Recently, a client I was helping with a cloud effort asked me the question, “Do I need a cloud strategy?” That prompted me to share in this blog post series what I have learnt about cloud strategies from my work with my clients and from the insights gathered interviewing forty CIOs and tech executives (see our recently completed cloud research report for details).
What I’m generally finding is that individual business units and departments in mid-tier and large enterprises are using cloud services in isolated pockets to solve specific and tactical problems and for the most part they are getting quick and successful results. Here are some examples of such small experimental projects customers are being executed in the cloud:
- Setup innovation sandboxes (i.e. a skunk works projects) where small teams work on a specific business-driven projects (new development/test application, public web-sites) on a public Infrastructure-as-a-Service (IaaS) cloud like Amazon
- Develop a small tactical application on a Platform-as-a-Service (PaaS) like Force.com or Azure
- Acquire a Software-as-a-Service (SaaS) application for a non mission-critical business process within a small department.
This bottoms-up approach may be fine to acclimatize the company to the cloud and to evaluate vendor capabilities and technology benefits and constraints, but will the continued use of such a tactical approach—focused too much on local benefits—generate significant business value for the company as a whole? Do you need to shift from too much “how” to more of “what” and “why”?
I suggest that you develop an overarching cloud strategy that is fine-tuned by findings/value gained from your tactical projects. Otherwise, your transition to a cloud-based IT reality will be dominated by short-term tactical projects that won’t necessarily generate global business value or will end up being driven by your vendor agendas.
Consider the following trigger points for planning a cloud strategy from a longer-term business value/need perspective:
- You may be at a point where your hardware is due for a refresh cycle
- Your hosted infrastructure is up for re-bidding
- You have new infrastructure demands from your business for additional applications/data. If you are planning to invest in fresh datacenter footprint, the question is: do you really need to expand? Many companies are trying to maintain, consolidate, or reduce their datacenter footprint.
- You may have reached end-of-life of certain software products and looking for alternative solutions.
Any cloud decision you make at these crucial trigger points tends to be for the really long-term (5-15 years) and will fundamentally shape your company’s long-term cloud computing strategy.
Regardless of your specific business needs and the size of your company, there are a couple of business levers that you should to look at from a cloud strategy perspective: one is business agility, not just IT agility. How do the cloud technologies, architectures, and infrastructure tools get applied to your business to allow you to collaborate better within your company and partner ecosystem and to provide better and faster services to your internal and external customers?
The other major lever is operational excellence. How do you get improved availability, lowest cost and lower TCO so you can invest the savings back into the business? (See my blog post for data on TCO and cost savings: The Business Case For SaaS Applications: TCO Is Not A Customer Problem.)
IT executives in our survey (Download selected findings from the survey of 500+ IT executives) believe cloud technology can help companies reach the goal of an “Agile Business”. Business Agility was the number one driver of cloud computing adoption, mentioned by 49 percent of respondents (see figure below). The concept of agility incorporates many of the ideas including flexibility, speed, and innovation. Enterprise IT organizations can develop and deploy cloud solutions quickly and efficiently. The cloud enables enterprise IT organizations to anticipate and respond to the changing needs of the business more quickly and efficiently than ever before.
You need to plan your cloud strategy using these two levers to build out your next-generation IT systems.
Consider the following three inter-related steps in developing your cloud strategy. There are inter-related in the sense that they are iterative and cyclical in nature and the results/information from each step refines the previous and/or next steps.
- Develop a business case/strategy. Embracing cloud computing, like any other emerging technology, comes down to fundamentally figuring out how the investment in the cloud is going to yield positive returns to your business at an acceptable risk level. If you are looking to use a public cloud for solving specific business problems, it also becomes an outsourcing decision (see Top 5 Strategies for CIOs), one where you look for better value that is cheaper, safer, and better than what you would do for yourself. What’s changed in the past few years is that the robustness, the quality, the stability, the overall cost-benefit ratio for these public cloud solutions has become more compelling. Many commodity services (email, backup, archival, collaboration, etc) including standard business processes (CRM, expense management, accounting, HR management (See Successful Business Software Services in the Cloud) etc. are now available as public cloud services. For each business problem you need to solve, you need to look at a cloud solution and compare it with alternative solutions from an ROI and TCO perspective. Factor into this decision business risks associated with security, compliance, regulations, and legal considerations. Any cost calculation needs to take into account the longevity of the resource requirement, the “spikiness” of the workload demands, the average utilization of the resources, the cost of your internal processes around 24/7 SA support, maintenance, monitoring, change management and so on. As one enterprise architect at a Fortune 500 company pointed out:
“Our ops guys want to compare it on a per-unit cost, but that’s not the issue. We have to look at the cost of the overall solution across the life-cycle of the application to get a real idea of the cost comparison.”
