GE recently announced it is moving its 9,000 supported applications to the cloud. Nowadays, all of us are bombarded with information about “the cloud”, and it can be hard to wade through the hype and hyperbole to understand the landscape in a way that helps us make decisions about our own organizations.
Enterprise cloud computing is a complex topic, and how you look at it depends on many variables. Below I try to outline one typical scenario. Your inputs, and the weight you give to different factors involved in making the decision will vary, but the general paradigm is useful across a wide variety of organizations.
In the interest of full disclosure, I am CEO of a company that sells cloud-based clinical research solutions (OpenClinica Enterprise, OpenClinica Participate). We adopted a cloud model after going through exercises similar to the ones below. Rather than reflecting bias, it demonstrates our belief that the cloud model offers the greatest combination of value for the greatest number of organizations in the clinical research market.
So… Let’s say you’re a small-to-medium size enterprise, usually defined as having under 1000 staff, and you are considering moving your eClinical software technologies to a public cloud and/or to a Software-as-a-Service (SaaS) provider.
Let’s start with the generic move of in-house (or co-located) servers and applications to public cloud environment. We’ll get to SaaS in a bit.
For this exercise, we’ll use the handy modelling tools from Intel’s thecloudcalculator.com. And we’ll assume you want to run mission-critical apps, with high levels of redundancy that eliminate single points of failure. We’ll compare setup of your own infrastructure using traditional virtualization to a similar one on cloud, based on certain assumptions:
The results for an internal, or “private” cloud are:
The public cloud looks as follows:
Wow. A 26x difference in cost. Looks pretty compelling, right? But not totally realistic – you’re probably not considering building a highly redundant in-house or co-located data center to host just a couple of apps. Either you already have one in place, or are already deploying everything to the cloud. In the latter case, you don’t need to read further.
In the former case, let’s explore the cost of adding several more applications to your existing infrastructure. What are the marginal costs of adding the same amount of computing capacity (12GB of memory, 164GB storage) on top of an existing infrastructure? We can use the same calculator to compute the delta between the total cost of a private cloud with 190GB of memory and 836GB of storage. But here it gets much trickier.
According to the calculator, our 190GB cloud costs $379,324 – the same as the 12GB cloud in the first example! Moreover, adding another 12GB of capacity pushes the cost up to $513,435, a difference of $134,111. However, if we change our assumptions and start with a 150GB cloud, then add 12GB of capacity, the marginal cost is $0.
What we’re seeing is how the IT overhead costs of running your own private cloud infrastructure tend to grow in a discrete, rather than continuous, manner, and the cost of going from one tier to the next is usually very expensive.
Our calculator makes a bunch of assumptions about the size of each server, and at what point you need to add more hardware, personnel, cooling, etc. The exact number where these thresholds lie will vary for each organization, and the numbers in the example above were picked specifically to illustrate the discrete nature of IT capacity. But the principle is correct.
Large cloud providers, on the other hand, mask the step-wise and sunk capital costs from customers by only charging for each incremental unit of computing actually in use. Because these providers operate at a huge scale, they are able to always ensure excess supply and they can amortize their fixed and step-wise costs over a large number of customers.
The examples above show that the actual costs of a public cloud deployment are likely to be significantly lower than those of building or adding to a comparable private cloud. While there’s no guarantee that your public cloud cost will be less than in-house or colocated, market prices for cloud computing continue to become more competitive as the industry scales up.
What is certain however, is that flexibility of the public cloud model eliminates the need for long-term IT capital budget planning and ensures that a project won’t be subject to delays due to hardware procurement pipelines or data center capacity issues. In most cases it can also reduce burden on IT personnel.
The central promise of the cloud is a fundamental difference in the ability to run at scale. You can deploy a world class, massively scaled infrastructure even for your first proof-of-concept without risking millions of dollars on equipment and personnel. When Amazon launched the S3 cloud service in 2006, its headline was “Amazon S3 enables any developer to leverage Amazon’s own benefits of massive scale with no up-front investment or performance compromises”.
It is a materially different approach to IT that enables tremendous flexibility, velocity, and transparency, without sacrificing reliability or scalability. As Lance Weaver, Chief Technology Officer for Cloud at GE Corporate identifies, “People will naturally gravitate to high value, frictionless services”. The global scale, pay as you go pricing models, and instantaneous elasticity offered by major public cloud providers is unlike anything in the technology field since the dawn of the Internet. If GE can’t match the speed, security, and flexibility of leading public cloud providers, how can you?
