1

Agenda

09.00 - 09.30 Coffee

09.30 - 09.40 Introduction

09.40 - 10.20 Morgan Hill: The Financial Case

10.20 - 11.00 Taylor Wessing: Legal and Security Considerations and how to combat them

11.00 - 11.20 Coffee

11.20 - 12.00 Amazon: The Technology Behind The Cloud

12.00 - 12.30 Panel session

12.30 Lunch

2

• From a financial perspective, we define it as:

“IT services delivered over the internet in a manner that allows cost to match utilisation.”

• A key factor in benefiting from this is the ability to understand the real cost of IT.

3

• The point is that there is a disconnect between what the business sees and what IT sees.

• Our solution is a shared financial understanding of what this technology can do.

4

What is the big change inherent in the Cloud?

• It starts to break the traditional IT vendors’ cost models – it is a disruptive technology.

• This will lead to more choice and lower IT costs for organisations – how?

- Limited to no contractual lock in - on demand, pay as you go services

- Transparent and comparable pricing

- Brings the open source world further into the commercial mainstream

- Provides infrastructure, software and people, all on demand

- Removes geography and enables price arbitrage

A key factor in benefiting from this is the ability to really understand the cost of IT. Without an holistic and comparable

view of cost it is very difficult to know which choices to make

5

• It is hard to know the real cost of providing a particular service.

• And even harder to know if this cost is reasonable.

• Complex IT infrastructure built up over time

• Accounting records which do not fit easily to the IT services

• Lack of transparency in vendors’ costs

• Arrival of new technologies, which often possess very different pricing models

6

• Finance has all the numbers and knows where the big costs are.

• However, it is rarely able to convert these costs into specific IT services, such as the cost of running a data centre or of running a particular application.

• The figures generally have little information on the question of value, i.e.

Is this the right sort of level of cost?

7

• The IT organisation has all the equipment and services and knows which technologies are deployed where.

• Yet it does not usually have the detailed financial data which easily maps to the services it runs.

• This can then make it difficult for those outside the IT organisation to appreciate where the budget goes.

8

1. By combining financial information with IT

services information we can provide cost

transparency and show the real value of IT.

2. It is then easy to make financial comparisons

of alternative IT services, vendors and new

technologies.

9

• The model can be used for a variety of management control purposes, including:- Accurate and on going costing of services and processes- Comparing the above with a trusted community- Vendor cost comparison- Service catalogues mapped to financial data- New technology / new service financial impact assessment- Construction of financially valid business cases- Accurate recharges- Cost reduction programmes

• In the example that follows we will use the model to assess the potential impact of changes to selected

data centre services.

10

• In this case we are comparing service costs amongst divisions within a corporation.

• Not only can we see where opportunities might exist to extend internal best practice, but we can also drill into high cost units and explore the financial impact of alternative technologies.

• We will now drill into Data Centre costs above for Division B.

11

• If we drill into data centre costs for Division B we can see some of the areas where technologies such as

Amazon Web Services could have a directly beneficial financial impact.

• In this case backup,

failover and archive at

£265k look like good

potential candidates for

the Cloud.

12

• If we drill further into backup failover and archive we can see that nearly 50% of the associated cost is for

failover servers. The production systems these support are up at least 95% of the time therefore we have

about £125k of annual cost that is effectively un-used.

• A comparable reserved

Amazon Web Services

instance would cost less

than 10% of this figure –

with no Capex.

13

• And, it can reduce this by up to 90%. Circa £125k to £12k.

• This is what the technology can look like.

14

• Below is an extract from a document that is the result of applying the Morgan Hill financial model.

• It shows the strategies that are enabled by the cost transparency afforded by the model to achieve sustainable cost reductions.

• In this case the strategies are: internal best practice, virtualisation, supplier negotiation, cloud and VOIP.

15

• It has been proven over four years in multiple instances in industries ranging from banking to logistics.

• It can be run now specifically to show the likely financial impact of deploying new IT services, processes

or technologies.

• It is easy to deploy and in every instance that it has been run, cost reduction opportunities have been

identified.

• The model can be run on selected IT services within approximately 20 days.

• The model is currently delivered as a consultancy service but can be operated by a client, post the

consultancy.

16

17

• An initial workshop, together with interviews and report, will deliver the following:

• This is a short duration exercise, designed to reveal the financial benefits of cloud computing to your organisation.

