This guide outlines how departments should evaluate a hosting business case, particularly before beginning the spend control process.
The public cloud is the government’s preferred option for hosting. We introduced a Cloud First policy in 2013. We’re now moving towards a ‘cloud native’ government. It’s important technology purchasing decisions are made with this objective.
Criteria for choosing a hosting supplier
Departments should always source a hosting supplier that fits their needs, rather than selecting a supplier based on a recommendation. Cost should never be the sole factor in decision making. Departments should assess their hosting options based on a number of criteria, including:
- elasticity and resilience: the public cloud helps you scale more efficiently than on-premise physical infrastructure (instead of maintaining large amounts of redundant infrastructure, you can expand capability on demand and usually pay for it by the minute or hour)
- pay-as-you-go pricing: cloud services are usually billed based on consumption down to a very low level of granularity (this reduces change costs and penalty costs associated with switching off redundant systems, and allows you to achieve optimum balance of cost and performance)
- falling costs of Infrastructure as a Service (IaaS) over time: major providers are increasingly competitive, leading to a significant downward pressure on IaaS pricing (teams should consider the impact of these falling prices and pay-as-you-go pricing on their budgeting processes)
- quality of management tools: you are likely to manage your public cloud services via APIs and there are lots of management tools that can help you do this, like vCloud tools and Terraform
- best of breed security: public cloud services have a large budget to mitigate many common risks and it’s worth strongly considering their offerings(maintaining the security of a data centre and virtualised infrastructure is an increasingly challenging job and not one that many organisations can specialise in)
- flexibility and opportunity costs: adopting IaaS will let you focus resources at the application level, ensuring you can develop your services in an agile way, adapting approaches as new understanding emerges
Your team should conduct a full audit of all your technology infrastructure before making a case for hosting. You should also have a plan in place to retire or replace systems that aren’t appropriate to move into public cloud hosting. This should be as detailed as possible, considering the options for each application and area of functionality.
Third parties in cloud hosting arrangements
Departments should own their own hosting contracts.
Specialist support companies can play an important role in helping to migrate, develop and operate hosting services for departments. They can also advise departments how to best take advantage of cloud provider capabilities.
If you’re using a third-party supplier, you should ensure they have an appropriate level of access to your accounts and contracts with your cloud provider so they can understand how you’re using the service. Make sure your cloud providers’ access control measures provide for this.
Make sure your department maintains overall ownership of the accounts and contracts so you can:
- fully understand how you’re using the cloud service
- work freely with a range of suppliers simultaneously
- keep your hosting arrangements separate from your contract with your third-party supplier as this will make it easier for you to change either relationship
Managing technical lock-in in the cloud
You can find guidance on managing technical lock-in in the cloud, to help you make informed decisions for your organisation.
Your department should take steps to manage lock-in with cloud hosting providers and make conscious decisions about whether the benefits outweigh the risks. For example, set up a technical design authority or something similar, to monitor all the organisation’s cloud services. You should also be able to give indicative figures for the cost of exit from each of your cloud providers.