Organizations are continually looking for ways to reduce the time and cost of managing their IT infrastructure so they can focus on new initiatives to develop their business, not spend time updating user desktops or managing aging servers. Is cloud the solution, able to provide what outsourcing promised but ultimately failed to deliver?
It’s tempting to think so, as cloud enables organizations to eliminate much of their in-house infrastructure and buy IT services on a ‘pay-as-you-go’ basis. It has certainly enabled many to keep working through the pandemic by delivering services to staff working from home. However, there is more to running IT successfully than simply consuming applications from the cloud. While cloud is likely to be part of the solution, it is not yet the whole picture for most organizations.
Some IT services are not yet cloud ready
Unless an organization first changes how it does things, it will continue to carry out the same processes in the same way, even if services are provided by a different supplier.
The ‘promised land’ is a world envisioned by cloud evangelists (a.k.a. vendor sales staff) where there is a suitable SaaS offering for every operational requirement in every market sector, enabling IT to become a utility. We can simply choose whatever services we need from a web portal, configure them to meet our specific organizational requirements and consume them as we choose, paying as we use them. However, apart from some common services such as CRM, email, file storage and ITSM (IT Service Management), there are not yet SaaS options for every specific industry, niche and complex requirement. There are three key hurdles to overcome.
First, while cloud enables individual services to be obtained in a modular way, almost all organizations will require multiple services to replace their in-house IT services. So they will still require the capabilities to knit these services together and manage and combine data from them to provide an integrated solution to users, as well as the ability to innovate and adapt as needs change. This can be a particular challenge for mid-sized organizations, which typically have the skills to manage day to day operations but need external help to deliver change – and with the belief that with cloud ‘it’s easy’, these changes will come more frequently, with the expectation they are delivered faster.
If there is no suitable SaaS offering, IaaS and PaaS mean application security and patching remain an in-house responsibility, and for IaaS add design, configuration and ongoing management. Even with SaaS, integration, authentication and data transfer must be handled in-house. And of course, cloud providers need to be monitored, managed and their bills controlled. It will be some time before business IT services become a utility that we buy like electricity or water.
Second, it does not make commercial or operational sense to move many legacy applications to the cloud unless they need to be replaced. This includes bespoke applications developed in-house, those which have been customized to organizational needs and others which depend on older versions of other applications, for example if hosted on an older or proprietary database. Most organizations we speak to have at least one business-critical application in these categories.
Finally, simply ‘lifting and shifting’ existing applications into public cloud IaaS will not improve performance, reduce complexity or deliver digital transformation, in the same way that outsourcing did not provide an improved IT service because you simply handed your existing infrastructure to a third party to run with the hope, rarely realized, that the outsourcer would significantly improve it.
‘As a service’ does not have to mean cloud
Another option is ‘IT as a Service’ (ITaaS), in which organizations contract a third party to optimize and provide a managed solution for either a discrete service or an entire IT environment. Unlike other ‘as a Service’ options, it is not necessarily cloud based, although services can and often are provisioned from cloud environments. However, like cloud, it enables an organization to consume services on an as-needed, pay-as-you-go basis, thus providing limitless capacity, almost total flexibility and increased efficiency. And, also like cloud, it frees up in-house time and resources for strategic projects – particularly useful for mid-sized organizations, where some 80 percent of IT resources are spent on managing the current infrastructure and firefighting.
It’s important to note that ITaaS is not the same as outsourcing. To successfully provide something ‘as a service’, whether through cloud or other means, it first needs to be reviewed to ensure it matches the organization’s vision of the future. It should be aligned with business needs and optimized to ensure that it is fit for purpose, before being delivered through whichever means is most appropriate. Based on our experience, there are three main points to consider when choosing any ‘as a service’ (aaS) option.
1. Define a clear vision and align IT with business needs
Any IT change program should begin with a compelling event that requires the organization to modify what it currently does. This could be the end of an unsatisfactory supplier contract, the desire for digital transformation, the need to upgrade key applications or replace core infrastructure, or difficulties with the current IT environment. Currently, it could be coping with a change in business priorities due to the impact of Covid-19. There should be a clear vision of what success looks like and a plan for how to achieve it.
We’ve completed hundreds of major IT infrastructure improvements and cloud migrations, and the majority have achieved the expected benefits or savings. Analysis shows that where desired outcomes were not achieved, this was primarily because stakeholders had misaligned expectations of what a successful outcome would be, which is why it should be one of the key elements defined when initiating change.
With their vision clarified, organizations need to review existing applications and services against business needs – a business and IT alignment review. This will define the service levels required for the key operational processes that IT supports, with a full understanding of cost, performance and availability implications. They can then decide which applications can usefully be provided via cloud or another aaS solution, and which, if any, to retain in-house. Each organization will have different requirements; there is no one size fits all solution. They can then embed their vision into a clear, compelling and easily understood business plan to deliver the promised benefits for approval by their organization.
2. Re-architect and optimize your services
Once the change plan has been accepted, it has to be delivered. It will not just be about technology: it will potentially change existing policies and processes, will almost certainly need new skills to implement, and will require ongoing monitoring, management and security.
When using cloud services, organizations need to align their processes with those of their chosen cloud provider, as it is unlikely that a provider will change its processes to suit a customer. With the major public cloud providers, accessing human support is a challenge in itself! All these elements will need to be included and good outcomes delivered to ensure organizations obtain the expected benefits. Perhaps the biggest challenge is that the CIO or IT director has one opportunity to do this successfully, and the consequences of not delivering could be detrimental to their reputation and possibly career. If an organization chooses ITaaS, the third party will provide this expertise, using their experience to speed up the process and ensure the anticipated results are delivered.
3. Decide how much support you need
Different types of service require different levels of support. Take security – with SaaS, the provider is responsible for overall security of the service, and the user only has to handle authentication to the service and data transfer between service providers. The organization is basically a passenger and main responsibility is ensuring performance matches the agreed SLA and analyzing invoices.
With IaaS, the user is responsible for securing access to the instance(s) and everything inside them, plus security of integration between instances, unless they ask the provider or a third party to do it for them. Customer and provider share a common level of risk, and organizations need to ensure they configure the set-up correctly. With ITaaS, the provider handles all aspects of security, irrespective of platform or provider, along with all aspects of service delivery and support. It is up to each organization to decide how much day-to-day management they want to handle themselves and use the ITaaS provider’s services to cover the elements they cannot provide internally.
For most organizations, the optimum solution is likely to be a hybrid. For example, a medium-sized organization we worked had outsourced all its IT in a virtual hosting environment, but without any contractual flexibility to adapt its services. After several years, this was constraining its development and growth and there were problems with both the provider’s reliability and flexibility.
The organization decided to take back control and wanted to move as many services as possible into public cloud SaaS. However, it relied on several legacy applications for which there were no suitable SaaS services available. After analysis we concluded it did not make sense to migrate these into public cloud. Instead we agreed on ITaaS, providing flexibility and a pay as you go model. The applications are running on up-to-date hardware, with security and patching managed, and performance measured against agreed SLAs. The in-house team can now focus on replacing them with appropriate SaaS services without the impending deadlines under their previous contract, and then on developing new digital services that will be enabled by the new applications.
Richard Blanford, Chief Executive, Fordway