Cloud Misconceptions Stand Firmly In the Way of Necessary ChangeBob Flynn | Manager of Cloud Technology Support, Indiana University
With any major transformation in the higher education space, especially when that transformation centers on the adoption of new technologies, come a great number of critiques and concerns. While it’s important to thoroughly vet new technologies before jumping in with both feet, these processes tend to lead to the breeding of misconceptions that, once formed, are nearly impossible to break. Cloud technologies, unfortunately, are no different in this regard. In this interview, Bob Flynn outlines some of the true benefits the cloud can provide higher education institutions, reflects on a few of the key misconceptions that still plague the cloud in this industry and shares his thoughts on how these misconceptions impact institutional transformation and growth.
The EvoLLLution (Evo): What are a few of the significant advantages cloud hosting provides higher education institutions, especially when it comes to central administrative and bureaucratic systems?
Bob Flynn (BF): By “cloud hosting” I assume you mean infrastructure as a service (IaaS) or perhaps platform as a service (PaaS). That is the wrong question to ask if you are looking for a holistic answer. They are only two levels of cloud technology. It would require overly broad generalizations to address those without also discussing software as a service (SaaS).
Many institutions, even those early on the broader cloud adoption path, have seen the advantage of shifting certain workloads to SaaS. For most this began with the move of student email to Google and Microsoft about a decade ago. Student email was not considered sensitive institutional data if it is institutional data at all. It was a win-win for everyone. Institutions were able to retire services they saw as being outside their core mission, students got the innovation and convenience they had begun to become accustomed to in the consumer space and the vendors got a chance to build brand loyalty with their next generation of customers.
In recent years the explosion in diversity and flexibility of SaaS offerings has meant that the demand, pace and viability of this strategy has increased. All our users, not just students, have begun to demand the convenient and innovative services on the SaaS market for their work in their campus lives. Tech giants such as Google and Microsoft have expanded the scope and generosity of their offerings to the higher education (HED) market, adding other cloud-based services including enterprise file sync and share (EFSS) tools, Google Drive and OneDrive respectively. Specialized players in the EFSS market like Box have garnered a strong foothold in HED. In some ways Box has the upper hand because of its strong enterprise focus and the fact that it is not yet too large to really engage and understand the HED market. Consumer favorite Dropbox has awoken to the challenge and is working to bring its popular EFSS solution up to enterprise speed. 2015 has seen Dropbox really turn its focus on the HED market.
The SaaS market has begun to provide serious contenders for many systems that may have previously been built locally by institutional IT shops. This could be survey software like Qualtrics, workstation backup solutions like Crashplan or an institution’s learning management system (LMS). The last decade saw the space dominated by large industry players like Blackboard and “community-sourced” alternatives like Sakai, but in the past three years upstart Instructure has caught fire with the Canvas LMS. Like the Box example above, this is largely due to its willingness to engage and understand the true needs of the higher ed market.
The “devgeist” of recent years is for small companies to develop services that fill a discrete need but interoperate with others through rich and open APIs. This has given institutions the ability to essentially construct custom enterprise offerings a la carte. The LMS space is a showcase of this type of innovation and targeted development. The Learning Tools Interoperability specification gives companies wishing to be a part of an institution’s learning platform a way to prove how they can enhance the offering.
There are a few basic tenets to a cloud-first posture that may help wrap up this context I am trying to create to be able to approach your question:
- When looking at standing up, updating or replacing a service, the question is not why put it in the cloud, but rather why not.
- Look to SaaS first, then PaaS, then IaaS and only if none of those are appropriate do you look to on-premises for your solution.
- Regardless of where you build your applications, “future-proof” them by building them for the cloud.
Now that we’ve set some context around the question of cloud hosting we can more directly address the benefits. Here are a few:
- Traditionally, HED IT shops have built high-quality custom solutions for their institutions. Once they are up and running they would be put into maintenance mode while the developers moved on to the next thing. They would seldom get attention unless they broke. They often languished years beyond the point when they should have been retired. With SaaS, PaaS and even IaaS we trade local control for innovation and scale beyond what we can provide.