What You Give Up
At some level, when moving to the cloud you do give up a measure of direct control. Your company’s employees no longer have their hands directly on the raw iron powering your applications. However, the increased responsiveness, speed, and agility enabled by the cloud model gives you far more practical control that the largely theoretical advantages of such hands-on ownership. In a competitive world, we outsource generation of electrical power, banking, delivery of clean, potable water, and access to global communications networks like the Internet. Increasingly, arguments for the cloud look similar, with the added benefits of continuous, rapid improvements and falling prices.
Encryption technologies and local backup options make it possible to protect and archive your data in a way that gives you and your stakeholders increased peace-of-mind, so make sure these are incorporated into your strategy.
The model above is based on the broad economics of the cloud. However, there are other, more intangible requirements that must be met before a change can be made. You’ll want to carefully evaluate a solution to ensure it has the features you need and is fit for purpose, that the provider you choose gives you the transparency into the security, reliability, and quality of their infrastructure and processes. Make sure that data ownership and level of access is clear and meets your requirements. Ensure you have procedures and controls in place for security, change control, and transparency/compliance. These would be required controls for an in-house IT or private cloud as well. One benefit of public cloud providers in this area is that many of them offer capabilities that are certified or audited against recognized standards, such as ISO 27001, SSAE16, ISAE 3402, and even FISMA. Some will also sign HIPAA Business Associate Agreements (BAAs) as part of their service. Adherence to these standards may be part of the entry-level offering, though sometimes it is only available as part of a higher-end package. Be sure to research and select a solution that meets your needs.
No matter who you are, you are beholden to other stakeholders in some way. Here are a couple areas to ensure you pay attention to:
- Regulation – Related to risk reduction, you want to have controls in place that adhere to relevant policies and regulations. In clinical research, frameworks such as ICH Good Clinical Practice and their principles of Computer System Validation (CSV) are widely accepted, well understood, and contain nothing that is a barrier to deploying a well-designed cloud with the appropriate due diligence. You may also have to consider national health data regulations such as HIPAA or EU privacy protections. Consider if data is de-identified or not, and at what level, to map out the landscape of requirements you’ll have to deal with.
- Data Storage – A given project or group may be told that the sponsor, payer, institution, or regulatory authority requires in-house or in-country storage of data. Sometimes this is explicitly part of a policy or guideline, but just as often it is more of a perceived requirement, because “that’s the way we’ve always done it”. If there is wiggle room, think about if it is worth fighting to be the exception (more and more often, the answer is yes). Gauge stakeholders such as your IT department, who nowadays are often overburdened and happy to “outsource” the next project, provided good controls and practices are in place.
- Culture – a famous saying, attributed to management guru Peter Drucker, is that “Culture eats strategy for breakfast, every time”. Putting the necessary support in place for change in your organization and with external stakeholders is important. The embrace of cloud at GE and in the broader economy helps. Hopefully this article helps :-). And starting small (something inherently more possible with the cloud) can help you demonstrate value and convince others when it’s time to scale.
SaaS (Software-as-a-Service) is closely tied to cloud, and often confused with it. It is inherently cloud-based but the provider manages the details all the way up to the level of the application. SaaS solutions are typically sold with little or no up-front costs and a monthly or yearly subscription based on usage or tier of service.
When you subscribe to a SaaS application, your solution provider handles the cloud stuff, and you get:
- a URL
- login credentials
- the ability to do work right away
Which leads to a scenario like the following:
A few years ago, you typically had to balance this advantage (lack of IT headaches and delays) against the lack of a comprehensive feature set. As relatively new entrants to the market, SaaS platforms didn’t yet have all the coverage of legacy systems that had been around for years, or in some cases decades. However, the landscape has changed. The SaaS provider is focused on making their solution work great on just one, uniform environment, so they can focus more of their resources on rapidly building and deploying high-quality features and a high-quality user experience. The result is that there is far more parity. Most SaaS solutions have caught up and are outpacing legacy technologies in pace of improvements to user experience, reliability, and features. Legacy providers have to spend more and more resources dealing with a complex tangle of variations in technology stack, network configuration, and IT administration at each customer site.
Furthermore, the modern SaaS provider can reduce, rather than increase, vendor lock-in. Technology market forces demand that interoperability be designed into solutions from the ground up. Popular SaaS frameworks such as microservice APIs mean your data and content are likely to be far more accessible, both to users and other software systems, than when locked in a legacy relational database.
The SaaS provider has the ability to focus on solving the business problems of its customers, and increasingly-powerful cloud infrastructure and DevOps technologies to automate the rest in the background in a way that just works. These advantages get passed that along to the customer in continuous product improvements and the flexibility to scale up and down as you need to, without major capital commitments.
YMMV, but cloud & SaaS are powerful phenomena changing the way we live and work. In a competitive environment, they can help you move faster and lower costs, by making IT headaches and delays a thing of the past.