White Paper: 7 aspects to assess Cloud Readiness
More and more organizations are using the opportunities that cloud computing offers them. Both business and IT professionals have often considered the offerings of various suppliers, and the use of the various forms of cloud is increasing at a rapid pace. But what exactly is the impact of cloud computing on an organization and is the organization prepared and equipped for this?How can an organization get most value from cloud services?
We will take a closer look at these questions in this white paper. After presenting the key forms in which cloud services come, wewill address each of the seven aspects which are key in assessing whether an organization is cloud-ready: personnel, service, legal and procurement, sustainability, financial, architecture and security, and governance.
Sustainability integrated within the Value Chainleft
Use of cloud services is encouraged when organizations take the decision to invest in digital transformation. However, organizations often postpone the move towards cloud services until a contract for traditional IT services expires, and they then ask their supplier about the options for cloud computing delivery models. Comparing cloud opportunities and the accompanying costs is not a trivial matter, though. Buying cloud services introduces a whole new spectrum of issues relating to many different aspects, governance perhaps being the most important.Where there is a lack of clear governance of cloud services, an organization could unwittingly find itself in a situation of multi-sourcing from multiple suppliers, for instance, because different business units buy all sorts of SaaS (software as a service) solutions.This could result in a bunch ofhard-to-manage and incoherent cloud services, which may require a different recharging model within the organization. In one organization, the business will ‘push the buttons’, while in another it will be the IT department. In a situation where no clear agreements have been made on the purchase of cloud services, this could make financial forecasting a difficult task
An organization could unwittingly find itself in a situation of multi-sourcingcenter
Another example of the need for governance is data storage. At first glance, it often seems to be a good candidate for a service to be hosted in the cloud. However, the various providers use a variety of pricing models that are difficult to compare. The delivery models differ, sometimes pricing is based on space used, storage capacity, bandwidth and whether or not back-up and restore functionalities are provided. Without clear governance and knowledge, it is a difficult issue to get grip on. In traditional outsourcing, the costing models are easier to interpret, but this is not yet the case for cloud computing applications. The serviceportfolio is not yet where it should be in all cases, and there are too few market standards. For example, invoices are not always completely in sync with upgrade or downgrade timing of the services purchased. The buyer of the cloud service therefore has no influence on this, and the customer can then find themselves suddenly faced with an exhausted storage quota, while they were not informed in time that the ceiling was in sight.Cloud computing is clearly a growth market far from reaching a point of maturity, and there is still a proliferation of well-known, but also new suppliers. There are hybrid sourcing models, various pricing and charging models and new technologies which some organizations havenot even thought about yet, although they may like to include them in their daily practice. Various case studies have shown that sourcing policy frameworks and the sourcing strategy need to be enriched with additional information focused on cloud options to enable an acceptable decision to be taken on the right strategy
The various cloud options
Cloud is currently one of the most used buzzwords in IT. It is almost the case that an organization is considered irrelevant if it doesn’t use the cloud. But what is the cloud actually and what delivery formats are there? The main characteristics of cloudservices are:
Online delivery: Delivery of services through a private network or the internet. The Internet is the driving force behind the growth of the cloud, because it can provide the services ‘any time, any place’ (as longas an internet connection is available, of course).
Delivery as a Service: No IT resources or products are delivered, only services. XaaS is therefore the buzzword in the cloud economy, the X stands for the various forms of cloud (see below).
On-demand and self-service: The customer can obtain server time, computing power, storage and network capacity at anytime without human interaction with the serviceprovider.
Shared resources: The physical IT resources used are shared bymany users (internal or external) through virtualization.High degree of elasticityIT resources can be deployed quickly (in minutes rather than hours) and flexibly (in terms of time windows, capacity). If necessary, it is possible to quickly and temporarily scale up or down
Pay per use: You don’t pay to own the computer equipment, but for actual use. In practice, there are limits here too. For data, we see that this is often saved permanently and use over time around will only grow.
There are three dominant cloud deliverymodels (but also many others)
IaaS: With Infrastructure as a Service, only the basic computer infrastructure is provided: servers, operating systems, data storage and the necessary data center and network facilities.
PaaS: Platform as a Service provides the complete platform on which to host an application. This is IaaS including a programming environment and databases. The number of flavors PaaS is many times greater than IaaS.
SaaS: Software as a Service is the most complete IT service in the cloud spectrum. It involves a working application where the user or local administrator usually has degrees of freedom to configure it.
