Courtesy of SAP's Aura Bhattacharjee, below is a transcript of his speaking session on 'Enterprise Architecture in Mondelēz, one of the largest snack ...
Are you just following the herd, or do you have a valid business justification for adopting the cloud? Be very clear from the start whether your goal is for business agility and speed to market, cost reduction, flexibility or performance. Note that it may be more expensive to operate workloads in the cloud depending on your application architecture, complexity, dependencies and the type of contract you sign up to.
Once you have determined the “Why,” there are four key areas that should be considered when setting your cloud strategy. By understanding and acting on these areas, your company will arrive at a sound cloud strategy that represents what the company as a whole needs to accomplish—for itself, for its customers as well as identifying the impact for all stakeholders and the IT solutions required to monitor, manage and maintain their cloud environments and workloads.
1) Cloud governance and service management skills: Supporting cloud – I heard a colleague state that support for the cloud was no different to that for on-premise. That is true, in the sense that you require the same types of staff capability. However, those resources need to know about the cloud, and that extends to support skillsets as well. You cannot take a traditional IT architect and expect them to step up to building cloud applications and environments without some serious enablement and up skilling. The same applies to service management tooling-–don’t expect the traditional discovery, event management and capacity management tools to work as-is.
IT and business units need to ask themselves: do we have the right tools and skills to be able to monitor, manage and support cloud? And even more importantly, what are the required parameters for the governance and compliance framework which will set and manage cloud standards and policies? Based on conversations with customers, governance, or the lack thereof, is consistently an issue. Hence, plans should be made to set up the governance framework, stand up a Cloud Centre of Excellence, and hire a Cloud Architect at the very beginning of the cloud journey. The latter is critical in both informing the strategy and to take a lead in setting the policies and standards across the business.
2) What should be moved into the Cloud: A Cloud Decision Framework – Taking advantage of cloud is much more than subscribing to IaaS, PaaS, and SaaS and hoping that the same support, compliance, and risk requirements will apply, or that they will be handled by the provider. An organisation needs to be able to determine which of their workloads should, and could be moved into the cloud. The key tool to help answer this is a decision framework. A decision framework looks at and scores the workload across the key domains that can act as an inhibitor or a driver for the cloud migration.The cloud decision framework is used to determine whether the business benefits outweigh the risks, and what are the justifications, together with mitigations which would allow a migration. In this particular example, the drivers were clearly dominant. However, there is one concern, security and compliance which is weighted heavily given what’s at stake. Additional analysis should be carried out to identify the concerns and whether they can be addressed or mitigated. The results will determine whether public cloud can be used, or whether it is better to use an internal cloud or even if the current situation is best.
The framework should be used across all of the key workloads and applications that the business has identified as a cloud candidate.
3) Changing your future application portfolio approach – Most organisations do not have a strict service portfolio management process. When you move applications to the cloud, organizations need to rethink how its customer-facing and revenue-generating applications and services (i.e., the life and blood of any business) are going to be managed throughout their lifecycle once they are migrated.
The next consideration for the portfolio is related to Saas applications. How do you exploit SaaS? Can you replace existing software with SaaS models? Productivity and collaboration tools are key examples where a shift to SaaS models can deliver immediate impact. The advantage of such changes is that users do not experience any impact of the move. They will use the same functionality as before delivered through a different mechanism.
Now, it’s important to consider whether you can start with IaaS, PaaS to start gaining immediate short-term benefits. Some believe you can start there and then evolve to cloud native applications as your developers and architects mature in their knowledge of cloud technologies and gain the skills needed to take full advantage. This is where the Cloud Centre of Excellence needs to step in and drive the application portfolio roadmap, informing the developers of the benefits and pitfalls of trying to move, re-platform and re-code.
4) Service Brokerage – We’ve talked about the importance of Cloud Governance – and I will talk in depth on that in my next blog – in setting and driving standards. Of equal importance is the future role of the current I&O organisation which needs to evolve to that of a service broker. When making this shift to a service broker, especially for cloud services, the I&O organization needs to provide the “guard rails” as to how the business, business functions, and the developers best leverage cloud. Specifically, they need to provide guidelines on when and how to use:
What this requires is the creation of a flexible service catalogue, underpinned by services from internal and external providers. Of course, all services will need to be delivered at the same speed, with the same flexibility, performance, and support levels irrespective of who is providing them. This service assurance space is where the I&O organisations steps into; as a service broker it becomes a seamless interface between all service providers and their own business.
