Companies continue to move aggressively to the cloud with a goal of ultimately being "all cloud” or “more cloud.” How will this change the composition and core competencies of IT departments, and IT's strategic priorities — and what should CIOs be doing now to prepare for it?
The active migration to cloud has already been confirmed in many surveys. One of the latest examples was a survey conducted in early 2018 by Rightscale, a provider of cloud solutions. The Rightscale survey revealed that:
- 96% of respondents used cloud;
- Many organizations used at least five different clouds;
- Enterprise public cloud spend was growing rapidly; and
- Private cloud adoption was also growing.
As companies move more data and applications to the cloud, most also continue to maintain their internal data centers. These companies are opting for a hybrid computing environment that combines both in-house and cloud-based computing under the umbrella of a single IT architecture.
None of this is particularly “new” news for CIOs and IT planners, but what are new are the challenges that cloud computing presents and how they are beginning to impact IT organizations.
Here is a “short list” of pressing issues:
IT needs vendor and contract management skills. I recently worked with a financial services company in a vendor contract evaluation. The company wanted to identify the warranties and SLAs of each of its cloud vendors, and then to see how well these commitments mapped to their own disaster recovery and risk management expectations.
Before we could begin the project, the company needed two weeks to locate all of the contracts that it had with vendors. Some of the contracts had been misplaced, so it required the company to recontact vendors to obtain new contract copies.
Fortunately in many large enterprises, losing contracts is less of an issue. They have dedicated legal departments and contract management functions. But for many mid-sized and smaller companies, keeping up with contracts and making the time to review them can be a formidable task.
Solution: Even if your IT staff is small, you need to get on top of your cloud vendor contracts. First, make sure that you have them all and that they are current. Next, develop a timeline so you know when contracts come due and you can make informed decisions on whether or not to renew them. Third, carefully note the SLAs and disaster recovery promises that each cloud vendor makes. It is possible that you will have to develop a contract review format and skillset in one of your IT staff members so annual contract reviews can be carried out, or you might have an internal audit group that can assist.
Asset management gets more complicated with cloud. It’s enough to keep track of software, hardware and networks across the company, but then these assets start getting deployed in clouds. How do you keep tabs on the myriad IT resources your company is using when some are in-house and others are with third party vendors?
Solution: There is commercial IT asset management software that will run on your network and auto-discover your internal IT assets so you can continuously monitor them and update where they are in their life cycles. Unfortunately, there are no global asset management systems that can seamlessly work with IT assets on a plethora of different clouds. In many cases that’s fine, because you’re expecting your cloud vendors to manage these assets. But in other cases, such as when you’re using your own equipment in the cloud, you will want to track assets. One way to deal with this is to manually input these cloud-resident assets into your central asset management system so they can be tracked.
Shadow IT is expanding. Cisco conducted an IT survey in 2015 and reported that companies were using up to 15 times more cloud services to store critical company data than CIOs were aware of or had authorized. Cloud is an enabler of shadow IT, where end users enter into cloud contracts, provision cloud assets, and build their own apps without IT’s knowledge. In the end, IT is still responsible for all the cloud vendor contract management, asset tracking and performance. How can IT manage all of this when it doesn’t know what's out there?
Solution: A centralized asset management and tracking system that auto-discovers new computing resources as they appear on your corporate network certainly helps. Another approach is to annually meet with each business user group to see what their IT plans are and to catalogue computing assets that they might have in their business areas that are not in IT’s master asset management system.
Security is harder than ever to enforce. With shadow IT being driven by business users who sign up for cloud services without touching base with IT, there is greater exposure to security breaches because IT isn’t there to do the vetting.
Solution: A zero trust network is a great way to “bullet proof” systems and data with a set of robust security rules that address both digital identity and access. Zero trust networks verify IP addresses and authenticate users from both inside and outside corporate walls. No one gains admission to the network until all security criteria have been met.
