Hafford Furniture was a furniture manufacturer since 1970, supplying to furniture retailers, wholesalers and occasionally one-time bulk purchasers across the United States.
Hafford relied on a Business Information System (BIS) to handle all the internal business processes. The BIS was seamlessly connected to a VAN-based EDI system, which served as the customer’s interface for making orders. In 2008, Hafford’s entire IT infrastructure and data storage were destroyed by a massive hurricane. Hafford was able to restore the company data with its disaster recovery plan, but not all its IT function.
In March 2009, VP of IT proposed in a management meeting to adopt SaaS cloud solution to restore the IT function. Hafford could access to the same BIS without having to worry about the cost to rebuild another IT data centre. He projected that the IT staff strength could be halved, as the cloud vendor would take care of the management of the software’s platform and its infrastructure. The next day, the president of Hafford ignored the internal decision-making protocol and contracted their disaster recovery vendor, PFI Services for that same cloud service.
In January 2010, Hafford was faced with appalling sales report for the year before, mostly caused by bottlenecks in the ordering system supported by PFI. Not only was the cloud capability insufficient, PFI was also filing for bankruptcy and undergoing liquidation. Hafford once again fell into a desperate situation.
REVIEW OF KEY ISSUES
1.Lack of Corporate governance The weak corporate governance in Hafford is especially notable in the fundamental change process. While there was an internal policy for creating a fundamental change in Hafford (Fig 1), Feckle, the President, had ignored it by entering into a cloud contract without consulting any of his top management, just one day after the premature proposal was shared with him. It was extremely risky to make such a significant business decision without sufficient knowledge in the service that he engaged. To make a well-informed decision, Feckle should have adhered to the corporate policy and trusted the IT professionals to evaluate and recommend a suitable vendor.
Figure 1 Fundamental change policy
2.Failure to think critically during decision-making It is understood that Hafford used to adopt a VAN-based EDI-system specifically due to its security, despite it being slower and more costly. In Norris’ proposal for using cloud, he altered the company’s priority by pushing for an internet-based EDI-system, without providing solid justification. Questions like “will the internet-based EDI change the business in any way?” or “will it compromise customers’ security?” were not asked. The management seemed to have accepted this change too easily, without understanding its impacts. This concern should have been analysed more thoroughly before concluding to transit to an internet-based EDI-system.
3.Poor understanding of business needs The IT objective was not fully aligned with the business objectives. For example, in 2009, while the company was expecting a 30-35% increase in sales due to the efforts in a series of product improvements, the IT team was preparing a cloud proposal to the company basing only on the old IT functions. It had missed out on considering how it could support an explosive sales surge.
Furthermore, Hafford was switching its VAN-based EDI to an internet-based EDI, which could potentially allow Hafford to widen its reach to attract a new group of SME customers. This could play a part in increasing their sales. However, Hafford did not foresee these changes, likely due to lack of communication between departments within Hafford.
1.Lack of thorough analysis in cloud computing The IT team failed to conduct due diligence in exploring all possible solutions that could meet its needs. While cloud offered great advantages for the company, it might have been too hasty to consider only private cloud as the final solution. In fact, public, private or hybrid cloud offered different potentials and could achieve the goal within competitive cost as well. The IT team should also have analysed each cloud model against its business needs before determining if software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS) or a combination of services would work best.
2.Lack of on-going management While cloud is said to be flexible, it demands some level of active management to harness the most of it after implementation. The IT team should be able to react quickly to resolve problems like the order bottleneck or a data lock-in. Besides, the IT team should have been more vigilant in ensuring business continuity for the company.
The key failure observed in the case was the lack of understanding in cloud computing and the lack of communication in the company. Like any other business decisions, the management should have exercised prudence by developing clear objectives and analysing the opportunities and threats before arriving at its conclusion. In this section, a recommended methodology to approach Hafford’s IT restoral problem is presented.
Step 1. To develop business objectives The most important step is to approach a business problem with a clear business objective. It will be necessary for the management to look at the restoral of the IT centre as a collaborative business problem. Communication within the organisation is crucial in aligning all the stakeholders’ goals. With effective teamwork, the IT will appreciate the business values better and be able to analyse the suitability of various options.
Step 2. To compare various viable options The IT team should research on what the available solutions are, before zeroing into a particular infrastructure option. While the restoral of a physical data centre may be expensive, there may be payment structures that could help reduce the impact. On the other hand, cloud computing may appear cheaper but it inextricably exposes users to a range of risks, especially in the aspect of security.
