Author Archives: admin

IT Adoption Trends in E-Commerce

E-commerce companies in order to facilitate sellers and buyers online adopt new techniques and methods which are easily enabled by emerging technologies. The rise of mobile technologies and social networks are complimenting online users and businesses by acting as a catalyst to accelerate the e-commerce trends in the Indian market. In all these trends, IT is clearly proving to be an enabler to connect consumers and provide a variety of information and choices in just a click of the mouse.

Since the inception of online business transactions, e-commerce has come a long way and continues to grow rapidly. Consumers’ online behaviour and interests create knowledge for e-commerce companies to analyze behaviour patterns and customize their online shopping experience. In a study done by Accel Partners in 2015, it is estimated that online shopping business in India is expected to grow at $8.5 billion in 2016 and beyond. This estimate is based on the number of growing online users which is already 300 million in 2015.

IT Adoption in e-Commerce

E-commerce business models focus on buyer-centric paradigms to provide an engaging online experience for customers to interact and perform transactions. Such an arrangement also helps manufacturers to minimize administrative cost, improve brand and increase sales. E-commerce solutions are dependent on facilitating the shopping process, improving consumer experience and uses latest trends and tools in its evolution. IT adoption in e-commerce is mainly driven by the following objectives:

  • Improve interactions with existing customers and increase geographic reach
  • Enhance sales and service to drive overall efficiency and visibility
  • Automate order processing and improve brand awareness in markets
  • Deliver real time information to customers thus ensuring transparency
  • Facilitate decision making for customer by enabling easy to use web research methods and tools
  • Minimize cycle times in ordering of goods and delivery
  • Provide loyalty benefits and discounts

IT adoption in e-commerce can transform business operations into real-time transactions conducted worldwide with accuracy. In fact, IT adoption in e-commerce is acting as a catalyst in driving globalization. Using technology, e-commerce companies are able to measure the amount of transactions and make predictions for future transactions from available data. Globally, IT adoption rate shows that online sales is growing at a rate of 20% which is made possible by technology that enables social media platforms, online shopping and online marketing strategies.

E-commerce in particular makes use of the internet to create and manage markets digitally while offering a full range of products, services, technology and goods. There are a number of IT trends which are helping in the growth in this explosive sector by allowing customers to browse products, compare similar products or services, buy and pay for products more easily. Here are some trends shaping the e-commerce industry which is made possible mainly by IT adoption,

  • Guided digital assets: IT enables the provision of how-to videos, manuals and step-by-step guidance on products and services. This is gaining more prominence and welcomed by customers. Customers are interested in getting complete details and higher level information while buying rather than reading generic information. High level content when combined with easy navigation and guidance in all the stages of transaction enable users to seek more online products or services.
  • Marketing and personalization: IT is enabling customers to configure and personalize their product selection which is another trend. Marketing professionals use analytics to profile customer needs, suggest buying options. Digital marketers also target online users with products and services by using their browsing behaviour, demographics and browsing history. Personalized recommendations and ad retargeting is proving to be effective in creating an impression with online users. For instance a user after having browsed certain products will be able to see those product ads in subsequent websites as they continue their online journey. This marketing technique is used by e-commerce companies to gain new customers. IT offers the tools and applications to facilitate this trend.
  • Mobility and mobile apps: As people seek more information on their smart phones, mobile marketing is also gaining prominence. Integration of transaction functionalities in mobile devices allows a user to make online transactions. The increasing proliferation of mobile users helps online business companies, but the e-commerce portal must have capacities to handle large volumes of data to perform transactions accurately. The adoption of cloud service models in e-commerce is ideal to handle transactions at scale.
  • The role of social media platforms: A majority of e-commerce firms use popular social media platforms such as Facebook, Twitter or Pinterest, etc., to reach their potential customers. With social media it becomes easy to interact with customers and understand their interests. Social media is proving to be an effective digital marketing tool and widely integrated within the e-commerce industry because it becomes easy to reach large number of customers quickly. Further, product and service feedback in social media channels make an effective impression on the minds of social media users. The use of emerging technologies such as big data tools and analytics for gaining business value is easily facilitated by IT services namely, the cloud based SaaS model.
  • Loyalty programs and support: IT adoption facilitates e-commerce firms to devise loyalty programs with rewards for partners and discounts for customers easily, because all of them are well connected. Further help desk and support are made more efficient for customers through IT. Customers expect a seamless shopping experience which is enabled by the integration of CRM systems with point of sale to complete a transaction.

As e-commerce businesses take advantage of these trends fostered by technology, choosing the right technologies is important to successfully gain business value. As new technologies are developed, agility is also crucial to make things work together by focusing more on sales and customers rather than focus on IT infrastructure. IT infrastructures for e-commerce are easily available from data centers offering cloud service models provide a variety of technology options for e-commerce businesses to reach customers globally.

Best Practices in Managed Services

Managed services profession refers to the management of IT assets by a third party on behalf of a customer. Managed services are quite complex and diverse as technologies evolve and business needs change rapidly. To overcome the complexities in providing managed services in IT, a set of best practices have been developed and are followed globally. The best practices can be employed to all types of organizations irrespective of their nature of operations and size. In fact they also allow MSPs to become more efficient, scalable and profitable.

