Guest Bloggers Anthony Kelly, Erick Trombley, David DeBrandt, and Carina Veksler
Cloud computing provides public sector organizations with rapid access to flexible and low-cost IT resources. Organizations can provide the right type and size of computing resources they need to power their newest bright ideas or operate their IT departments, removing the need for large investments in hardware.
Cloud computing presents an opportunity to reevaluate existing procurement strategies in order to create a fast, flexible acquisition process that capitalizes on the full scale and flexibility of the cloud. The acquisition of cloud services is unlike most traditional technology acquisitions in the public sector, and procurement considerations should be a key element of the cloud acquisition process in order to reap the benefits of decreasing cloud costs, increasing performance through improved infrastructure, and enhanced functionality through system-wide innovation.
Ten procurement considerations that are key components of a broader public sector cloud strategy.
Plan early to extract the full benefit of the cloud.
A key element of a successful cloud strategy is the involvement of all key stakeholders at an early stage. This ensures there is a clear understanding of how cloud adoption will influence existing practices. Organizations that have built successful cloud procurement strategies focus early on facilitating the rapid procurement of services, and on removing needless procurement complexity or irrelevant processes.
Avoid overly prescriptive requirements.
Successful cloud procurement strategies focus on overall application-level, performance-based requirements. They do not dictate the specific methods, hardware, and equipment used to fulfill these requirements. Recognizing that cloud is procured as a commercial item (discussed below), acquisitions should leverage a Cloud Service Provider’s (CSP’s) established commercial best practices for data center operations.
Specify commercial item terms.
Cloud computing should be purchased as a commercial item. A CSP’s unique terms and conditions are integral to realizing the benefits of the cloud, as utility-type cloud services have value in operating at a massive scale, driving innovation and cost efficiencies. Customers should allow for evolving terms and conditions in order to benefit from dynamic service enhancements.
Understand different cloud models.
There are different cloud service models available, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), and there are different approaches to procuring, managing, pricing, and securing each of them. It is imperative that organizations take into account these different cloud models and create acquisition approaches for each model.
Separate cloud infrastructure from managed services.
Successful cloud acquisitions separate the purchase of cloud infrastructure from the purchase of related services and labor for planning, developing, executing, and maintaining cloud migrations and workloads.
Incorporate a utility pricing model.
Realizing the benefits of cloud computing requires thinking beyond the commonly accepted approach of fixed-price contracting, and building an acquisition model for the on-demand, utility-style, pay-as-you-go nature of cloud computing.
Leverage third-party accreditations for security, privacy, and auditing.
This provides assurance that effective physical and logical security controls are in place, preventing overly burdensome processes or approval workflows that are not justified by real risk and compliance needs. There are many security frameworks, best practices, audit standards, and standardized controls that cloud solicitations can cite.
Understand that security is a shared responsibility.
As cloud computing customers are building systems on top of cloud infrastructure, the security and compliance responsibilities are shared between service providers and cloud consumers. In an IaaS model, customers control how they architect and secure their applications and data put on the infrastructure, while CSPs are responsible for providing services on a highly secure and controlled platform and for providing a wide array of additional security features.
Employ cloud data governance.
Cloud customers should retain full control and ownership over their data and have the ability to choose the geographic location(s) in which to store their data, with CSP identity and access controls available to restrict access to customer infrastructure and data. CSPs should provide customers with a choice as to how they store, manage, and protect their data, and not require a long-term contract or exclusivity.
Define cloud evaluation criteria.
Cloud evaluation criteria should focus on system performance requirements, with the appropriate CSP selected from an established resource pool in order to take advantage of the cloud’s elasticity, cost efficiencies, and rapid scalability. This approach ensures that customers are getting the best cloud services to meet their needs, the best value in these services, and the ability to take advantage of market-driven innovation.
LBMC Technology Solutions offers Amazon Web Services as our infrastructure as a service (IaaS) provider of choice. LBMC’s AWS services include replacement of on-premises network infrastructure, ERP software migration, and fully managed disaster recovery services.