For most organizations, adopting the cloud is a continuous and even haphazard exercise, and IT has not fully matured its policies and operations in the cloud like it has in the data center. What key areas of cloud management can IT more fully develop to optimize clouds?
Establish a cloud central control point
Three years ago, IBM commented, “Enterprise users can get applications to market quickly [with cloud], without worrying about underlying infrastructure costs or maintenance.”
This is true. Not only do users (and their citizen developers) onboard applications quickly with cloud, but they can also instantly subscribe to new cloud services and portals that immediately return value to the business and bypass bureaucratic roadblocks such as IT reviews.
Getting cloud applications to market quickly should continue -- but at some point, there should also be a central control point that oversees how clouds are utilized, or even if there are cloud resources not being utilized at all as expenses continue to pour in.
This central control point doesn’t necessarily have to be IT. It could be an internal governance function that is independent of both IT and user areas -- or from a financial perspective, it could even be Finance.
At some point, the overall enterprise needs to know how much it spends on cloud resources as a part of its IT.
Tighten up security and data safekeeping
In 2018, cybersecurity startup RedLock discovered a hack in AWS cloud that allowed entry to Tesla proprietary data about vehicle servicing -- the telemetry from Tesla cars and mapping data. AWS is not alone, as most major cloud providers have been breached.
While major cloud providers remain the most lucrative targets for hackers, these bad actors also target lesser-known cloud providers whose attention to security and data may be lax.
Enterprises set themselves up for hacks and breaches when they obtain cloud resources but neglect to follow up with their own security and data safekeeping standards with the cloud providers.
When a company uses the cloud, responsibility for security is split between the company and the cloud provider. Major cloud providers have security policies and services in place that can range from network firewalls, network monitoring, and security patches to data encryption. These same cloud providers complain that companies that that use their services fail to take advantages of all the security options that they offer.
It’s up to enterprise IT and governance areas to review the security options that each cloud provider offers, choose from these options, and enact them to protect their systems and data in the cloud. Too many companies fail to do this and assume the cloud provider will do all of that. Instead, IT should add policies and procedures that ensure security settings for each cloud are set to enterprise standards. Recent security audits for each cloud vendor must be reviewed and daily IT activities concerning cloud security should be performed in the same way they are for the company’s own data center.
Review your disaster recovery plan
In 2021 alone, Verizon, Microsoft, and Google all experienced outages on their clouds. While outages can include minor interruptions where service is restored quickly, there are other outages that can be severe and long-lasting. Such outages impact business performance if they affect mission-critical systems, such as airline reservations or banking transactions.
Companies continue to move more systems to the cloud, but a corresponding change in disaster recovery plans that covers cloud outages hasn't followed. What do you do if a mission-critical system in the cloud goes offline and you have to implement a disaster recovery?
Understanding a cloud vendor’s failover capabilities before you sign on any dotted line should be part of every RFP that goes out. The company should evaluate the cloud provider’s failover capabilities to ensure the measures taken are equal to or exceed the company’s own DR standards. Second, if the company is managing its own resources in the cloud, there should be an annual DR and failover test that the company and the cloud provider execute that confirms any cloud failover will go smoothly.
Evaluate cloud spend
In late 2020, Gartner projected that 14.2% of total global enterprise IT spending would be on cloud by 2024 (in 2020, that proportion of spend was 9.1%), and that worldwide end-user spending on public cloud services would grow 18.4% in 2021 (or to $304.9 billion). This is at the same time that researchers such as RightScale estimated 35% of enterprise cloud spend was being wasted.
Companies need to do a better job of managing cloud spend. If data stored on the cloud is no longer needed, get rid of it. If virtual operating systems and storage are no longer needed, de-provision them. If you’re not sure of how much you're spending on the cloud, perform a detailed assessment or hire someone to do this for you. If you can’t understand the bills from your could provider, invite the provider to a meeting and go over these bills until you do.
All of these are basic blocking and tackling functions that IT does routinely in its own data center -- and that need to be extended to the cloud.