Repository for versions of GDS Standards and guidance translated and/ or internationalised
View the Project on GitHub alphagov/gdmp-translated-standards
This guide outlines how you should evaluate a hosting business case.
Please note - this document is translated from a guidance used for public sector organisations considering using cloud hosting in the UK.
From:
In the UK the public cloud is the government’s preferred option for hosting. We introduced a Cloud First policy in 2013. The UK is now moving towards a ‘cloud native’ government. In the UK it is important technology purchasing decisions are made with this objective. This guidance helps understand how this objective could be met in your organisation.
You should always source a hosting supplier that fits their needs, rather than selecting a supplier based on a recommendation. Cost should never be the sole factor in decision making. You should assess their hosting options based on a number of criteria, including:
elasticity and resilience: the public cloud helps you scale more efficiently than on-premise physical infrastructure (instead of maintaining large amounts of redundant infrastructure, you can expand capability on demand and usually pay for it by the minute or hour)
pay-as-you-go pricing: cloud services are usually billed based on consumption down to a very low level of granularity (this reduces change costs and penalty costs associated with switching off redundant systems, and allows you to achieve optimum balance of cost and performance)
falling costs of Infrastructure as a Service (IaaS) over time: major providers are increasingly competitive, leading to a significant downward pressure on IaaS pricing (teams should consider the impact of these falling prices and pay-as-you-go pricing on their budgeting processes)
quality of management tools: you are likely to manage your public cloud services via APIs and there are lots of management tools that can help you do this, like vCloud tools and Terraform.
best of breed security: public cloud services have a large budget to mitigate many common risks and it’s worth strongly considering their offerings(maintaining the security of a data centre and virtualised infrastructure is an increasingly challenging job and not one that many organisations can specialise in)
flexibility and opportunity costs: adopting IaaS will let you focus resources at the application level, ensuring you can develop your services in an agile way, adapting approaches as new understanding emerges
Your team should conduct a full audit of all your technology infrastructure before making a case for hosting. You should also have a plan in place to retire or replace systems that aren’t appropriate to move into public cloud hosting. This should be as detailed as possible, considering the options for each application and area of functionality.
You should own their own hosting contracts.
Specialist support companies can play an important role in helping to migrate, develop and operate hosting services. They can also advise you on how to best take advantage of cloud provider capabilities.
If you’re using a third-party supplier, you should ensure they have an appropriate level of access to your accounts and contracts with your cloud provider so they can understand how you’re using the service. Make sure your cloud providers’ access control measures provide for this.
Make sure you maintains overall ownership of the accounts and contracts so you can:
fully understand how you’re using the cloud service
work freely with a range of suppliers simultaneously
keep your hosting arrangements separate from your contract with your third-party supplier as this will make it easier for you to change either relationship
You can find guidance on managing technical lock-in in the cloud, to help you make informed decisions for your organisation.
You should take steps to manage lock-in with cloud hosting providers and make conscious decisions about whether the benefits outweigh the risks. For example, set up a governance board to monitor all the organisation’s cloud services. You should also be able to give indicative figures for the cost of exit from each of your cloud providers.