To summarise, if you want to become “Cloud Smart,” then take some time to consider what that actually means for all stakeholders, and what has to be in place to succeed. Governance is an absolute must to provide the guard rails and avoid the “sticker shock” when the cloud bills start to land on the CFO’s desk. Following that, IT needs to be clear on what to move, when and how to get the maximum value while reducing risk as well as building the right cloud services portfolio to truly become a cloud service broker to the business units. I will explore governance, migration, and optimization strategies in upcoming blogs, but let me re-iterate that cloud is here to stay, and will be increasingly important in underpinning business needs for speed and agility. A cloud strategy needs to be effectively aligned with those requirements, and also provide clear awareness of the impacts across all stakeholders. For IT, this means pivoting from on-premise service management to multi-cloud operations, and that has proven difficult for many. However, with a clear, shared strategy, and a plan to fortify it, IT can ensure business units fully realize the benefits that cloud has to offer.
Companies that succeed in today's marketplace do 3 things really well:
This guide will give you actionable strategies you can use today to improve your company's competitiveness, agility and profitability even if you're a non-technical business leader.
It will do that by helping you to anticipate the benefits and risks of the cloud, create a plan that fits your business, and executing it.
The biggest barrier we see that keeps small and mid-sized businesses from taking advantage of the cloud comes from the top: business owners, presidents, or CEOs. Business leaders will often delegate any IT-related decisions to their IT team. The problem with this approach is that the decision to adopt a cloud strategy is primarily a business strategy, not an IT strategy.
That’s why the first step in developing a cloud strategy is to change how you think about cloud technology.
Here are the key mental shifts you need to make:
These may seem like trivial ideas, but without changing how you view cloud technology, you cannot move forward with developing a strategy that takes advantage of its full potential.
If you and your team are going to move forward with cloud, you should understand what the benefits are.
Here's how the cloud can help you today:
To learn more about how cloud technology benefits businesses, check out this oldie but goodie post by Joe Weinman, the "father" of "Cloudonomics": The 10 Laws of Cloudonomics.
Next, figure out your objectives and determine which systems, technologies and processes are currently being used by your organization.
First, gather the following information:
Then, together with representatives of the most affected business units, brainstorm and document objectives. After you've completed this, have each member rank the goals and justify their rankings in a silent voting process.
Afterwards, you might have a list of objectives that looks like this:
Able to quickly deliver results
and cost savings
and top-line growth
|Access to services and skills||Shared access and collaboration|
|Cost savings||Emerging tech adoption|
In the IT industry, it’s common to assess your company's IT in terms of its "readiness" for the introduction of new technologies. A Readiness Assessment is essentially a scorecard that provides a framework for determining whether what you currently have in place is sufficient to introduce something new.
The below sample Readiness Assessment is an excerpt of a much larger document. It is set up as criteria statement list that your organization either currently does or doesn't meet. The statement criteria is also ranked and colour-coded on how difficult it is to meet the criteria and the degree of opportunity it affords the business.
Readiness Assessment Scorecard Legend
Your next step towards building a cloud strategy is to determine how you want to deploy the cloud within your organization, and you do this by choosing the deployment model that's right for you.
Cloud Deployment Models
The easiest way to understand cloud deployment is that it entails determining "where your data and systems will live."
The below table lists the most common cloud deployment models:
Highly elastic and on-demand.
Higher risk from a security standpoint in multi-tenant environment.
|Private||Infrastructure more efficient than build-to-suit.||Scaling has limits to total capacity. Very capital intensive—risky for organizations with fewer than 1000 employees.|
|Hybrid||Keeps critical workloads local.||Still capital-intensive because physical hardware has to be purchased and maintained.|
|Community||Resource pooling across community members (e.g., government or healthcare).||Governance and accountability
is a question.
Source: Info-Tech Research Group
Take a look at this additional list of resources for more in-depth information on each cloud deployment model:
Once you decide which deployment model fits best with your organizational needs, it’s time to choose how you want to manage each service.
You achieve this by selecting the cloud service model(s) that suits you best.
The below table lists the different cloud service options for you to choose from:
Information as a Service (IaaS)
Direct control over application configuration.
