Cloud

Texas government will evaluate, and adopt as appropriate, cloud computing solutions to drive cost‑effective and efficient operations

Infrastructure and Services

Traditionally, organizations spend a significant portion of their technology budgets procuring and maintaining their own information technology (IT) infrastructure, platform, and applications. Purchasing hardware, upgrading software, and hiring administrators consumes resources needed for other mission-critical activities.

One computing model that has proven to be a cost-effective and efficient alternative is cloud computing. The National Institute of Standards and Technology (NIST) defines cloud computing as a “model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Recently, the federal government focused on cloud computing by adopting a Cloud First initiative, urging federal agencies to evaluate their environment and move into the cloud where appropriate. Whether implemented to replace an aging technology infrastructure or to augment computing and capacity needs, cloud service options are increasingly being explored and adopted throughout government.

With an increasing number of government-specific private cloud offerings, advances in cloud security, and expected economic benefits, Texas state agencies should evaluate their current environments for any potential advantages of moving into the cloud. Even though cloud services are still relatively new in government, the model has been tested and is mature enough to be adopted for Texas government.

Some of the characteristics of cloud computing include

• On-Demand Services – Users avoid protracted procurement cycles through self-service provisioning and configuring of appropriate solutions that meet their business needs.
• Pay As You Go – Users pay only for what they consume on a variable-fee basis.
• Rapid Scalability – Users increase or decrease capacity and load balancing needs during peak/off-peak usage spikes.
• Higher Level of Automation – Users reduce time spent on routine administrative tasks, such as configuration management, manual troubleshooting, software updates, or backups.
• Virtualized Environment – Users typically perform tasks over the Internet through a web browser.

There are three basic cloud services models:

• Public Cloud – The user has little control over how resources are shared or allocated, and has limited insight into the virtualized cloud environment. For most agency applications and data requiring higher security and privacy controls, the public cloud may be inappropriate.
• Private Cloud – The cloud provider dedicates and customizes the resources and administration of a defined environment to each organization. This is ideal for highly sensitive and mission-critical applications and services, but is also more costly than a public cloud model.
• Hybrid Cloud – The hybrid cloud is a blended model with both private and public cloud features.

Types of services provided through the cloud include

• Software as a Service (SaaS) delivers applications, such as email, customer relationship management, and collaboration software.
• Infrastructure as a Service (IaaS) delivers computing hardware, storage, networking, and backup.
• Platform as a Service (PaaS) delivers an application framework that supports design and development, testing, deployment, and hosting.

Benefits of Cloud Services

There are many benefits to cloud solutions, including the ability to

• scale rapidly to address peak capacity demands
• eliminate lengthy procurement cycles
• simplify technology environments
• increase speed of service delivery and flexibility for service changes
• continuously refresh technology
• support business continuity
• provide a variety of service choices and service level agreements
• take advantage of a more efficient and optimized virtualized environment
• allow IT staff to focus on other mission-critical tasks
• give business owners more options in selecting the most appropriate and cost-effective technology solution to meet a business need

A widely perceived benefit of cloud computing is the ability to rapidly reduce infrastructure expenses. Although many organizations do see immediate cost savings, the goal and expectation of deploying cloud solutions should focus on business needs, in addition to budget savings. When transferring services to the cloud, there may be significant costs for customizing, standardizing, and optimizing agency resources in a new environment. In the long term, agencies can expect some cost savings, but the overriding focus should be on business value.

While the benefits are substantial, there are significant technical requirements that must be addressed to realize those benefits. These requirements include access and data security, credentialing, service levels and remedies, and terms of use.

With business information and key IT resources outside of their firewall, organizations remain concerned about being vulnerable to external threats. According to a 2011 Ponemon Institute study, the majority of cloud providers believe ultimate responsibility for securing the cloud remains with the customer. The study also found that cloud computing users admit they are not vigilant in conducting audits or assessments of cloud computing providers.

As recommended in a 2011 NIST report, interested organizations need to ensure that cloud services are configured, deployed, and managed to meet security, privacy, regulatory compliance, and other requirements.

Steps to Plan

An agency should evaluate both its business needs and technology infrastructure to determine suitability for migrating to a cloud model. Because resources can be provisioned and de‑provisioned on demand, a state agency can assess potential opportunities through a limited pilot of a non-mission critical application, such as a customer relationship management or a collaboration application, deployed within a single business area.

To determine which application is the best candidate for provisioning through the public cloud, an agency should weigh the full range of risks and benefits. Depending on an agency’s infrastructure, a public cloud provider may meet or exceed existing security, redundancy, reliability, and availability metrics. However, an agency should evaluate its business needs, applicable laws, policies, and regulations and gauge those requirements against the capabilities and service levels of public cloud providers to determine whether the cloud provides the level of service needed.

A private cloud model may be a more appropriate solution for an agency to comply with laws, policies, and regulations for mission-critical applications. Hosted behind an agency’s firewall, a private cloud provider can deliver services and applications that meet agency compliance requirements and enhance flexibility and responsiveness to changing business needs.

Some requirements to consider include

• security
• data confidentiality and privacy
• data ownership
• disaster recovery
• root cause analysis
• reliability and availability
• compliance with laws, policies, and regulations
• identity management
• help desk support of end users
• training of end users