Clouds spilling over cliff

5 steps to a clear cloud adoption strategy 

Many organizations have adopted cloud technologies in a piecemeal fashion, addressing specific needs as they arise. In some cases, the business has selected cloud services independent of the IT organization. Without a centralized strategy for cloud adoption, organizations are subject to “cloud sprawl,” which drives up costs and can lead to issues with compliance and security.

If parts of your organization are contracting for cloud services independently of each other, then you probably aren’t achieving the volume discounting that you could with, for example, the reserved instances or SaaS seats offered by some cloud vendors. You may be wasting money on instances that go unused after their initial purpose has ended. And both demonstrating compliance and enforcing security policies are made more complex by redundant or shadow cloud services.

To address these challenges, CIOs should turn their attention to developing and implementing a centralized cloud strategy and use it as the foundation for governing the use of cloud services across the business and IT organization. This cloud strategy should first be informed by business strategy, yet the IT operations team should have an active voice in formulating it, because a cloud strategy done poorly can drive complexity that will reduce agility and increase costs. 

Get the Report HPE Software Container Security POV: Are Containers Secure?

How to implement a clear cloud strategy

Want to help your CIO develop a cloud strategy that meets business priorities without making operations miserable? Consider these five steps for clarifying and unifying your cloud strategy.

1. Enable continuous delivery of custom code

Digital business transformation can present an existential threat to many businesses. Retailers shuttering brick-and-mortar stores is perhaps the most visible example. But nearly every business is looking to compete via digital services that help them interact better with customers or drive down costs.

Those digital services require constantly evolving software to keep up with competitors, which drives requirements for agile development and DevOps practices. DevOps requires continuous delivery of changes to code, which demands the immediate availability of infrastructure for deployment, for which infrastructure as a service (IaaS) and containers are ideally suited.

That makes continuous delivery of prime importance to the cloud strategy. When evaluating the key pillars that best enable the organization to implement continuous delivery, you should consider topics such as:

2. Prioritize cloud migrations

For off-the-shelf applications, there is a question of whether to move them to the cloud or retain them in the organization’s own data center.

This is most commonly a cost-reduction effort, but not every application is going to cost less simply by running it in the cloud. Elasticity is the real key to cost savings. That means that applications with highly variable usage (often called “bursty” apps) should be prioritized for migration to the cloud. Otherwise, you are paying for on-prem resources you suddenly don’t need, or you’re scrambling to grow your VM capacity or provide another means of infrastructure expansion.  

And there are considerations for app migrations beyond cost savings, such as:

These should be tested with pilot programs before migrating full-scale. And if you need help, there are cloud service brokerages (CSBs) and automated migration tools that can reduce the guesswork.

3. Consider SaaS for non-revenue-generating apps

While infrastructure in the cloud may be a priority, many organizations have already adopted SaaS, a choice driven by business selection. It’s likely the business will still look for IT support for SaaS, so it needs to be brought under one governance umbrella.

Yet, beyond the business penchant for shadow file-sharing, SaaS is an area to consider as an alternative delivery method for applications that are noncore to revenue generation. Email, service desk, CRM, and payroll are common to most businesses, but there are SaaS options for just about any software today. By outsourcing noncore apps, IT can focus on what makes the business competitive.

The downside is that, over three or four years, licensing for SaaS apps is more expensive. The total cost of ownership depends on other factors, such as server costs, hosting fees, and operations salaries, though. And don’t underestimate the value of cleaning up a messy environment by getting rid of it entirely.

4. Deal with legacy applications

If your legacy apps aren’t getting the job done, then the decision to shift to a cloud solution is made easier. But chances are that the reason legacy apps—those running on mainframes or even those Windows XP apps that have been in the news due to ransomware—are still in your environment is that they just work. The benefit of replacing those apps isn’t worth the cost.

Except that it’s getting more difficult to find talent to manage these apps. And there is a real security threat that can affect their availability.

Enter the age of modernization. There is now software that will allow you to deploy existing COBOL applications to new platforms, including IaaS. And moving applications from physical or virtual servers to the cloud can also be automated today. Automating these migrations is critical to testing the approach and minimizing downtime and data loss during cutover, while reducing the cost of the migration in terms of operations time to an acceptable level weighed against the benefit gained.

5. Govern the overall strategy

There isn’t much point in having a strategy without a means of governing it. Without governance, the strategy is prone to become little more than ink on dead trees in plastic binders.

The cloud is not just a technology but an operating model. Have you adjusted your provisioning and management processes to allow for a hybrid approach? Does operations have a way of understanding the configurations of workloads, including who owns them, where they are running, and how are they updated?

From a policy perspective, the security team must be involved in understanding what the cloud vendor is responsible for and what policy controls must be managed internally, both for risk and compliance purposes. Typically, identity and access controls, at a minimum, will need to be enforced by your organization. Centralizing all cloud access can simplify this, but even more simple for users and operations is being able to use the same access method across all of the organization’s apps.

Finally, cloud vendor lock-in is a challenge to consider in selection of a vendor. Can you get to your data if the relationship sours or if a better offering emerges in the future?

Avoid piecemeal cloud adoption

Allowing piecemeal and random cloud adoption isn’t a sustainable plan from the perspective of cost, security, or operational health. A clear cloud strategy, aligned to business strategy, is critical to realizing all the benefits of the cloud.

Get the Report HPE Software Container Security POV: Are Containers Secure?
Topics: IT Ops