Current infrastructure is largely bespoke.
|Software as a Service (SaaS)||Software is updated by vendor with automatic benefit to all users.||"Black Box": no visibility into underlying infrastructure for risk assurance.|
|Platform as a Services (PaaS)||Application development, testing, and rollout can be entirely cloud-based.
Support for agile programming iteration.
|Development group needs to work within platform. Coding needs to be done online. Vendor lock-in?|
Source: Info-Tech Research Group
For in-depth knowledge of each cloud service model listed above, use these links:
Cloud Service Models
Now that you understand how the cloud can be deployed within your organization, the next step is to select and prioritize your cloud initiatives:
Identify target departments: Begin by identifying between 4 and 8 target departments. For example, you can focus on Sales, Finance, HR, and Marketing.
Outline IT services: For each department, break down the IT services that support each one of these business activities, such as Customer Relationship Management (CRM), website, email, and Enterprise Resource Planning (ERP).
Highlight: Use color coding to indicate which IT services are current or planned, and discuss which cloud services hold most priority. The best way to do this is to identify mission-critical business activities and separate them from those which are merely pervasive or important.
Prioritize your next move: When you have completed these activities, select up to 5 IT services as candidates for the cloud.
By now, you know what technology and processes are being used in your organization and for what. You also know which ones are most critical for your organization.
The next step is to evaluate the benefits of a moving these services to the cloud.
The following steps guide the process of determining which services should be migrated:
1. Use qualitative and quantitative criteria such as potential cost savings, improved operational efficiency, improved agility, and staff resourcing.
2. For each service identified in Step 7 above, ask the following questions:
By answering these questions, you’ll be able to evaluate if the effort and risk of moving your data and services is worth it.
You now have a list of services that you know will provide your organization with a positive ROI if they are moved to the cloud or integrated with a cloud solution.
Next, you'll want to evaluate how much preparation is required to move these services to the cloud. You do this by evaluating two key factors: security compliance and data criticality.
Security compliance refers to how capable your organization is of controlling access to sensitive data and protecting it. It also encompasses having audit mechanisms in place to ensure legal requirements are continuously being met.
Data criticality refers to the integrity, availability, and confidentiality of the data. Data must be kept confidential, protected from tampering, and always available to your business.
If these two factors have not been thoroughly addressed within your organization prior to initiating the cloud strategy, your action plan will need to include activities to bring them up to requirement.
We now move into a more technical phase of your cloud strategy. Your IT team can go into more detail about each of the following areas with you. If you do not have a dedicated IT team, it’s important that you find a partner you can trust to help you navigate these technical waters.
Key areas of risk you need to review:
Cloud Risk Assessment Process
Security & Compliance - Data is a critical resource. In the cloud, data is entrusted to a third party and shares tenancy with other people's data (including competitors), requiring stringent access security. Regulatory compliance may require visibility into where data is stored and who has access.
Availability & Reliability - Make certain that the cloud solution will be available and reliable; take into account continuity planning and ensure that processes are in place to manage and reclaim data should the service cease permanently.
Data Integration - Integration ensures that applications, infrastructure, and data with interdependencies maintain their connections.
Enabling Technology - Ensure the organization has the appropriate technology to enable adequate services from a cloud vendor. For example, if the internal network goes down, employees cannot access the cloud.
IT Skills & Roles - To effectively manage cloud vendors and to appropriately staff the internal IT department, IT skills and roles must be inventoried and appropriately resourced.
Once you've identified the risks that are specific to each area, develop mitigation plans to address them. For each plan, create specific and tangible actions to mitigate risk and potential issues long before a threat of occurrence.
What is a cloud target state?
A cloud target state is defined as the physical and virtual presence your company desires to have once you have completed your cloud strategy implementation.
To define your organization's target state, you'll want to answer the following questions:
Which services will you move to the cloud, and which will you outsource from a more traditional IT infrastructure standpoint?
Does your business require private services over public ones, or are some services private and some public?
Does the business have a mandate for keeping certain services or activities internal?
What services can be placed externally to the business’s infrastructure and operations?
Is there a preference in the level of control your organization has over the service—IaaS PaaS, or SaaS?
What changes will you make to your current policies to accommodate your target state?
What metrics will you use to measure the success of your target state?
The chart below illustrates some sample success metrics and their corresponding tracking mechanisms.