The cloud has four different implementation variants
Public cloud: The cloud infrastructure is made available to a wide audience and is owned by an organization selling these services (cloud provider).
Private cloud: The cloud infrastructure is used solely for a single organization. It can be managed by the organization or by a third party, with the infrastructure hosted either in-house by the organization or a third-party site.
Community cloud: This refers to a situation in which the cloud infrastructure is shared by several organizations, which generally have common goals and standards (such as mission, policy, security or legal requirements). This cloud may be managed by one of these organizations, by a shared service center or by a third party. The infrastructure is then hosted by one of these three parties.
Hybrid cloud: The hybrid situation occurs when the infrastructure is a combination of two or more of the variants described above (public, private and community),and where data and/or capacity can be moved between these variants depending on the demand or application.
Finally, we see more and more governance and service models for the cloud to enable control and management of the public, private and hybrid cloud environments. Some of these models are strongly linked to software, but this is certainly not true for all. Because the models have different origins, they often overlap. The models differ in the degree to which they focus on:
- providing support to the business or the management of suppliers;
- acquisition (sourcing) or the provision of services;
- cloud or outsourcing of all variants.
Figure 2 shows these differences. The three dark blue models are specifically focused on the cloud. The remaining two are more generic control models. We describe these models from right to left:
Cloud Management is managing the purchase of public, private or hybrid cloud environments once they have been contracted. We usually find Cloud Management in combination with the associated Cloud Management Platform (software), which offers self-service interfaces, automated delivery of standard platforms (for example, with any security requirements needed), usage metrics, invoicing and workload optimization (on various cloud environments).
Cloud Services Brokerage focuses on contracting and controlling the delivery, use and performance of cloud services. Software is used here too to support the selection of suppliers and manage the contracted services. Cloud Service Brokerage is therefore substantially more versatile than Cloud Management. Only the services typically focused on the end user (self-service) are missing.
Cloud Orchestration refers to the management model or service which aims to integrate cloud services from multiple vendors into a single business-oriented service. Cloud Orchestration seeks to seamlessly translate, integrate and realize interdependent business needs in end-to-end cloud services (in some cases) provided by various cloud serviceproviders. Where Cloud Service Brokerage focuses on the purchase of cloud services, Cloud Orchestration focused on delivering services to the business.
Service Integration and Management (SIAM) aims to integrate services (cloud and non-cloud)from multiple vendors into end-to-end services for the business. SIAM was originally a model that is strongly correlated with service managementsoftware. In recent years, it is increasingly becoming a model for the relationship between the automation of IT services (IT4IT) and the control of these services. SIAM is still more focused on the management of IT vendors and less on integrating demand. This explains why, in our view, it does not entirely overlap with Cloud Orchestration.
Demand Supply Governance Framework (DSGF). A governance model developed by Quint for translating, integrating and controlling the demand of various business components to services from internal and external service providers(cloud and non-cloud), including controlling the delivery. DSGF is rooted in the period when outsourcing was on the rise, but the cloud did not yet exist. However, the principles of DSGF still fit in the cloud era. DSGF is also less focused on automating the relationship between supply and demand, and for this reason there is no complete overlap with Cloud Management and Cloud Service Brokerage.
Use of the cloud
Use of the cloud has risen sharply in recent years. In 2011, Quint conducted a survey which found that less than 10% of its customers were using the cloud. 30% of respondents thought that their organization would use the cloud by 2016. This assessment proved incorrect because according to recent researchII, 86% of Dutch organizations were using some form of cloud service in 2016IV. According to another study of a group of relatively smaller organizations, keeping IT and other services in-house is still the dominant service model (in 62% of cases).
This also means that the cloud has also become the dominant service model for the remaining 38%. And this number will continue to grow. Research conducted by Quint and others in 2016 shows that 61% of organizations will increase their use of the cloud (compared to only 3% expecting a decrease in its use). In 2011, the top three barriers to a cloud strategy were: lack of security, too many interfaces and lack of data protection. Now these fears have become: organizing cooperation between the business, designing IT architecture and gaining transparency of costs. The key reasons to use the cloud in 2011 were scalability, cost reduction and simplification of hardware and software maintenance. In 2016, the key reasons are now ‘increasing information security’, ‘reducing IT CAPEX’ and ‘enhancing innovative capacity’ and ‘shortening the time-to-market’. Overall, reducing costs remains a dominant factor, and time-to-market (to innovate or simply to stay in the market) has become a clear runner-up. Given the desire of many Dutch organizations wanting to arrange physical storage in the Netherlands, security concerns remain. In fact, they have only become more specific.
