Organizational reliance on the cloud is on the rise, so too are the difficulties of managing increasingly complex cloud strategies.
The dramatic shift to cloud services over the past few years has given organizations unprecedented flexibility and scalability, enabling them to forge ahead with digital transformation efforts. For many, it has also led to intermingled, complex strategies that threaten to take away some of the luster of the cloud.
Enterprises don’t typically deploy one cloud service and call it a day. They rely on multiple offerings from various vendors for everything from procuring key business applications to creating new development environments to running their entire IT infrastructure.
The multiple/hybrid cloud strategy can result in complexities and challenges that many IT and business leaders didn’t see coming. And this can be made all the more difficult when various business departments and groups use the cloud without central IT’s approval or knowledge.
Cloud costs can quickly spin out of control, especially when departments outside central IT add to the organization’s overall cloud footprint. But because one of the main attractions of the cloud is the possibility of cost reduction, letting a multicloud strategy lead to runaway costs is especially unappealing for organizations.
One possible solution is to create a cloud governance program.
“Governance is not a fixed process or tool,” says Antonio Vazquez, CIO at business process automation platform provider Bizagi. “Governance programs can be structured and managed in many different ways, and they are critical to a successful cloud strategy. Moving to the cloud means that we need to manage change to reduce risk and cost, with governance as the top layer to facilitate that change.”
It’s a good idea to start small and then expand the governance plan, Vazquez says. Other best practices include partnering with cloud providers to get maximum value from their services, hiring people with cloud-related skills, moving toward DevSecOps methodologies for cloud-based development, and documenting and communicating the governance program properly.
“This change in paradigm makes it very complex to navigate, and the only tool that we have is governance,” Vazquez says. “A strong governance plan that includes best practices like tagging, workload management, RACI [responsible, accountable, consulted, and informed] matrix, rightsizing, cost management, security monitoring, etc., will provide the necessary tools to steer the boat and navigate complex cloud management.”
Fragmented investments in cloud services without a clear enterprise strategy can turn into long-term cost and management challenges, says Sumit Johar, CIO at automation software provider Automation Anywhere. “On the business applications side, organizations are facing an explosion of SaaS [software-as-a-service] applications,” he says. “A decade ago, an organization may have used from 20 to as many as 50 apps. But now the average is 250-plus apps.”
Since subscription-based cloud applications don’t need any IT infrastructure, a line of business such as human resources or marketing can buy their own, Johar says. “CIOs must ensure that procurement of these applications goes through an IT-led vendor risk assessment process,” he says. “Governing apps within an organization is becoming a greater challenge, and CIOs must put policies in place for business-led applications.”
Addressing security issues in the cloud has been a concern for IT leaders for some time. But as cloud environments become more complex, the challenge of protecting data and applications in the cloud is even greater.
“Security management has become one of the most critical issues for companies moving to the cloud,” Vazquez says. “On top of that, the pandemic has brought higher complexity to the environment in terms of employee dispersion.”
As a result, Bizagi has moved from a working model in which all employees were accessing on-premises systems from the office using a corporate network, to a model in which employees can work remotely, using any device, and access cloud resources.
“This change in paradigm has to be addressed by approaching security from a different standpoint,” Vazquez says. “In our case, the strategy is migrating to a cloud-based secure access service edge and zero-trust service model.”
Although Bizagi still has some legacy systems running on-premises or in a private cloud, the strategy has been to move most of its services to the public cloud, for applications including CRM, billing, project management, and ERP. It also uses the cloud for web platforms such as ecommerce and for its own low-code automation platform.
Pitney Bowes, a provider of mailing and shipping equipment, conducts continuous monitoring of its cloud configurations for security issues created by misconfiguration or policy violations, says James Fairweather, executive vice president and chief innovation officer.
“We implement this scanning across the entirety of our cloud footprint, and link the output into our centralized security incident and event management system,” Fairweather says.
One of the mechanisms the company uses to ensure security of products and services is a common security scorecard approach that each team maintains, and that a senior team reviews with the application development team on a quarterly basis.
