When Covid-19 first hit, companies around the world had to rapidly adapt, forcing them to launch new and expanded digital services quickly, accelerating the transition to a hyperconnected world. Thankfully, the cloud has been instrumental in supporting businesses’ transition during the pandemic, supporting a touchless economy and enabling home-working, agile business processes, and external digital engagement anytime, anywhere.
With no immediate plans to rush back to offices – PwC research indicates 86 percent of UK CEOs see a long-term shift to remote working – now is a great time for organizations to stake stock, revisit and if necessary, reinvent their cloud strategies to make them suitable for the long-term, prepare for any future crises and work to be more adaptive to customer needs. That said, budgets are shrinking, as Gartner estimates that spending has declined 7.3 percent in 2020 and the expectation is that this downwards trend will continue into 2021. With that in mind, it is paramount that organizations prioritize their cloud strategy.
Facing cloud challenges head on
We need to remember that cloud transformation is a journey, not a one-off project so getting the foundations right from the outset is critical. There are three main pillars as I see it, that are key to forming a perfect cloud strategy: Managing multi-cloud so that it doesn’t get unruly or unmanageable; Cloudification – going cloud native - the way forward for increased business agility and speed to market; and security – essential for underpinning every cloud strategy.
Connecting machines to machines, and us to each other and our digital devices – multicloud helps to provide instantaneous, on‑demand delivery of end‑user features, applications and computing infrastructures. It involves the use of public clouds from two or more providers, whereas hybrid‑cloud combines private clouds and public clouds, which often brings fundamentally different delivery models together.
Key reasons for adopting multicloud include being able to tap into the strengths of different cloud platforms and how it separates data flows and critical functions into different parts across multiple clouds, enhancing data security, resilience and productivity. It also helps businesses to comply with regulations across different geographical regions, such as GDPR and data sovereignty, can enhance the user experience and best of all, it enables organizations to choose the services that suit the business at competitive price points.
This is all great news and uptake of hybrid and multicloud architecture is fast gaining momentum, however IDC cautions out that not all businesses are sufficiently prepared to implement cloud strategies due to migration and skills‑related challenges. By 2022 however, they’re predicting that over 90 percent of enterprises worldwide will be relying on a mix of on‑premises/dedicated private clouds, multiple public clouds, and legacy platforms to meet their infrastructure needs. Change is indeed imminent if not already underway.
With cloud playing a growing role in long term profitability and sustainability, having a well-planned multicloud strategy is essential to improve efficiencies, control costs and provide access to new technologies. Without one, enterprises can quickly lose control, ending up with a messy knot of unmanaged and ungoverned expensive clouds. This is because they don’t take into account the growing number of cloud services and increasing amounts of data. Unfortunately, connectivity often gets skimmed over in cloud strategies, leading to performance issues and poor user experience later down the line. It’s worth its weight in gold to invest in planning and preparation from the outset.
Going cloud‑native is the way forward for increased business agility and speed to market. These apps are essentially built to run in the cloud and are optimized to take full advantage of all the benefits cloud brings, including elastic scalability, high availability and self‑healing. Legacy applications can be rewritten using cloud‑native technologies too so that they don’t become obsolete.
From an economic point of view, these types of technologies enable the true value of cloud by scaling and developing applications in much shorter timelines than has been possible previously – through faster code development and coding, quicker turn-around of services and serverless computing – all of which simplifies the process of deploying code into the production cycle. They work well in multicloud environments too as the approach can take advantage of operational functions to deploy efficiently and productively across multiple infrastructures.
The best way of controlling costs here is to link to business outcomes, as with agile projects. More costs equal more income, so in the spirit of financial operations, you can actually see cost as something as agile as the rest of your architecture. Newer technologies and services available to developers makes this possible by using cost tagging on every component which makes up your architecture. Continuous cost compliance can be performed by using predictive tools to proactively tell your financial team what the financials next month could look like. As a consequence of cloud native services, full codification of orchestration and available tooling controlling costs is no longer something that needs to be done manually or reactively, instead it’s built into the architecture. It does, however, require integrator capabilities with operational expertise to achieve this cross architecture orchestration from connectivity to applications rather than just looking at silos.
In line with the culture of digital innovation, any failures here should be fast, with lessons learnt quickly and readjustments made immediately; and it’s possible to achieve this because the technologies building blocks are designed in a way which allows this kind of mind-set.
Going cloud native requires a commitment to not only prioritizing cloud-based applications, but a willingness to explore fundamentally new delivery models. It will likely require new skills sets that will need to be hired in or grown internally and will most likely also redefine your vendor landscape as you’ll need new partners and ecosystems to lean on.
Understanding your business objectives in adopting a cloud native model are imperative, otherwise you can lose focus or end up with only IT centric goals not linked to business outcomes – disastrous!
Different generations of cloud require different approaches to security – with cloud native likely the most extreme approach as it requires security to fit development and not the other way around. This is because enterprises will enter a world of full stack codification and GitOps.
The general perception is that you can offload cloud security to a cloud infrastructure provider, however there are still risks which enterprises must be aware of and understand how to mitigate. Many make the mistake of being operational in the cloud long before the security systems and strategies are put in place to protect their new infrastructure. The components in the cloud are secure by design when they are provided by a cloud infrastructure provider, but when you plan to integrate it to build a digital platform, enterprises will need the security competencies and expertise of a cloud integrator to cover proper configuration management and integration governance.
Human error is the cause of many security breaches. Employees put data in the cloud without passwords and forget where it is or need a job done quickly and resort to using Shadow IT. Cloud itself isn’t less secure, but it does require the correct controls to keep data safe. Remember, it is immaterial to bad actors where data is, on premises or in the cloud. They are targeting the application and data.
Security must not be an afterthought. Every business is different and needs a tailored security plan from the beginning; preferably when you are building your landing zones, CI/CD pipelines or continuous compliance method. Security in the cloud is also a shared responsibility and it’s really important to get a thorough understanding of which parts are the cloud infrastructure provider’s responsibility and which are the enterprises. I’d always recommend engaging an MSP to help identifying responsibilities or to further understand the impact of it.
Incorporating zero trust into the cloud infrastructure is critical too – with best practice security built into DevOps development and deployment processes and feed that trust into ongoing monitoring and maintenance too. Be careful to avoid bringing in gated security processes though since that can hinder innovation and slow down the rollout of new features.
I’d advocate exploiting opportunities in the cloud too - to automate security such as code review testing to continuously use security as an enabler to do things faster, better, more efficient and more secure.
A vision for the cloud
It’s clear that the cloud has established itself as an essential business enabler, with IDG estimating that 92 percent of an organizations’ total IT environment is now partly in the cloud. As a result, cloud is no longer an IT matter, instead it is something that relates to a whole organization.
Getting it right is imperative and enterprises cannot afford to underestimate the energy required for successful cloud transformation. They must accept that any change will be an iterative one. Making good and early choices and being able to absorb and adjust to change will significantly help to reduce risks, ensuring that a business remains flexible and competitive.
Matthijs Stevens, Head of Cloud Europe, Orange Business Services