Disaster recovery and risk management objectives and operations have to change. A March 451 Research survey found that nearly one-third of companies had no DR plan in place, and that one-third of companies that had a DR plan still felt they were unprepared for a disaster. This doesn't necessarily account for the number of companies that are still using a DR plan written for the recovery of their internal data center systems, with few provisions for systems and data that are now stored on clouds. “We haven’t really tested any of our DR with our cloud vendors, and the fine print on the contracts states that vendors aren’t responsible for data or system outages,” acknowledged one West Coat financial advisory firm IT director I met with last month. Without DR plans and risk identification and management for cloud-based IT outages, IT faces great exposures.
Solution: Revisit your cloud vendor contracts. For any vendor that does not provide clear disaster recovery SLAs (most don’t), arrange to sit down with the vendor to discuss your DR concerns and expectations. Then, develop a plan to actually test DR with the cloud vendor. At the same time, your disaster recovery plan should be revised to include DR recovery procedures for your cloud based systems. Finally, accept that you won't have the control over DR with a cloud vendor that you did when running your own internal systems. What you are trying to do in revising your DR plans and testing for DR in the cloud is to assess and minimize your risks. As part of this exercise, make it a point to communicate to your CEO and your board that DR-associated risks with cloud vendors are likely to be greater than they were when you were fully in charge of your own systems.
IT Infrastructure management and execution have to change-and some of your most mission critical people have to accept it. “We made the change to a service-oriented culture five years ago, and I lost some of my key infrastructure people,” said a CIO acquaintance at a Midwest bank. “These were highly skilled mainframe gurus and they basically could find work anywhere, so they left because they didn't like the culture change.” The same goes for infrastructure specialists who have been used to calling the shots and tuning the software so your applications could meet critical performance goals. Now with more apps going to the cloud, organizations are consigning many of these responsibilities to cloud vendors. This means that IT operational procedures and policies have to be modified, and it also means that some of your most talented people could see reduced roles.
Solution: It’s a good idea to discuss the move to cloud with your key IT infrastructure contributors early, and not just let it happen. In this way, you get a sense as to who's happy and who’s likely to leave. It also gives you an opportunity to work with them in a re-direction of work that can present plenty of opportunities for them to test their technical mettle. Cross-cloud integration and performance is one huge area. Other areas continue to exist in your internal data center, which likely still runs many legacy stems that need tuning, and also high performance computing (HPC) with parallel processing—which many companies have in house, and which presents a new technical skillset for infrastructure specialists to master.
Integration now includes clouds as well as systems. Cloud vendors are no different than vendors in the old days of proprietary computing. They don't like to see customers leave and when that happens, they tend not to cooperate. They can be especially uncooperative when it comes to effecting interfaces that enable your apps to operate on clouds from other vendors. Having to integrate apps and data on different clouds adds a new layer of complexity to systems integration for IT.
Solution: Your infrastructure specialists can be deployed on the integration issue, but there are also commercial software tools that can help automate cross-cloud integration with their ability to interface with numerous cloud APIs and safely transport data payloads between clouds.
Cloud bandwidth constraints can limit application performance and data storage. Transaction systems have to run in real time, but increasingly companies also want their analytics to run in real or near real time. If you're using cloud, you are not going to have the bandwidth flexibility that you have in your own data center. This could force you to run some applications in more of a batch or burst mode than in a true real time mode.
Solution: As organizations move to edge computing, more work will be performed at the edges of enterprises, then transported to intermediate clouds for storage and processing, and finally transported to the corporate data center for centralized storage and access. This is an area where new job flows will need to be developed. While everyone wants real time or near real time access to data, the realities of bandwidth limitations in the cloud are that universal real time access to all data is cost prohibitive and difficult. Fortunately, most IT departments already have infrastructure and operational experts in job flow planning. As you bring on more cloud-based activity, this group can be revising workflows for the cloud environment.