The pressure on an organisation to transform has never been more tremendous. Organisations are already facing a long list of complex and ambiguous challenges, and those that do not accelerate their transformation journeys now risk competitive disadvantage and existential decline. It is no wonder that success depends on anticipating and meeting customer needs, innovating at pace, and implementing operational change with agility and efficiency.
There are many reasons for running transformation programs and cloud adoption, such as customer insight to shape the best possible experience, striking the right balance between human and digital interaction and enabling the flexibility that legacy systems can’t provide. Creating a unified customer profile, improving customer onboarding, increasing customer engagement, and managing collaboration across the front and back offices are a few of many other benefits that the public cloud has to offer. Cloud adaptation could also aid with the pressing challenges of risk, regulation, compliance, and on top of all, cyber security.
As more and more organisations embark on the journey of cloud transformation, having insights into the top 10 considerations would enable a hands-on risk assessment and successful transition. Every organisation’s cloud transformation journey is unique and has inimitable challenges that need a customised solution; the ten considerations listed below would provide an insight into most of the requisites for successful transformation. The considerations would be an enabler to achieve this and run a successful public cloud-based transformation program.
1. Organisational Readiness
According to a survey by cloud computing statistics, the top 3 challenges organisations had when using the cloud-based tech, “governance”, was their #1 priority. Many organisations (84%) were worried about managing their IT spending due to the complexity and scale of their operations. Most other organisations were looking for enhanced security and compliance, while the possible costs were way down their list of concerns.
No one solution fits all.
The benefit of the public cloud lies in its agility and diversity. A report from IDG suggests that the top reasons organisations choose to trust the cloud – 71% were looking for speed improvements as reason #1, 63% wanted greater flexibility as reason #1, and 57% picked improved customer support as reason #1. (IDG: International Data Group)
The first and foremost step(s) any organisation should consider before embarking on a cloud transformation journey starts much early than looking into cloud options at all. It is essential to ensure that the cloud transformation aligns with the organisational strategy and roadmap, adds the needed value to the business, and provides relevant outcomes.
The three key considerations are defining purpose, establishing a relevant path, and deciding an action.
A well-defined and articulated purpose (1st consideration) aligning with organisational vision and strategy, such as prioritising customer experience, leading technology adaptation for competitive differentiation, making the right strategic choices for business processes, e.g. payments etc., will help establish “the path” (2nd consideration).
The path would help establish an adaptation plan, such as if the transformation is about business strategy, new market, new product & services, regulation, revenue increase and cost reduction, or long-term IT strategy.
An established adaptation plan will help with adaptation scopes such as decommissioning requirements, investment and ownership strategies, regulatory requirements, and any anti-pattern architecture (applications that do not align with the adaptation agenda’s design pattern). The adaptation plan will also drive design principles (e.g. increased use of shared distributed architecture, reducing technical diversity of infrastructure and suppliers, embracing agile and DevOps delivery technique, SDLC compliance), ensuring they align with the target state and the initiative.
The following task would be to run an inventory of assets to gather current workload information such as source codes, servers, middleware, network, control program, batch jobs, etc. – and evaluate complexity. The task will help with the cost and develop a solid business case identifying current operating expenses, estimating as-is operating costs (OPEX) with the new model (CAPEX), and the ROI (return of investment). It also helps minimise the discrepancies that otherwise may unfold at later stages of transformation, causing compromise or deviation from purpose and set adaptation agenda.
3rd consideration is what action is needed to achieve the purpose and follow the path. Whether it is Speed, reducing setup time through cloud plug and play capabilities, coupling “cloud scalability and flexibility” with an enhanced IT operating model, or agile development, which focuses on product delivery and CI/CD for a more significant value proposition.
2. Requirements – Functional and Non-Functional
The 4th & 5th considerations are functional (FRs) and non-functional requirements (NFRs). Thoroughly mapped FRs and NFRs act as guardrails for the transformation project, and strict requirements are the foundations of a successful public cloud transformation.
The two also helps determine if the proposed cloud service meets the mandatory requirements in compliance, security, service levels, features, etc. It’s no wonder that the report from Forrester found that 68% of projects with precise requirements succeed in meeting the quality standards and identifying whether it makes sense to be on a public, private or hybrid cloud.
