10 cloud strategy questions every IT leader must answer
6. Are we taking advantage of cloud-native benefits?
Long is the list of “lifted and shifted” workloads that have resulted in cost overruns, emergency expense management, and performance issues. Such costly mistakes can be avoided with greater investment in cloud strategy.
The biggest value of cloud tends to result from cloud-native solutions, which exploit the scalability and variability benefits of cloud, says SAS’s Upchurch. At a previous company with a cost-effective corporate data center and infrastructure environment, Upchurch found that simply moving enterprise applications to the cloud would have decimated the budget. Instead, his team employed DevOps practices to rearchitect applications to take advantage of native cloud capabilities. The result was a cost-neutral cloud hosting solution that delivered other benefits such as a better user experience, rapid and transparent updates, and variable cloud usage patterns.
CIOs should ask themselves whether they’re taking full advantage of cloud services and features when migrating to cloud. “If the answer is no,” Upchurch says, “you may just be renting someone else’s data center.”
7. How will we balance security, agility, and usability?
Having appropriate levels of protection for each cloud workload is essential. But cloud cybersecurity is a different beast; it’s a shared responsibility. So, IT leaders should be clear about roles and responsibilities. In addition, “the landscape is evolving,” says Anuj Bhalla, president and global head for integrated cloud and delivery excellence at Tech Mahindra. “It is imperative for leaders to consistently evaluate and revise cloud security strategies and stay informed about emerging threats.”
What’s more, IT will need to juggle cybersecurity with competing priorities such as agility and functionality.
“To maintain the cloud-like experience for users, security must be embedded throughout the cloud-native software development and cloud architecture,” says Upchurch. “This eliminates the need for complex network firewall configurations which are difficult to automate, cost more, and destroy the cloud-like experience users expect.”
IT leaders may shift to security left with DevOps approaches and employ security practices such as static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST).
8. Do we have the right talent in place?
“Organizations slow the cloud transformation journey due to lack of internal cloud skills,” says Joe Nathan, associate principal for technology transformation at The Hackett Group. Cloud computing changes staffing requirements to varying degrees depending on the level and type of adoption. IT leaders may need fewer people managing servers and more people performing higher-level network engineering, systems integration, vendor management, data science, cloud security, or business analysis work.
Organizations also need nontechnical skills such as cloud financial management and cloud optimization, Nathan says. Some of this can be accomplished by upskilling willing professionals but IT leaders may also need to recruit cloud-savvy talent as well. Thus, HR should be a key partner in cloud strategy.
“Skills are needed to properly interpret the requirements, understand the universe of potential solutions, and begin analyzing which of those are most likely to be an appropriate match given the organization’s myriad constraints,” says Randy Armknecht, managing director and leader of the global cloud advisory practice at Protiviti.
While IT leaders may lean on IT service partners for access to capabilities at scale, Armknecht has worked with multiple CIOs on building a culture of cloud learning within their IT teams, which can offer broader benefits. “The biggest benefit I’ve seen is the strength in community that forms as the database, network, server, security, and app developers view it as a common journey they can accomplish together,” Armknecht says. “Increased collaboration leads to increased speed of deployment and reduced errors. A knowledgeable and motivated team working together can achieve great things.”
CIOs should make sure they have change management expertise on board, too. “It takes a great deal of collaboration to shift to the cloud, and you need people who can really organize and orchestrate the changes,” says Merchant Fleet’s McIntyre. “Planning is critical, but really galvanizing all the people into an aligned approach is paramount.”
9. How will we measure and communicate the value of cloud?
At a minimum, IT leaders should know how to manage cloud costs. The scalability of cloud can rapidly result in cost overruns, says West Monroe’s Alletto. Some IT leaders tout the benefits of building FinOps capabilities early on to enable greater cost transparency.
But CIOs should be prepared to evolve beyond responsible cloud spend into demonstrating the business value of cloud, whether that’s new application development, rapid and frequent updates to existing cloud applications, customer or revenue growth, or some other cloud-enabled business outcome.
Quantifiable, dynamic, and outcome-oriented metrics are essential to track progress. “Value realization and maximization from cloud is a continuous process and needs a solid tracking and feedback mechanism for ongoing improvement,” says Everest Group’s Ranjan, who advises focusing on OKRs (objectives and key results) rather than traditional KPIs (key performance indicators).
At SAS, which has a large, advanced FinOps program that illustrates cloud cost savings and efficiencies, the next step will be using the platform to articulate the business value accruing from these investments.
“That will show and justify growing our efficient cloud spend,” says SAS’s Upchurch. Illustrating the full business impact of cloud can help any CIO “reduce the finance and executive reflex to reduce cloud costs which could be detrimental to functionality and value,” Upchurch says.
10. What’s our exit strategy?
One of the biggest cloud strategy mistakes is failing to have an exit plan, Gartner’s Smith says. Everyone knows they should have one, but no one wants to ask the question. “They think people won’t like the answer, which is that they’re locked in and it will be hard to move,” he adds.
A head-in-the-sand approach, however, is a bad idea. While cloud repatriation is rare, it’s important to describe existing dependencies and options if only to prepare for an unforeseen situation. In fact, some EU regulators now require that companies do this. A cloud contract may lay out SLAs and exit terms and conditions, but it’s incumbent on IT leaders to plan for how the decoupling would proceed, addressing relevant infrastructure and business issues.
It’s never too late to develop or refine a cloud strategy. In fact, having real-world experience with cloud, for better or worse, can help inform strategy development.
“You shouldn’t build a cloud strategy in an ivory tower without making mistakes and having learned from them,” says Smith.
Moreover, there are many organizations that have been on similar cloud journeys with successes, challenges, and failures that can be instructive to IT leaders. “It’s good corporate stewardship to learn from those who’ve gone before and apply [those lessons] to the go-forward strategy,” says Protivit’s Armknecht.
But IT leaders should not delay addressing these cloud strategy questions. “Everything takes time to accomplish,” Armknecht says. “And in the cloud, where cost is determined by use, the longer you’re overprovisioning resources or stuck with a broken architecture, the more the error costs.”