Cloud Brokerage: Five Steps for IT Leadership

Although the goal of corporate strategic planning is to envision changes over the long term, the stark reality for IT in many organizations is that only incremental change seems possible in the short term. IT’s ability to implement the changes needed to alter the competitive playing field might be limited by the siloed nature of most IT departments, where separate teams enact deployment cycles implemented on a product-by-product basis with each product set purchased and managed separately. Customization is usually the rule, with different servers selected for different applications by different teams. Attempts to integrate data center infrastructure and applications have been manual, time-consuming, and expensive efforts. With traditional data centers of the past limited to maintaining the status quo, this scenario often led to a breakdown and disconnect between corporate planning and IT capabilities.

Fortunately the situation is changing with the advent of cloud computing: CIOs have been freed from having to settle for incremental change, and IT can now be the enabler of line of business (LOB) requirements for faster innovations, new business models, and new revenue streams.

Because today’s cloud computing architectures are designed to capitalize on change, more expansive opportunities exist for IT to become an internal strategic partner. By enabling holistic improvements across technology infrastructures, cloud computing is creating dramatic innovations that rewrite the rules of competition. Instead of a plethora of customization arising from siloed teams, IT organizations are beginning to standardize their infrastructure to create a highly agile IT foundation with integrated layers designed to adapt to changing requirements. The opportunity to use both private cloud and public cloud services — termed “hybrid IT” — provides enterprises more choice and speed in implementing new innovations.

As the Gartner perspective that follows this article frames it: “Hybrid IT is the mission and the operational model for IT in a cloud computing world... Fundamentally, hybrid IT requires working with the enterprise, including business leaders, to change the working relationship between the enterprise and IT to one where IT is the trusted broker and value-added supplier for all IT-based services, whether they are internal or external.”

If IT can act as a services broker, it will address a set of common needs in the industry: simplification, information transparency, and control of services selected, provisioned, and consumed from several sources — private, public, and hybrid.

The potential for deep and wide flexibility frees organizations to think big, literally out of the box, beyond the constraints of the past. When considering potential breakthroughs to change the competitive playing field, instead of asking “why,” IT can dare to ask “why not?” This path to transformational change requires five major steps.

The first half of this step is to be bold: Leave your memory of operational obstacles at the door and develop a vision of how you want your operations to run to deliver competitive advantage to your business. After that vision is clear, the second half is to be rigorous: Systematically identify the obstacles within your organization that prevent your vision from becoming a reality. Ask yourself and your organization questions such as:

• What processes need to be reengineered?
• What new capabilities need to be developed?
• How much faster are you seeking to get to market?

Because the IT organization is best able to identify the technology gaps between the processes the organization wants and the processes it has in place, the CIO plays a pivotal role during this step. And, unlike the past, IT organizations can now implement the transformational cloud architecture they need to accomplish a transformational vision to satisfy the requirements of their LOB stakeholders.

IT leaders are expressing the need for increased transparency and control for cloud services to make sure they can effectively drive value while directly managing risk. They desire secure, seamless, intuitive access for end users to the services required to increase business agility, using the right service at the right time across the various organizational functions. 

End users and LoB leaders speak to the need to rapidly select and launch IT services from on-premise and/or cloud vendors, in comparison to the days or weeks needed to receive approval for services based upon legacy infrastructure and approval processes.

Approaching transformational architecture discussions can be addressed within the Cisco Domain TenSM framework, which covers ten major areas an organization should consider to successfully transform IT into a more agile, cost-effective business resource. Whether you want to take advantage of virtualization or move to cloud-enabled services, Cisco Domain Ten covers important aspects of infrastructure, virtualization, and automation to map your transformational journey. And, in addition to technology considerations, Cisco Domain Ten covers security, compliance, process, and governance implications. (See Figure 1.)

Figure 1. The Cisco Domain Ten^SM framework addresses all aspects of cloud and IT transformation.

This paper will focus on considerations for the three cloud-enabled “building blocks” within the Cisco Domain Ten framework of infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). Each building block is essential for a comprehensive cloud solution, and each is designed to integrate with the other two in conjunction with the other domains to enable greater business agility and speed.

Although the cloud building blocks will next be outlined in a chronological order often followed by organizations like yours, you might want to focus on a different order. Regardless of your preferred approach, it is important to keep in mind the need to look holistically at your organization’s requirements in each block before you make purchase decisions in any one area. Looking at the bigger picture helps to make sure solutions you standardize at one level, say, for IaaS, are capable of meeting your requirements for security and compliance when you implement SaaS.