Also, there are hybrid options that can minimise risk while offering cost benefit. In short, the IT team should fully understand the merits and shortcomings of the following options before selecting the IT infrastructure. 1.Public cloud
2.Hybrid cloud 3.Private cloud 4.Public cloud – Physical data centre 5.Physical data centre
Step 3. To choose the suitable cloud service model There are three common service models in cloud computing. It is important to evaluate each model’s attributes and determine which cloud model would be more suitable for the business needs. 1.Software as a service (SaaS)
- Offers access to application with flexibility of application-specific controls; No control of the platform or the infrastructure 2.Platform as a service (PaaS) - Offers control as a platform user to deploy various applications, with no control of the infrastructure 3.Infrastructure as a service (IaaS) - Offers greatest amount of control. i.e. on network, servers, operating systems At times, a mixture of different cloud models can be useful for some companies if they require larger extent in control (PaaS or IaaS) in some operations than others (SaaS or PaaS).
Step 4. To understand threats and opportunities of cloud computing Cloud computing offers the following powerful advantages but also opens a gateway to a wide range of threats. 1.Elasticity - Usage-based pricing model, charging users only for the capacity used - Scalability in terms of network and speed depending on demand
2.Simplicity - Setting up and maintaining a data centre can take significant manpower. Cloud computing offers convenient and economical business solutions to clients, while taking advantage of the economy of scale by taking care of one specialised area in bulk. 3.Cost-efficiency
- No capital cost required. Companies benefit from the transference of risk (of over-provisioning and under-provisioning) of investing in a private data centre.
While accepting these benefits from cloud, users should also exercise due diligence by being aware of all the possible problems cloud computing brings. Some of the crucial problems are outlined as follows. 1.Business continuity
There is always a risk with placing valuable business information with a single third party. As such, the best way to go about is to even out the risk by employing multiple cloud providers and devising a business continuity strategy should any of them fail. 2.Data lock-in
It would be risky for a company to be unable to easily extract their data and programmes from one cloud provider to another due to compatibility issues of the programme and data from one cloud provider. In order to mitigate this risk, SaaS developer could use standardised API so that the business can remain flexible and mobile. 3.Data security
While most cloud providers invest a considerable amount of attention on managing security, users should assess the security standards adopted by the cloud provider against their requirements before engaging it. 4.Insufficient capacity
Although it is said that cloud is scalable, in rare occasions, businesses may experience traffic surges beyond what their contracted cloud can offer. Hence, it is important to strategize carefully before deciding on the cloud service.
Step 5. Choosing the cloud vendor After thorough analysis and establishing a clear description for the cloud service needed, the user will have to evaluate the following factors to arrive at the most suitable vendor. 1.Pricing structure
While cloud vendors typically follow a pay-as-you-use pricing model, pricing structure varies. For example, Google AppEngine charges users by the cycles used while AWS charges by the hour for the number of instances the user occupied. 2.Security
Users need to look at a cloud service’s physical as well as network security. This refers to the physical location the cloud provider houses its equipment and network security measures like firewall and data encryption. Also, a cloud provider should be compliant to government standards specific to your business. In the case of Hafford Furniture, it was an auditing requirement for Hafford to ensure the cloud vendor is compliant with Statement on Auditing Standard No. 70. 3.Other factors
A clean record does not promise anything, it would be beneficial to also look at the vendor’s track record against available benchmark systems. Also, it would be helpful to have a vendor that can provide reasonably good service. Hence, it is important to know about the extent of customer support services, the setting up process and the servicing response and resolution time.
Step 6. Engagement of cloud vendor and getting started
During cloud rollout, especially from a different sort of data management, it would be common to face various teething problems. Cloud vendor should try to achieve seamless implementation, and companies might need to prepare their staff and/or customers should it affect their routine jobs significantly.
Step 7. On-going active management of the cloud service Internal IT team should be continuously vigilant towards possible threats to ensure that the cloud service adopted by the company is safe and secure. Active backups of data must not be neglected. Also, internal feedback reviews could help the IT team understand the possible difficulties faced by the users, and also stay up to date with the company’s business initiatives.
In this case study, it is exemplified that strong leadership and teamwork is paramount to success in an organisation. Conceptually, the potentials of cloud computing are far-reaching. If the leader was able to think critically, if the management team was able to invest time and effort in resolving the problem together, and if the IT team had evaluated the problem more holistically, cloud computing could not only rebuild Hafford’s IT resources but also take the business to a higher level.
REFERENCES Levine, Keith, and Bruce A. White. "A Crisis at Hafford Furniture: Cloud Computing Case Study." Cases on Emerging Information Technology Research and Applications (2013): 70. Armbrust, Michael, et al. "A view of cloud computing." Communications of the ACM 53.4 (2010): 50-58. Grossman, R. L. (2009). The case for cloud computing. IT professional, 11(2), 23-27.