Finally, the customer satisfaction aspect is not an insignificant one. In our study from 2016, we see that cloud providers generally stand a good chance, but do not necessarily come top. It may be the case that personal contact between supplier and customer is important too.
In 2011, only 30% of organizations had thoughts about using the cloud in 2016. And now 86% of organizations use the cloud in 2016!center
Cloud Readiness Assessment
In practice, Quint sees increasing use of cloud services, but this does not necessarily mean that an organization is (sufficiently) ready for them and is therefore obtaining maximum value. We see many organizations are struggling with the promises of the cloud versus new issues that the cloud raises. Responding to these issues is necessary to ensure a successful start with cloud computing, enabling you to reap the benefits. To arrive at the right strategy and a corresponding road map for cloud sourcing, it is very important to consider the maturity of an organization based on the seven aforementioned aspects. Below we examine these aspects and their interaction with the cloud in more detail.
The increase in cloud computing is expected to reduce the need for internal technical managers. In a cloud environment, everything is virtualized and centrally managed. Technical management is performed by the cloud provider and is therefore moved to behind the walls of the provider’s data center. Looking to the near future, for example, 90 percent of the staff can make do with a web browser on their device, as this is sufficient for remote management. From a HRM perspective, the focus will have to be on launching retraining schemes or redundancy plans. The traditional transfer of business will often not be the case because the transition will take place in much smaller chunks than the outsourcing we have seen previously. With increasing use of the cloud, the average organization will actually need more functional administrators and managers in order to reap the benefits of the cloud and manage the digital transformation that comes before it. The shift to the cloud will therefore demand other IT skills, and this change will not be easy. These will have to be managed.
With the introduction of cloud services the management processes in the client organizations will shift from traditional technical administration to functional administration. The IT services themselves will increasingly be conducted out of sight of the organization. Traditional services, such as back-up and restore services, will be automated; only the legacy systems will still be managed in the traditional way until they too are transitioned to a cloud environment. Functional administration can only be performed through interaction with the business. However, not all organizations have a well-developed functional administration role. This is a big concern. In practice, we unfortunately see on a regular basis that functional administration is organizationally too remote from the IT and the business functions, and therefore becomes an island. Also, functional administration is not always organized in a straightforward way. With cloud computing, an immature organization will hamper progress, because functional administration has a very important role. This is because not all cloud services are standard services. In addition, many cloud solutions allow you to develop a custom configured environment. These services to the organization must be configured (by the functional administrator) to use them successfully.
A second important change in the field of services is implementation of the self-service model. The average user will have access through a single portal to all IT services whether they are legacy, public services or specific business-internal cloud services. This is a game changer, not just in the technical sense. Many users and their IT service providers often still think in terms of technical products rather than services.
Legal & Procurement
In the cloud era, the legal and procurement aspects are very important for maintaining control. A cloud contract includes other components than a traditional sourcing contract. The emphasis will be on agreements relating to availability, continuity, confidentiality and costs. Cloud-related contracts are better tailored to B2B and P2B1 business models, while only a few years ago there were still ‘consumer contracts’. In the transition to the cloud, ownership and transferability play a major role: can the software that Company A purchased be run in the public cloud solution of Company B? We are aware of the major contractual problems in software contracts that suddenly became much more expensive in virtualized environments because this usage did not fit into the supplier’s charging model (or perhaps fitted too well!). You had to pay per processor, while a virtual server has many of these …
Vendor lock-in is also a serious legal risk of cloud use: is the organization still able to move its data to another solution? What will happen in the case of SaaS if the organization wants to change its software? The data is usually transferable, but how easy is this and what happens with all the settings? And, in the case of a new SaaS solution, how will you rebuild everything? A successful cloud strategy requires answers to these questions, any may involve taking calculated risks. And if the organization does not ask these questions, supervisory bodies usually will ask them.
An important legal aspect is the ownership of data. In a public cloud, there must be assurances that the data remains the property of the organization that created the data. In practice, however, this is no mean feat. In a formal sense, Facebook and WhatsApp, for example, own the data that is placed on their platform. The expectation, however, is that cloud providers will enforce this right very reluctantly, because otherwise users will vote with their feet and stop using these services en masse. A private cloud offers a lot more certainty, although from a legal perspective you will still need to investigate whether the supplier lays any claim to the data stored in its data center. Practice shows us that this is not a luxury you can afford to dispense with.
