Monthly Archives: November 2014

Cloud for US HEIs

face
Caleb Racey
Systems Architecture Manager
Newcastle University
Member of UCISA EACP

 

 

In this blog post I’ll share some of the take home messages from the cloud sessions I attended at EDUCAUSE.

There was a wealth of cloud presentations at EDUCAUSE with several time slots involving a choice between competing cloud sessions.  The American universities seem to have largely got beyond the question of “should we use the cloud?” and are now concentrating on practical questions like “how do we effectively use the cloud?”.  The services used as examples are no longer the low hanging fruit of student email and have moved up the chain to a wide breadth of paid-for services (e.g. CRM, developer services, travel).  The impression I got was that the States has a 2-3 year lead in deploying cloud based services over the UK HE community.  The message of many of the presentations was that the advent of cloud is transformational.  Cloud is driving levels of change in university IT on a par with the two historical seismic shifts of the mainframe to PCs transition and the advent of the internet.

Leveraging collective buying power

Part of the reason for the US HE lead in the cloud appears to be the availability of the  Internet2 Net+ cloud procurement model.  This enables the community to purchase cloud services as a group and use that group leverage to get the services and their contracts shaped to HE requirements. Buying as a community allows them to use best buying practice when it comes to cloud, such as assessing the security of a cloud service via the cloud security alliance’s 136 point assessment matrix, or ensuring contracts have reasonable terms e.g. liability can not exceed purchased value. They also have a mature attitude to cloud service lifecycle with a well defined on-boarding and sun setting process.  While Net+ looks to be a valuable resource many seemed to be buying services on their own.  Salesforce in particular seems to have real traction; Cornell reported that when they mined their payment card data Salesforce was used across the organisation without the IT services involvement.  This was a common theme – cloud sells direct to the end user without reference to IT departments.  Indeed cloud sales activity is often targeted at academics and administrators rather than IT. The need for IT departments to adapt to this change is clear.  With IT now an intrinsic part of the majority of business activities it is inevitable that control of IT is increasingly going to reside in those business areas.  As a provider of enterprise IT the following Oliver Marks quote may be uncomfortable, but it makes it no less true: “cloud companies are cost-effectively emancipating enterprises from the tyranny of IT, solving lots of problems with tools that are a pleasure to use”.

Several of the presentations touched on the impact of the cloud on the IT department.  All presenters said that it had not reduced head count.  Cloud approaches increase the velocity of change and the depth of IT penetration into business processes, the increased efficiency of cloud is counteracted by much greater demand and resulting volume of activity.  This is a common story of conversion of an area from bespoke to utility provision.  The conversion of electricity from self-generated to utility provision saw massive growth in the demand for electricity and electricians.  Penn (Pennsylvania) State said that cloud for them was “about delivering more capability and capacity to their customers”.  For Cornell it was driven by a need to shrink a massive $27 million application budget to something more manageable.  The skill sets required in the IT department change with the cloud, managing services, facilitating, contract and relationship management all requiring development.

Addressing security concerns

The real value of EDUCAUSE for me is in hearing the experience of peers who have led the community in a particular area.  This was particularly true for cloud, it is an area awash with myth, marketing, fear, uncertainty, doubt and undoubted risk. Hearing real experience helps to focus concerns on the real issues.  When I speak to colleagues in my university about cloud,  security is one of the number one topics.  While this was a concern mentioned in the presentations it seemed to be largely a resolved issue.  There was a great quote in the Notre Dame session: “90% of HE already uses a SaaS solution for credit card payments and has for a long time.  Once you have put your highest risk assets (your customer’s financial details)  into  the cloud then most other data security concerns are minor”.  Notre Dame’s session was a particular eye opener, they already have 130+ SaaS service deployed on campus and aim to be 80% cloud based within a couple of years.  The speed with which they are moving to cloud is astonishing.

Lessons for UK HE  

Reflecting on the conference I’m increasingly convinced that UK HE needs to embrace the full breadth of cloud services.  Cloud is here to stay, it will continue to grow and those harnessing it will lead the sector in IT delivery.  A service  similar to the Net+ service would be a major bonus to the community.  Having worked with the JANET amazon AWS pilot I can see  the beginnings of a Net+ style service.  The JANET cloud service is  good, however I can’t see it having the breadth or pace of the Net+  initiative.

The government’s G_cloud  framework  has breadth and pace in spades, it easily outstrips Net+ in terms of size (13,000 services) and velocity.  G_cloud is usable from a university context with individual universities named in the list of eligible organisations.  However its terms and services aren’t tailored to university requirements.  Having investigated G_cloud as a route to procuring two potential services this has proved to be a problem.  In one instance the length of contract was an issue, the capital up front funding of some research projects means that the two year cut off of a G_cloud service makes it unsuitable. In another instance the flat unnegotiable fixed price nature of G_cloud agreements meant it was more expensive than  we could have negotiated directly with academic discount.  The way forward to me seems to be to pursue a multi-tiered approach: call off on JANET cloud services when available, use G_cloud services where suitable,  work with the government digital service to influence G_cloud to include HE specific considerations, and finally procure cloud services directly when the previous two approaches are exhausted.  However cloud is not an area that easily lends itself to tender agreements.  Procuring cloud on an individual basis will see each organisation invest considerable effort into answering the same concerns that many of their peers are also having to address.  While the US is leading the HE community in harnessing the transformational potential of cloud services I can see the real potential for the UK to pick up the pace and take the lead.  A sensible combination of tailored JANET cloud services and  G_cloud’s velocity and drive could act as a transformation enabler in the sector.

Cal Racey