Looking at Best Practices for Cloud Deployments in State and Local Government can Aid all Organizations

Although cloud computing is relatively immature, there are some emerging best practices documents available to organizations today. The State and Local Government Cloud Commission recently authored a best practices document that can be leveraged by almost all organizations.

Last Thursday, February 16^th, State and Local Government Cloud Commission (SLG-CC) held a conference in Mountain View to discuss best practices and policies for state and local governments.  In conjunction with the conference representatives of state and local government combined with a number of commissioners released a rather lengthy report that documents best practices for governments as they head down the path to cloud.  It’s worth noting that the report was created using input from individuals from many of the leading cloud solution providers such as PG Menon (Brocade), Kevin Paschuck (Oracle) and Bethann Pepoll (EMC).  After reading the rather lengthy report, I thought I would share some of the highlights that can be used by State and Local Governments but also but general enterprises. 

The report recommends a four-step cloud implementation lifecycle.  Those four steps being cloud readiness assessment, assess risk and plan governance, implement the cloud and operate the solution.  This methodology is ideal for process heavy organizations like SLG but should be adhered to by all companies.  Cloud will be new to most organizations and a lifecycle approach can minimize risk and ensure key deployment steps aren’t missed.

The first phase of the lifecycle is to do a cloud readiness assessment.  Many might think that doing a formal assessment to gauge readiness might be overkill but, in general, good pre-work leads to smooth deployments.  Sloppy up front work leads to months of pain putting out fires based on things that were missed up front.  The assessment should start with looking at a combination of business goals, IT goals and the organizations level of cloud savviness.  This will help determine which applications should be the ones to immediately move to the cloud and which ones can be phased in at a later date. Having a leader appointed that has the authority to drive a cross-functional team will ensure legacy tools and organization silos don’t get in the way.  Cloud requires visibility and delegation across traditional boundaries – many teams will need to think differently and pending the applications ear marked, new tools may be in the critical path

The second phase is risk and governance, which directly correlates to security issues.  Find any survey today and security/governance will be the number one barrier to cloud computing.  The report outlines a multistep process that, in my opinion might be overkill for most organizations but is ideal for highly regulated verticals such as SLG, medical and educational institutions.  The main goal of this process though is to get line of business owners to fully understand what data is held in the cloud and what the risks are.  Whether a process like the one given is used or a more simplified one, this should be a goal of any organization.  As an FYI – risk and governance is a double edge sword.  While some may look at pushing data into the cloud as risky, some smaller organizations might find it greater risk to not push the data into the cloud.  An example of this might be a small company that uses Quickbooks for financial information.  If the PC or server it is running on were to ever crash, he companies financial could be lost forever.  In this case, moving the application to the cloud would actually reduce the business risk.  Whatever the scenario, the cloud deployment should be based on acceptable risk levels. 

The third phase is implementing the cloud.  There were many highlighted best practices for the implementation phase and I agree with all of them for SLG and I’m not going to go through each one but, again, the document talks about the importance of pre-work and understand the impact to the technology, people and process.  All of these elements are important and none should be ignored.  The people part of the deployment can scuttle the project, even though technically, everything is fine.  Moving to the cloud will change functionality meaning processes change, work style changes and some training may be required.  This is actually handled fairly well in SLG and not so well by many other types of organizations.  So, do all the proper technology pre-work and don’t forget about the people and culture as you implement cloud. 

The last phase is the on going operations of the cloud.  In my opinion, the operational element of operating clouds is still very immature.  There are still very few best practices and even highly risk tolerant early adopters struggle with operations—especially as noted earlier, in a cross-functional environment.  With that being said there were some recommendations given that I think are significant.  First, new skills are needed.  IT people that aren’t willing to make this shift will become irrelevant in a very short period of time.  There was a faction of IBM loyalists that could not and would not accept Microsoft.  Had the company listened to them, we would have been running OS/2 on microchannel machines.  Clearly the wrong choice and those that didn’t embrace change were out of a job quickly. 

Another sound recommendation is process automation.  This may be the most impactful part of a cloud deployment.  Utilizing pre-built automation routines and working with developers to modify applications to take advantage of these repeatable processes can save organizations a significant amount of money.  Automation is one of the big benefits cloud can bring and IT departments should leverage them—especially as a means to bridge visibility and control gaps bettwen IT functional areas.  There are many management tools and technologies that can help with automation including service management, IP address automation, or what I have referred to in that past as “Active DDI”, and application delivery controllers and these should be leverage where appropriate. 

As cloud matures, I would expect to see more “best practices” type documents that are vertically specific but I do think we should all take the time to learn from the ones that have put them together. 

• Cloud Computing
• best practices
• cloud
• government
• SLG