Cloud Computing - Top Tips For Public Sector
Cloud services are already bringing a wealth of efficiency gains, cost savings and operational advantage to the public sector. But the proliferation of services and providers is also bringing unwelcome complexity to the procurement process, when all CIOs or CTOs crave is clarity and certainty. In all the fog, it is also easy to forget some of the fundamentals of successful cloud engagement. Here we take you through ten ‘must dos’ in our ‘Cloud Checklist for the Public Sector’.
Supplier marketing can be very slick and persuasive and build a compelling picture of size, scope and capability. But when a supplier talks about a service, check that is indeed their service, delivered out of their own infrastructure, supported by their own team. What you don’t want is multiple suppliers hidden behind your chosen supplier, where accountability and responsiveness risk falling through the gaps. A single supplier, owning all assets end-to-end, has total control of delivery and the customer experience, and can move and improve far more dynamically than where responsibility is split.
Sovereignty and data protection
With the rapid growth of data within organisations and the upcoming changes to the EU data protection regime, the compliance challenge gets even greater. Businesses must know exactly where the data they have entrusted to their cloud provider is physically being held. So simple questions – is your supplier sovereign? Are their primary and back-up data stores held within the UK? Can they move your data outside of the UK without your knowledge? Can you at any point in time go and access your physical data? Are they fully aware of their obligations as data processors?
It’s more than likely that only suppliers with ISO level accreditation will make it onto your shortlist – but don’t stop there. Don't rely on their word or documentation, be super diligent in assessing the quality on the ground. Ask questions, visit and inspect, test, audit performance and procedures, double and triple check that you have the answers to your assurance questions, especially where data security is concerned.
Entry and exit
You may love the idea of getting into Cloud but entry can mean integration so be sure that your chosen cloud service can ‘play nicely’ with other services. Equally, know your end game and always maintain a clear exit strategy. Suppliers should always be willing to work with you at the end of your contract to transition away from them if required; to that end be aware of proprietary services that are difficult to move from and often enforce unwanted contract extensions.
Understand in full your supplier’s business continuity and disaster recovery capability, ask about any incidents in recent years, the response and any downtime or impact. It’s not just about continuity at your particular service level, it’s about your provider’s resilience in the face of a major event. What good is your service if the supplier managing it for you cannot support themselves?
To build trust an organisation must see a culture of transparency and openness in their supplier. Be sure that the ‘sales pitch’ tells the whole story, ie can the supplier’s proposed solution(s) be extended without enforcing ‘upgrade’ costs to make it so? The devil is so often in the detail so don’t hold back from scrutinising proposals and challenging your supplier.
Support is such a key part of the relationship that you have to satisfy yourself that it is of a quality and scope that can match your requirements. Is support onshore? Is it in-house? Is it 24/7/365? How many people, what skill sets are available, does it run to ITIL standards, is there a clear escalation path?
In the relief of finding a compelling cloud proposition from a proven supplier, don’t ease up on the diligence. Make sure you broker the right deal, with the billing options that best suit, be that per month, per day, per hour, depending on the nature of the service. Ensure that the service can flex up or down to your needs commercially as well as operationally - no-one wants to be charged for periods where infrastructure is not being used.
There is an expectation that today’s IT should be seamless and uninterrupted. Cloud service providers need to be on top of problems before users are even aware of them; indeed for preference you should be looking only at facilities with the highest levels of resilience, where SLAs around availability and performance can be maintained even in the event of a primary failure. Their problem shouldn't ever be your problem.
Be sure to ask any prospective supplier how they perform their upgrade/testing programmes. Change brings with it a degree of risk so there is a huge difference between carrying out this sort of work on live infrastructure and having discrete infrastructure dedicated to the job to safeguard the transition.