Going cloud-native: Making the most of the cloud requires a significant shift in development approach, organizational mindset, and overall skills mix.
Today’s cloud strategies revolve around two distinct poles: the “lift and shift” approach, in which applications and associated data are moved to the cloud without being redesigned; and the “cloud-first” approach, in which applications are developed or redesigned specifically for the cloud.
By far the fastest approach is to lift and shift the whole environment, says Matthew Hon, CTO for public sector at technology services company Fujitsu Americas, as rewriting applications for the cloud could take more than two years to complete.
But if businesses want to drive new features such as customer-centricity or take full advantage of what the cloud offers, then going cloud-first — also referred to as “cloud native” — is worthwhile, Hon says. “Companies need to really sit down and look at the applications and infrastructure to evaluate what the overall strategy should be and understand why they want to move to the cloud first.”
Of course, many enterprises land on embracing both methods, says Nicholas Merizzi, a principal at Deloitte Consulting. “Some clients look at the ‘lift and shift then optimize’ approach as a viable path to get their developers and environments over to the cloud sooner, and then optimize [for the cloud] once they are operating in the cloud.”
Regardless of whether your organization is going fully cloud-native or taking a blended approach, significant strategic shifts are necessary for cloud-first success, including the following.
When looking to move large portions of their application portfolios to a cloud-first model, organizations should ensure their developers embrace well-defined, cloud-native principles, says Brian Campbell, principal at Deloitte, including the use of APIs, microservices, and a modern data architecture. “These are just some of the principles that need to guide developers in this journey,” he says.
Shifting to the cloud also means building highly resilient applications, Campbell says. “Addressing observability in the cloud, adopting and scaling your SRE [site reliability engineering] capabilities, the use of chaos testing, and ensuring proper resiliency testing is completed [are] critical to meet the availability expectations of the end user,” he says.
And of course, people issues are a big part of becoming cloud-native. “Building, deploying, and maintaining applications in the cloud using cloud-native technologies requires a different skillset than doing the equivalent in a data center,” Campbell says. “There is a significant talent gap in the industry right now, so upskilling, retraining, and hiring must have a deliberate plan associated with it.”
If an organization plans to adopt a cloud-first model, it should adopt cloud-native as an organizational culture to realize the full potential of such a model, says Alfredo Rubina, vice president of finance services industry EMEA at digital consulting and advisory services firm SoftServe.
“Cloud-native is much more than just technology,” Rubina says. Companies need to take a fundamental shift in mindset away from traditional waterfall development toward more agile development principles such as the DevOps model, and automation.
“Cloud-native must be a strategic approach; it must be driven by top management as it is a response to a wide range of business needs,” Rubina says. “And these need to be well defined and rolled out by senior management. It is about changes in the business model, about entering new markets, about the ability to adapt quickly to create innovative products and services and drastically reduce time to market.”
By now, many organizations might have already created a cloud center of excellence (CoE) to highlight what works and avoid what doesn’t. If they haven’t, they should. A cloud CoE is responsible for tasks such as developing a framework for the organization’s cloud operations.
Research firm Gartner has said a cloud center of excellence “is the best-practice approach to drive cloud-enabled transformation.” A cloud CoE acts in a consultative role for central IT, business-unit IT, and cloud service consumers, the firm says, and supports functions including setting cloud policy, guiding service provider selection, and assisting with cloud architecture and workload placement.
With a CoE, “you can look at your IT environment and what people and skill sets you have at your organization,” Hon says. “Then if you can create agile teams that include security, infrastructure support, development, product owners, etc., into the right teams, you have a comprehensive view of what’s needed for managing [IT] in the new world.”
Organizations can leverage the CoE to help various groups take advantage of features included with cloud services others in the enterprise are already using, such as backup and disaster recovery services.
Since the onset of the pandemic it has seemed as if every organization has been rushing into the cloud — and in many cases that’s exactly what has happened. This is likely a recipe for failure, because it means taking on too much at one time without a long-term plan backed by the right set of skills to pull it off.
“Evaluate what approach you’re taking — multicloud, hybrid, containerization, etc. — and make sure you’re taking things in bite-sized pieces,” Hon says. “By doing this, you can build out the skill sets and get the right teams in place. Pick one platform at a time and ramp up the skills around it.”
Skills need to change to support applications in the cloud, Hon says. “Employees might not be aware of all the features built into the cloud platform, or they may be more comfortable [with] their existing toolsets, which could cause some hesitancy,” he says.
It is not possible to simply transform an existing IT team into the new world of the cloud, Rubina adds. “Additional new skills and ideas are needed from outside,” he says. “The key to success is to find the right mix of skills.”
The general consensus in the market, fueled in large part by cloud service providers, is that the cloud can save organizations lots of money. And for sure, there are plenty of savings to be had via reduced capital expenditures, lower maintenance costs, and so on.
But that doesn’t mean IT organizations should assume they don’t need to think about how much cloud services cost, and what kinds of terms make the most sense to keep costs under control across the enterprises.
“Determine if you’ll be using a fixed-cost structure flexible for the cloud,” Hon says. “Are you leveraging showback or chargeback to the business? And keep in mind seasonality. You want to have an idea of how often you scale up and shrink down and what that looks like. Building out cost models is key for how you can build a budget.”
With a traditional data center, companies buy and install hardware with workload peaks in mind, Hon says. With the cloud, “you no longer have to do that because you can size for the average workload with the understanding that you’ll scale up for your peaks and know when to scale back down. If you size it the same way that you were sizing it in your data center for the peaks constantly, you’re going to end up paying more than what you’re paying for your data center.”
Any move to the cloud — whether it be lift and shift or a cloud-first transformation — must include a plan for ensuring cybersecurity. That’s because many of the threats organizations face today are related to the cloud and access to cloud-based IT resources.
Enterprises need to consider solutions such as cloud security posture management (CSPM), which automates the identification and remediation of risks across cloud offerings, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).
They can leverage CSPM tools for incident response, risk assessment and management, compliance monitoring, and other cloud security functions.
“The shift to a cloud-centric approach to security is necessary,” Rubina says. “Companies need to ensure that all aspects of security are covered, from identification, authorization and authentication of users to encryption of data and networks.”
Before adopting a cloud-native approach, it is important to identify the risks involved, Rubina says.