the cloud: financial, legal and technical
Post on 17-Jun-2015
516 Views
Preview:
DESCRIPTION
TRANSCRIPT
1
Agenda
09.00 - 09.30 Coffee
09.30 - 09.40 Introduction
09.40 - 10.20 Morgan Hill: The Financial Case
10.20 - 11.00 Taylor Wessing: Legal and Security Considerations and how to combat them
11.00 - 11.20 Coffee
11.20 - 12.00 Amazon: The Technology Behind The Cloud
12.00 - 12.30 Panel session
12.30 Lunch
2
• From a financial perspective, we define it as:
“IT services delivered over the internet in a manner that allows cost to match utilisation.”
• A key factor in benefiting from this is the ability to understand the real cost of IT.
3
• The point is that there is a disconnect between what the business sees and what IT sees.
• Our solution is a shared financial understanding of what this technology can do.
4
What is the big change inherent in the Cloud?
• It starts to break the traditional IT vendors’ cost models – it is a disruptive technology.
• This will lead to more choice and lower IT costs for organisations – how?
- Limited to no contractual lock in - on demand, pay as you go services
- Transparent and comparable pricing
- Brings the open source world further into the commercial mainstream
- Provides infrastructure, software and people, all on demand
- Removes geography and enables price arbitrage
A key factor in benefiting from this is the ability to really understand the cost of IT. Without an holistic and comparable
view of cost it is very difficult to know which choices to make
5
• It is hard to know the real cost of providing a particular service.
• And even harder to know if this cost is reasonable.
• Complex IT infrastructure built up over time
• Accounting records which do not fit easily to the IT services
• Lack of transparency in vendors’ costs
• Arrival of new technologies, which often possess very different pricing models
6
• Finance has all the numbers and knows where the big costs are.
• However, it is rarely able to convert these costs into specific IT services, such as the cost of running a data centre or of running a particular application.
• The figures generally have little information on the question of value, i.e.
Is this the right sort of level of cost?
7
• The IT organisation has all the equipment and services and knows which technologies are deployed where.
• Yet it does not usually have the detailed financial data which easily maps to the services it runs.
• This can then make it difficult for those outside the IT organisation to appreciate where the budget goes.
8
1. By combining financial information with IT
services information we can provide cost
transparency and show the real value of IT.
2. It is then easy to make financial comparisons
of alternative IT services, vendors and new
technologies.
9
• The model can be used for a variety of management control purposes, including:- Accurate and on going costing of services and processes- Comparing the above with a trusted community- Vendor cost comparison- Service catalogues mapped to financial data- New technology / new service financial impact assessment- Construction of financially valid business cases- Accurate recharges- Cost reduction programmes
• In the example that follows we will use the model to assess the potential impact of changes to selected
data centre services.
10
• In this case we are comparing service costs amongst divisions within a corporation.
• Not only can we see where opportunities might exist to extend internal best practice, but we can also drill into high cost units and explore the financial impact of alternative technologies.
• We will now drill into Data Centre costs above for Division B.
11
• If we drill into data centre costs for Division B we can see some of the areas where technologies such as
Amazon Web Services could have a directly beneficial financial impact.
• In this case backup,
failover and archive at
£265k look like good
potential candidates for
the Cloud.
12
• If we drill further into backup failover and archive we can see that nearly 50% of the associated cost is for
failover servers. The production systems these support are up at least 95% of the time therefore we have
about £125k of annual cost that is effectively un-used.
• A comparable reserved
Amazon Web Services
instance would cost less
than 10% of this figure –
with no Capex.
13
• And, it can reduce this by up to 90%. Circa £125k to £12k.
• This is what the technology can look like.
14
• Below is an extract from a document that is the result of applying the Morgan Hill financial model.
• It shows the strategies that are enabled by the cost transparency afforded by the model to achieve sustainable cost reductions.
• In this case the strategies are: internal best practice, virtualisation, supplier negotiation, cloud and VOIP.
15
• It has been proven over four years in multiple instances in industries ranging from banking to logistics.
• It can be run now specifically to show the likely financial impact of deploying new IT services, processes
or technologies.
• It is easy to deploy and in every instance that it has been run, cost reduction opportunities have been
identified.
• The model can be run on selected IT services within approximately 20 days.
• The model is currently delivered as a consultancy service but can be operated by a client, post the
consultancy.
