The dramatic shift to cloud services in recent years has given organizations unprecedented flexibility and scalability, enabling them to push ahead with digital transformation efforts. For many, it has also given rise to complex and intermingled strategies that threaten to take some of the shine off the cloud.
Companies typically don’t implement a cloud service and call it by the day. They rely on multiple offerings from multiple vendors for everything from acquiring key business applications to creating new development environments to run your entire IT infrastructure.
The multi/hybrid cloud strategy can create complexities and challenges that many business and IT leaders didn’t see coming. And this can be further complicated when multiple departments and business groups use the cloud without the approval or knowledge of the central IT department.
Here are some of the ways that managing cloud environments is becoming more complex and challenging, and what organizations can do to succeed amidst these difficulties.
Cloud costs can quickly spiral out of control, especially when departments outside of the IT center add to an organization’s global cloud footprint. But because one of the main attractions of the cloud is the potential for cost reduction, letting a multicloud strategy create runaway costs is especially unappealing to organizations.
One possible solution is to create a cloud governance program.
“Governance is not a fixed process or tool,” says Antonio Vázquez, CIO of business process automation platform provider Bizagi. “Governance programs can be structured and managed in many different ways, and are critical to a successful cloud strategy. Moving to the cloud means we must manage the change to reduce risk and cost, with governance as the top layer to facilitate that change.”
It’s a good idea to start small and then expand the government plan, says Vázquez. Other best practices include partnering with cloud providers to get the most value from their services, hiring people with cloud-related skills, moving toward DevSecOps methodologies for cloud-based development, and properly documenting and communicating the governance program. .
“This paradigm shift makes it very complex to navigate, and the only tool we have is governance,” says Vázquez. “A strong governance plan that includes best practices such as labeling, workload management, RACI [responsible, accountable, consulted, and informed] matrix, resizing, cost management, security monitoring, etc., will provide the necessary tools to steer the ship and navigate complex cloud management.”
Fragmented investments in cloud services without a clear business strategy can become long-term cost and management challenges, says Sumit Johar, CIO of automation software provider Automation Anywhere. “On the business applications side, organizations are facing an explosion of SaaS [software-as-a-service] apps,” he says. “A decade ago, an organization might have used 20 to 50 apps. But now the average is more than 250 applications”.
Since subscription-based cloud apps don’t need any IT infrastructure, a line of business like human resources or marketing can buy its own, says Johar. “CIOs should ensure that the acquisition of these applications goes through an IT-led vendor risk assessment process,” he says. “Governing applications within an organization is becoming more challenging, and CIOs need to implement policies for business-driven applications.”
Address cybersecurity risks
Addressing security issues in the cloud has been a concern of IT leaders for some time. But as cloud environments become more complex, the challenge of protecting data and applications in the cloud is even greater.
“Security management has become one of the most critical issues for companies moving to the cloud,” says Vázquez. “In addition, the pandemic has brought greater complexity to the environment in terms of employee dispersion.”
As a result, Bizagi moved from a work model in which all employees access local systems from the office using a corporate network, to a model in which employees can work remotely, using any device and access the cloud resources.
“This paradigm shift must be addressed by approaching security from another point of view,” says Vázquez. “In our case, the strategy is to migrate to a cloud-based secure access service edge and zero-trust service model.”
Although Bizagi still has some legacy systems running on premises or in a private cloud, the strategy has been to move most of its services to the public cloud, for applications including CRM, billing, project management, and ERP. It also uses the cloud for web platforms like eCommerce and for its own low-code automation platform.
Pitney Bowes, a provider of mail and shipping equipment, conducts ongoing monitoring of its cloud configurations for security issues created by misconfigurations or policy violations, says James Fairweather, executive vice president and chief innovation officer.
“We implemented this scan across our entire cloud footprint and linked the result to our centralized security event and incident management system,” says Fairweather.
One of the mechanisms the company uses to ensure the security of products and services is a common security scorecard approach that is maintained by each team and reviewed by a senior team with the application development team on a quarterly basis.
