Issues around security, standardisation and availability for public cloud exist, but private clouds can be a safe bet for govt
By Prachi Shirur
The cloud computing buzz has been around for some time now. Its biggest promise for users is that they need not own much of all the IT resources they require and can instead avail everything as a service from a third-party provider on a rental or pay-per-use basis.
National Institute of Standards and Technology of US (NIST) defines ‘cloud’ as a metaphor for the Internet, to depict the Internet in computer network diagrams as abstraction of the underlying infrastructure it represents. Cloud computing has been in use for quite some time, without many users being aware of it. Examples include Google Docs, or flickr.com which allows for remote storage of images, videos or music.
“The cloud concept is not entirely new, but is rather a confluence of existing and new technologies,” says Michael Mudd, Secretary General, Asia Pacific, Open Computing Alliance. Cloud computing evolution dates back to the 1960s. It is attributed to John McCarthy, a computer scientist who proposed the idea of computation being delivered as a public utility. Advanced Research Projects Agency Network (ARPANET) developer JCR Licklider had a similar vision in 1969, of everyone in the world being interconnected and being able to access programmes and data at any site, from anywhere.
Pluses and minuses
Cloud computing results in cost savings, more reliable backups and increased scalability. Agility improves with users’ ability to economically re-provision infrastructure resources. Cost is reduced as infrastructure is typically provided by a third-party on a requirement basis and doesn’t need to be purchased outright for infrequent compute-intensive tasks. At the same time, users are able to access applications using a Web browser regardless of their location or the device they are using, be it a PC or a mobile phone.
Multi-tenancy enables sharing of resources and costs across a large pool of users. As Sudhir Narang, Managing Director, BT India, points out, “With more hardware available, levels of availability can be increased. When ‘boxes’ fail, others in the shared pool can take over to keep services online.” Thus, use of multiple redundant sites leads to improved business continuity and disaster recovery. Due to a centralisation of data, security is also better focused. Maintenance of cloud computing applications is easier, since these don’t have to be installed on each user’s computer and are easier to support and update.
While there are several advantages of cloud computing, it is also fraught with certain risks and security and privacy concerns. Ensuring privacy and security of confidential data is therefore of paramount importance. There is also a requirement for high level of data control.
In case of government, as huge volume of confidential data may be stored in the cloud, it is equally important to ensure how data will managed and controlled to avoid any potential leakage. At the same time, there is a need to make data centres more responsive to policy needs. The data centres need to be tuned in such a way that data is shared only with the authorised person, which in itself is a big task.
A galloping market
Notwithstanding the shortcomings of cloud computing, significant investments on cloud computing are happening globally. IDC estimates that the market for cloud computing in Asia Pacific excluding Japan will grow to about $1.3 billion this year and will continue expanding at a rate of about 40 percent a year until 2014. Globally, IDC estimates that by 2013, $44.2 billion will be invested in cloud computing worldwide. According to Gartner, the worldwide cloud services revenue is forecasted to reach $68.3 billion in 2010.
IDC India estimates the total domestic IT services market for the year 2010 at $6.75 billion and predicts the market to clock a compound annual growth rate (CAGR) of 17.9 percent during the five-year period 2009-2014. Zinnov Management Consulting predicts that Indian cloud computing market will grow almost ten times to reach over $1 billion by 2015.
Large enterprises are on way to building private clouds. According to Dr Jaijit Bhattacharya, Director, Government Affairs, HP India, among other countries, “India, too, has begun bolstering broadband network initiatives, which will ultimately fuel greater adoption and accessibility of cloud services.”
Narang of BT notes, “Rising cost is driving organisations to avail specialist services and go for an alternative model of delivery. New emerging trends like cloud computing, service-oriented architecture (SOA) and virtualisation are creating a way for consolidation and standardisation of IT infrastructure.”