According to MSP Alliance – an International Association of Cloud and Managed Service Providers, the term managed service is defined as: “A Managed service is the proactive management of IT assets or objects by a third party known as MSP on behalf of a customer. The operative distinction that sets apart a MDP is the proactive delivery of their service, as compared to reactive services, which have been around for decades”. Applying this definition in the context of IT, a managed service provider (MSP) is a company that provides IT services that include web hosting, network operations center (NOC) based IT services, applications and equipment to organizations and customers.

In IT services industry, data center companies offer managed services and solutions to a variety of clients in different verticals. MSPs are becoming more generic with functions such as help-desk, cloud services and outsourcing which are quite common nowadays. MSP functions are specific to each type of industry. The most common types of IT solutions under managed services offered by data centers include storage, desktop, hosting applications, servers and security, including mobile device management. At the same time, it is important to note that not all managed service providers are technology based. MSPs can also include areas such as marketing or transportation among many others.

In this post, we explore some of the best practices followed in managed services under IT. MSP is a specialized company which offers IT services to its clients. MSPs provide support to clients in supporting them to choosing the services needed for their operations and then manage them. MSP keeps track of all programs that run in the background of a client company, monitor them and also provide upgrading wherever necessary. In fact managed services follow globally recognized standards of best practices followed in the IT industry. The best practices briefly summarized below can be applied to all types of organizations and are considered as fundamental to running a successful business. The best practices under managed services are:

  • Ethics: MSPs have access to client’s sensitive information, corporate data, knowledge and assets. Therefore the level of trust must not be taken for granted and MSPs have the obligation to protect client information and behave in an ethical manner. MSPs adhering to a strong ethical foundation can easily find their business sustained in the long run.
  • Impartiality: Impartiality is one characteristic that sets the MSP as unique from other IT service providers. The approach by MSPs here is to elevate the client’s interest above the business or commercial interests. This is done by evaluating the situation for client and suggesting a course of action that is in the best interests for client’s growth. Further since MSPs have multiple clients and hence conflict of interest must be avoided at all costs.
  • Statutory regulations and laws: MSPs must be aware of the legal aspects and must be able to advice their clients on protecting their networks, data and information assets from loss. For example, today there are many laws that deal with data breaches for instance laws explain what a company can do during data breach. Good MSPs guide their clients effectively on appropriate legal recourse and support to assess the impact of their clients.
  • Confidentiality and Security: MSPs have access to highly sensitive information provided by clients. Therefore MSPs have to maintain confidentiality and should not divulge information to others. At the same time clients must also develop trust with MSPs and divulge certain important information which will help the MSP to do their job more effectively for the client. MSPs ensure certain precautions to ensure client’s data is secure and security measures are in place.
  • Processes and Tools: Some of the standard IT service delivery processes include ISO, Six Sigma, ITIL, CoBIT, etc. Some MSPs using their knowledge and experience also create their own processes and tools to demonstrate their uniqueness. MSPs by utilizing different tools deliver services to the client. Some common examples of tools include technology monitoring, financial, marketing/sales and so on. Managed service delivery process is one critical tool and a good practice used by all successful MSPs.
  • Disclosure: Disclosure is one best practice or professional obligation by MSPs to their clients. Sometimes disclosure might explain that the MSP is unable to represent a client due to their commitment with another existing client. It is best to interview the nature of the organization prior to agreeing on services.
  • Expertise: Clients approach MSPs with the assumption that they have good levels of IT and business knowledge. In some situations the MSP may not be able to perform a task due to various reasons. MSPs should adhere to maintaining standards and demonstrate proficiency required in a managed services professional.
  • Protection: MSPs naturally tend to protect themselves because IT is a highly coveted area. MSPs tend to regulate their area of expertise and services. This is evidently IT industry is self-regulated by itself for several decades instead of being regulated by some governmental agency. MSPs should also proactively protect themselves by following the best practices from being concluded as harming the welfare of general public.

The above best practices while being followed will certainly result in managed services profession growing in the next several years. Managed services growth is also fueled by increased complexities in IT management and compliance. Businesses need MSPs and this need is largely fulfilled by professional MSPs with their constantly evolving best practices.

Data Center Security Strategies

Information security has always been a baffling area for security experts as they attempt to protect the infrastructure and systems from hackers and accidental users. In the increasing threat landscape it becomes vital to protect information assets but information security is unable to cope with the speed of business and IT deployments. In such scenarios traditional security measures are no longer effective while trying to address threats aimed at the insides of dynamic computing environments such as data centers.

The increasing demands of outsourced IT services such as virtualization, cloud models, storage, etc., availed from data centers is fuelling the need for comprehensive security strategies to protect critical data and systems. IT experts raise concerns that information security is unable to cope with the speed of business and IT deployments. Traditional security approaches focus on anti-virus software, firewalls, ports, subnets and network parameters and focus on preventing rogue packets at the periphery of the network. If case of a breach, the attacker has complete access to all systems and data in the network. Further perimeter defense fails to prevent internal threats.

The changing threat landscape with new types of malware, Trojans and worms is driving the need for more robust strategies to protect data and information assets in data centers. SANS Institute in October 2015 did an analyst survey named SANS Dynamic Data Center Survey involving 430 IT security professionals. The survey findings indicate that 37% of respondents have experienced attacks on workloads in their data center or cloud environment. On the whole, 44% of respondents have lost critical data and 55% respondents are unhappy with existing attack prevention and recovery times. These data suggest that security strategies should be aimed at protecting all the components in an enterprise IT environment to effectively manage and minimize weaknesses and vulnerabilities that expose organizations to risk.

