Archive for December, 2011

The ROI from Private Cloud Computing

In surveys executives repeatedly express their preference for private clouds due to the perceived greater control and better security. Still, a private cloud needs to generate a ROI justify the investment. Private clouds don’t come free.

Assessing the ROI of private cloud is possible but not straightforward. Additionally the recent economic recession has pressured corporate profits, leading organizations to cut technology spending and limit further investment in cloud, which makes an ROI analysis even more important, according to Cloudtweaks.

Leading researcher IDC notes that many of today’s private cloud business cases are being anchored by savings from application rationalization and IT staff productivity improvements in addition to expected optimization of hardware assets. And unlike the public cloud, which promises to shift IT spending from CAPEX to OPEX, private clouds can actually drive increases in CAPEX since sooner or later the organization is likely to invest in new servers and storage optimized for virtualized cloud service delivery and in management automation.

A private cloud is a virtualized pool of IT resources sitting behind the corporate firewall. Since these are your resources and reside within your security umbrella they offer the promise of greater control and security. The security and control, of course, is only as good as your IT security and control has been all along. Actually, it could get worse since the private cloud typically delivers IT capabilities as services to more of your workers who may use them more widely and more frequently and in new and different ways due to increased accessibility.

The private cloud changes the IT delivery model. IT truly becomes a services delivery operation deploying and delivering IT capabilities as services through the private cloud. Users will access these capabilities on demand as services, often through a browser or even a virtualized desktop.

The great value of the private cloud comes from the business agility it enables. The virtualized pool of IT resources that makes up the private cloud can be allocated and reallocated quickly and easily to meet changing business needs. Instead of requiring weeks if not months to develop and assemble the IT hardware and software resources necessary to support a new business initiative, those resources can be allocated from the pooled virtual resources, possibly with some configuration changes, in minutes or hours (provided, of course, sufficient resources are available). With a private cloud, in effect, you can change the business almost on-the-fly and with no additional investment other than a few clicks of the mouse.

As CIO, how are you going to put a value on this sudden agility? If it lets the organization effectively counter competitive challenges, seize new business opportunities, or satisfy new customer demands fast and easily it could deliver astounding value. It all depends on the business leadership. If top managers aren’t terribly agile thinkers, however, the value might be minimal.

Other benefits from a private cloud include increased IT productivity and efficiency, the ability of business users to self-provision the desired IT resources (with appropriate policy-based automation controlling the provisioning behind the scenes), and an increased ability to monitor and measure IT consumption for purposes of chargeback or, as is more likely, show back. For top management, show back may have big appeal, notes Jason Cowie, vice president, Embotics, a private cloud management software provider.

The private cloud, however, will likely entail additional investments. Although you can repurpose existing IT resources, soon you will want to invest in new resources with more capacity that has been optimized for the demands of what amounts to a new kind of delivery of IT capabilities. You also will want to invest in management automation to ensure efficient service delivery, monitoring, measurement, chargeback, and self-provisioning.

In the end, the value of private cloud agility when matched with agile thinking business leadership should more than offset the additional investments required.


, , , , ,

Leave a comment

The New Economics of IT

For many companies, the IT group is a cost center to be minimized. Ironically, the cost of IT systems remains flat (actually falling on the basis of cost per unit of capacity delivered). It’s the cost of administration, management, operations, and power that keeps going up.

Steve Mills, Senior Vice President and Group Executive, IBM Software & Systems, made this point at a recent briefing: “Server management and administrative costs keep going up and the cost of servers drop and the cost of power keeps rising. These are the (IT) economics facing business today.”

The economics Mills cites are changing the way IT systems and capabilities are bought and deployed. The challenge to rein in IT costs has, in part, fueled the interest in cloud computing. Many organizations are hoping the cloud will bring IT spending under control. Forbes Magazine looked at the issue here and found that there isn’t a simple answer.

The problem as Mills lays it out is that of the three main buckets of IT costs—hardware, people, and power—only one is flat or dropping. The other two continue to go up.

Cloud computing can change the economics to some extent, but it won’t eliminate the overall corporate IT spend or even much reduce it. What it mainly does is shift the IT spend from CAPEX, by eliminating the need to invest in new systems, to OPEX by paying for IT capabilities and capacity as services when needed.

Cloud computing certainly can be useful to augment corporate IT. The public cloud saves a company from investing in IT capabilities that may be used only occasionally, such as to meet a spike in demand. It also is demonstrating real value for backup and disaster recovery. In that sense it changes the economics of IT.

But as Mills noted, the big economic burden does not come from a handful of servers sitting around idle while awaiting the next spike or older systems relegated to backup and recovery roles. The biggest economic toll comes from the cost of people.

Traditionally, IT groups were staffed to acquire hardware and software, connect and integrate it, and support it going forward, changing things as needed when the business changed while supporting users along the way.  To do this, companies had to hire and retain people skilled in hardware platforms, applications, system integration, data management, and more. Even with the growing interest in cloud computing, the traditional approach remains the dominant model despite getting more expensive each year.