The second step is to plan an agile IaaS foundation, enabling infrastructure services to be managed by IT in a highly automated fashion and delivered to users in minutes. Standardizing on compute, storage, and networking elements designed for virtualization and cloud will, when integrated together, deliver greater value than each provides independently. Avoid products not designed for easy integration, or you will be hampered when you attempt to automate resource virtualization, which will be required if you want to gain the flexibility to quickly adapt to changing business demands.

By standardizing on agile, integrated assets, IT can also create resource packages in a self-service catalog, empowering customers (whether LOB stakeholders or external end users) with the resources they need to support new initiatives in minutes. To make sure IT can operate as a “business within the business,” the IaaS building block needs to enable IT to set up and track usage-based billing so customers know and can plan for the cost basis of the services they are consuming. Proper monitoring and metering of service usage for show back or charge back to the LOBs is another area of differentiation between IT truly acting as a broker of services, in comparison to legacy IT operating models. The self-service catalog of authorized applications and services, plus the associated service provisioning, monitoring and metering, are core capabilities required of any solution for the brokering of IT services.

Organizations often will create a Cloud Program Office, consisting of IT leaders and LOB leaders, to drive the selection and authorization of services available in the catalog. The Cloud Program Office will manage the full lifecycle of the service assets, be they sourced from on-premise/private data center and cloud infrastructure or from public providers of SaaS, IaaS, and PaaS. (See Figure 2.)

Figure 2. Building blocks of cloud brokerage: SaaS, PaaS, and IaaS.

The IaaS layer should be designed to facilitate innovation from outside the company. Creating an infrastructure for innovation might require the integration of services delivered via the public cloud. By enabling a hybrid cloud environment in the IaaS layer, IT can play the strategic role of “cloud services broker” within a cloud model for the organization, helping departments make the decision about how to access mission-critical services, whether delivered internally or via the public cloud or a combination of both. (Organizations making significant process innovations to promote different business models will likely choose a mix of both.) IT can add significant value by making sure the IaaS layer can dynamically aggregate, integrate, and customize the delivery of cloud services to best meet the needs of the business.

If you think usage of public cloud services does not apply to your organization, think again. As we have rolled out assessment and optimization services on cloud consumption to assess the world of “shadow IT” within the realm of the “hidden cloud,” our customers have found 5x, 10x, and even 40x more cloud service utilization than they estimated.

Indeed, one governmental organization with strict cloud services usage guidelines limited to 11 authorized providers found in fact that over 220 different cloud services were in use throughout its departments. Getting a handle on hidden cloud utilization and finding what its stakeholders truly need to run the business have opened a powerful dialog for IT to increase its relevancy and step up to help manage the total picture for the stakeholders to minimize risk, cut costs, and optimize the user experience.

The platform as a service (PaaS) building block uses the agility in the IaaS foundation by automating the provisioning of operating systems, middleware, and databases, ultimately delivering greater efficiencies and flexibility in the development and deployment of cloud workloads. By adding the PaaS layer, IT gains the advantages of an underlying infrastructure to mask the complexity of the IaaS foundational elements so it can more efficiently write and test new initiatives at lower cost.

Without PaaS, when an organization wants to develop and test initiatives that need large amounts of compute and storage, it would require dedicated capacity to be allocated by IT and enabled with appropriate software. Developing the PaaS building block allows your organization to instantly begin developing the program using hosted or cloud assets using APIs.

After the testing phase is complete, the PaaS foundation allows IT to instantly reallocate the capacity. PaaS accelerates the development and deployment of applications to market significantly more quickly than IaaS alone, making it possible to launch new capabilities sooner. Benefits accumulate from hardware, software, and maintenance savings, as well as productivity improvements, particularly for those companies in which speed to innovation is paramount.

New applications accessible via SaaS can empower organizations to quickly test new business concepts and implement new business models in furtherance of their transformational goals. To facilitate implementation of SaaS solutions, the next building block of agile infrastructure enables the automated provisioning of applications for faster business intelligence and processing of transactions.

Although SaaS can offer organizations an exceptional way to speed innovation, the innovation generated will be limited if it is not fully integrated into the company’s overall IT strategy to meet required availability, manageability, security, and compliance standards. It is in this building block where IT’s ability to act as a cloud service broker within an overall cloud governance model plays a particularly critical role.

Regardless of whether a service is delivered in-house from a private cloud or through a cloud service provider, the business is accountable for always making sure of the security of corporate and customer data, always complying with regulations, and always making the data available to other applications that need it. For these reasons, applications and associated data acquired through SaaS should not be viewed in isolation. For the integrity of the organization, cloud-based services — regardless of sourcing — are best managed as one cohesive infrastructure, meeting identical governance, security, performance, and availability standards. (See Figure 3.)