There is a need for in-depth defense for the network, servers and end-points and applications along with additional layers of security operations for infrastructure protection. Such robust and comprehensive attack prevention schemes can ensure IT security to protect data assets and systems in dynamic computing environments. Some of the security strategies to consider in an ever increasing demand for IT services are given below.

  • Strategy for Data Center Deployments: Data centers due to their less complexity, flexibility and scalability offer on demand services to meet business needs. The recent increased demand for hybrid data center deployments proves that IT plays the strategic role of business enabler in India (Express Computer, March 2015). In such scenarios, the security strategies that offer trust boundaries must be replaced with trust zones, across physical, logical, virtual and cloud environments. The best approach would be to eliminate inconsistent policies in the data center and provide a single focal point for managing security policies across all physical and virtual instances. At the tactical level, the security policies must be applied to be aware of the context, identity and applications. All data at rest and in motion must be secured between the data center and the enterprise organization.
  • Security is ramped up at the Architectural level: In this strategy, datacenters in order to have highest availability and integrity must implement security controls as part of data center architecture. The security control must be optimized for each component or module – servers, network, storage and data and so on. Security is a continuous process and therefore, enterprise wide risk assessment with real-time visibility is very crucial in prioritizing enterprise security and protection. Real time protection is the key to identify assets that are risky and critical across all components in the data center. Workloads must be secure to detect system level changes across remote locations to assure data migration between workloads is safe. It is important to secure virtual desktop infrastructure along with VM traffic and also the server resource utilization.
  • Security is ubiquitous: Security policies must be ubiquitously managed to ensure efficient risk and compliance management. Datacenter operations will be efficient only when workloads, servers, storage, networks and applications are secure in physical, virtual and cloud infrastructures. Security deployments must comply with standards such as HIPAA, PCI, etc., and must provide real-time insight across data, applications, servers, networks and endpoints. Security strategies must be able to deliver end-to-end assurance, from the perimeter to the core of the data center.

While developing and implementing comprehensive security measures, in-depth security implementations in data centers are the key to optimize business critical services and availability. Corresponding SLAs must be ensured for maximizing resiliency and minimizing downtime. As data centers are becoming dynamic to provide hybrid services that are ubiquitous, risk and compliance requirements are highly important.

IaaS Adoption Strategies

IaaS is a cloud service model used to describe IT infrastructure capabilities in a well-defined manner. Infrastructure capabilities does not limit itself to IT hardware and networks but also provides a platform for business agility and applications reliability. An enterprise considering deployment of cloud IaaS model must develop well planned strategies to exploit the technology in order to achieve business goals and maximize business bottom-lines.

Infrastructure-as-a-Service (IaaS) is a style of IT enabled capabilities that are delivered as a cloud service model for organizations. IaaS is understood as equivalent to a private data center or scalable IT infrastructure service which can be accessed using internet technologies. Large organizations such as government, enterprise businesses, and especially SMBs stand to gain from IaaS due to its scalability and other immense benefits such as on-demand self-service, self-provisioning, measured access, broad network access, rapid elasticity and centralization of data and applications to mention a few.

IaaS service models offer complete IT infrastructure services (compute, storage, network and software) that can run platforms and applications across a variety of operating environments. Other important benefits of IaaS include,

  • Reduced cost on hardware and resources
  • Security and interoperability of data
  • Portability of applications across platforms
  • Dependency across a wide range of networks

For instance, enterprises often face the challenge investing in IT sources and infrastructure for handling economies of scale as the business grows and expands into new markets. Cloud computing IaaS models offered by data centers is a viable environment for enterprise organizations through which the challenges related to managing IT infrastructure are easily overcome.

According to Earnest & Young report titled Cloud Adoption in India surveying SMBs on cloud services adoption around 55% of SMBs have indicated their readiness for cloud based storage services which is a capability of IaaS. Gartner Research on cloud computing services adoption worldwide explains that, enterprises planning for IaaS deployment must make sure they develop strategies using bimodal approach. Mode 1 explains on reliability (in terms of infrastructure to support business efficiently, innovations) and Mode 2 on agility (adapt and scale up or down automatically to changing business scenarios).

In spite of the value proposition offered by cloud service providers, it is highly essential on the part of organizations to develop an appropriate business case to deploy an IaaS model based on their unique business operating circumstances and requirements. Some important IaaS adoption strategies to consider are:

Use a bimodal approach: Organizations must first question themselves on what exactly they need from cloud IaaS. The bimodal approach is highly essential for any business because business companies need two things – maximum business agility and greater efficiency. Greater efficiency falls under mode 1 and business agility in mode 2. Though, mode 1 will help to achieve agility by incremental improvements, mode 2 will result in efficiency gains. The priorities of reliability and agility are different in organizations and hence IaaS strategies should be developed by considering both the modes. For instance, Mode 1 eliminates the need for personnel in routine IT operations, improves provisioning time and reduces hardware cost. Likewise, mode 2 enables quick delivery of applications, enhances digital business capabilities, exploit new business opportunities, provision resources rapidly and so on. Hence, organizations planning for adoption should consider this bimodal approach for adopting cloud IaaS.

Develop a cloud IaaS strategy: The cloud IaaS strategy must clearly highlight the investments made on technology. This must be tied to line of business (LOB) goals and should have management buy-in. The strategy must explain cloud IaaS benefits and expected outcomes across all functional areas in the organization. Strategies will consider points such as implementation plan (long-term, short-term), identifying workloads that can be moved to cloud, defining security and related systems such as disaster recovery, defining how users can access the infrastructure, that includes mobile strategy, monitoring the performance of IaaS and finally articulate how IT will effectively handle business process requirements and service requests to enhance business relationships.

Enhance Application life cycle: Infrastructure serves applications, developers and users alike. In this strategy the approach should incorporate infrastructure into the application lifecycle as opposed to managing only the infrastructure. The tools and methods of DevOps focus on continuous integration and continuous deployment to result in the integration of infrastructure automation along the entire application life cycle. IaaS also offers storage and network capabilities along with load balancing in addition to compute environments. Therefore, with initial provisioning cloud IaaS strategy must focus on ongoing upgrades, applications maintenance and release cycles. A more comprehensive strategy can include platform level services such as database and other middleware services.

Critical considerations: Business enterprises when transitioning to cloud IaaS need to consider certain critical aspects such as,

  • Specific business areas that are appropriate for cloud IaaS
  • Evaluating services offered by cloud vendors or data centers
  • Specific SLAs related to performance indicators of IaaS, risks, security, etc.
  • Monitoring performance and measuring IaaS usage from the organization’s perspective
  • Benchmarks for evaluating application performance in the data center
  • Understanding on how resources are pooled within the data center
  • Broader operational and cultural implications due to IaaS adoption

Cloud IaaS offers a viable environment to better align IT with key business goals and initiatives at reduced costs. The strategies outlined here are intended to help enterprises while planning to adopt cloud IaaS service to overcome infrastructural management challenges in rapidly changing business scenarios.

Risk Mitigation through DR

Timely information is the key to business success and in today’s scenario most organizations are fully dependent on IT enabled services to achieve their business goals. However IT is filled with risks such as viruses, malware, worms, hacker attacks, etc. Hence, it is crucial for organizations to protect information and critical business data in their IT systems. IT risks are managed by implementing comprehensive disaster recovery plans.

Risks in IT are a result of vulnerabilities and their resulting threats. Vulnerabilities are basically the weaknesses in a system or in the infrastructure. For example, not having adequate backup of data and information is vulnerability because in the event of hardware or software failure, important data could be lost. Similarly, not using the latest virus scanners is vulnerability. Threats are understood as a source or event that has the potential to accidentally trigger a misuse of IT systems or intentionally exploit a specific vulnerability. For example, stealing of passwords by hackers, viruses, worms, spam emails, etc. are threats. Threat also includes natural events such as storms, electric outages, high-voltage surge due to lightning, flood, fire, earthquake, etc. IT systems are vulnerable also to natural threats.

Vulnerabilities and threats in IT can be successfully handled and mitigated by developing a comprehensive disaster recovery management plan for the organization. Therefore, risk in IT is a function of threat and its potential vulnerability which always results in adverse impact for the organization. To avoid negative impact, risk management must be commensurate with the organization’s strategic objectives and focus on securing data and systems (hardware and software). IT risks can be managed effectively by security planning as well as disaster recovery (DR) planning.

DR plans will implement policies, procedures and actions to minimize disruptions to business in the event of a disaster and in order to ensure business continuity. The very first step in DR planning is to establish processes for business impact analysis (BIA). BIA processes helps to identifying specific risks and analyzes the impact of all IT enabled business processes. Using BIA as the key, other important elements to consider while developing a DR plan will include,

  • Clarity in organizational responsibilities: Many organizations fall short in determining roles and responsibilities in terms of DR. DR is more than just restoring data on servers or replicating databases, instead DR plan will ensure the applications and systems are able to support business functions. Here the participation of non-IT members is needed to understand the impact to business units while developing DR plans.
  • Define application recovery service levels: Application recovery services can be catalogued based on different levels of recovery provided by BIA. DR offers the insurance for protecting data and critical information however, efficiency in application recovery is also important. Aligning applications according to the levels of recovery obtained from BIA and restoring them with business functions according to their importance must be included in DR plan. For instance, restoring data related to product features immediately after a disaster is important for sales and marketing units.
  • Apply a cost model for DR: It is important to note that IT service levels are highly influenced by cost. The cost model can include items such as hardware, software maintenance, support, personnel and facilities. A carefully developed cost model can significantly result in continued IT services efficiently. Cost models are a must when business organizations hire IT services from data centers. Data centers provide different cost models based on business requirements.
  • Establish secondary facilities and involve experts: Many organizations consider the option of having an additional back-up facility in case the primary facility will experience a disaster. People with skills and capabilities for restoring IT services are needed to assist business users in restoring their data, applications and services without disruptions.
  • Establish standardized procedures: In the absence of DR planning, day to day operations can be disrupted to result in heavy losses for the organization. There are instances where organizations have compromised their mission critical data during a disaster. The need for adequate documentation to highlight risk analysis for key IT enabled business processes cannot be overlooked. Many organizations have embraced and implemented standard frameworks for security such as ITIL to significantly improve their chances of mitigating risks due to disasters (man-made or natural).

Large organizations that are dependent on IT cannot tolerate downtime of their business critical applications. DR plans help organizations to restore applications and data efficiently. In DR plans, provisioning IT services is done in order to ensure business continuity quickly without long disruptions. The objective of implementing DR is to mitigate threats, but it should be noted that DR plans once implemented does not provide all the protection required from new type of threats or attacks. DR plans are dynamic and must be updated and validated regularly whenever new types of threats arise.

