The Community Cloud

The 'Community Cloud' sounds, on first impression, like marketing-speak for some untried novelty, but in fact it is already around, and working well for governments and healthcare in particular. Bob Sheldon investigates, and is encouraged to find groups of organisations who have cooperated to create secure and resilient cloud-based services.

That’s right. Another type of cloud to contend with. In addition to public and private and hybrid clouds, we also have the community cloud. The concept isn’t new, though. The idea of a community cloud has been kicked around since the cloud entered mainstream thinking. It’s just that the cloud-clamoring public has been slow to embrace the concept of community. But change is in the air. In the next few years, we’ll likely be hearing a lot more about this type of cloud, and that could be a good thing.

There’s really nothing technologically earth shattering about the community cloud. It provides much of the same benefits you’d expect with most cloud services. Users have on-demand access to a shared pool of computing resources, most often via the Internet, and can easily provision their environments with little administrative overhead or service provider interaction.

What sets the community model apart is that the cloud infrastructure is shared by a specific group of organizations looking for a cloud-based solution to support their collaborative efforts in order to address common concerns and achieve common goals. By using a community cloud, they can tackle issues such as implementing commodity services, adhering to security and compliance regulations, or supporting research and development efforts across geographic regions.

Although the community cloud is based on the same multitenant model you’d expect from any cloud solution, the community cloud is built and operated specifically for the target group of organizations, which share similar requirements, interests, and limitations. The community cloud provides features specific to the participants’ needs, such as reduced latency, enhanced security, or greater performance and availability. Not surprisingly, access to the community cloud is restricted to the group’s participating members.

Although the organizing principles vary from one group to the next, the members within a group share a common mission that has its own considerations and requirements specific to that group, whether participants are schools, financial institutions, government agencies, or any number of other types of organizations. The goals might differ from one group to the next, but the reasons they come together are often the same: to save money, pool resources, streamline operations, and collaborate on shared efforts.

Why Bother with the Community Cloud?

Organizations that pool their resources in a community cloud can reap a number of benefits. Not surprisingly, cost-savings are often at the top of the list. Members share in implementation and maintenance expenses, as well as expenses related to bringing in the necessary expertise. While the savings might not be as robust as you’d find with a public cloud, in which costs are shared among many more subscribers, the community model helps distribute costs in a way that cannot be achieved with private solutions. In addition, participants can benefit from the software purchasing power and simplified management they achieve by working as a group.

The community cloud also provides a level of control that is seldom available with a public service. The infrastructure can be shaped to meet the group’s current and future needs, while helping to streamline administration, facilitate troubleshooting, enable elasticity, and increase energy efficiency. A community cloud can also help organizations comply with industry standards and government regulations by providing an environment that enforces compliance for all participants at all levels of interaction.

the community cloud
lets organizations set
up the infrastructure
they need to support
their own operations

Control also extends to performance and availability. With a public cloud, you’re sharing resources with a number of other entities and have no say over such issues as bandwidth, availability, and overall performance. Like a private cloud, the community cloud lets organizations set up the infrastructure they need to support their own operations. They can also control what security mechanisms are put into place in order to protect resources, ensure privacy, and enable a robust risk management strategy, all within a shared and unified structure.

In fact, one of the biggest advantages of the community cloud is its ability to deliver a secure collaborative environment that meets the group’s specific needs and helps them achieve their goals. Participants can have access to a world-class infrastructure and rich sources of heterogeneous information that can be consolidated across organizations in order to minimize duplication, reduce storage requirements, and simplify operations.

The Dark Side of the Cloud

As promising as the community cloud sounds, it does have its challenges. Building such an infrastructure is no small task and requires the investment and expertise needed to put into place the systems necessary for running the various operations and storing large sets of data, all of which must occur before you can implement application services or analytical models. Over the long term, you might be able to realize a significant return on your investment, but the initial hit on resources is no small matter.

Whenever data is hosted in a
central location, that data is
at increased risk and can
become the target of an attack,
whether it originates within
 or without the organizations.

In addition to the startup costs, the participating organizations will still require the IT skills necessary to interface with the new environment. The organizations must also negotiate how to allocate any costs and responsibilities associated with administering the site, which could lead to conflicts or a disenfranchised membership if not carefully defined from the outset.

Although a community cloud allows participants to control how security is implemented, there are still risks. The greater the number of organizations and users that participate in the platform, the greater the possibility for resources to be compromised. Whenever data is hosted in a central location, that data is at increased risk and can become the target of an attack, whether it originates within or without the organizations.

