Enterprises were already moving deeper into the cloud before the pandemic hit. Multi-year plans were replaced by emergency implementations to facilitate remote work and digital customer interactions. Businesses and their IT departments have been proud of their heroic efforts, but emergency implementations are not sustainable over the long-term.
"Regardless of what we did right or wrong, there was a rationalization behind it," said George Burns, senior consultant for cloud operations at digital transformation agency SPR. "Now we need to take a step back and look at projects through a different prism."
Data governance is non-optional for companies whether they're regulated or not, especially with data regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Burns said some of his clients are having trouble finding data now that they've shoveled it into the cloud.
"We need to rearchitect some of these solutions we've put in place, but then we need to come up with implementation plans that are even less disruptive than we had during good times," said Burns. "How do we bolt that on to what we already have to let our newly distributed workforce continue to function and continue to generate revenue? Do we have governance wrapped around that to make sure that we can monitor what we need to monitor and be compliant where we need to be compliant?"
Six months into the pandemic, organizations should realize that they're accumulating unnecessary risks if they don't address the longer-term governance issues.
Though governance tends to be viewed as an internal-facing function, its role doesn't end there. In fact, a recent Forrester report discusses the link between sound governance and better customer service. In a customer service context, the report's authors said governance should include a cross-functional governance board, technology governance, process governance and data governance.
That's sound advice generally.
An obvious victim of rapid cloud adoption is security. There was no time to fully assess the new architecture from a security standpoint because business continuity and employee safety were more important. However, the potential security vulnerabilities left unchecked keep the door open for internal and external bad actors.
"It really comes back to the fundamentals," said Burns. "Do we have the right security wrapped around [our architecture] so that we're not exposing any of our data or access points?"
Meanwhile, the pandemic has fueled cyber fraud spikes and many of those campaigns have target work-from-home employees. In August, Interpol revealed it had observed a 350% increase in phishing sites and a 600% increase in malicious emails. Home Wi-Fi routers also have been targeted and several family members in an employee's home may be sharing computers regardless of who owns them.
Enterprises need to ensure they're educating employees about the work-from-home security risks to their organizations, especially since many of those individuals are attempting to balance their personal and professional lives. Hackers and social engineers know distracted individuals are easy targets.
Time to reassess
When the pandemic hit, there was no time for long-term thinking. Now, there's a window of opportunity that shouldn't be squandered. Whether a second COVID-19 wave occurs or not, businesses have an opportunity to assess where they're at and compare that with where they need to be to ensure longer-term resilience.
"People are starting to understand that we're not going to go back to work like normal tomorrow," said Burns. " Really, it comes back to the fundamentals. Do we have the right technology in place? Are we moving in the right direction? We need KPIs that show us that."
Digital transformation has taken on new meaning in 2020 because it isn't just about responding to digital disruption anymore. It's about doing whatever it takes to survive and thrive no matter what happens. Essentially, last year's playbook is old news.
"The rules of the game have completely changed. We're not solving for the same X anymore," said Burns. "We're solving new problems that we haven't taken the time to identify. We need to put out fewer fires and make more strategic decisions."
Otherwise, enormous amounts of technical debt will continue to accumulate.
Take a DevOps approach
DevOps methodology applies as much to cloud strategies as it does to application development, but not all IT departments have adopted to this modern way of thinking.
"We have to have a continuous process that allows our businesses to be as agile as possible while still making money," said Burns. "We have to architect the correct solution first and what that means is investing plenty of time, money and resources into testing, development, research that will allow us to make better moves as we go forward. Wherever we are, we have to step back and realize there's a gap we have to fill first."
Follow up with these cloud migration articles: