There have been some excellent comments to-date on what we need to consider in “Moving to the Cloud” for the Cloud Computing Use Cases White Paper (http://groups.google.com/group/cloud-computing-use- cases). Rather than trying to put explanations in place for each of the suggested considerations, it is worth stepping back and look at establishing a process on how cloud services could be identified. NOTE: The Cloud Consumer (CIO / CTO / CFO) will want to see a ROI from moving a service to the Cloud and the Cloud Provider needs to make money from hosting the service. Both those thoughts are valid. Therefore, It is important to consider the business implications of moving to the cloud first before applying rules to minimize risk. Bottom line, if moving to the cloud does not have a positive impact on the success of the business, then it's probably not worth doing. Take a look at the following suggestions and let us know if this logic makes sense and identify what you feel may be missing from the following discussion. Step 1 – Identify existing or new processes, services and data as candidates to “Move to the Cloud” Not all processes, services or data are candidates for the Cloud. If we are going to use business criteria to identify cloud candidates, the following are possible examples: - Save money? - Increase flexibility to handle fluctuating volumes ? - Improved customer access / satisfaction ? - Off-load work from existing IT environment ? - Consolidate like work with other enterprises within the cloud? - Other considerations ? If the candidate, either, new or existing meets one or more of the above then that candidate could potentially move to the Cloud. Step 2 – Manage the risks for those candidates to be moved to the cloud. To get through managing the risk and make it easier, one needs a starting point. If one considers the data aspect of the candidate, then hopefully, all the other considerations become dependent on the characteristics of the data to be considered to be moved. Examples of data types are: - Public access (think parts in a catalogue ) - Private access (info that is either confidential or needs to be kept private or both) - Shared data between enterprises - Data that needs to be accessed 7 x 24 - Data that needs to have sub-second access time - Other types of data Once the data step has been considered and applied against the identified candidates from Step 1, it is very important to identify if that candidate can be separated from other processes, services or data from services which are not identified as candidates. If the identified candidate(s) can be executed independently then the risk level can be assigned. As part of assigning the risk level one has to consider the security policies assigned to the data. Other risk considerations are SLA, Single Sign-on capability, availability, disaster recovery, etc. can be determined. (Pull from the list that the group has already created.) As part of validating the risk assessment, one may also want to be able to test the candidate in a Private Cloud environment, ensuring that the security policies established by the enterprise are intact before deploying the service to a Cloud Provider. Step 3 – Metering In parallel to ensuring that the risk issues have been determined and addressed, then comes the cost of doing business in the Cloud based based on data volumes and risk management. For a service in the cloud, a cost factor will be assigned for accessing the data. It is important to understand the cost equation for the data access. The cloud consumer needs to project the average access rates, the peaks and the valleys. By understanding the volume projections and the access patterns, a cost can be estimated. Remember, the CFO does not want any surprises at the end the month or quarter, especially when the cost of running the cloud service exceeds the budgeted amount. The three steps represent an overly simplified approach to identifying the right cloud candidates to migrate to the cloud. If these steps make sense, then we can use these steps as a base. It is important to have a repeatable process to qualify the value and the risk of Moving to the Cloud, otherwise the wrong decision can be easily made. I look forward to your comments as we begin to build the “Moving to the Cloud” portion of the Use Cases White Paper at http://groups.google.com/group/cloud-computing-use-cases. Dave