18

• The Cloud has a very real impact on IT costs.

• However, in order to utilise the Cloud effectively, it is essential to have a clear view of the IT costs base.

• The Morgan Hill Financial Model is a proven and rapid method for achieving this.

• With this knowledge the financial case for Cloud technology becomes both apparent and quantifiable.

19

The Cloud: The legal issues

A clear view

> Key questions for any business:

-What technical benefits does it bring?

-What commercial benefits does it bring?

-What legal challenges does it bring?

> In order to utilise the Cloud safely, it is essential to have a clear view of the legal challenges, and to take steps to address those challenges

What are the legal issues?> Not new

- Outsourcing / SaaS / Gmail / Linkedin

> Not complicated- Although some lawyers might suggest otherwise

> Not barriers- Just hurdles

> Based almost entirely on practical risks that you should be worrying about anyway- Business continuity- Location of data- Security of data

… ok, and a few some compliance issues….

The issues: death, taxes and data protection…

1. Supplier due diligence

2. Contractual terms available

3. Who will you be dealing with?

4. Data location

5. Data security

6. Data retention

7. Interoperability

8. Vendor lock-in and exit

9. Audit and compliance issues

10. Project planning

1. Supplier due diligence

> Who is your supplier?> Where are they incorporated?> Do they have deep pockets?> Who owns them?> Do you need a legal opinion / guarantee / other comfort?

> Some suppliers will go off-piste

…… but it will be a trade off

…… you may not get the contractual terms you want, so doing your homework can be more important

2. Contractual terms available> A commoditised market drives value ….. but this has meant commoditised terms of supply

> You may be outsourcing a core service, so you need to:- maintain a reasonable level of control and flexibility- have a stick to waive- be able to get out easily, if you need

> Terms to focus on:- Weak warranties / service levels- No liability for key risks- Insufficient data security obligations- Insufficient DR provisions- Limited ability to down-scale- Export of data (see later)- Limited rights to terminate- Weak exit / transition obligations

> But value drivers may make negotiation unrealistic, so do your homework

3. Who will you be dealing with?> Who’s actually going to provide the service?

> Will the cloud supplier be prime contractor or a sub-contractor?

> Do you care if the supplier sub-contracts?

> Do you care if they’re sold?

> Are you concerned if they are supplying a competitor?-particularly on shared servers-what does the contract say?

4. Data location> Data Protection Act 1998: (stay awake…)

“personal data shall not be transferred to a country outside the European Economic Area unless that country provides an adequate level of protection for the rights and freedoms of data subjects ….. ”

- a cloud model may involve export of data outside the EEA- most countries outside the EEA don’t pass the EU test, including the US

> Don’t worry, there are some ways to comply:- some suppliers give you a choice (but some don’t)- is consent possible?- use specific approved contractual provisions- US Safe Harbour scheme… if not then choose a supplier in the EEA, but check contract terms

> Random risk: maritime law!

5. Data security> Data Protection Act 1998:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data or accidental loss or destruction of, or damage to, personal data”

“Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to … the harm that might result … and the nature of the data”

“Where processing of personal data is carried out by a data processor on behalf of a data controller , the data controller must .. choose a data processor providing sufficient guarantees in respect of security measures ..and … take reasonable steps to ensure compliance with those measures”

5. Data security (continued)> Security also covers access control – who within your organisation can access the data in

the cloud?

> So, you need to:

- remember that you are responsible for data security, not your supplier- modify your data security policies to reflect the cloud model- ensure your supplier:

- takes data security as seriously as you do, complying with any security policies you may have

- implements state of the art security, which you can monitor- will help you co-operate with regulators, if needed- agrees to do all of this in writing, in the supply contract

- do your homework

6. Data retention

> There are lots of different reasons why you need to retain data:-general record keeping-tax-contractual enforcement-risk of disputes-specific regulation in some industries

> So you should have a data retention policy

> You need to ensure your supplier can follow that policy

7. Interoperability

> The hot potato

> No widely accepted interoperability standards for data … yet

> No legislation …. yet

> How important is interoperability for your cloud model?

> Does the contract support your needs?

> If not does it allow you to require it when relevant in the future?

8. Vendor lock-in and exit

> A shoot from the same hot potato-How practical will it be for you to exit and move to another supplier?

> Have you developed an exit / transition plan?

> What would the supplier need to do?

> Has the supplier agreed to perform the plan?