- Even an institution as large as mine with state-of-the art data centers in different cities can benefit from the geo-diversity of a cloud provider for disaster recovery.
- Placing certain core infrastructure components in the cloud can help you deal with potential network attacks or outages. Whether it is cloud-based DNS and rerouting to respond to a DDOS attack or failing over your authentication to allow users to access SaaS services during a local network outage, strategic use of the cloud can give you much greater resiliency.
- Studies estimate that most data centers, even those that are highly virtualized, run at around 30 percent utilization. PaaS and IaaS allow you to build more efficient applications, making better use of the compute cycles you pay for. This is keeping in line with the sustainability mandates being established by many institutions.
- The path to the cloud begins with an “application assessment.” HED IT is generally too pressed keeping services up and running to reflect on which they really need to keep around. As corporations and institutions of all sizes begin to move to the cloud, data are beginning to show patterns. About 15 percent of services are good candidates for SaaS, 35 percent are web applications that could be made cloud-ready, 5 percent are services that are best left on-premises and roughly 30 percent could be retired.
- By shifting to a true DevOps-oriented, cloud-first technology organization the focus shifts much more on the customers and their needs and less around the provisioning and maintenance of services. In addition to increased self-service for users, the organization becomes far more responsive to the changing needs of those they support.
- Your IT organization will be much less siloed and the communication between teams will greatly increase.
Evo: Conversely, to your mind, what are a few of the drawbacks or considerations that leaders must keep in mind when contemplating this switch?
BF: Increasingly the model is no longer build-first or even host-first, but rather look-to-SaaS first. As we sew together more and more SaaS services, for both core and peripheral needs, new types of challenges emerge. Vendor management becomes very important. We need to dedicate staff to keep abreast of the rapid pace of new features and changes by the provider. Each relationship will require a different level of attention in order to establish and maintain some level of influence. Since many institutions use the same services, every attempt should be made to partner with other institutions to create a stronger voice with the vendor. A proper supply/demand balance with the vendor is an important component of a healthy partnership.
Going all in with the cloud requires a fairly dramatic reconfiguration of the IT organization. New positions must be created. Old positions must be eliminated. Training is vital, not only for those moving to new jobs or radically transforming old jobs, but also as general education for the entire IT workforce. We are truly moving to a new era of computing and it is helpful to level set with everyone who will be involved, including those in the business areas.
Years ago many institutions went through the transition from a capex model of servers and local machine rooms to the opex model of virtualized servers in central data centers. This was the beginning of the end of the days when we could set the deadline for the upgrade of a service to be when the server had to be replaced. That natural end of life does not come in a virtual environment. The underlying VM hardware may be refreshed, but it removes the natural evaluation point.
Central IT often provides services to its community for “free.” They are base funded and users are not directly billed. If you are looking to shift part or all of such a service, you need to transition its funding model as well. Funds must be made available to do the necessary architecting, testing and transition long before the legacy systems can be retired and the funding redirected to the cloud provider.
A strong partnership with procurement and university counsel are key to a true institutional cloud strategy. They will not only help you build strong contracts, but they can use their leverage points to direct users to those central contracts and preferred funding models and away from the departmental purchase cards.
Whether you like it or not, the ubiquity of consumer-focused cloud-based software, will trigger a shift in mindset in your community. Accustomed to buying SaaS solutions for personal use, staff and faculty will feel empowered to do the same for the workplace. Clear policies on purchase policies, as well as who has signature authority at your institution, must be coupled with a process for users to discover existing contracted services as well as a way to request new ones. Transparency in this area will save the institution money and keep your data more secure.
Evo: What are a few of the most common misconceptions you’ve heard about the cloud in higher education?
