Journey to the Cloud and a Lesson in Shared Responsibility

Recently Chris Cruz, the Deputy CIO for California, spoke to our Leading Trends in Information Technology class at Stanford. According to Cruz his organization is responsible for overseeing the information technology needs of the 138 entities apart of the California Executive Branch of government. He manages this primarily through the California Statewide Datacenter and manages over three thousand points of presence, as well as, the CGEN & CENIC networks which provide broadband connectivity to state government and academic institutions. More information about CGEN (link) and CENIC (link) found here.

It was enlightening to hear Cruz speak of California’s governmental agencies journey to the cloud. Throughout his lecture Cruz laid the foundation for what is cloud, the relationship between cloud platform provider, the consumer, and their shared responsibility. This blog will post will explore these topics further and provide a framework for other public and private sector entities to consider as they too embark on their journey to the cloud.

What is Cloud?

The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling on-demand access to a shared pool of computing resources that can be rapidly configured with minimal management effort or service provider interaction. The NIST goes on to define essential characteristics, service models, and deployment models. The full publication is available here: http://ow.ly/sSiW301Af6p.

In terms of service models the NSIT and industry have settled on three categories of service models – Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). McKinsey writes that in today’s world we can be inundated with anything-as-a-Service (link: http://ow.ly/CymF30drAGD) as companies and products setout to market themselves in the new digital age, but at a foundational level cloud services fall into the three service models listed above. Let’s spend a minute talking about each.

Software-as-a-Service (SaaS) is a service model where an application running on a cloud platform is accessed by the user – aka consumer – but the user does not control or manage the underlying infrastructure of the application. The consumer can be an individual or an entity, such as a private sector business or public-sector division. In this model, the consumer simply enjoys the feature benefits of the application. An example of this is Microsoft’s Office 365 which gives consumers access to productivity software such as Outlook, Word, and Excel all without having to manage the underlying infrastructure of the application.

Platform-as-a-Service (PaaS) is a service model where an application is deployed by the consumer using programming languages, or tools supported by the cloud platform provider. The application is used either for personal use or to give access to external users. The consumer has control over the application, but does not manage the underlying infrastructure – such as operating system, networking, physical servers, etc – that supports the consumer’s application.

Infrastructure-as-a-Service (IaaS) is a service model where consumers can provision on-demand compute resources and is responsible for the operating system, but does not control the base-level infrastructure such as physical servers.

Inherent in each of these service models is a relationship between the consumer and the cloud platform provider. Each service model offers a different ratio of what the consumer controls compared to what the cloud platform provider is responsible for managing. Depending on the need of the consumer there are benefits to each model. The cloud is a model of shared responsibility where both the consumer and cloud platform provider have a role to play; the most important thing for the consumer is to understand what model they are deploying.

Like California’s journey to the cloud other public entities are also moving applications to the cloud. For instance, in South Carolina the Charleston Police Department is migrating the Veretos Evidence Management solution which manages most of it’s crime fighting technologies to the cloud for increased infrastructure agility and scalability. The full story here: http://ow.ly/X4x430drzYC

Looking into the future it’s is fascinating to think we may reach a point where SaaS and PaaS are the predominant service models; where a consumer creates a PaaS application for re-sell to other consumers as a SaaS application – my PaaS is your SaaS – and IaaS is reserved for a few public cloud providers.