> Might the plan need to change?

> What does the contract say?

9. Audit and compliance issues> There’s a whole bunch of laws out there

-Data protection-Taxation-Evidence requirements in litigation-Competition laws / dawn raids-Data retention-National security-Money laundering

> Your compliance team should be aware of those applying in your home country

….. but locating your data elsewhere may bring you under laws of other countries

> As a rule of thumb these laws are generally concerned with simple questions:-where is your data?-who is holding it?-can you access it?-can regulators access it?-is it secure from unauthorised access?

….. again, all primarily driven by practical issues that should be important anyway

10. Project planning

> As we’ve seen, the legal issues:

- are largely driven by practical questions

- and can be addressed relatively easily in many cases, if thought about in advance

> Therefore, it is key:

- to involve your legal department at an early stage

- to ensure they understand what it is you’re trying to do

- and to avoid them being the business prevention unit….

Thanks for listening

Graham HannPartner

Taylor Wessing LLP5 New Street SquareLondon EC4A 3TW

www.taylorwessing.com

t: +44 20 7300 4839m: +44 (0) 7904 065846e: g.hann@taylorwessing.com

AMAZON WEB SERVICES

Iain Gavin

igavin@amazon.co.ukAws.amazon.com

AMAZON’S THREE BUSINESSES

Consumer (Retail)Business

Tens of millions of active customer accounts

Seven countries: US, UK, Germany, Japan, France, Canada, China

SellerBusiness

Sell on Amazon websites

Use Amazon technology for your own retail website

Leverage Amazon’s massive fulfillment center network

Developers &IT Professionals

On-demand infrastructure for hosting web-scale solutions

Hundreds of thousands of registered customers

You just lost

customers

InfrastructureCost $

Time

LargeCapital

Expenditure

OpportunityCost

PredictedDemand

TraditionalHardware

ActualDemand

AutomatedElasticity

TYPICAL DILEMMA:PREDICTING INFRASTRUCTURE NEEDS

a style of computing where massively scalable IT-related capabilities are

provided ‘as a service’ across the Internet

to multiple external customers.

Gartner 2008

CLOUD COMPUTING DEFINED

- On demand- Pay as You Go

ScalableIncrease or decrease capacity

in minutesAutomation

Cost EffectiveLow rate, pay-as-you-go

SecureMultilayer security facilities

ReliableMission Critical Infrastructure

AMAZON WEB SERVICES (AWS)

ComputeAmazon Elastic Compute

Cloud (EC2)- Elastic Load Balancing

- Auto Scaling

StorageAmazon Simple Storage

Service (S3)- AWS Import/Export

Content DeliveryAmazon

CloudFront

MessagingAmazon Simple Queue

Service (SQS)Amazon Simple Notification

Service (SNS)

PaymentsAmazon Flexible

Payments Service (FPS)

On-Demand Workforce

Amazon Mechanical Turk

Parallel Processing

Amazon Elastic

MapReduce

MonitoringAmazon CloudWatch

DatabaseAmazon SimpleDBAmazon Relational

Database Service (RDS)

ManagementAWS Management

Console

ToolsAWS Toolkit for Eclipse

Isolated NetworksAmazon Virtual Private

Cloud

Your Custom Applications and Services

Infrastructureas a Service

Build new app

Buy an app to run on AWS

Move existing app onto AWS

Web Site Hosting

Application Hosting

Co

nte

nt

De

liv

ery

Media Distribution

So

ftw

are

D

istr

ibu

tio

n

HP

C

Batch Data Processing

Large Scale Analysis Ma

rke

tin

g C

am

pa

ign

s

Backup

Collaborations

Development & TestL

oa

d T

es

tin

g

Disaster Recovery

Lowers CostEliminates Capital Investment

Reduces Operational Costs

Increases AgilityReduce Time to Market

Removes contraints

Foundation for21st Century Architectures

Removes the “Heavy Lifting”Leverages Scalability, Reliability and

Security

KEY BENEFITS TO RUNNING IN THE AWS CLOUD

WHAT COULD MY FINANCIAL BENEFITS BE?

• For single AWS proof of concept use http://aws.amazon.com/economics/

• For larger IT consolidation initiatives http://www.morganhill.co.uk/it-cost-control/

48

• With the Morgan Hill Financial Model your organisation can:

1. Understand the real costs of IT services

2. See the opportunities

49

50