Cloud is maturing and scaling rapidly, with most organizations implementing multiple cloud initiatives. On one side, they are deploying cloud-based solutions, while on the other side they are migrating legacy infrastructure to the cloud. However, KPMG director Corey Jacobson says migrating to any cloud provider can be daunting, while organizations often overlook the governance required to keep their multitude of cloud initiatives coordinated and integrated in order to generate the most value. Many organizations, frankly, do not always fully understand or know all of the risks and challenges they have to overcome in order to enjoy cloud success.
“They have to be ready for a profound change in the way they consume and operate IT, manage the IT financials and deal with security,” says KPMG Principal Pierre Champigneulle. “Just because applications and workloads can move to the cloud doesn’t mean they automatically should or can.”
To that end, a cloud suitability assessment is an essential step to determine whether legacy applications and workloads can move to cloud. It provides insight into capacity, performance, integration and architecture impact, security requirements and other potential organization and operational roadblocks. The analysis has to be tailored to an organization’s specific needs, risk appetites and objectives — while avoiding “analysis by paralysis.”
“What also comes out of the cloud suitability is the disposition of the application such as lift and shift, rebuild, re-architect or retire,” says Jacobson. “This gives IT direction and understanding of how easily an application or workload can be moved and if it should move at all.”
What makes an organization ready for the cloud? A clear understanding of their technology ecosystem is a must — how it is architected, how it is integrated or connected, what are its interdependencies and how much risk is acceptable. A comprehensive cloud strategy with vision, guiding principles, well-defined outcomes and measurable value is also essential, as is the overall engagement of the risk and security organization. The organization also needs to be willing to fundamentally change how they consume IT services and engage with IT, while IT must be willing to change how they deliver and support IT services. All of this has to be underpinned by executive stakeholders providing active sponsorship decision support. “Without a combination of those five success factors, you will not be ready and mostly likely see marginal success at best,” says Champigneulle.
Steps to Increase Readiness for Cloud Migration
1. Do a Deep Dive on Migration Planning
Once you have completed a cloud suitability assessment to give cloud readiness direction, now you can do a deeper dive on migration planning. You’ll want to thoroughly examine applications and workloads to understand the application dependencies, true costs, security and performance requirements, risk levels and the level of effort required to move to the cloud. “This deep dive helps the company understand how a group of applications work together to serve the business,” says Jacobson. “It will also inform the overall application and workload sequencing, priority on the migration schedule and the risks to the business.”
In parallel, the organization needs to establish a set of program governance mechanisms. “Cloud governance allows an organization to proactively manage and communicate value creation, decisions, risks and issues,” he explains. “You have to be ready to mitigate risks as they arise and increase visibility into decision-making, influence actions to drive optimize value creation and communicate progress in business terms.”
2. Develop a data-driven execution with metrics and monitoring
An important aspect to getting ready for moving to the cloud, no matter your pace of migration, is developing a well-thought-out, repeatable and data-driven migration factory process, says Jacobson, which starts by outlining that process and piloting select applications using that process, in order to help validate the migration process, show some quick wins, and identify areas for improvement. “An organization must establish “critical-to-success” metrics for measuring progress and value as well as procedures to monitor, track, and report the quality of progress, metrics, outcomes and value created,” he explains.
3. Keen eye on behavioral change management
Critical to any cloud migration effort is engaging stakeholders early and often, starting with socializing and educating users on how their ways of working will change and how their level of engagement with IT will change as it becomes more self-serving, automated, flexible and agile, Champigneulle says. This also helps to prove out those new ways of working and uncover areas within the operating model or migration process that need improvement. “This will build positive momentum and garners the needed stakeholder buy-in,” he explains. Risk, compliance, legal and procurement organizations should be engaged early.
CIO Must Take the Reins on Cloud Readiness
The CIO needs to take the reins on getting the organization ready for the cloud — to be a champion of a comprehensive cloud strategy and migration program, says Jacobson. “As the organization gets ready to embark on a cloud program, the CIO needs to be an advisor to the business and IT organization and a leader of the planning and analysis effort in order to know what is moving into the cloud, how it’s going to get there, what the risks are and how it creates and unlocks the value” he explains. “Only then can an organization truly be ready to take advantage of cloud services while ensuring the quality of IT services delivered, managing risks and providing a positive stakeholder experience.”
Part of this effort, Jacobson adds, includes establishing a program office to provide oversight, drive timely decisions, manage risks and issues and track the value creation driven by the cloud, he explains. “There might be significant cost and performance implications if you don’t truly understand how the applications are architected, how they talk to one another and how data moves between them.” Finally, assessing and mitigating vendor management, operational and security risks are essential to safeguard and minimize disruption to the business.
Ultimately, the CIO and IT organization need to implement what Jacobson calls the “permit to operate” checklist. As applications and workloads move to the cloud all the functional and non-functional people, processes and procedures must be in place and all the requisite testing completed before the organization call significantly and efficiently scale their operations in the cloud. “This final check ensures the agreed upon technology and operational standards are followed, applications are running and performing as expected and operational tasks, jobs, process and procedures are in place unless there is a documented and agreed upon exception to the standards or operations elements and any change in risk levels have been accepted or mitigated.,” he says. “Furthermore, it looks at other essential areas — whether disaster recovery plans are updated and in place if required; requisite jobs are scheduled and completing successfully; users have their required access; applications have network connectivity and access to talk to each other; and monitoring for performance and usage is in place.”
Evaluating cloud readiness via the “permit to operate” scheme not only ensures that users will have a positive experience, but also starts to shift the mindset of IT to how it needs to effectively and efficiently operate in the cloud. Moreover, it builds positive momentum and trust in IT as the organization migrates to new ways of working, says Jacobson: “These activities will also increase application and workload migration quality and throughput,” he says, “while also proving how an organization will consume cloud services in addition to managing cloud services costs, usage and capacity in their new IT services ecosystem.”