“The use of a numerous automated scanning tools, a common — and automated — scorecard to show results, and imparting accountability to teams to own the outcomes and be part of a quarterly review of their scorecard all have led to a significant improvement in our security posture over the last several years,” Fairweather says.
Lots of organizations are continuing to deal with the “Great Resignation.” But in the case of IT jobs, often there is no one to resign because positions remain unfilled in the first place. Technology professionals, including those expert in areas related to the cloud, are in short supply while demand remains high.
Nevertheless, IT leaders need to find ways to attract and retain people who understand cloud architecture, service platforms, languages, application programming interfaces (APIs), cloud security, containers, data migration, and many other aspects of the cloud.
“Managing cloud environments is different than managing on-premises environments, and requires a diverse skill set,” Johar says. “CIOs must build a team with unique skills in addition to continuing to upskill and reskill IT teams to work in cloud environments.”
The rise of the cloud in all its forms is changing virtually everything about the way IT operates, including the responsibilities of the CIO. If technology leaders and their teams stick to the traditional ways of doing things before the cloud became prominent, they might be heading for failure.
This doesn’t mean IT management is no longer needed. In fact, with the growing complexity of multicloud strategies, IT’s guidance is needed more than ever.
“The CIO’s role is changing from ‘build and control’ to ‘guide and inspire,’” Johar says. “Our new role requires us to allow citizen developers from business teams to share some of the traditional IT work with proper oversight from our IT team.”
Automation Anywhere is a “cloud-first” company Johar says, and many of its customers are embracing the cloud version of its automation platform. “Therefore, it’s important to me that we also fully embrace cloud internally within our global organization, and tap into its benefits,” he says.
Most of the organization, including IT infrastructure, network services, and nearly all of its business functions across the company use SaaS applications as well as cloud infrastructure. As CIO, Johar has an opportunity to help enable these services and tame the complexity through strong leadership.
As microservices expand with the increase in cloud services, the complexity of managing them also increases, says Emily Lewis-Pinnell, who leads the cloud practice at consulting and IT services firm NTT Data Services. Rapid application advancements made possible by microservices require new approaches toward management, particularly as they continue to rapidly scale, she says.
Application sprawl can hinder innovation and productivity as well as create security risks if abandoned applications are not updated appropriately, Lewis-Pinnell says. “Businesses need to have a balance between adopting new technology and retiring the old, as well as strong management and organization, or their application footprint can quickly grow to be unmanageable,” she says.
NTT Data recently worked on microservices with online store builder Volusion. “We applied infrastructure-as-code [IaC] to two of the microservices in Volusion’s ecommerce platform,” Lewis-Pinnell says. “IaC ensures that the same environment is reliably provisioned every time throughout the software development cycle, including test and production, allowing rapid deployment at scale with less risk.”
The microservices are orchestrated in four Kubernetes clusters. The open-source IaC tool gave Volusion the ability to define those clusters, Lewis-Pinnell says. “Volusion can now deploy Kubernetes clusters with a simplified, automated workflow, [ensuring] that each environment is built with a consistent, best-practice design,” she says.
The more complex a cloud strategy gets, the more difficult it might be to determine the return on investment from the various services in use, or whether there’s a return at all.
“Having the ability to define workloads and architect the right provider to perform specific requirements has been crucial, in my experience,” says Mike Clifton, executive vice president and chief information and digital officer at Alorica, a provider of customer service outsourcing.
“I recommend thinking of your company like a puzzle, with numerous pieces that connect together to add value for the customer,” Clifton says. In Alorica’s line of business, the company has different actions coming into its environment and going out to its client’s environment, be that authenticating, call tracking, or recording.
“For example, our ability to successfully integrate voice functionalities into a customer-facing environment in the right language, in the right time and in the right channel, is table stakes for achieving real-world business outcomes, whether that’s a positive product review, interest in a discount offer or even an upsell,” Clifton says.
Success with a complex cloud environment in this context is possible only by brokering service level agreements (SLAs) with cloud service providers that outline a clear set of deliverables, Clifton says. “Once you have the scalable infrastructure in place, you can begin to piece together all workflows without major risk of disruption,” he says.