One of the biggest barriers to implementing a community cloud is for the participating organizations to be able to trust each other to the extent necessary to make effective collaboration possible. Currently, no regulations or industry guidelines exist that define how a community cloud should be structured and operated. Factors such as responsibility, liability, security, and control have got to be negotiated on a case-by-case basis. There are few models in place to point organizations in the right direction. The technology itself is not the challenge. The challenge is to bring organizations together in order to agree on an infrastructure and, in the process, formulate the necessary trust.

The Community Cloud Goes Mainstream

Certainly, the community cloud is still in its infancy and we’ve much to learn about effective strategies for its implementation, but that’s not stopping service providers from jumping on board. According to a recent report issued by the research firm MarketsandMarkets, community cloud services are projected to grow from $566.1 million in 2013 to $2.49 billion in 2018-a compound annual growth rate of 34.5%.

The key markets likely to see the most growth, according to the report, are government, health care, business intelligence, enterprise applications, and financial services, which includes the banking and insurance industries. Issues related to data security, low latency, high performance, regulatory compliance, and economy of scale will continue to drive these markets.

Service providers are quickly recognizing the potential inherent in the community cloud, especially those providers trying to distinguish themselves from the big kids on the block, such as Google, Rackspace, and Amazon Web Services (AWS). By tailoring their services to specific markets, providers can appeal to those organizations for which the one-size-fits-all public model doesn’t fit, while still offering the basic features inherent in most cloud solutions.

Providers have already been hitting the government market hard, offering a variety of platforms that target the public sector:

  • SCC has come out with its Sentinel community cloud solution, which lets organizations purchase government-level secure cloud services as part of the G-Cloud framework, a framework developed by the UK government to set out the terms of service purchases.
  • Layered Tech recently announced the new Federal Community Cloud Platform, a platform-as-a-service (PaaS) offering geared toward government agencies.
  • IBM is pushing its Federal Community Cloud offering to federal government organizations as part of the company’s dedicated Federal Data Centers service, which provide secure certified computing capabilities to federal government clients.
  • Microsoft has announced plans to implement its Windows Azure US Government Cloud service, a community cloud available for state, local, and federal government agencies.
  • Amazon now offers the AWS GovCloud service as a community cloud designed to support customer workloads with direct or indirect ties to US government functions, services, or regulations.
  • CSC offers CloudCompute for Government, infrastructure-as a-service (IaaS) provided as a federal community cloud based on National Institute of Standards and Technology (NIST) guidelines.

There are others, of course, but you get the picture. Government is big business, and service providers see the government as a perfect market for their community clouds. If you’re in doubt of how serious-and competitive-an industry this has become, take note of the ongoing IBM/AWS legal battle over a CIA cloud services contract worth $600 million. At question is the way the contract had originally been awarded to Amazon and the subsequent decision by the Government Accountability Office to protest the decision. But that’s another story.

This story is about the community cloud, and the community cloud is about a lot more than just government. Service providers across the spectrum have been happily joining the community cloud ranks. For example, CFN recently launched its Global Financial Services Cloud to provide infrastructure-as-a-service (IaaS) to support low-latency connections between financial data centers. Then there’s CompuCom, which offers its Community Cloud Services as both IaaS and PaaS to organizations that share regulatory, privacy, and security concerns. Another service is the BT for Life Sciences R&D platform, which enables scientist to securely collaborate with commercial and academic research partners and work with large sets of data across geographic boundaries.

Not surprisingly, many other providers have also gotten in on the community cloud act, including Oracle, Siemens, VMWare, and Lockheed Martin, to name a few. As interest in the community cloud grows, you can be certain that providers everywhere will be responding to the clarion call.

The Community Cloud in Action

Service providers are only part of the story. After all, organizations can come together to create a community cloud with or without a provider, although given the complexities of such a system, many organizations will likely be more than happy to outsource all that dirty work. It’s the way in which the community cloud is being used that makes the difference.

We’ve already established the public sector’s interest in the community cloud. Why else would so many service providers be lining up for a piece of the action? The G-Cloud program in the UK is only one example of the government’s interest in the community cloud. The program provides a framework for public sector organizations to buy services from preapproved vendors and facilitates on-demand network access to a shared pool of resources, including servers, storage, and applications, thus enabling community cloud services such as those offered by SCC. Other federal and regional governments have also been implementing their own community clouds, including Canada, Australia, and the state of Michigan in the US.

Then there’s education. Because different educational institutions within a region often deliver similar services, they could realize a number of benefits by pooling resources. Some educational systems are already doing so. For example, the Virginia Community College System has implemented a community cloud that provides educational, administrative, and informational services to 23 colleges across 40 campuses, cutting their IT operating expenses to less than half of the national average.