IaaS Adoption in BFSI, Healthcare and E-Commerce Sectors

IaaS adoption is advancing in a massive scale by enterprises as years roll by. Business enterprises are quick to capitalize on emerging new markets and potential opportunities through the use of cloud IaaS services offering IT management and service delivery at scale. Recent surveys and expert opinion on adoption of IaaS mention that IaaS deployments are significant in the areas of BFSI, health care and e-commerce sectors.

Cloud computing services stands 4th place in the IT sector after mainframe, PC and internet. Cloud IaaS model is revolutionizing IT by providing new dimensions on how IT resources and technology can be leveraged to exploit potential business opportunities. Industry experts view cloud IaaS model as the most dynamic utility computing service presently available. For instance, the promise of pay-as-you-go pricing model and infinite scalability are some of the key drivers for cloud adoption across different industry verticals.

In India the need for inexpensive and effective IT services is driving cloud services across all types of organizations. In a summit titled ‘Gartner IT infrastructure operations & data center’ held in May 2015, Gartner report explains that IaaS spending in India is $104.8 million which is an increase of 38% in revenue compared to previous year and analysts predict IaaS adoption is expected to grow through 2018 to reach $1.9 billion.

In India, cloud IaaS adoption alone is expected to grow over 40% in 2015, according to a survey on IaaS adoption in India done by Knowledgefaber, an independent research and consulting firm. In India three main sectors namely BFSI (Banking Financial Services and Insurance), Health care and E-commerce sectors are found to be high adopters of cloud IaaS. These three sectors are explored for cloud IaaS deployment benefits in their area of operations.

  • BFSI: BFSI sector require vast IT infrastructures to efficiently handle huge volumes of data on a day-to-day basis. Cloud IaaS offers certain specific benefits to banks for facilitating and servicing customers with latest technologies while reducing overhead cost in their physical branch. In cloud IaaS customers are allowed to access their personal details and perform online transactions using any type of device from anywhere.
    Cloud IaaS service enables efficient mobile banking capabilities and customer relationship management with automatic scaling or descaling based on network or server workloads. BFSI organizations leverage cloud IaaS to enable online transactions for customers and serve customers through ATMs, thus optimizing resources in their branch offices. Further financial institutions, mainly banks and insurance companies are also able to widen their customer base into rural areas due to the availability of internet and mobile services.
  • Healthcare: According to Forbes magazine, over 83% healthcare organizations are using cloud based services and porting a variety of healthcare apps on the cloud. The need for healthcare IT is due to the fact that more and more information (patient conditions, research data, drug information, data gathered from various computer controlled devices in therapy) is immediately available in digital form. To handle this huge volume of data across multiple locations requires robust and reliable IT infrastructure.
    Healthcare organizations continuously face challenges in terms of mining clinical data and historical records, compliance to healthcare regulations, potentially damaging drug recalls and effectively respond to unexpected negative events such as sudden epidemic outbreak, viral infections, etc.
    A cloud IaaS service from a data center allows pooling of IT resources and is easily made available through the internet to hospitals, clinics, laboratories, research centers. This brings experts together with collaboration tools to provide effective healthcare to patients and facilitates health information exchange for effective treatment.
  • E-Commerce: E-commerce is another area of picking up momentum particularly with SMBs and retail business companies. E-commerce applications primarily have functionalities such as automated workflows, online transactions and customer support which require speed and quality of service for customer satisfaction and retention.
    Cloud IaaS enables cost cutting with speed and provides specific benefits such as reliability in transactions and efficiency in handling large number of customer requests. The multiple layers of security in the cloud to ensure transactions and private information are protected. The usage based pricing model and on-demand self-service along with scalability are some attractive propositions for e-commerce businesses.
    IaaS offers the infrastructure to implement and run web based applications thus eliminating the need for costs in building an IT infrastructure. Further data generated in e-commerce software is stored in a centralized servers making it secure from theft or leakage. In summary, e-commerce companies’ benefit from IaaS in overcoming issues related to security, data integrity, scalability and above all allowing customers to access information from different devices.

Cloud IaaS services play a facilitating role for business enterprises by providing hardware and IT infrastructure to manage any type of business functions with agility. IaaS services are available from data centers at a fraction of cost compared to capital expenditure likely to be incurred in building an in-house infrastructure network.

Best Practices in Disaster Recovery and Business Continuity

Business enterprises depend on information to survive and to ensure business continuity. However, in IT protecting information from disasters is a constant challenge. In spite of having adequate data backup and storage, companies face business disruptions and useful data is lost. Thoughtful planning and collaboration of people at all levels in the organization can help to develop comprehensive disaster recovery and business continuity plans to adequately protect critical business data from loss.

The term disaster recovery is relative because disaster has many forms and will occur unexpectedly. IT systems, servers, data and applications are vulnerable to disasters like floods, hurricane, power outage, hardware failure, attacks and hacks on servers or network and also to human error. Inadequate planning in technology and business can compromise critical business data and cause substantial financial downfall. Most of the disaster issues can be mitigated by developing comprehensive DR plans and restore business operations within few hours, instead of days as earlier. DR plans are aimed at protecting data and vital assets in the organization. It is important to note that DR planning is unique for every organization.

Consider a scenario when important notices or information must be sent to specific set of people at a given time. If IT is down, the cost of downtime can result in the company losing its value with customers, stocks decline and stakeholder confidence is lost. Therefore, DR plans in an organization should identify potential risks that exist within their IT environment and define steps to mitigate those risks in order to ensure business continuity.