“Using numerous automated scanning tools, a common, automated scorecard to display results, and accountability to teams to own the results and be part of a quarterly review of their scorecard has led to a significant improvement in our security. stance in recent years,” says Fairweather.
Working around the worker shortage
Many organizations are still dealing with the “Great Renunciation.” But in the case of IT jobs, there is often no one who quits because the positions become vacant in the first place. Technology professionals, including experts in cloud-related areas, are in short supply while demand remains high.
However, IT leaders must find ways to attract and retain people who understand cloud architecture, service platforms, languages, application programming interfaces (APIs), cloud security, containers, data migration, and many other aspects of the cloud.
“Managing cloud environments is different from managing on-premises environments and requires a diverse skill set,” says Johar. “CIOs need to build a team with unique skills as well as continue to improve and empower IT teams to work in cloud environments.”
Coping with changes in responsibilities
The rise of the cloud in all its forms is changing just about everything about the way IT operates, including the responsibilities of the CIO. If technology leaders and their teams stick to traditional ways of doing things before the cloud became prominent, they may be headed for failure.
This does not mean that IT administration is no longer necessary. In fact, with the increasing complexity of multi-cloud strategies, IT guidance is needed more than ever.
“The role of the CIO is changing from ‘build and control’ to ‘guide and inspire,’” says Johar. “Our new role requires us to allow citizen developers on business teams to share some of the traditional IT work with proper oversight from our IT team.”
Automation Anywhere is a “cloud-first” company, says Johar, and many of its customers are adopting the cloud version of its automation platform. “So it’s important to me that we also fully embrace the cloud internally within our global organization and reap its benefits,” he says.
SaaS applications are used by most of the organization, including IT infrastructure, network services, and almost all of its business functions across the company, as well as cloud infrastructure. As CIO, Johar has the opportunity to help enable these services and master complexity through strong leadership.
As microservices expand with the rise of cloud services, the complexity of managing them also increases, says Emily Lewis-Pinnell, who leads the cloud practice at IT services and consulting firm NTT Data Services. The rapid application advancements made possible by microservices require new approaches to management, particularly as they continue to scale rapidly, she says.
Application sprawl can hinder innovation and productivity, as well as create security risks if abandoned applications aren’t updated properly, says Lewis-Pinnell. “Enterprises must have a balance between adopting new technology and withdrawing from old, as well as strong management and organization, or their application footprint can quickly become unmanageable,” she says.
NTT Data recently worked on microservices with online store builder Volusion. “We apply infrastructure as code [IaC] to two of the microservices on the Volusion eCommerce platform,” says Lewis-Pinnell. “IaC ensures that the same environment is reliably provisioned every time throughout the software development lifecycle, including testing and production, enabling rapid deployment at scale with less risk.”
The microservices are orchestrated across four Kubernetes clusters. The open source IaC tool gave Volusion the ability to define those groups, says Lewis-Pinnell. “Volusion can now deploy Kubernetes clusters with a streamlined and automated workflow, [ensuring] that each environment is built with a consistent design based on best practices,” he says.
Ensuring the cloud is driving real business results
The more complex a cloud strategy becomes, the more difficult it can be to determine the return on investment of the various services in use, or if there is any return at all.
“Having the ability to define workloads and design the right provider to meet specific requirements has been crucial, in my experience,” says Mike Clifton, executive vice president and chief information and digital officer at Alorica, an IT outsourcing provider. customer service.
“I recommend thinking of your business as a puzzle, with numerous pieces that connect together to add value for the customer,” says Clifton. In Alorica’s line of business, the company has different actions that go into their environment and out of their customer’s environment, be it authentication, call tracking or recording.
“For example, our ability to successfully integrate voice capabilities into a customer-facing environment in the right language, at the right time and on the right channel is a key factor in achieving real-world business results, whether a positive product review, interest in a discount offer, or even an upsell,” says Clifton.
Success with a complex cloud environment in this context is only possible by negotiating service level agreements (SLAs) with cloud service providers that outline a clear set of deliverables, says Clifton. “Once you have the scalable infrastructure in place, you can start rebuilding all your workflows without further risk of disruption,” she says.