Kathy Gibson reports from Infracom 2016 – Building an infrastructure for cloud is a big job, and there’s no correct way of doing it.
There are pros and cons to each approach, says Grant Morgan of Dimension Data.
For the experimental approach, he suggests that CIOs identify a single application as a proof of concept, looking for low-hanging fruit as a pilot project. This requires recruiting a business owner for the project.
This approach lets CIOs learn as they go: to validate the business case; to evaluate service providers; to plan migration; improve connectivity, monitoring and integration; and harden security.
The more analytical approach allows for the formulation of a documented cloud strategy that prioritises applications, together with placement decisions regarding public, private or hybrid cloud. CIOs can assess their operational readiness and also complete their data classification and governance process.
The analytics CIO would probably go through a tender process to select a cloud vendor – or even two or more vendors.
If the business is thinking about a cloud pilot project, Morgan says it should identify the low-hanging fruit.
The first decision to make is whether this would be an application or infrastructure project. Most decide on the application route. Should the application be new or existing? Most decide on a new application.
Should this application be a system of innovation, system of differentiation or a system of reference? Generally, the system of innovation is the choice.
Given a choice between non-sensitive data or personal information, most go for non-sensitive data.
Finally, businesses tend to put a development application into the cloud first rather than a production application.
Once this pilot has been successfully deployed, Morgan says business would tend to move back up the tree and eventually deploy almost any applications into the cloud.
The most common types of applications that are moving to the cloud include employee productivity, collaboration solutions, non-production environments, client-facing Web applications, commercial SaaS and next-frontier enterprise-class production applications.
“CIOs are feeling the pressure from business for IT transformation, but where do you begin?” Morgan asks.
This involves answering a lot of questions:
• Which application should I prioritise?
• Which partner do I go on this journey with?
• How do I maximise service levels in a hybrid environment?
• What benefits will I realise from the cloud?
• How will I implement governance?
• What cloud deployment model is the best fit?
• What is the TCO compared to my on-premise systems?
• Where does my data need to reside?
• How do I manage in a hybrid IT environment?
• How should I assess and plan my security and compliance needs in the cloud?
• Should I architect my own private cloud solution?
• What is the impact of a cloud migration on their current processes, skills and people?
CIOs also need to determine what the impact will be on people, processes and technology.
Morgan explains that what Dimension Data does when it strategises around cloud, is that they select 10 to 15 application groups.
“Then we look at two things: the motivation to go to cloud; and the readiness to go to cloud.”
This is all considered from a business, financial, technology and governance perspective.
“What we come out with is a readiness assessment that provides an as-is map and the to-be state, together with where the gaps are.”
An application migration prioritisation follows, mapped according to motivation and readiness.
The third element is the deployment model, and the business needs to decide where the chosen applications should live and how they will be delivered.
In considering readiness, the business drivers need to be considered. But the business constraints are also important, along with lifecycle usage patterns and the levels of uniqueness or criticality.
From a financial perspective, CIOs need to consider the benefits, depreciation lifecycle, chargeback model and consumptive options.
From a technology perspective, considerations include the application architecture, application landscape, infrastructure requirements, licensing constraints, application integration and bandwidth requirements.
Governance, risk and compliance also needs to be taken into account.
If an application fits the bill and is ready to move into the cloud, the next step is cloud design and the service needs to be added. After this, CIOs need to add estimate bill and governance; ordering, provisioning and orchestration; management, control and evaluation.
“You will have gone through data migration processes as well,” Morgan says.
Security is a massive issue. “Who takes responsibility for security?” Morgan asks. “Yes, the cloud providers are secure – but are you?”
Attack vectors that fall into IT’s purview include the internal network, operating system, Web app, database, people access and management. “You need to look at the tools and systems you have in place to prevent security breaches.”
The typical cloud solution design shouldn’t look the same as an on-premise system, Morgan stresses.
“You need to size for the minimum and scale to the peaks,” he says. “You need your application to be designed to take advantage of the cloud as well.”
IT has a role to create guidelines for contracting with service providers, he adds. This means determining whether the service provider offers automation of customerisation. It should have global scale and offer a fast pace of innovation. The SLAs, penalties and exclusions need to be determined.
“Beware of contracting terms and conditions that could catch you out later on,” Morgan warns. “And understand pricing escalations, or retail price decreases and exchange rate fluctuations. Also aim to lock in increases when signing the cloud agreement.”
Check how consumptive the system is, Morgan says, and understand any existing strategies and lock-in.
“Lastly, be clear about what is included in the price: is bandwidth out, backup, sandboxing and premium support in the price.”
Having a managed service contract doesn’t mean that the IT operations might not be ready for the cloud, Morgan adds, urging CIOs to examine whether this environment is still relevant.