BF: I see three primary misconceptions or “cloud boogeymen.” All of which are easily dispelled.
1. Your data will not be secure
Questions about the location of your institution’s data, who has access to it and what laws govern it should dispute arise, raise valid concerns. No vendor contract should be signed without a security review commensurate with the level of your institution’s data their service will be in contact with. One item often overlooked is not the data that you may provide to a SaaS provider about your users, but the data they may collect as part of interacting with your users.
In the case of most large providers like AWS, MS Azure or Google, their economies of scale extend to their security offices. They can bring far more security resources to bear than your own security offices. The true challenge is to guide your users to secure practices through training, providing resources such as recommended configuration templates and external controls.
2. While many talk about cost savings, it actually leads too easily to cost overruns
It is true that an IaaS environment will let you spin up services and walk away, effectively leaving the stove on and running up a big bill. This again is an issue of user training and even some enterprise monitoring controls. In addition to configuring billing alarms or idle time triggers on your systems, instance tagging can be leveraged to flag systems that can be automatically shut down during hours when they are not likely to be used. An example would be to have all dev instances spin down at 5pm and come back up at 8am.
3. It will lead to lots of job loss in IT
There is no shortage of work to be done. Most IT organizations can’t get to all of the work they need to now. Transitioning your services to the cloud will take years of planning and patient execution. Since existing production services have to stay up and running, the move to the cloud may, in the short term, lead to the addition of some positions. It’s true some jobs as we know them today will be rewritten or eliminated, but in most cases there are paths for those with the skill, knowledge and history to bring that to bear on new challenges just as valuable to their organization. There are those who, rather than fear the loss of their jobs, fear the loss of their competitiveness in the marketplace if they can’t get in and build experience in the cloud.
Evo: What impact do these misconceptions have on the process of cloud adoption and transition?
BF: The impact is clear. It not only slows the pace of strategic adoption, but it often stifles any serious exploration of the benefits. When a real analysis can take place, the opportunities and benefits of cloud computing become clear. An organization can then bring cloud technologies into the menu of options that should be considered when the institution begins the assessment of its service portfolio.
Institutions and their IT organizations cannot afford to wait until a shift to cloud computing has moved from inevitable to imperative. Just like you can’t wait until the shore has moved to your doorstep to start thinking about climate change, you cannot wait until you are forced into the cloud to start building organizational experience with the technologies. Ultimately the economies of scale, evolving threat response, customer demands and pace of innovation will compel even the most reluctant to develop a cloud strategy.
A thoughtful strategy is a comprehensive multi-year process. Simply performing a “lift-and-shift” of an existing service is just postponing the inevitable critical examination of a service that may not even be needed. A deliberate process should include decoupling dependencies and re-architecting it to leverage the tools provided by the specific cloud platform.
Evo: How can leaders overcome these misconceptions?
BF: First and foremost leaders need a better understanding of what the cloud is and what it isn’t. For too many cloud technology means some sort of outsourcing of their IT. For them cloud computing is about where computing happens rather than how it happens. Many of the basic characteristics of IaaS/PaaS (on-demand self-service, resource pooling, rapid elasticity, measured service, infrastructure as code) as well as some SaaS solutions, can be run on-premises in one’s own data center.
For most the value proposition of SaaS is fairly straightforward. Leaders just need to back targeted strategic purchases that showcase the value of the solution. For example, strong CIO support for Box at my institution has not only led to quelling of concerns and large-scale adoption, but it has also set the tone for other SaaS purchases.
Selling PaaS and IaaS adoption requires a little more work. Leadership sponsorship of cross-functional teams to identify relevant test projects that showcase the unique capabilities of the cloud not only serve to demonstrate the value, but the knowledge gained by the staff involved is then seeded throughout the organization. This has the potential to not only reduce job security concerns, but also concerns about the accessibility of the technology. These teams are often made up of those willing to embrace change and who are often seen as leaders by their peers.
Author Perspective: Administrator