Cloud Survey Results
CSG 9/13
Thank you
UW-Madison
Penn State
Virginia Tech
Penn
Univ of Michigan
Princeton
Cornell
Univ of Minnesota
Columbia Univ
Duke
UC San Diego
Notre Dame
Chicago
Univ of Iowa
NYU
Stony Brook
Univ of Washington
Michigan State
University of Virginia
Univ of Colorado Boulder
Yale
Stanford
Harvard
Brown
Georgetown
Do you feel that your organization is being being
pushed to move to cloud products ahead of your
ability to manage deployments/evaluations
effectively?
We have the BYOE adoption of
commodity cloud services that pulls
us along.
Yes
(Although I'm the one doing some
of the pushing!)
There is a great deal of pressure to
move to the cloud: sometimes to a
specific product, or cost, or
availability, or hype
No
What is your institution’s attitude to cloud?
14
12
10
8
6
4
2
0
Cloud services are We are cautious about Cloud services are There is still resistance
pretty mainstream
cloud services, but mainstream, but we
and accepted
we've implemented
are cautious
some
What are the biggest challenges you are facing?
14
12
10
8
6
4
2
0
Contracting
Other
Technical
integrations
Security
issues
Managing
vendor
SLA's
New
technical
skill sets
required
Providing
local
support for
a cloud
solution
Selling it
Biggest Challenges - Other
Compliance
Risk Mgt, Counsel, Some biz units very hesitant
People understanding that using it for yourself is not the same as an
enterprise implementation for everyone
People's perceptions
New non-technical skill sets required
Customization vs. Configuration
Making the financial case
Complexity (Office 365 email). Internal resources to integrate IaaS
services (billing, technical integrations - not from a technical
standpoint, but from a resource standpoint)
We need to develop operating model support
Policy issues (real and perceived) around compliance and liability.
Organizing and supporting a broad set of services in a coordinated
way
Cloud as a strategy for...? (Top 5)
25
Ranked 5
20
Ranked 4
Ranked 3
15
Ranked 2
Ranked 1
10
5
0
What is the greatest source of interest in cloud?
25
20
15
Ranked 4
10
Ranked 3
Ranked 2
5
Ranked 1
0
Academic
departments and
faculty
Central IT
Administration
functional areas
(e.g., Finance)
Other
Researchers (HTP, HPC)
Housing or other non finance central units
Unit (college) IT
Difficult to rank, all very interested
Students and student groups
Research collaboration
Do you have a sourcing strategy that helps you
determine if cloud is the right solution?
No
Yes
Sort of
What Integrations Have You Done
between on-prem between cloud
and cloud
providers
We have done identity management and
provisioning integrations
We have done data transfer integrations
We have done Web Services, API, etc.
integrations
23
20
0
2
26
2
Biggest challenges to integration
Vendors being behind the curve on API standards, Web Services, shibboleth etc…
Authn, Authz. Hard to tolerate variance in Net+ pilot integrations with local policies,
practice.
Common authentication. Integration with legacy systems.
Every cloud engagement requires integration work with our IAM team, and we have
found that group to be a bottleneck because of the many demands on their time. As a
result, we have had to slow down some cloud integration work.
Experience is still too limited to answer this
Workday project dis-integrated (ie: disintegrated:-) our ERP data, requiring large and
ongoing integration efforts. Traditional approaches to integrating AuthN/Z is fine for
large enterprise wide cloud solutions, but doesn't scale for tactical point-solutions that
are increasingly consumer driven.
Moving from our legacy custom IdM systems to adoption of standard tools that
integrate with cloud services.
Grouper integration is often a challenge - it's typically an AD integration Real-time
updates vs. bulk uploads Non-deterministic timing for updates/integration (Azure/Office
365)
We are just began to conduct proof of concept,we only moved a small component of
our ser-vices to AWS to test the integration of IdM. We will yet learn about the biggest
challenge yet.
Authentication, Provisioning
Biggest challenges to integration
Workflow and "capability impedence". Workflow: developing workflows to manage "flowthrough" use of cloud services (brokering), with billing and admin-overhead. Capability
impedence: For example, Amazon has a 2-level account structure, which makes it difficult to
consolidate existing users under an aggregation model for discounting.
Early on, upgrades of one of the systems being integrated. Modern architectures and use of
SOA, etc. have helped isolate integrations so upgrades are less of a problem.
Making sure we have vendor agreements that are consistent with the type od data being
integrated
Data governance, security
XaaS providers use email addresses as account names
onboarding new users to a managed cloud product, when the product already exists as a
consumer product
Lack of support for OAuth2 (them and, to a degree, us too)
Having clueful technical staff that understand RESTful integrations. We just haven’t retooled
our skills yet
Integrating and managing multiple IAM services that exist on campus
Identity and Access Management
Moving to real-time integrations with the cloud AuthN/AuthZ – but it is starting to get easier
as cloud providers are moving to SAML based standard
Retooling our staff has been hard
We haven't had a lot of integration challenges. The challenges are UI changes on the fly,
supporting rapid change, etc.
Have you changed your contracting process for cloud or
managing SLAs?
Yes
12
No 10
Too early to say, but there's no doubt that all of the requisite offices are changing how
they think about their touch points in an SLA
Additional vetting including security review at time of purchase.
We're in the process of publishing standard RFP and contract conditions. Already have
cloud based security and compliance guidelines.
Contracting process now takes 4x as long
Increasingly formalized business processes (cloud contract templates, security reviews,
identity integration, etc) as relates to cloud acquisitions.
