Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

4. cloud procurement


Published on

Nesta apresentação, mostramos como o Setor Público pode se beneficiar da nuvem da AWS. Melhores práticas para especificação e seleção de um provedor de nuvem para o serviço público. Apresentada no Public Sector Summit 2015

Published in: Software
  • Be the first to comment

  • Be the first to like this

4. cloud procurement

  1. 1. Sao Paulo
  2. 2. Cloud Procurement Best Practices for Public Sector Customers David DeBrandt, Business Development AWS Worldwide Public Sector
  3. 3. Agenda – Cloud Procurement • Cloud Procurement Overview • Procurement Models • Solicitation Details • Budget and Pricing • Security and Cyber Controls • Legal and Legislative Issues
  4. 4. Cloud Procurement Overview
  5. 5. Characteristics of Cloud Old World IT New World of Cloud Computing Price lock Low variable costs Vendor lock-in No required minimum commitments Rigid structure Rapid innovation CapEx OpEx Budget for tech refresh Cloud providers continually upgrading Months to plan and order Rapid deployments Design lock-in Agile architecture
  6. 6. Successful Public Sector Adoption Has Several Steps Security and Compliance Procurement Culture Broad Adoption Business Uses/Definition Policy
  7. 7. Government Organizations Should Plan Early • Involve all key stakeholders at an early stage: – Procurement – Legal – Budget/finance – Security – IT – Business leadership • Get comfortable with the cloud model
  8. 8. Understand Different Cloud Models Networking Storage Servers Virtualization Operating System Middleware Runtime Data Applications Infrastructure (as a Service) Networking Storage Servers Virtualization Data Applications Platform (as a Service) Operating System Middleware Runtime Networking Storage Servers Virtualization Software (as a Service) Operating System Middleware Runtime Data Applications Provider Responsible Consumer Responsible
  9. 9. Government Sponsor (CIO, etc.) Gov Cust 1 Gov Cust 2 Gov Cust 3 Gov Cust n AWS Training Strategy&Roadmap SolutionArch&Design TechReview&Audit ReqAnalysis AppDevlpSupt Professional Services ServiceDesk ProgramMgmt Billing&AccountMgt Program Support Implement/Migration ConfigMgt/COOP IT O&M Governance Security Controls Infrastructure Direct Providers Reselling Cloud Migration and Service Providers All-Inclusive System Integrators Cloud Brokers Packaging/Bundling of Cloud IaaS/PaaS Typical Project Packages Vendor/ Owner Types Cloud Service Provider Government Customer Array of Cloud Project/Program Services
  10. 10. Cloud Governance • Ownership and sovereignty – Public Sector entity owns all data • No long term contracts or exclusivity – Public Sector entity can terminate at any time • Choose location of your data – E.g.; Region in Brazil
  11. 11. Separate Infrastructure from Services/Labor • Separate the purchase of infrastructure from services (planning, development, implementation, and maintenance). • Results in maximum pricing efficiencies
  12. 12. Procurement Models
  13. 13. Procurement Approach • Indirect purchase: – Managed Service Provider (MSP) – Independent Software Vendor (ISV) – Consultant/System Integrator/Reseller • Direct purchase from CSP
  14. 14. Broad Eco-System of Partners
  15. 15. A marketplace for software in the Cloud Over 2,100 listings across 23 categories
  16. 16. Procurement Models • Understand different procurement models to buy cloud: – Cloud catalogue procurements – Solution procurement – Immediate cloud needs
  17. 17. Procurement Models – Cloud Catalogues A pre-approved catalogue that can be used by multiple purchasers – a ‘license to hunt’ • Commercial Item: a utility-type service with no custom-built deliverables • Flexible pricing models: cloud vendors have different approaches • Quantities: not known in advance
  18. 18. Procurement Models – Solution Procurement • Traditional IT procurement – cloud infrastructure is only a component • Seek best value of cloud resources
  19. 19. Procurement Models – Immediate Needs • On-demand infrastructure • Emergent or temporary needs • Use cloud catalogue, existing vendor contract
  20. 20. Solicitation Details
  21. 21. Don’t Be Overly Prescriptive • Focus on overall performance • Do no dictate specific methods, hardware or equipment • Leverage commercial best practices
  22. 22. New and Updated Services • Take advantage of new and improved services • Avoid including restrictions or consent requirements for CSPs ability to change/improve services (and related terms)
