastructure isn’t one server, or one network component – it’s many, many components, so there are very few single points of failure, and reliability is generally very good.
  • Service Continuity – often the infrastructure isn’t in one data centre, but spread over many. Transactions are processed in different parts of the world, and sometimes in parallel, which means that the failure of an entire data centre might no longer be critical. However, this is not necessarily the case and the customer’s need to ensure they understand exactly what is being provided. A cloud environment might all be running on one site.
  • Information security – it could be the case that the information is being held very securely by the cloud service provider, but again, this needs to be checked. The customer might need to specify that some information can (or cannot) be held in certain locations, countries, continents, and should not just assume it’s all someone else’s responsibility.

“I’ve looked at clouds from both sides now, from up and down, and still somehow, it’s clouds’ illusions I recall, I really don’t know clouds at all…”

The responsiveness of such cloud service provision can actually be part of the problem. Let’s say the Marketing Department needs 3 terabytes of storage by next Thursday for some reason (we often pick on the Marketing Department in such examples, but any customer-oriented, fast- moving, dynamic, sales-dominated area will do!). The IT Department receives the request, but understand it’s going to take 3 weeks to install that extra capacity because a) they didn’t get sufficient warning and b) they are busy with 257 other things. The Marketing Department might be very tempted to go to Amazon, Yahoo or Google or some other provider who can respond very rapidly indeed, for often a very reasonable price. Perhaps the IT Department are consulted and are part of the deal, and maybe they’re not. Next time the Marketing Department has a requirement, maybe they go straight to the cloud service provider and eventually the IT Department have no idea of the extent of such services… until there’s a problem, of course. Perhaps there’s an issue with data protection, or the service is not available as expected; the Marketing Department wants IT to sort it out and then the company finds out what’s actually in the service level agreement. There is also the financial impact if multiple agreement are struck with suppliers, and economies of scale not realised.

A while ago, a well-known business-oriented smart-handset company had an unplanned outage for a day or so, and communications over their particular network were disrupted. Users were outraged (as users often are) and demanded compensation. When they checked the small print in their contract, they found that there was no actual statement or guarantee of a particular level of availability. Obviously, as the provider had many thousands of customers, they had a large incentive to fix the problem before too long or face reputational damage and potential loss of future business. However the point is, the individual customers thought they knew what was promised, but hadn’t actually checked. The same situation can happen with any service provision, including cloud services. The larger the provider, the more stake they have in resolving such issues, but it should not be taken for granted.

“I had some dreams, they were clouds in my coffee, clouds in my coffee…”

Even before the cloud rolled in, I used to get a similar situation but with a different technology: user-maintained spreadsheets. Someone in a department would create a fabulous spreadsheet with many wondrous formulae, which did exactly what the department needed without having to wait for IT to create (or amend, or check, or test!) the application. All would be well until the user moved department or left the company. At some point (usually the new financial year) the spreadsheet would need some updates, but the remaining people in the department could use but not update it. We would get a call about the spreadsheet asking for it to be ‘fixed’. The problem here was that with sufficient time and effort, I could often work out what the spreadsheet was doing, but not always what it was supposed to do. As for the spreadsheet of related data actually being backed up or other niceties, that was another matter entirely.

The main answer to ‘bespoke’ spreadsheets, user-generated applications and customer- procured cloud service provision is the same: communication. As long as the IT Department has some idea over what has been developed or purchased, they are in a better position to advise and to help with any difficulties. If the IT Department ‘reaches out’ (a phrase I normally dislike but it works here) to the customers to assess the situation and their requirements and practices, they are in a better position to manage such issues.

“But where are the clouds? Quick, send in the clouds. Don’t bother, they’re here…”

Cloud computing, like any other kind of service, needs careful planning and focussed service level agreements to ensure a sustainable safe and sensible provision. It’s no good leaving the customers to choose what they want from wherever and whomever they want. Much better to be pro-active, try to assess customer needs, and come up with a few manageable and well- understood options. Ideally providing such service capability to the customer would become part of the request fulfilment process, in the same way that providing desktops should be. We don’t generally allow users to wander down to the local supermarket (real or online) and obtain their own desktops; it is managed by the IT Department. The access to cloud services should also be enabled (not avoided or prevented) by IT, in a supportable and sustainable way.

It doesn’t really matter whether it’s cloud computing, procuring desktops, developing spreadsheets or any other particular kind of IT service or component. The importance of the IT service management and its role in understanding service level requirements, negotiating service level agreements and managing and reporting on these services is as vital as ever and probably more so with the increasing popularity of the cloud.

The processes and practices within ITIL® are relevant (as anyone familiar with ITIL will have noticed from the terms used in this article) even though ITIL itself is rather technology- independent and doesn’t have a great deal of specific advice for cloud computing. ISACA (formally known as Information Systems Audit and Control Association) has some particularly useful insights into the governance and risk assessment of cloud computing.

As ever, Fox IT are happy to provide training or consulting in this (or any other area) of service management or IT governance.

Want to speak to a Fox IT consultant today? Contact us now →