Acting in the role of service broker, IT can help LOB organizations analyze potential SaaS providers to determine if they are suited to be an integrated part of the company’s cohesive cloud strategy. IT can best determine whether the SaaS provider is in full compliance with the regulations to which the company must adhere. IT also needs to make sure the SaaS-driven application provides adequate performance, including speed and availability of data access, so other applications relying on SaaS-supplied data can perform effectively.

Figure 3. Integrate security into the entire infrastructure.

In addition, the IT organization will be able to evaluate the SaaS provider’s ability to meet the organization’s security requirements. In contrast to the traditional model of directing network traffic to a stationary security device, today’s data center security must be more fluid and intelligent to adapt to changing traffic and user conditions. The ideal cloud security solution is designed to facilitate ease of provisioning, maximize performance, and deliver pervasive protection across physical, virtual, and cloud-based environments.

Security strategies should address services delivered via the private cloud to make sure IT has the ability to:

• Authenticate end users/customers and give them specific rights based on their relationship, creating a secure zone so the business can respond to requests immediately.
• Make sure of secure multitenancy, so end users/customers can access only their specific data.
• Protect access to customer data by creating a secure environment from the endpoint to data storage using policy-based solutions that limit access to authorized users, dynamically encrypt sensitive data, block data from being uploaded to external devices, and prevent customer data from being stored on employee or contractor devices.

Whether a business rents capacity from an external service provider or has a SaaS application that needs to access its data center, the IT security strategy should include:

• The ability to detect unexpected or unusual behavior. For instance, if a user is accessing a large number of files, IT needs to be alerted immediately, with the ability to stop that activity.
• The ability to control who has access to a SaaS application by using web security tools that manage all certificates to SaaS vendors. Such control makes sure that, if someone’s role changes or they leave the company, IT can immediately revoke their privileges.

To accomplish these objectives, the entire IT infrastructure must deliver speed, agility, and security together. Identity and context-aware policies and strong encryption capabilities can build trusted links and extend a chain of trust from the user all the way to the application. Because Cisco security technology is integrated directly into the infrastructure, Cisco security solutions are designed to meet those requirements. Further enhanced by Cisco’s massive threat telemetry security operations center, which constantly drives real-time threat updates to Cisco’s security solutions every three to five minutes, IT departments using Cisco security can identify and block threats before they disrupt services.

After you have constructed your agile and secure infrastructure, you can begin to reengineer and develop business processes to convert your vision into reality. (See Figure 4.)

Figure 4. The Five Steps for IT Leadership

When it comes to making transformational changes, best practices are as important as best-in-class technology. IT’s ability to fully use the agility of its technology infrastructure and partner with business units to develop and implement new processes is the linchpin in the company’s ability to change the competitive playing field.

To be successful, your organization might want to rely on the expertise of others who are experienced in this unique combination of technological and organizational change. If you are seeking a trusted partner to successfully help you define and implement your transformational vision, consider Cisco® Services.

Cisco Services have defined a comprehensive strategic framework known as Cisco Domain Ten that helps organizations like yours implement industry best practices to reflect their specific requirements, building block by building block. Cisco Services help IT develop the customized evaluation criteria to effectively play the role of cloud service broker, so IT can quickly make decisions about when to purchase innovative services from the public cloud and when to have them reside within the private cloud. We also have extensive experience working with companies around the world to implement new processes and organizational change.

As CIOs use these five steps, their cloud computing architectures can permanently change the corporate strategic planning process — making what was once impossible, possible. Rather than being consulted after a strategic plan is developed, CIOs should be included in the earliest strategic planning discussions to brainstorm game-changing plans. IT leadership is the cornerstone to use the power of cloud computing to align strategic business and IT objectives under a cloud model. When undertaken holistically, the destination point of IT acting as services broker enables a more agile business, more satisfied end user populations, greater degrees of data security and control, and the reduced total cost of ownership promised by cloud.

For More Information

• Cisco Domain Ten
• Cisco Services for Cloud

Customer Success Stories

• Canadian Managed Service Provider OnX Realizes Cloud Goals with Cisco Cloud Services
• Healthcare Benefits Administrator CareCore National Moves Business to the Cloud
• Improving Business Processes and IT Delivery for Aviation Leader Thales UK
• IT Services Provider Earthlink Deploys Cloud-Ready Infrastructure
• Microsoft Enhances Service Delivery with Private Cloud
• Savvis Creates New Class of Enterprise-Cloud Services (Video)