  23. 23. Cloud Provider Evaluation Criteria Evaluation Question to Ask AWS Value Experience How long has the vendor been providing cloud related services? AWS has been building and managing its cloud services since 2006. Service Breadth and Depth Provide details on how deep and wide the set of services provided go? 40+ services to support any cloud computing workload Pace of Innovation How does the vendor continue to innovate its offerings? AWS has released over 1,100 new services or major features since 2008 (including 516 in 2014). Global Footprint How large is the vendor’s global footprint? AWS serves customers through our 11 Regions, 28 Availability Zones, and 52 Edge Locations. Pricing Philosophy and History How does the vendor offer its pricing? Is there a long- term lock in? What is the history of price reductions? For each AWS service, you pay for exactly the amount of resources you actually need in a utility-style pricing model. AWS has lowered prices 48 times in the last eight years. Total Cost of Ownership (TCO) Does the vendor provide a complete TCO analysis (not just an “apples to apples” approach measuring potential hardware expense alongside utility pricing)? AWS offers the following TCO tool: calculator/ Ecosystem How extensive is the ecosystem of vendors that work with the CSP? 8,000+ SIs and ISVs; 2,000+ AWS Marketplace products. Security and Audit Certifications Does the CSP have industry-acknowledged certifications and accreditations? AWS can cite many security frameworks, best practices, audit standards, and standardized controls, including: SOC 1, SOC 2, SOC 3, PCI DSS, ISO 27001, ISO 9001, and U.S. FedRAMP, Industry Analysis How is the provider assessed by independent analysts? AWS has been assessed by multiple independent analysts, including Gartner, Inc., Forrester Research, and IDC
  24. 24. Budgets and Pricing
  25. 25. Flexible Pricing Model • Pay as you go model • Fluctuating/variable prices • Accept multiple pricing models from CSPs – Don’t compare ‘apples to apples’ • Transparency
  26. 26. Supervising and Controlling Budget and Consumption • Utilizing Resellers/Solution Providers to manage consumption of CSP Infrastructure and Platforms • Create internal control organization to manage utilization • Explore existing contract models such buying electricity for models
  27. 27. Security and Cyber Controls
  28. 28. Certifications and accreditations for workloads that matter Architected for Government Security Requirements
  29. 29. Leverage 3rd Party Accreditations for Security, Privacy, & Audit • Leverage industry best practices on security and audit • Avoid mandating your unique security protocols • Take into account levels of security required
  30. 30. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity Data Infrastructure Customer applications & content You You get to define your controls IN the Cloud AWS takes care of the security OF the Cloud Understand Security is a Shared Responsibility
  31. 31. Legal and Legislative
  32. 32. Terms & Conditions • Commercial item: an item sold, leased, licensed, or otherwise offered for sale to the general public • Evolving terms and conditions – Take advantage of continuous evolution of cloud’s enhanced features and efficiencies • Avoid unnecessary restrictions or change consent • Identify only relevant requirements and terms
  33. 33. Service Level Agreements • Accept Commercial Cloud Provider SLAs – The scalability and low cost of the cloud is directly linked to a single model for all customers • If required, additional SLAs could be handled by reseller or solution partner
  34. 34. Minimized Admin Burdens • Minimize needs for project requirements – If working with CSP directly, avoid, project meetings, customized reporting, non standard notifications – Rely on resellers/partners for add-on project requirements
  35. 35. Legislative Issues • Understand how existing laws and policy can affect this approach: – Security standards; – Audits; – Pricing controls; – Inability to accept changing terms;
  36. 36. Conclusion
  37. 37. Cloud Procurement Best Practices April 9, 2015 • CSPs provide foundational services to build solutions/house workloads. • Accept different vendor approaches – CSP offerings are not apples to apples. • Understand different ways to buy SaaS v. IaaS/PaaS. • Focus on application-level and performance-based requirements – not dictating specific methods, infrastructure or hardware. Ultimately, you are not buying a physical asset. • Embrace on-demand, utility-like, OpEx model cloud pricing. Traditional IT pricing approaches can reduce or eliminate benefits of cloud. • Accept different vendor pricing models – do not create single pricing model. • Shared security/compliance model between the CSP & end user. • Leverage industry best practices on security and audit. • View cloud as a commercial item and consider appropriate terms & conditions • A mechanism to incorporate CSP’s unique terms and conditions. • Leverage CSP’s commercial SLAs, i.e. uptime, durability, reliability etc. • A model to obtain cloud services directly from CSP and/or an indirect model in which cloud services are procured through partners or reseller. • Do not consider or treat CSPs as System Integrators (SIs). Cloud Models Performance Based Requirements Pricing Security/Assurance/Audit Terms & Conditions and SLAs Vendor Types and Partner Ecosystem • Separate purchase of cloud infrastructure from the purchase of services and labor for planning, developing, and executing, migrations & workloads. Services vs. Infrastructure
  38. 38. Cloud Procurement Next Steps • Understand the cloud model, security and how it is different from traditional IT • Understand working with partners/resellers • Understand Cloud pricing and SLA constructs • Focus on requirements that are cloud specific – not traditional IT