Slowly moving to a common set of processes and templates
We negotiate cloud contracting with a different perspective and process than traditional
software products. Not really focusing on managing SLAs at this point (other than
negotiating them in the contracting phase), but also not having any real problems with
service levels for the services we're using.
Greater involvement from security folks, general counsel; procurement will check to make
sure certain "best practice" language gets included, etc.
Implementation of a full supplier management process; will see if we can share document
from our vendor mgt team
Business Associates Agreements, audit controls and certifications, liability, service and
lifecycle (pre-nup).
What has been the reaction of your technical staff
It has been hard to transition our staff from
more traditional services to cloud-based…
The speed of provisioning has changed staff
attitudes to their work
It has been hard to hire people with the right
skills
Disagree or
Strongly
Disagree
Staff have welcomed cloud over on-premise
For SaaS, they find configuration more
interesting than programming
Strongly
Agree or
Agree
For IaaS, they find configuraing VMs in the
cloud more interesting and productive
Staff turnover has changed due to
implementing cloud services
0
5
10
15
20
Reorganized to support cloud?
We have a Net+ point person - that's it. Otherwise, we're morphing lots of
people's sensibilities with each and every opportunity.
We have hired a cloud sourcing manager. We're also creating a new role for
cloud system administration. We've also created a new team to manage our
cloud collaboration tools (along with some other things).
Shuffled staff to free up 2 managers to become "row people" with a full-time
focus on accelerating cloud adoption. After two years as the "Cornell Cloud
Initiative", this is evolving into a new service catalog entry - "Cloud Computing
Advisory Services".
Not really, although this may be necessary in order to make faster progress.
Driving this alternate sourcing strategy deep into all the service teams might
be the ideal way for it to work, but lifting those teams up from operational
and tactical into more strategic levels is challenging, and takes a long time.
Reorganized to support cloud?
We created a SaaS/PaaS practices team to create and communicate
recommendation for managing SaaS and PaaS more broadly across Yale,
including recommendations in the following areas: adoption, reference
architecture, integration, governance, change mgt, organizational design &
change
Though we have not reorganized we have a new cross-functional engineering
team to explore cloud IaaS ansd PaaS offerings. Some SaaS offerings
(specifically Sharepoint and Google) are being operated by a new team within a
Unified Communications group that was recently expanded to incorporate
legacy voice services in addition to the original email and new telephony
services
Created Product Manager positions, invested more in architecture, focused
more on vendor relations and security, rethinking “service desk” concept
Not yet, but we arelooking to replace our business system teams with
integrations teams
Learned: Overall
That you have to work in many streams... security/risk/compliance, legal,
technical integrations, and staffing - cultural, skill-set, apprehension/resistance,
build-vs-buy approaches. And a comment about the Technical Skills question...
The reactions vary, and seem to be all over the board. Some people and groups
embrace and rush in and love it; others are more hesitant, apprehensive and
resistive. Others are simply too busy or "eyes-down" to see the possibilities.
An executive sponsor is imperative to success with "selling" the cloud as an
option. A strong business case with cost/benefit analysis is important. Leading
from the middle (Central IT) is challenging without a strong IT Governance
program.
Large cloud vendors are not easily influenced by a single institution or even a
consortium of higher ed institutions. The scale is just too big. So we ultimately
have to accept terms which are not ideal. Compliance has been a challenge, but
vendors are starting to move. On the other hand, accessibility continues to a
second or third thought (or no thought at all) for many vendors.
Learned: Overall
That you have to plan for continuous upgrades and have resources ready to
accommodate that - both functional and technical.
Subtle resistance to change can be a bigger obstacle than the overt kind. Change
leadership is required.
It's easy to both over and under estimate the complexity and risks of doing
cloud. It's equally easy to over and under estimate the benefits of doing cloud.
It's no longer about the technology (it probably never was)... it's about the
consumer, who is now in the driver seat.
IT consumers want to focus on the opportunities, but we keep asking them to
focus on the problems.
Keep it simple, understand what you are getting into, buy your lawyer lunch, it
takes longer than we thought
Learned: Business
The business process changes and cultural changes ("But I like to configure
everything exactly how I had it before") are much more difficult than the
technical changes. That political pressure internally can make you throw out
requirements that really drove the business value of the implementation. I
think we knew these things but they were made very clear.
Lawyers are paranoid, and not the good kind of paranoid.
Vendor management is key--from initial discussions and contracting through
implementation and maintenance.
Vendor management is key
The current FUD flight is more in the policy areas, as opposed to technical or
operational issues
It is a tremendous pain to get contracts that our legal folks will sign off on
Learned: Integrations & Security
point-to-point integration/sync of data between many cloud services may not be
the long term solution. Perhaps MDM or some other "data of record" store that
all services sync with is better.
We've learned that the initial perceived (security) risks were exaggerated & that
the tendency to want to customize (or complicated configurations) remains true
HIPAA/BAA is a big deal. Not to believe vendor promises of "getting there" in a
year.
We are just began to conduct proof of concept and we only moved a small
component of our services to AWS to test the integration of IdM. We will yet
learn about the biggest challenge yet.
Learned: Pace & Staffing
Take it slower and get it right - not as much chance to change after
implementation (refine) as needed
I wish I hadn't underestimated the central IT staff push back. I thought it was
better than it was. Bouncing back, but a price was paid. Also, I would have spent
more time on Risk Mgt, Legal, Purchasing etc. to move their asymptotes faster,
further.
I wish we had taken on the staffing issues sooner