The promise of lower and more predictable costs, enhanced service delivery and greater flexibility is spurring more and more organisations to place all their workloads in the cloud. But there’s an inherent complexity in such an undertaking that cannot, nor should not, be glossed over.
Before embarking on a cloud migration strategy, decision-makers will need to first evaluate some fundamental questions:
- Does the regulatory environment that governs your organisation’s marketplace or operations impact which workloads are appropriate for cloud migration?
- Is there a clear understanding of on-premises and in-cloud cost structures and does the economic model make sense? Is there any confusion between cloud as an economic model and cloud as an infrastructure?
- There are multiple cloud model options – what ‘type of cloud’ is being proposed by the IT team?
- Is it appropriate to ‘mix and match’ cloud vendors and what are the options for switching vendors if required?
- Are the right in-house skills and tools in place to manage a cloud infrastructure?
Taking a step back to consider these key points will to ensure organisations are able to plot the most appropriate path to the cloud for their business, putting in place strategies to de-risk the migration process itself.
Evaluating the opportunities – and the risks
Moving to the cloud is particularly appealing for start-ups and small or medium sized enterprises who need to manage operational expenses while ensuring resources can be ‘switched on’ fast to support business growth. Similarly, the cloud model is advantageous for non-regulated industries where the compliance burden on cloud vendors is limited.
But larger organisations with between 5,000 and 10,000 employees, or businesses operating in highly regulated industries like life sciences, financial services, manufacturing and transportation, will need to carefully evaluate which workloads are migrated to the cloud.
For these enterprises, moving email and collaboration workloads may prove a relatively easy to risk manage. However, the case for financial or learning and development applications may be less clear as these may require controlled audits and higher levels of data protection -and may even be governed by data locality regulations. In such scenarios, the service agreements of cloud vendors will need to be carefully scrutinised.
In terms of appraising the regulatory landscape, PCI DSS, SAAE-16, safe harbour and GDPR will probably top the list. However, compliance with domain-specific regulations such as the FDA’s CFR-11 code on electronic records and electronic signatures, and the US government’s FFIEC banking guidelines may also need be considered.
To assure cloud delivers long-term benefits in relation to data protection and business continuity, organisations will need to complete a detailed risk analysis and ideally work with an established vendor – transferring financial liability for non-compliance to vendors whenever possible.
Considering the options
Moving to the cloud is not a ‘one size fits all’ proposition and organisations can elect to progress up the cloud delivery chain, adopting higher levels of cloud services and facilities as they go. This may result in an evolving cloud environment that features a range of cloud service options that may include:
- Basic rental of data centre space and power to offload management of the physical infrastructure – and/or the lease of machines furnished with operating systems
- Virtualisation of compute infrastructures such as storage – for example, providers like Amazon Web Services (AWS) offer access to a broad set of compute, database, analytics, application and deployment services in the cloud
- Utilisation of dedicated or multi-tenanted shared cloud-hosted applications.
Similarly, different workloads may require a different combination of cloud services, according to the level of control or governance required when managing apps in the cloud.
For example, a standard SaaS provider may be ideal for general productivity applications – such as email, collaboration, travel management and expenses – with the caveat that employee data privacy, data leak prevention, worldwide global performance and user experience are guaranteed, and the provider offers comprehensive tools to assure inbound and outbound data migration from their systems.
Some applications, however, may demand a more nuanced approach:
Human capital management/training/learning – IT staff may lack the in-depth knowledge of local compliance regulations to ensure the business is appropriately supported; for example, federal compliance requirements in the US are in constant flux. While an SaaS solution may work for such applications, a professional solution provider will be able to offer either a private hosted option that delivers enhanced change control or an on-premises deployment with an economic subscription model with periodic upgrades that protect against user revolt in the event of obsolescence.
Research and development/IP – representing the firm’s crown jewels, locating core designs or data models anywhere outside the organisation’s control comes with a level of risk that will automatically raise the bar in relation to protecting such critical assets. However, renting space in a colocation facility or opting for a rented machine and virtual machine model may well be sufficient to shield data from prying eyes and will deliver greater cost predictability and global performance compared to in-house physical data centres. However, for highly sensitive research, consider maintaining full control of the internal data centre.
High performance computing (HPC) – popular platform-as-a-service providers like Amazon AWS offer easy-to-deploy and scalable high performance computational resources that are ideal for compute-intensive tasks like modelling, simulations, data transformations, machine learning and financial analysis, but it is vital to undertake a complete breakdown of internal costs versus that of using a cloud service provider to avoid bill shock. On a small scale, cloud solutions will often generate top level economic gains, but usage and costs should always be monitored to ensure that OpEx is sustainable.
Preparing the in-house IT organisation
The internal IT team will be responsible for taking on the task of managing ‘cloud IT’, so it is important to ensure the IT workforce is prepared for the shift in skills this will require. For example, moving away from on-premise IT and migrating infrastructure to the cloud means that core expertise will need to be refreshed: certifications like Cisco, Microsoft and Oracle will need to be replaced by AWS, Azure, New Relic and S3.
As workloads migrate to the cloud, in-house IT teams will need to learn new tools to manage overall cloud performance and cost. They will also have to be equipped with the skills to cope with changes to IT governance, as well as the changing operational roles and structures that will result from the move to cloud services.
In other words, they will face a shift from undertaking hands-on technical work to being expected to execute service management capabilities and oversee the services sourced from cloud suppliers.
As organisations strive to make cloud work for them, IT teams will increasingly need to work with business stakeholders and develop their business relationship management skills; consulting with their business peers and embedding themselves earlier in the decision process.
Making the transition to the cloud requires consideration of a range of aspects. But as business leaders grabble with the top level strategic issues, it’s vital that internal IT teams aren’t left out of the equation.
For cloud migration to work well, IT teams will need to master the technical and business liaison aspects that are part and parcel of the cloud-enabled enterprise - and that means preparing the IT organisation appropriately so it can mediate effectively between internal business unit ‘customers’ and cloud service providers.
Steve Wainwright, Managing Director of Skillsoft
Image Credit: Wynpnt / Pixabay