Business continuity and DR planning is often defined as an ongoing process that is integrated with day to day operations. For example if a C-level executive will notice his email is down or is unable to generate a report for decision making, this cannot be tolerated. The process involved in a DR plan includes certain key elements to ensure efficient and effective restoration of critical business functions in the event of an unplanned disruption. The key elements to consider in BC and DR planning includes,

  • Assessment of critical applications
  • Procedures for Back-Up and Restore, recovery of data
  • Procedures for implementation and testing and maintenance

Some of the best practices which can be considered while defining DR plans are:

  • Catalogue systems and identify all impact: BCDR planning starts with identifying applications and data for their criticality and their cost of downtime. Also, the recovery points and recovery time objectives (RTO) for each component is understood. For example, the negative impact of losing critical customer records or network connectivity must be understood and planned appropriately. The plan must include all the systems and services (servers, storage disks, network components, etc.) participating in business operations must be catalogued and the RTO for each component is understood and plans are defined.
  • Involve people in BCDR: Normally, DR responsibility falls with IT or a single person in the company. If this person is not available during a disaster event, the company has all the recovery plans, but no one to restore the systems. Therefore, several people from different departments can be trained to handle recovery procedures, it will be best to train some people outside the primary data center region or another team of people in another region are taught on applications and data recovery, particularly in a hosted environment.
  • Ensure redundancies to protect mission critical data: The plans will ensure that adequate resources are available for backing up data and applications. In case of availing cloud services from data centers, the company must ensure appropriate SLAs in place for disaster recovery to make sure applications and data are available at all times. SLAs must also define infrastructure redundancy like replicating data in another location for availability in case if the primary data center is down for some reason. Infrastructure redundancies to consider in plans will include power, cooling, telecom, network and other related hardware.
  • Include changes to DR Plan as and when they occur: BCDR plans must include all critical business processes and their associated applications, their SLAs, data sources and steps to recover within their recovery points and RTO. For example, if a new application is implemented, or if applications and data are moved physically to a cloud, the earlier plans are outdated. It will be best to keep plans aligned with changes in the operating environment and documented fully.
  • Periodically evaluate BCDR Plans: BCDR plans are evaluated periodically by running vulnerability tests and appropriate patching is done for protection to systems and infrastructure. Latest technologies are also evaluated for their benefits in ensuring business continuity and to develop a new set of SLAs. The evaluation and testing of plans must consider future requirements and ensure a fail-safe infrastructure for the organization.

In spite of diligent planning and continuous evaluation of BCDR, IT failures are common and hence DR is a continuous process. Companies can consider these best practices in BCDR planning to overcome IT disaster nightmares.

Cloud and the role of SLA

As cloud computing is taking center stage for different IT enabled business enterprises it is highly essential to define policies, procedures and service level agreements (SLA) in order to maximize the value of cloud for both the consumer and the service provider. SLA statements written must be measurable, achievable, relevant and timely and should remain specific for cloud services aimed at minimizing ambiguities for both the cloud consumer and the cloud service providers.

The cloud service models (IaaS, PaaS, SaaS, etc.) offer new paradigms of computing resources and IT enabled capabilities for all types of organizations. IT industry experts claim that over 80% of enterprises have adopted some cloud service in their organization. The key term ‘service’ in cloud computing creates the need to develop contracts named service level agreements (SLA) between the client organization and the cloud service provider (CSP). SLAs are used by companies for a long time, especially when the company hires third party service provider to manage some of their business operations. SLAs will ensure the consumer receives all the services availed as agreed by the provider and of course ensure money’s worth for the client.

Likewise, an organization deciding to hire cloud services for their IT needs, SLAs come into play to make sure the services offered by the CSP are delivered as promised. SLA has become a pre-requisite due to cloud business strategy and provides series of rules and directives that must be taken by cloud consumers to evaluate and negotiate terms with CSP. It describes a set of non-functional requirements of cloud services. An example of SLA can be the return of operations (RTO) in case of any service failure in the cloud.

Cloud SLA is imperative for compelling reasons,

  • Ensure availability and uptime
  • Specific performance benchmarks to compare actual cloud performance
  • Availability of usage statistics for the consumer
  • Informing scheduled changes to consumers in advance (eg., maintenance downtimes)
  • Help desk and support to resolve specific issues
  • To clarify the scope of resources used in cloud service of interest

SLAs are the means of documenting cloud services between the CSP and consumer and play a major role for the following reasons:

