Background

Very soon, the Private Cloud – particularly in its Co-Location manifestation – was almost overtaken by “IaaS”. Datacentre and Managed Services providers quickly saw the commercial, logical opportunity – as did their clients – of handing over the whole kit and kaboodle of a physical infrastructure (the hardware “boxes”) on which everything ultimately relies to “someone else” – in most instances a Managed Services provider renting space from a Datacentre or even the Datacentre itself.

IaaS therefore means that the physical infrastructure on which your applications reside is owned and managed by systems or hosting providers, whilst you still own (and are responsible for!) which is important, particularly in the light of GDPR) the data and the actual applications.

There are several “flavours” of IaaS. In fact, it is really up to you how far you want to go (and at what stage. There is no need for a big-bang approach).

The main variants are “Dedicated” and “Multi-tenancy”.

Dedicated IaaS

Dedicated IaaS is not very different from Private Cloud – the main difference being that you are renting the kit rather than owning it. As part of the agreement, the IaaS Provider may or may not provide licensing for the infrastructure and can either wholly, or partially manage that infrastructure (i.e. be responsible for the continuous care, maintenance and upkeep that any form of technology requires, and fix problems when they occur).

Multi-tenancy IaaS

Multi-tenancy is one step further towards true “Public Cloud” (to be dealt with in our next Buzzword instalment). Instead of simply renting the physical kit, the IaaS provider will make resources – i.e. storage, processing power, memory, etc – available to you, to be “shared” with other organisations taking the same service from the provider. In this instance, at least the some of the licences will be part of the deal – Windows server licences may or may not. In simple terms, you will not be able to visit the Datacentre, walk up to a particular storage rack, and say “that is where my data sits”. Your data and systems could be anywhere on a collection of physical boxes (and will probably move around amongst those boxes a lot of the time).

Advantages of Infrastructure as a Service

1. From the firm’s perspective, why make a significant capital investment (Capex) every five or six years by renewing hardware, when you can effectively “rent” the physical hardware from someone else? With IaaS, the cost of your infrastructure will be an operational cost of the business, same as rent and other ongoing costs. There may or may not be tax advantages.
2. Even better, why not let someone else take care of the boring, routine tasks of infrastructure management, monitoring, patching, upgrading and securing?
3. Your internal IT team is freed up to focus on more value-added tasks;
4. You don’t have to worry about physical failures – i.e. disks, power supplies etc. These become “someone else’s” problem.
5. It could still be “private cloud”, in that you would be able to visit the datacentre and identify “your” hardware on which your systems are located. This is important where there is a requirement by your clients. There may also be technical advantages to consider.
6. The “multi-tenancy option” where, instead of dedicated hardware, you share the underlying hardware with other organisations making use of the same IaaS provider can be significantly more cost-effective.
7. Management of back-up and disaster recovery may be improved – but that headache, and the headache of business continuity will not go away.
8. Scalability and flexibility: As you require more resources, you simply “rent” them rather than having to make a Capex investment and then build and provision. Particularly with the multi-tenancy option, you may be able to scale up and scale down as required.

Disadvantages

None, really. BUT – there are many pitfalls and risks to manage. It is essential to take a Buyer beware approach

1. As with everything, there may (will) be cost implications. Make sure that you are very clear on what you are paying for and how you are paying for it. In particular, as data volumes grow and the need for additional resources increases, the cost (including the cost of additional back-up and disaster recovery) may increase in unexpectedly unpleasant ways.
2. Service Level Agreements determine the level of service you should expect. Robust negotiation is indicated. You have to be absolutely sure that you can live with the SLA’s and the downtime when maintenance is done.
3. Ensure that proper change control is in place, so that you are notified of any planned changes and can act accordingly. It can be very awkward and disruptive when a maintenance window occurs and your systems go down without prior warning. This can be particularly tricky with the multi-tenancy option.
4. From a technical perspective, ensure that the relevant people in your firm (i.e. those who have responsibility for IT) have full visibility of the underlying infrastructure. In case of problems, you will need an end to end view of an entire system, from the infrastructure up to the end-user experience. Problems become very difficult to diagnose and address when this is not the case – typically, the infrastructure provider will blame the application provider, and vice versa. The ability to have overall insight is crucial.
5. A well-defined exit strategy is even more important. Robust negotiations are in order. You do not want to be held to ransom, and you do not want your business to suffer if the service you receive is unsatisfactory, or if – heaven forfend – the financial stability of the provider becomes questionable.
6. Remember – IaaS, or a particular flavour of IaaS is not an “all or nothing” option. You can choose to put some of your data/systems in the IaaS version of “private cloud” (clients may insist, or performance requirements may dictate it), some of it in multi-tenancy, some in the true “public cloud” and even retain some on-premise. It is crucial to get the mix “technically right” (we will discuss this in greater depth when we come to the “cloud ready” buzzword).
7. Information and cyber security: You are handing over some of your most precious assets to a third party. It is advisable to get an expert Information and Cyber Security adviser to validate all the accreditations of your chosen partner and do a thorough validation on all the security they have in place, both from a process and a technology perspective. You may hand over your and your clients’ data to a third party, and under GDPR they have obligations as a “processor”, but you are ultimately responsible as Data Controller as well as for the obligations under SRA Guidance.
8. From a costs perspective, it may be wise to consult a software licensing expert before you decide on which licensing model to adopt. Some firms have a significant ongoing investment in their licensing. It could be advantageous to continue that investment, rather than to rely on the IaaS provider for licensing the software your systems rely on.
9. You may need consent from some of your clients to move their data to a third party. There may also be particular geographical/jurisdictional requirements.

Summary

The trend to “Cloud” is unstoppable – everything is driving you that way. However, for many of us it is a new world we are venturing into. Great care and the development of different skills are required.

In the next instalment we will be dealing with the true “public Cloud” and the “Hybrid” or “multi-Cloud”. Happy (or not so happy) reading!