Clouds must be transparent
Customers want to see what they're paying for
Deep Dive Public cloud computing won’t be successful unless its providers make the full breadth of services transparent and accountable. Customers must be able to see what they are getting and know it has been delivered.
Infrastructure and focus
I work in infrastructure. That means I’m most concerned with the hardware, software and methodologies that form the basis of cloud-based services. I work with organisations that are building cloud platforms to enable the delivery of these services for consumption by end users and I’ve noticed a trend in focus that we actively need to address. Before I detail exactly what that is, let’s refresh ourselves on who the players are in this type of arrangement.
- Starting at the bottom are the vendors that provide the kit and caboodle that form the basis of the platform - the infrastructure.
- Then there is the service provider who combines all of that equipment and software and makes a meaningful service offering out of it.
- Then there may be agents and referrers who bring in business and customers to attach to that service and consume it.
- Finally, there are the consumers themselves who actually use the service.
Each party has its own vested interest in the arrangement. The vendors would like the service provider to carry on buying their products and services that makes them profits. The Service Providers would like the consumers or agents to keep subscribing to the service that they provide as that brings them profits.
But what of the consumers? The motivation here cannot possibly be profit as not everyone in this stack can make profit, someone has to provide the funding for some other benefit. This is the area that can easily be neglected and actually where a lot of the focus should be.
Consumers use cloud services for several reasons. Anyone involved in providing the service or supporting the service can roll the benefits off the tongue at will and they of course include ease of management, predictability of costs and flexibility of service to name the top three I come across.
In exchange for these benefits the consumer will part with certain levels of cash. However, as with consumption of any other good or service, there must indeed be a tangible benefit with limited risk associated in order for that decision to part with that cash to be made.
It is not unusual for a service level agreement to be offered by providers of cloud services, be that compute or storage. They normally focus around performance, capacity and availability. These three are critical aspects to the service achieving what it set out to. However, although they influence the overall experience of that service, they do not fully determine it.
Let’s take another industry as an example, say, the passenger air industry, and let’s assume the service is a flight from London to Paris. Taking the above three critical elements we can promise when the flight leaves and arrives (performance), a place to sit and put luggage (capacity) and a plane with more than one engine should something bad happen (availability). This will probably get you from London to Paris, but it speaks nothing of the experience.
The capacity could be provided above the wings of a bi-plane or next to the rear-gunner for example. It doesn’t define the minimum standards that can be expected or whether a meal or movie is provided. All of these things are expectations the consumer may have but has no way of understanding what is actually going to be delivered. I’m not a fan of such lucky dips with my flights, and consumers of cloud services are likely feel the same way.
So what elements should a cloud provider consider when framing and offering and engaging with consumers? Let’s focus on the cloud storage model as that has many implications that need to be addressed.
To start with, the full experience should be described as part of the service catalogue entry. This means defining not just what capacity and performance can be expected, but what other services and features are provided with that – such as backup policies, what is required to access those backups, how flexible the service is and what process is required to leverage that flexibility. The consumer must understand exactly what they can expect for their money up front. That is the attractiveness of a cloud-based solution and is what will bring in the customers. Sadly it is not a case of “build it, and they will come”.
Evidence of service delivery
The next factor and often the one that gets overlooked is providing evidence to the customer that they have indeed received what they have paid for. This normally takes the form of a report attached to the monthly invoice that details the thresholds set for the service and where the actual parameters lay within those thresholds. There is also an excellent opportunity for some "value-add" here by making recommendations for new service levels, whether or not they are greater than those currently deployed. A consumer will greatly appreciate being told they can spend less and will likely be more loyal to an organisation that tells them that.
Accountability doesn’t end there though. Whether or not it was described in the service level agreement, there are regional laws and general expectations around security and privacy which must not only be upheld, but in terms of accountability, must be seen to be upheld. That means that proof needs to be available that all reasonable steps have been taken to protect the service from unauthorised access, modification or disclosure. In terms of global cloud deployments this would also include the ability to locate the data in a specific geography and within certain legal frameworks without risk of bleeding to others and exposing the data to non-desired laws and legal entities.
So as you can see, there is a lot of responsibility that is taken on by a cloud provider, more so than a simple internal IT provider in fact. The key tool to dealing with the additional demands and accountability of these sorts of services needs to be transparency. The current status of the data and the service must be easy to query and ascertain and unless the expense of manual examination and reporting is going to be added, this needs to be automatic.
It’s areas like this where conforming to standards such as the SNIA’s Cloud Data Management Interface (CDMI) come in, and allow a uniform and consistent means of querying multiple services not only about the specifics of that service, such as its capabilities but also of individual elements of data including such things as authorisation, current placement and legally accepted placement.
When setting up a cloud service, or when consuming one, you should insist that transparency and accountability is considered and detailed, as this really will become a differentiator in what is becoming a very consumer-centric marketplace. ®
This article is based on a series of SNIA tutorials on cloud storage technologies. To view all of the tutorials on Data Protection and Management, visit the SNIA Europe website.
It was written by Glyn Bowden, SNIA CSI member and SNIA Europe UK Committee member. He works for NetApp.
About the SNIA
The Storage Networking Industry Association (SNIA) is a not-for-profit global organisation, made up of some 400 member companies spanning virtually the entire storage industry. SNIA's mission is to lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organisations in the management of information. To this end, the SNIA is uniquely committed to delivering standards, education, and services that will propel open storage networking solutions into the broader market.
About SNIA Europe
The Storage Networking Industry Association (SNIA) Europe is dedicated to educating the market on the evolution and application of storage infrastructure solutions for the data centre by providing thought leadership and industry education focussed on storage technologies and business value. For more information visit: www.snia-europe.org.
Sponsored: The Nuts and Bolts of Ransomware in 2016