16
17
• An initial workshop, together with interviews and report, will deliver the following:
• This is a short duration exercise, designed to reveal the financial benefits of cloud computing to your organisation.
18
• The Cloud has a very real impact on IT costs.
• However, in order to utilise the Cloud effectively, it is essential to have a clear view of the IT costs base.
• The Morgan Hill Financial Model is a proven and rapid method for achieving this.
• With this knowledge the financial case for Cloud technology becomes both apparent and quantifiable.
19
The Cloud: The legal issues
A clear view
> Key questions for any business:
-What technical benefits does it bring?
-What commercial benefits does it bring?
-What legal challenges does it bring?
> In order to utilise the Cloud safely, it is essential to have a clear view of the legal challenges, and to take steps to address those challenges
What are the legal issues?> Not new
- Outsourcing / SaaS / Gmail / Linkedin
> Not complicated- Although some lawyers might suggest otherwise
> Not barriers- Just hurdles
> Based almost entirely on practical risks that you should be worrying about anyway- Business continuity- Location of data- Security of data
… ok, and a few some compliance issues….
The issues: death, taxes and data protection…
1. Supplier due diligence
2. Contractual terms available
3. Who will you be dealing with?
4. Data location
5. Data security
6. Data retention
7. Interoperability
8. Vendor lock-in and exit
9. Audit and compliance issues
10. Project planning
1. Supplier due diligence
> Who is your supplier?> Where are they incorporated?> Do they have deep pockets?> Who owns them?> Do you need a legal opinion / guarantee / other comfort?
> Some suppliers will go off-piste
…… but it will be a trade off
…… you may not get the contractual terms you want, so doing your homework can be more important
2. Contractual terms available> A commoditised market drives value ….. but this has meant commoditised terms of supply
> You may be outsourcing a core service, so you need to:- maintain a reasonable level of control and flexibility- have a stick to waive- be able to get out easily, if you need
> Terms to focus on:- Weak warranties / service levels- No liability for key risks- Insufficient data security obligations- Insufficient DR provisions- Limited ability to down-scale- Export of data (see later)- Limited rights to terminate- Weak exit / transition obligations
> But value drivers may make negotiation unrealistic, so do your homework
3. Who will you be dealing with?> Who’s actually going to provide the service?
> Will the cloud supplier be prime contractor or a sub-contractor?
> Do you care if the supplier sub-contracts?
> Do you care if they’re sold?
> Are you concerned if they are supplying a competitor?-particularly on shared servers-what does the contract say?
4. Data location> Data Protection Act 1998: (stay awake…)
“personal data shall not be transferred to a country outside the European Economic Area unless that country provides an adequate level of protection for the rights and freedoms of data subjects ….. ”
- a cloud model may involve export of data outside the EEA- most countries outside the EEA don’t pass the EU test, including the US
> Don’t worry, there are some ways to comply:- some suppliers give you a choice (but some don’t)- is consent possible?- use specific approved contractual provisions- US Safe Harbour scheme… if not then choose a supplier in the EEA, but check contract terms
> Random risk: maritime law!
5. Data security> Data Protection Act 1998:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data or accidental loss or destruction of, or damage to, personal data”
“Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to … the harm that might result … and the nature of the data”
“Where processing of personal data is carried out by a data processor on behalf of a data controller , the data controller must .. choose a data processor providing sufficient guarantees in respect of security measures ..and … take reasonable steps to ensure compliance with those measures”
5. Data security (continued)> Security also covers access control – who within your organisation can access the data in
the cloud?
> So, you need to:
- remember that you are responsible for data security, not your supplier- modify your data security policies to reflect the cloud model- ensure your supplier:
- takes data security as seriously as you do, complying with any security policies you may have
- implements state of the art security, which you can monitor- will help you co-operate with regulators, if needed- agrees to do all of this in writing, in the supply contract
- do your homework
6. Data retention
> There are lots of different reasons why you need to retain data:-general record keeping-tax-contractual enforcement-risk of disputes-specific regulation in some industries
> So you should have a data retention policy
> You need to ensure your supplier can follow that policy
7. Interoperability
> The hot potato
> No widely accepted interoperability standards for data … yet
> No legislation …. yet
> How important is interoperability for your cloud model?
> Does the contract support your needs?
> If not does it allow you to require it when relevant in the future?
8. Vendor lock-in and exit
> A shoot from the same hot potato-How practical will it be for you to exit and move to another supplier?