One proven solution is automation. Systems automation allows the IT group to support more servers, more storage capacity, and more networking with fewer administrators. Policy-based automation combined with the cloud can enable user self-provisioning of systems, enabling systems to be provisioned and deployed in minutes. A small core of admins handle the exceptions. BottomlineIT will take up automation in an upcoming piece.

Another possible solution, Mills suggests, is adoption of a factory model. In the factory model, the company doesn’t buy the system piece parts and cobble them together but buys ready-to-use systems pre-assembled, pre-integrated, and pre-optimized by the vendor. The vendor has the tools, experts, and process efficiencies to do this better and cheaper.  Like automation, the factory model can impact the IT people cost bucket.

IBM has been offering such factory built integrated and optimized systems as early as 2008 for integrated SAP hardware/software systems. Lately, it offers the Migration Factory for companies that want to move to new, more efficient IBM systems and its first factory-built system packaged as an appliance, Netezza, for data warehousing.

Other vendors offer versions of the factory approach. Check out Oracle’s migration factory. HP offers the HP server blade system factory.  Dell offers Custom Factory Integration for hardware, images, applications, peripherals, and documents.

The factory approach, especially when combined with automation and the cloud, starts to change the economics of IT by reducing the amount of pricy IT expertise a company has to hire and retain. The tradeoff is fewer IT options offered. Still, by selectively combining the factory model with automation and the cloud, the CIO finally can begin to impact the economics of IT.

, , , , , ,

Leave a comment

Productivity vs. Security: Find the Right Balance

Security concerns around IT systems seem to only get worse. Now organizations must contend with cloud computing, social networking, and mobile computing, all of which ratchet up security concerns. Of course, you can boost security but business will suffer. Restrict social networking and risk losing customers. Let managers access data from smartphones and risk compromising data.

“When Security is around, Productivity disappears. And when Productivity shows up on the scene, Security has to take a coffee break,” writes Aaron Weiss for Dell here.

Workers aren’t stupid. They feel the pressure from management to do more, work harder, work faster, no excuses. They know it is a tough economy; layoffs could come at any time. So they take shortcuts, and a handy place to find those shortcuts is security. How can you strike the right balance?

Here are five telltale signs workers are opting for expediency over security:

  1. Passwords hidden in the most obvious places—convenient, easy to find by anyone, almost never changed
  2. Leaving a workstation, even for a few minutes, with a session running and connection open—anyone who sits down can do anything
  3. Putting data unencrypted on insecure, easily misplaced devices (laptops, smartphones, tablets, flash cards)—usually in an effort to be more productive
  4. Sending confidential data unencrypted via email—no guaranteed delivery, no assurance the recipient will be the one opening it, no control of the data after it passes the firewall
  5. Failure to follow social media policy—spontaneous discussions with little awareness of security and confidentiality implications

In each case convenience, usually in the name of productivity, trumps security. It is faster and easier to do it this way, workers reason.

But don’t blame the workers. Management, too, sends clear signals that security is less important than productivity:

  1. Lack of a security policy and social media policy that reflect how efficient workers actually operate
  2. Failure to cultivate security awareness through regular communication and training
  3. Reluctance to invest in automated security tools that remove much of the burden of complying with security policy
  4. Failure to model and enforce proper security behavior, with accountability for security lapses
  5. Unreasonable productivity demands that drive workers to take careless shortcuts

When management by its actions conveys the message that throughput is more important than sensible protection of valuable data and systems assets inevitably productivity will trump security.

Here are signs the security-productivity issue risks falling out of balance, notes Rakkhi Samaresekera here.  The most obvious, of course, is a major security incident. Before you suffer that, however, consider minor security incidents or near-misses as warnings that something is amiss. This might be an increase in thefts of laptops or more frequent virus attacks.

Audit reports should give you a good sense of potential security problems. Don’t just bury these in a file folder that never gets opened. Similarly, have consultants periodically assess current security in light of industry best practices. Again, once you get the report, don’t ignore it.

There are, however, proactive things you can do to enable security without killing productivity or triggering a worker revolt. For example, you can deploy single sign-on which greatly expedites application and data access while reducing the need to manage passwords. To get rid of passwords altogether, you can implement bio-metric authentication. It’s a bit pricey, but once deployed users reportedly love it. Also consider automated ID management tools to rein in multiple worker IDs and roles. Finally, make sure the help desk knows to respond fast when workers have trouble with passwords or otherwise get tangled in security.

Start to minimize the conflict between security and productivity by streamlining business processes within the context of effective security practices with the input of workers. This includes the new employee on-boarding process too. And new tools, as noted above, can eliminate the most cumbersome aspects of security. Of course, all of this requires an investment of time and budget. The payoff, however, is security with productivity.

, , , , ,

Leave a comment