- Analyze your Application Portfolio: Ultimately, it’s your application and data demands that drive your infrastructure and datacenter requirements. It’s critical that you develop a system for understanding and classifying applications and data corresponding to the business needs/use cases identified in Step #1 before considering the appropriate cloud delivery and deployment models. Easier said than done. If you ask any CIO how well understood her applications landscape is, including interactions between and among applications, the answer may surprise you. No doubt, there is going to be reluctance to change, a fear of breaking systems that are working fine by moving pieces around. The risk? Work slowdowns, jangled nerves, inefficiency. But tweaking system architecture in pursuit of greater efficiency was never painless, even before the cloud came.
As a first step, consider categorizing your applications in a two-by-two matrix: Is it mission-critical and is it strategic? The following matrix shows one way to determine your deployment options based on these criteria.
Applications can be also be classified into three categories in terms of their technical and practical feasibility of moving to the cloud.
First are legacy applications. Today, most enterprises have between 20 percent and 40 percent of their critical business operations managed by mainframe and Unix-based legacy systems. These systems may not be easy to virtualize for a cloud infrastructure. Furthermore, there are no business benefits or economies of scale associated with moving such systems to the cloud. These will stay within the data center, running on physical systems, until their current incarnations become obsolete, and they are migrated off to more modern architectures and eventually to the cloud.
The second category encompasses the vast portfolio of applications that are typically easier to virtualize (e.g., Web-based apps, as well as a majority of back-office apps), but are not built to scale on-demand to unforeseen demand spikes or to be resilient to failure. These are good candidates to be deployed into a private or public environment (depending on where they fall in the matrix), because they are easy to move around once they are virtualized.
You need to consider the demand profiles of these applications (the more “spiky” the demand profile, the more cost and elasticity benefits you can derive from the cloud-based deployment) and how isolated they are from your other data center applications and resources. Ultimately, you will need to weigh the cost and effort to virtualize and re-architect these applications for the cloud and assess if the cost-benefit ratio is reasonable.
Third are applications that are data-processing or data-access intensive. Many large enterprises deal with petabytes of data that they continually try to mine for value. The CIO of one Fortune 500 financial company told us that the company currently has twelve petabytes of data, growing 40 percent annually. Even if you could host some of this information and process it on an external cloud, the result sets that come out of these applications are often in terabytes. The more access you need to your data, the more you get anchored to a particular location. Because of the enormous compute capacity that is required to mine through that data, identify patterns and correlate them to business opportunities, it becomes a financial consideration. Cloud makes this happen at a fraction of the cost on leased pay-for-use infrastructure. Additionally, you have the opportunity to easily monetize the value of your data by providing it as Data-as-a-Service.
- Evaluate Vendor offerings and conduct proof-of-concepts: For each of the identified applications in step #2, you need to evaluate the vendor capabilities and the risks associated with the security, data privacy and governance with each vendor. Compare different cloud provider offerings. (Read how some vendors are expanding in the cloud.)
- Evaluate the offering of your cloud vendor to ensure that it meets the security, scalability, reliability, and privacy needs of your enterprise and to established security and compliance (SAS 70, FISMA, ISO/IEC 27001, PCI, and HIPAA) standards.
- Review your vendor’s SLA provisions based on your specific business risks, risks that may not typically be covered in standards SLAs.
- Identify changes required in your vendor’s data compliance and security procedures (if any) to adapt to your risk, compliance, business metrics.
- Identify interoperability, lock-in, and compatibilities issues and determine workarounds as applicable.
- Carry out a hands-on product and technology validation and evaluation against the above criteria and perform proof-of-concepts to see how a vendor offering really works and how it fits or doesn’t fit into the requirements of your business. Through this process, you can become familiar with constraints, issues and benefits of the technology.
As cloud computing begins to take shape, business and technology strategies of companies will come under scrutiny. The cloud trend is inevitable driven by compelling business benefits, successful vendors, and the continued depressed economic conditions. Check out how Cloud Reality is Catching Hype to get a sense of the trends shaping the cloud computing market.
Staying ahead of the curve is the best option, lest your incumbent competition and new entrants in the field gain an advantage over your business. A well thought-out strategy will keep you ahead of your competition and serve you well in the next generation of computing defined by the cloud.
In the next series of cloud strategy blog posts, I will present details on cost and economic models for the cloud and how customers are justifying the cost-benefits of the transition. Stay tuned.
Kamesh Pemmaraju heads cloud research at Sand Hill Group and he helps companies—enterprises and technology vendors—accelerate their transition to the cloud. He welcomes your comments, opinions, and questions. Drop in a line to firstname.lastname@example.org.