3. Cloud compatibility
The 6th consideration is checking cloud compatibility. It will help answer some common questions such as – “If we execute the public cloud-based transformation project, what is the suitability of the public cloud and – if there be any productivity and efficiency gain, and increment in business values?”
Compatibility checks also help uncover other associated components such as upskilling requirements, governance, security, SLAs etc. And will also provide a mapping of as-is state with to-be, providing needed transparency to the program success.
The cloud may give the impression of a magical, enchanted wonderland, but companies’ data protection and other regulatory obligations don’t disappear when it’s up and running.
Organisations and cloud vendors like AWS, Microsoft, and Google are responsible for explicit components of the cloud infrastructure under the shared responsibility model. This well-accepted framework entitles “strictly” what organisations prerequisites are to remain compliant with pertinent regulations.
It is important because, along the way to digital transformation, many organisations forget that they still have the responsibility to protect their assets and data in a public cloud. The absent-mindedness leads to components that are either vulnerable to cyber-attacks or publicly accessible to anyone who spends the time to find them.
The issue lies in that many enterprises only try to achieve the bare minimum in their cloud migration strategies. While the basic protections can offer some security, they can often be a false sense of fortification.
5. Risk Assessment
The 8th vital consideration is running a risk assessment. Any security risk assessment aims to identify threats and vulnerabilities, the potential costs of leaving them unaddressed, and the likelihood of adverse effects. Considering now we have all the data needed for it, it is the right time.
Risk assessment is crucial because all cloud-based tools come with some level of risk, though not all come equipped with the same levels of built-in security. And tools such as CCM – Cloud control matric from CSA – (cloud security alliance) come in handy when running the risk assessments of cloud-based components. Cloud Controls Matrix (CCM) provides fundamental security principles to guide cloud vendors and cloud customers seeking to evaluate the overall security risk of a cloud service. And it also covers a wide variety of frameworks such as ISO 27001/27002, PCI, NIST, NERC CIP and many other Governmental Compliance Standards FISMA, FedRAMP, NIST, DFARS, CJIS, HIPAA. CCM could be used as a tool for the organised valuation of cloud implementation and could guide which security controls should be implemented by which party within the cloud supply chain.
6. Due Diligence
The 9th consideration is running due diligence. It is essential as it would help with carefully selecting the right strategic partner(s) for the cloud transformation, someone with the sector-specific capabilities and the track record to prove it. It would also help determine the competencies of a potential cloud provider, such as their controls over data privacy (e.g. encryption and access privileges) AND disaster recovery plans and service level agreements. And it also helps check the cloud provider’s commitment (s) to comply with evolving regulatory changes and industry-specific certifications.
And Finally, the 10th and last consideration is making “the” choice.
Any organisation looking forward to cultivating and combining public and private cloud technologies could use multi-cloud and hybrid-cloud strategies. 81% of all enterprises already have a multi-cloud strategy laid out or in the pipeline. Exciting innovations such as Kubernetes container, out of the box data pipeline, serverless functions enabling the ability to run code with infrastructure are becoming new status quo in hybrid and multi-cloud models. And they’re just a taste of what’s to come.
Let’s consider how much the cloud has evolved over the last decade. Technology would continue to advance, and organisations opting for the cloud would be presented with numerous options to innovate and take the businesses to new heights and success. Though the choice and decisions for cloud adaptation are always challenging, the above ten considerations would help ease the process and set the cloud transformation journey to success.
The discussed ten considerations would help change faster and better and would answer critical questions relevant to an organisation, such as:
- What is our cost-to-income ratio today, and what is our target for tomorrow?
- Where can we reduce costs and drive value in operations and distribution?
- How will we manage IT renewal to minimise the risk of outages?
- Would our risk and compliance functions remain as is or change in future?
- How will we reduce risk and compliance costs while maintaining effectiveness?
- What are we currently spending on change programmes, and what should we be spending?
- How the effectiveness of our transformation work could improve?
- Do we have the skills we require to deliver the step-change we need?
- Do our partners understand our vision for our transformation journey?
- Above all, what do our customers want?