I consider a cloud “journey” to be very similar to an iceberg, where what is expected to be an easy consumption model above the surface changes when you start to look below and the impact of change to support that assumption…
How many of you are being asked to produce an IT strategy around cloud and have taken the steps to find that delivering on the technology itself has incurred technical debt and risk to your business? I have seen it many times where businesses start with a proof of concept in the cloud and next you know that POC is now a production instance and the individual who performed the POC is now supporting it and the cloud subject matter expert (SME). These instances lack the governance which can create unnecessary risk to your business. Sometimes the technical guys will not consider the ramifications to a decision that could have an impact across the board. Getting the strategy, business case and target operating model is a key deliverable before any decisions are made and the business are a key contributor to the output of each artefact.
Business leaders, from CEO’s to board members, are pushing to drive digital transformation and cloud is seen as an IT enabler of that decision. But I also see the case of agility and cost being a driver where the assumption is that delivering services to the cloud is faster and cheaper. I use the word “assumptions” because YES it can deliver on digital transformation, agility and cost savings for your business but changes are required within your IT function to realise those benefits.
These changes being demanded on IT then requires IT leaders to produce a cloud strategy which calls out the intention and vision for cloud consumption over the next 3+ years. I have heard many approaches to a cloud strategy such as “Cloud First” and “Cloud where appropriate”, but considerations need to made when making these decisions, otherwise you will end up like the titanic being taken down by a large iceberg.
What do I mean though by the right decisions? I see a lot of organisations taking the leap into cloud without considering the changes required to support and deliver services. Also what is the most cost effective way to deliver your services and reduce the impact to your IT operations. You may have heard of the term cloud centre of excellence (CCOE), but this is tailored more for enterprises or fintech’s. In some instances organisations have introduced a CCOE and its been counterproductive due to friction and confusion of the strategy against the legacy on-prem operating model. Instead you can simplify your cloud adoption and take elements of the CCOE, which I have Illustrated in the image above where you will see five items that need to be considered within your target operating model as you consume services in the cloud. You can call this your CCOE, or even a cloud practice but small changes can help you deliver on a similar outcome. Below I have covered the key areas and some considerations when forming your target operating model for multi-cloud.
People are one of the key areas that needs to be addressed first. Not only from a skills perspective but how you structure your IT team and the culture change. I have seen many times that server engineers get assigned quickly to be cloud engineers. But that skill set of on-prem is not easy to transfer if you want to get the most value out of cloud. With infrastructure as code and cloud native applications I am seeing more infrastructure developer or site reliability engineer (SRE) roles being used to operate and deliver to the cloud. If you are a small organisation you may not want to incur the cost to hire a cloud engineer / architect as these skills are highly desired in the market place and when you assess the cost of change, a managed service offering may be more appropriate to deliver on the same outcome.
1. How can you influence the behaviours and values of your team to deliver on your vision and strategy for cloud? Transparency and communication to your IT team will drive the culture change.
2. Assess your current IT team and if upskilling is an option or if additional FTE’s are required for skills gaps. Outsourcing the management maybe an option vs the cost to bring in and retain new talent.
3. Ensuring all knowledge of your multi-cloud estate is shared and not retained by one individual as this will be a risk to your business.
Governance is a topic that touches all areas of an operating model and many standards and frameworks will still apply.
1. How do you control and manage IT spend and how does that impact your balance sheet and financial reporting to your shareholders? You may have an on-prem infrastructure that still has assets depreciation.
2. How can you manage IT recharge for other divisions and business lines within your organisation. This will be for both public and private cloud.
3. Understand the cost to service IT on-prem (as-is), so you can measure the difference to support the business case of moving to cloud.
4. What standards need to be defined to remove complexity for IT operations. A must and simple approach are standards for naming conventions, tagging and architecture.
5. What are the risk and compliance changes required for your regulator and contractual requirements? Understanding the guardrails to your compliance requirements is key before mistakes are made with client data.
6. Assess if an application is appropriate to run in the cloud, as many factors may require an application to remain as is for example, technical debt, cost and risk and compliance
Security needs to be the core element across any decisions made for multi-cloud and on-prem. Ensuring that the right controls are in place to manage your infrastructure and protect your data.
1. What controls will be in place for access to your cloud providers management eco system and ensuring that least privilege access is applied.
2. How will you monitor and control network traffic from on-prem, Public, third parties to and from your cloud providers?
3. How can you protect your company data against data loss or extraction from bad-actors.
4. Will your existing security toolsets support multi-cloud?
Operations will transition to a hybrid support model when cloud services are consumed and will have an impact to your service catalogue and how you manage third parties and the impact to your internal change, incident management processes.
1. Monitoring of KPI’s and SLA’s will be key for cloud services for incident and change management processes.
2. Will your existing monitoring capabilities and processes support multi-cloud?
3. How can you deploy services to the cloud and on-prem through the same request fulfilment process?
4. How can you track changes made and integration with your CMDB, change and release management process?
Platforms and tools to assist with the management and delivery of services will need to be reviewed.
1. How can you automate the delivery of services to cloud and on- prem? Orchestration systems or cloud management platforms (CMP) can govern and deploy services to multi-cloud and integrate with ITSM tools.
2. How can your existing tools integrate with cloud services?
3. How can you ensure when deploying services to the cloud that security, IT resiliency and data protection is delivered when appropriately and tested ?
4. Consider your Network and identity, as this will have an impact to how you can securely deliver your applications. Identity providers (IDP) and single sign on (SSO) will allow application access through an internet connection and removing friction for user access and complexity around WAN providers. An identity strategy is key to deliver on security at the boundary within public cloud.
5. Application rationalisation is required to assess if the current tools delivering and managing IT are capable to support multi-cloud.
Instead of being intimidated by a CCOE model, why not look at the items listed above as a minimum viable product (MVP) to your cloud operating model. You also have access to cloud adoption framework from Microsoft or AWS which can help you assess your maturity. It takes many years for a business to mature an IT function and this is no different from introducing the cloud, with small steps you can start to deliver value back to the business.