Service on tap
Cloud computing networks, whether public or private, have the following components:
Infrastructure as a service (IaaS): Traditionally in the business environment a user’s day-to-day computing resources are held in one server at one location, i.e., the infrastructure is fixed. With cloud computing, the infrastructure is provided to the user in an ‘on-demand manner.’
Platform as a service (PaaS): It builds on IaaS but with an additional layer of capability that allows organisations to develop, build, and deploy their own applications to support their own specific business needs.
Software as a service (SaaS): This is where a user no longer owns the software but instead uses it when required via cloud computing. The software remains the property of the service provider and the user pays for
access either by annual subscription or on a pay-per-use basis.
Secretary General, Asia Pacific, Open Computing Alliance
“The cloud concept is not entirely new, but is rather a confluence of existing and new technologies”
Security, data availability and privacy are the big issues that need to be overcome for cloud to assume its full potential. Newly emerging standards and cloud computing best practices must dovetail together to avoid confusing customers, according to Euro Cloud UK, an industry body for SaaS and cloud vendors.
From an infrastructure perspective, large organisations are primarily focusing on the private cloud to build efficiencies within their IT infrastructure and enable chargeback to their businesses. From an applications standpoint, they are exploring applications such as dealer management systems, document management systems, CRM and learning solutions. On the other hand, smaller organisations that are first-time investors in major IT solutions are looking at public clouds for end-to-end propositions including mailing solutions and ERP. Industry wide alliances are on to offer end-to-end cloud computing services for enterprises.
Dynamic tool for govt
Compared to private sector enterprises, the pace of adoption of cloud computing in the government sector is slow. However, public sector institutions are now increasingly exploring the benefits of having their information systems hosted at third-party data centres and are evaluating models such as software as a service (SaaS), platform as a service (PaaS) or infrastructure as a service (IaaS). Cloud computing leads to flexible resource allocation since it allows IT to respond to changing demands of system administrators. As cloud services can bring new services and computing capacity online quickly, administrators can better manage risks and events such as peak demand.
Managing Director, BT India
“Cloud computing, service-oriented architecture and virtualisation are creating a way for consolidation and standardisation of IT infrastructure”
Since governments require massive infrastructure, cloud computing is just apt for them for mass storage and data processing and management. Cloud computing helps drive e-Governance by making things more transparent and helps bridge the digital divide by simplifying access.
Governments in developing countries, by adopting cloud computing, can leapfrog transformation goals since cloud computing allows them to leverage common platforms across multiple agencies, reduce ownership of infrastructure, save taxpayers’ money; and improve citizen access to services and information.
Specific to the Indian scenario, as Bhattacharya notes, public enterprises and governments can benefit greatly if this technology is used to its potential. “Projects like Aadhaar or even Indian Railways would benefit immensely from cloud computing. At a basic level, setting up of private cloud can help governments gain access to virtually scalable, centralised computing and save costs by limiting the servers and maintenance in the local data centres. It will also help in enhancing information security,” he adds.
Making it work for govt
The government is aware of the benefits that cloud computing can bring and how it can be an excellent platform for fast and affordable service deployment and delivery. Dr Ajay Kumar, Chairman KSITM and Principal Secretary, Department of IT, Kerala, says, “Government agencies in India are well aware of the cloud and its potential. But they are just waiting to get it more matured and real. Cloud computing has become the most exciting development and delivery alternative in the new millennium. Right now, it is in an early phase but will continue to move into mainstream adoption, with its economic, green and scalable development and delivery mechanism.”
General Manager, Cloud Computing Services, Wipro Infotech
“The critical factor defining the relationship between the cloud service provider and customer is transparency”
The data centres, being set up in India as part of the National e-Governance Programme (NeGP), for server co-location, server sharing, SAN-based mass storage, mail services, Web services and enterprise management system have some inherent shortcomings. The actual capacities of data centres are often underutilised, while there are issues of over provisioning, insufficient capacity planning and sizing. “Adopting a cloud-enabled data centre may overcome some of the problems of data centres”, notes Dr Kumar.