> Have you developed an exit / transition plan?
> What would the supplier need to do?
> Has the supplier agreed to perform the plan?
> Might the plan need to change?
> What does the contract say?
9. Audit and compliance issues> There’s a whole bunch of laws out there
-Data protection-Taxation-Evidence requirements in litigation-Competition laws / dawn raids-Data retention-National security-Money laundering
> Your compliance team should be aware of those applying in your home country
….. but locating your data elsewhere may bring you under laws of other countries
> As a rule of thumb these laws are generally concerned with simple questions:-where is your data?-who is holding it?-can you access it?-can regulators access it?-is it secure from unauthorised access?
….. again, all primarily driven by practical issues that should be important anyway
10. Project planning
> As we’ve seen, the legal issues:
- are largely driven by practical questions
- and can be addressed relatively easily in many cases, if thought about in advance
> Therefore, it is key:
- to involve your legal department at an early stage
- to ensure they understand what it is you’re trying to do
- and to avoid them being the business prevention unit….
Thanks for listening
Graham HannPartner
Taylor Wessing LLP5 New Street SquareLondon EC4A 3TW
www.taylorwessing.com
t: +44 20 7300 4839m: +44 (0) 7904 065846e: g.hann@taylorwessing.com
AMAZON’S THREE BUSINESSES
Consumer (Retail)Business
Tens of millions of active customer accounts
Seven countries: US, UK, Germany, Japan, France, Canada, China
SellerBusiness
Sell on Amazon websites
Use Amazon technology for your own retail website
Leverage Amazon’s massive fulfillment center network
Developers &IT Professionals
On-demand infrastructure for hosting web-scale solutions
Hundreds of thousands of registered customers
You just lost
customers
InfrastructureCost $
Time
LargeCapital
Expenditure
OpportunityCost
PredictedDemand
TraditionalHardware
ActualDemand
AutomatedElasticity
TYPICAL DILEMMA:PREDICTING INFRASTRUCTURE NEEDS
a style of computing where massively scalable IT-related capabilities are
provided ‘as a service’ across the Internet
to multiple external customers.
Gartner 2008
CLOUD COMPUTING DEFINED
- On demand- Pay as You Go
ScalableIncrease or decrease capacity
in minutesAutomation
Cost EffectiveLow rate, pay-as-you-go
SecureMultilayer security facilities
ReliableMission Critical Infrastructure
AMAZON WEB SERVICES (AWS)
ComputeAmazon Elastic Compute
Cloud (EC2)- Elastic Load Balancing
- Auto Scaling
StorageAmazon Simple Storage
Service (S3)- AWS Import/Export
Content DeliveryAmazon
CloudFront
MessagingAmazon Simple Queue
Service (SQS)Amazon Simple Notification
Service (SNS)
PaymentsAmazon Flexible
Payments Service (FPS)
On-Demand Workforce
Amazon Mechanical Turk
Parallel Processing
Amazon Elastic
MapReduce
MonitoringAmazon CloudWatch
DatabaseAmazon SimpleDBAmazon Relational
Database Service (RDS)
ManagementAWS Management
Console
ToolsAWS Toolkit for Eclipse
Isolated NetworksAmazon Virtual Private
Cloud
Your Custom Applications and Services
Infrastructureas a Service
Build new app
Buy an app to run on AWS
Move existing app onto AWS
Web Site Hosting
Application Hosting
Co
nte
nt
De
liv
ery
Media Distribution
So
ftw
are
D
istr
ibu
tio
n
HP
C
Batch Data Processing
Large Scale Analysis Ma
rke
tin
g C
am
pa
ign
s
Backup
Collaborations
Development & TestL
oa
d T
es
tin
g
Disaster Recovery
Lowers CostEliminates Capital Investment
Reduces Operational Costs
Increases AgilityReduce Time to Market
Removes contraints
Foundation for21st Century Architectures
Removes the “Heavy Lifting”Leverages Scalability, Reliability and
Security
KEY BENEFITS TO RUNNING IN THE AWS CLOUD
WHAT COULD MY FINANCIAL BENEFITS BE?
• For single AWS proof of concept use http://aws.amazon.com/economics/
• For larger IT consolidation initiatives http://www.morganhill.co.uk/it-cost-control/
48
• With the Morgan Hill Financial Model your organisation can:
1. Understand the real costs of IT services
2. See the opportunities
49
50
top related