    • Roles and Responsibilities: Consumers must understand the roles and responsibilities and business relationships between them and the CSP. For example, an indirect actor namely cloud carrier is an entity providing the carrier or transport for cloud services between CSP the consumer. In this scenario, the SLA must cover provisioning of alternative carrier in case of non-availability our outage with one carrier. According to NIST (National Institute of Standards and Technology) reference architecture, the actors involved in cloud are: Consumer, CSP, Auditor, Broker and Carrier, with unique roles. Cloud consumers must recognize and understand the activities and roles of each entity or service in the cloud as explained by CSP including their own set of responsibilities.
    • Examine Business Level Policies: Business level SLAs would define Guarantees provided by the CSP (for example, guarantees will include 99.99% uptime, measurable performance and usage, etc.). Acceptable use policy is a business level SLA statement where the CSP describes how the service should be used, List of services not covered and Excess usage. Normally, the CSP will encourage the consumer to buy resources that is only required for their business. Other policies will include Payment and penalty models, Activation, Renewals, Transferability, Sub-contracted services, Licensed Software, Industry specific standards and Support.
    • Data Level Policies: Data level policies are critical in SLA. Here CSP will explain on how the consumer’s data is governed and protected in local jurisdiction or other locations where the data will reside or made available. Consumers must carefully evaluate legal requirements on how SLA will handle issues related to movement of data to offer multi-site storage in different jurisdictions for redundancy. The other critical SLAs in data level policies include, Data Preservation – backup, restore, redundancy, etc.; Data Locations – will verify data locations for consumers; Data Privacy – defines how consumer data is secured and used; Data Seizure – in some circumstances the data can be seized by government agencies, etc. Therefore, data level policies in SLA are the most critical policies which must be evaluated thoroughly by consumers.
    • Service and Deployment Model Differences: Service models are categorized as IaaS, PaaS and SaaS. The service models in cloud are unique in terms of service delivery and are defined with unique SLAs. Likewise cloud deployment models are private, public and hybrid clouds which have a unique set of SLAs. According to Cloud Standards Customer Council (CSCC), consumers should understand the nuances of service and deployment models and their corresponding SLAs because their value and risk varies significantly.
    • Describe Objectives for Critical Performance: SLA in performance objective relates to efficiency, accuracy and service delivery. Performance statements in the SLA will help consumers to measure and audit different aspects on cloud performance. Performance metrics are dependent for each service IaaS, PaaS and SaaS. For example, performance considerations for IaaS will include network and compute and so on.
    • Security and Privacy Considerations: SLAs related to security and privacy considerations deals with information assets – data, applications, functions and processes and can be defined based on criticality and sensitivity of consumer data. Normally CSPs offer global security standards defined in standards such as ISO, COBIT, ITIL, etc. The SLA will also cover alternative actions in case of security breaches or data loss for the consumer.

In addition to the above roles, SLAs will also define areas such as disaster recovery, service management, auditing, self-service metering and provisioning, solutions for service failure, remedies and limitations in cloud services. SLAs will also state exit processes followed in case a consumer wishes to discontinue from a service provider.

Private Cloud vs Public Cloud

The debate on which cloud model is right for business often arises when an organization plans to migrate to the cloud. Both, the private and public cloud models have their own set of pros and cons. Any organization migrating to the cloud must first carefully understand public and private clouds for their benefits and disadvantages and finally decide their journey into the cloud.

The advent of cloud computing models is providing new directions for organizations in terms of scope and value. Organizations that are fully dependent on IT to meet business goals have understood the value of cloud computing for its availability, scalability, instant provisioning, virtualized resources and storage. Both private and public cloud models are available from cloud service providers but, first an organization thinking to deploy a cloud service must carefully examine the advantages and disadvantages of both private and public clouds.

Public clouds are hosted services available by cloud service providers on the internet. Organizations that use web servers or application systems where security and compliance requirements are not very rigid normally prefer to use public clouds. For example, public cloud services are available in the form of web based email, data storage or file transfers over the internet, online office applications, web hosting and so on. Public clouds are most suited for start-ups and small businesses because of minimal set up costs. The resources (servers, storage, etc.) are shared between multiple users publicly and the infrastructure, services and usage policies are managed by the service provider.

Contrary to the above, private clouds or enterprise clouds are used by organizations that have security, compliance and data privacy as their top priority. Private clouds are deployed inside firewalls and offer robust IT security for the organization. If a data center infrastructure is already available with the organization the private cloud can be implemented in-house. However, for having in-house private clouds the organization needs to invest heavily in running and maintaining the infrastructure which can result in significant capital expenditure. This can be a major setback for organizations thinking to reduce IT budgets. Private cloud services are also made available by cloud service providers or data centers. Examples of private cloud implementations can be easily found in areas such as banking and financial institutions, large enterprise organizations, government organizations, etc. where only authorized users are able to access the system.

It is essential to understand the intricacies of both these models before deciding to choose the appropriate model for the organization. The table below summarizes the main factors which can be used to determine between private and public clouds.

Private Clouds Public Clouds

Private cloud infrastructure is a dedicated infrastructure provided to one single organization or client.

  • Controls: Better controls for data, users and information assets.
  • Cost: Initial investment for hardware is very high in case of an on-premise infrastructure.
  • Security: The cloud belongs to a single client. Hence, the infrastructure and systems can be configured to provide high levels of security.
  • Superior Performance: Normally private clouds are deployed inside the firewall of the organization’s intranet which ensures efficiency and good network performance.
  • Easy Customization: The hardware and other resources can be customized easily by the company.
  • Compliance: Compliance is achieved easily in private clouds.

In public clouds the resources are shared between multiple clients and all the services are controlled by services provider.