Adds Dr Bhattacharya, “There is a fairly high awareness of the term cloud computing, thanks to the coverage in various mediums. But what is lacking is an in-depth understanding of what cloud can deliver, when it should be used and when it should not be used and what technologies need to be adopted for rolling out a cloud, private or public.”
“It is the government and public sector in India, which many a time, is an early adopter of new technologies and business models and willing to take risks and try new initiatives. In case of cloud computing, the government is quite glued into this,” says PK Gopalakrishnan, Sr Vice President and India Business Head at MindTree.
The Department of Information Technology (DIT), Government of India, is in discussion with industry representatives on faster adoption and selection of right paths for sharing of resources. However, as Gopalakrishnan opines, “DIT will also have to do lot more convincing with the line departments at central and state levels.” Narang of BT too feels that the challenges of regulations, concerns about data security and poor Internet connections will have to be overcome by the government for optimum use of cloud computing.
Building trust is important
Some of the barriers to adoption of cloud in the government are can be attributed to diverse service level agreements (SLAs), data privacy in public cloud, open standards and interoperability, business continuity and vendor lock-in.
Dr Kumar notes, “For cloud implementation, support of virtualisation in existing machines, integration with in-house IT applications, customisation, hardware and software compatibility and regulatory requirements are some of the challenges.”
Security is also a major concern for the government, since it deals with lot of sensitive data. Anand Ramakrishnan, General Manager, Cloud Computing Services, Wipro Infotech, notes in this regard, “Security is a key concern for organisations that are moving to the cloud. The critical factor that defines the relationship between the cloud service provider and the customer is transparency. As long as the required levels of transparency exist between the two organisations, it will be mutually beneficial.”
Ramakrishnan suggests, “To achieve this transparency the customer should define the various aspects of security that are absolutely critical for them, which is normally a short, concise list. The cloud service provider should then provide visibility to the customer on how these critical aspects are handled, including enabling customer visits to the data centres, providing details of architecture and explaining the security setup in great detail. All these actions go a long way in establishing confidence that the service provider has not compromised on aspects that are critical for security.”
Rana Gupta, Business Head, India and Saarc, SafeNet suggests, “To achieve a secure cloud environment requires a joint effort between cloud service vendors and users. Building trust with public cloud services providers while maintaining control of security policies internally are the foundation of building security in the cloud.”
“Compliance to the provisions of IT ACT (Amended) of India – 2008, especially 43A and 72A, requires implementation of PKI technology and such a system is usually ready for deployment in cloud with minimal changes,” Gupta adds.
Public cloud: Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via Web applications and services, from an off-site third-party provider.
Private cloud: Private cloud and internal cloud (virtualisation automation) are described as offerings that emulate cloud computing on private networks. These capitalise on data security, corporate governance and reliability.
Hybrid cloud: A hybrid cloud environment consists of multiple internal and external providers. This is more typical of cloud computing for most enterprises.
Dr Ajay Kumar
Chairman KSITM and Principal Secretary,
Department of IT, Kerala
“Government agencies in India are well aware of cloud and its potential. But they are just waiting to get it more matured and real”
IT organisations are developing standards and protocols that seek to extend security into public cloud environments. Not all IT services and applications are suited for the cloud. A service roadmap to identify cloud service opportunities based on business needs, value proposition and the ability to adopt and support those services is to be identified.
According to Dr Kumar a government organisation should ideally start with non-critical applications and non-sensitive data when getting on to the cloud. His advise: “Government may adopt for private cloud only, to be built and managed within an enterprise. The idea is to utilise the maximum resources in a more scalable, flexible and lower-cost manner. With the private cloud, data can be made secured.”
Your views and feedback matter to us. Tell us what you think of the stories in the magazine or what more you would like us to cover. Write back to the Managing Editor at firstname.lastname@example.org