Health care, too, has been at the forefront of community cloud adoption. Imagine the advantages of having an environment already provisioned with security and identify features that ensure organizations can remain compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations. For example, the UnitedHealth Group now provides the Optum Cloud, a community cloud service that offers a secure platform for collaborating on patient care. The service contains a developer toolkit that includes HIPAA compliance modules, collaboration tools, and other health care technology.

Even the US intelligence community is getting in on the game with its Intelligence Community IT Enterprise (ICITE) initiative, a multi-agency effort aimed at creating a common enterprise IT environment across 17 intelligence agencies-all delivered through a community cloud. The effort includes the creation of an app store as well as the deployment of a shared desktop environment. Unfortunately, the CIA is one of the agencies that is spearheading this effort, and they’re now embroiled in the infamous IBM/Amazon battle over who gets to reap at least part of the benefits of what’s considered the largest IT transformation in the history of the US intelligence community.

The financial services industry has also shown a great deal of interest in the community cloud, perhaps illustrated best through the New York Stock Exchange’s Capital Markets Community Platform, a community cloud that provides a wide range of IaaS, PaaS, and SaaS services. The gaming industry too has climbed aboard with the launch of ITG Cloud, a service provided by International Game Technology aimed specifically at gaming companies.

There are, in fact, plenty of use cases that can be applied to the community cloud, from charitable organizations to research foundations, from manufacturing consortiums to the hospitality industry, from libraries to utilities to technology to emergency medical services. Wherever similar types of organizations need to collaborate and share resources, a community cloud can offer a viable alternative to their current systems and in the process give them improved services at less than what it’s costing them now.

Implementing the Community Cloud

Depending on whom you talk to, a community cloud is viewed as either a public cloud that offers specialized services tailored to a specific group of organizations or as a private cloud extended to meet the needs of multiple organizations with a common interest. But the community cloud is an entity onto itself, one that offers many of the advantages of both the private and public models. True, this sounds much like the hybrid cloud, but the hybrid cloud has a much different focus and is concerned with only a single organization. That said, a community cloud can participate in a hybrid infrastructure, just like a private or public cloud.

Perhaps the differences in perception come from the fact that a community cloud can be hosted on premises by one or more of the participating organizations or hosted off-premises with a third-party provider. In addition, member organizations can choose to manage the infrastructure themselves or outsource the management to a third-party interest.

The approach taken will depend on availability of in-house resources and expertise, along with other considerations. If implementing on-premises, the organizations might turn to a broker or community aggregator to facilitate the integration processes. Even so, the organizations are still limited to the resources they have in-house. On the other hand, if they were to go with a third-party provider for hosting services, they might realize other benefits, such as achieving a level of elasticity and expertise not available on-premises.

The decision on how to implement a community cloud will be as individual as the organizations being served, and each group will have to perform a careful assessment and cost analyses to arrive at a mix that best meets the needs of the member organizations.

The Collaborate Effort

Before building their community cloud, organizations should come together to develop a comprehensive written agreement that clearly describes such issues as what services the solution will provide, how long those services will be available, how the services will be implemented and maintained, which participants are responsible for which tasks and operations, and who pays for what.

The goal of the agreement should be to outline the conditions and costs that govern a variety of concerns, including implementation, maintenance, support, and operations. The agreement’s clarity and comprehensiveness could very well determine the success or failure of the cloud solution. Partners should be aligned in the project, with transparency emphasized at every level. Successful collaboration among the participants must be built on a sense of mutual trust.

In addition, the infrastructure should fully support the community cloud in both the short and long term. The design must account for bandwidth, performance, reliability, availability, elasticity, and resource management, among other considerations. The system should be able to dynamically migrate workloads between machines and scale up and down as necessary. Network capacities should minimize latency yet be able to handle on-demand data imports and exports.

Overall, the cloud infrastructure should be designed around a service-oriented architecture that allocates resources flexibly and on-demand, while conforming to industry open standards to ensure ongoing interoperability among community members. Of primary importance is to implement a security framework that protects privacy and member resources, as well as ensures compliance with applicable regulations and industry standards. The framework should also incorporate an identity management system that facilitates secure interoperability among the community participants.

Above all, a community cloud solution must add value that all members can realize. The reasons organizations participate in a community cloud might differ from one group to the next, but all of them are looking for a solution that helps them achieve goals that are difficult to accomplish on their own. The key to a successful community cloud is a willingness on the part of all participants to build a collaborative relationship based on transparency and trust. Anything less, and the community cloud is bound to fail.