  • Simple and easy: Public clouds are available as a service in the internet, they are easy to deploy.
  • Cost: Initial investment is very low or nil.
  • Less time: The IT resources and services are available immediately saving time for the company.
  • No maintenance: The hardware and networks are maintained by the cloud services provider. Internal IT staffs have no responsibility in maintaining the infrastructure.
  • No contracts: No long term commitment with service provider because public clouds are usually pay-as-you-go models.
  • Cost: Costs are substantial in the case of building an on-premise private cloud. The running cost would include personnel cost and periodic hardware upgrade costs. In the case of outsourced private cloud, operating cost will include per resource usage and subject to change at the discretion of the service provider.
  • Lacks proper controls: The client has no control of data or infrastructure. There are issues of data privacy and integrity. The service level policies and compliances are completely enforced by the service provider.
  • Under-utilization: In some instances the resources subscribed can be under-utilized. Hence, optimizing the utilization of all resources is a challenge.
  • Performance: The performance of the network depends on the speed of the internet connectivity.
  • Capacity ceiling: Due to physical hardware limitations with the service provider, there could be a capacity ceiling to handle only certain amount of servers or storage.
  • Weak on Security: Since the hardware resource is shared between multiple users, IT security issues are more profound and data is vulnerable to thefts.
  • Vendor lock-in: This can be a major impediment in private cloud adoption especially when the hardware and infrastructure is outsourced. This is a service delivery technique where the client company is forced to continue with the same service provider, thus preventing the client to migrate to another vendor.
  • Customization: Customization of resources or services is not possible.

Depending on the organization’s computing environment based on the above factors along with the levels of security and scalability needed, the organization can decide between deploying a private or public cloud.

Top 5 benefits of Desktop as a Service (DaaS) Adoption

Organizations constantly face the need to upgrade or replace many of their client systems due to changes in technology and to use new applications. These physical systems are replaced by virtual machines by deploying desktop as a service (DaaS) solutions which offers many new exciting end-user computing solutions for organizations. DaaS offers the potential for organizations to accomplish multiple objectives: minimize costs, simplify IT management, improve security and employee productivity and make the organization more competitive and many more.

The advances of technology such as cloud computing and virtualization is enabling organizations to capture value. In the current competitive environment IT faces many challenges that include reduced budgets, increased security, availability of data and applications on multiple operating platforms, mobility for employees and remote access computing. To reduce expenses on end-user computing infrastructure, many organizations considered the solution of virtual desktop infrastructure (VDI) to enhance desktop management. However implementing VDI in-house required high upfront costs and people with specialized skills which were difficult. To overcome some of these issues, desktop virtualization provides the potential solution.

Desktop-as-a-Service (DaaS) is a computing approach under desktop virtualization which enables the movement for organizations from physical to virtual desktops where the applications and infrastructure is managed from the cloud. The significance of DaaS was highlighted by industry experts, such as the report, ‘The Year of DaaS’ in 2014 by VMware and Citrix. In simple terms, DaaS can be understood as a service where users are able to gain access on anything using any device running any operating system from anywhere.

Compared to client-server computing, DaaS can significantly reduce costs and enhances productivity because employees are able to work from anywhere and anytime. This in turn helps organizations to provide an employee friendly workplace by supporting BYOD. DaaS is made available from the cloud infrastructure and hence it is easily scalable and elastic – maximum performance for any number of devices. Gartner indicated that with the advent of DaaS, PC shipments have reduced significantly worldwide to almost 7% in 2014.

In addition to these advantages, DaaS offers some top benefits for organizations that include,

  • Financial benefit: Organizations migrating from Windows XP to Windows 7 or 8 would need to upgrade their client hardware. Using DaaS clients can access data using any device running any OS. This eliminates the need for upgrades, thus resulting in substantial savings from capital expenditure spent on client hardware. In addition to reduced capital costs, savings in operating cost is possible because data, applications, storage and maintenance are done from a centralized location. This eliminates the running cost in maintaining client systems.
  • Efficient Management of IT: Organizations need not have to wait for weeks or months to upgrade and configure client desktops. Instead, IT resources and appropriate desktop rights are made available for the entire organization within few hours. In DaaS, work-related systems and applications are centralized thus allowing IT assets to be managed efficiently. DaaS is considered an ideal solution for organizations that have recently undergone a merger or acquisition, because the service helps in overcoming the biggest challenge of managing disparate infrastructure. With DaaS new employees can be integrated quickly without any major overhaul of IT infrastructure.
  • Mobility and Employee Productivity: The recent trends of mobility such as bring your own device (BYOD) is supported by DaaS. More and more users are clamoring for mobile access to applications, data and services. DaaS offers to provide consistent performance no matter the type of device format or brand. Employees using their own devices can login to their company systems and immediately access information from applications such as ERP, CRM, etc. This benefit is found highly useful in global industries such as financial services, travel and retail to mention a few.
  • Increased Security: DaaS helps companies overcome many risks by maintaining all sensitive data and applications in a central location. Data and applications when stored in client systems are easy targets for hacking attacks, loss, theft and corruption. Since DaaS maintains data in the cloud, helps IT to overcome the nightmare of security gaps. For instance the security challenge of BYOD can be mitigated by implementing consistent set of security protocols across user devices irrespective of any hardware or OS.
  • Support for new business capabilities: Organizations seek to acquire best talent from around the world. The recent trends in workforce demand environments such as flexible work timings, ability to mix personal lives, collaborate with partners and social business initiatives are easily enabled by desktop virtualization. DaaS enables mobility where employees are able to address customer needs immediately, collaborate with others while gaining access to company data. This in turn provides new strategic directions for improving value for the organization without any additional cost.

The move by organizations from physical PCs and laptops to DaaS is mainly influenced by the benefits mentioned above. DaaS significantly lowers upfront costs and support expenses which are high in the case of traditional client-server computing. Most of the security concerns faced by IT are easily alleviated. Companies looking to reduce costs and flexibility should consider using DaaS in today’s fast moving business scenarios.