Sustainability of IT is increasingly considered important by organizations. More and more organizations are concentrating on the sustainability of the business, taking account of the impact on people, the planet and profit in the short and long termV. Organizations that care about sustainability would at least need to verify how their intended cloud provider handles this topic.
Outsourcing has always had a certain impact on sustainability and moving to the cloud is no different. Opting for the cloud, for instance, has an effect on where the work is carried out and therefore certainly has an impact on local employment. The effect on our planet can be positive because cloud use could lead to more efficient use of computing resources and the underlying energy supply. It is claimed (see, for example, The Incredible Environmental Impact of Cloud Technology) that if all US companies moved to the cloud for all their IT needs, this would lead to an 87 percent reduction in energy consumption.
From a financial perspective, the charging model of the cloud, the pay per use principle, is the principal change compared to the old situation. Only paying for actual use is considered one of the great benefits of the cloud. However, there are some snags. In the first place: what is the exact price of the service and is it fully scalable? Here the billing models vary greatly. Is a charge made for every user, feature (in the case of SaaS), virtual server, and gigabyte? What is the degree of granularity: by year, month, day or second? And is it possible to scale back units no longer required, or is it only possible to scale up? It is therefore very important to make a sound business case to make a correct assessment on whether buying cloud services makes financial sense for an organization. In practice, we see that too many organizations feel deceived about this once the first invoice from the cloud provider arrives.
A second financial issue is control of spending. If equipment and licenses are purchased, the authorized signatories in the organization can take very specific decisions on whether money is actually spent. This no longer applies in the case of cloud services. It is ‘pay per use’ so the costs increase as the use increases. Of course, this can be limited by introducing contractual limits that rein in the flexibility (another strong point of the cloud). This means that the organization has to take decisions in advance and put controls in place.
A public cloud will entail much more variation in terms of cost than a private cloud
Finally, the cloud model is important from a financial perspective. A public cloud will entail much more variation in terms of cost than a private cloud. For the overall organization, the private cloud option more closely resembles traditional outsourcing costs. Internally, however, a private cloud can help with the recharging of the IT costs because the actual use is metered (just as it is with a public cloud). This could be a substantial factor in the control of overall IT costs. With storage in the cloud, determining the unit price is a whole lot more difficult. The cloud facility offered differs from one provider to the next: apart from the storage capacity, one market operator may offer backup & restore facilities while another may offer a certain amount of free storage before the meter starts running, and other vendors might offer varying combinations of the same. The range of offers is therefore extremely difficult to compare and it is essential to consider all aspects when deciding on the appropriate supplier. This presents a real challenge.
Architecture & Security
The emergence of cloud computing raises the importance of well-designed architecture and greater security to maintain control of the IT environment, which may be entirely or partly external. The many sourcing options make it more important to have a good understanding, overview and coherence. First, it is good to realize that not all applications are effectively suited to running in a cloud environment. It must be determined for each application whether that application is suitable for hosting in the cloud platform and offers benefits. An application that has a constant 24/7 load and which has stable (growing) data storage is usually no better off being hosted in a cloud environment than in a conventional environment. Conversely, it may be useful to redesign an old application that has a highly variable usage throughout the day, week or month so that it runs well in a cloud environment.
A great danger that an organization can run is introducing a cloud solution that then goes on to function as a kind of silo in its own domain and fails to integrate with the existing IT environment. Unfortunately, this does occur a lot in practice. Especially in cases where organizations have multiple departments that provide shared services, a chain approach is needed. If, in that context, it is decided to use cloud services, it is imperative that there is a long-term vision and planning which integrates the cloud service in the chain. Introducing an island means that bridges will need to be built, a time-consuming and costly exercise. A cloud solution must always fit into the existing landscape and into the existing and target chain process. There are also challenges in the field of application and information integration. The cloud means that a multitude of information sources can be tapped into, and this requires a smart approach. This is an important aspect to focus on. What’s more, legacy applications that are at the end of their life cycle, but which the organization cannot do without, are an inhibiting factor. It is necessary to examine the possibilities of having these applications converted or rebuilt, or perhaps to add a skin that makes it possible for the legacy core functionality to be offered in a virtualized environment. This brings the legacy solution up to date, and the peripheral applications can be rationalized or phased out. The core application remains, and can then be transitioned to a SaaS environment.
The transition to the cloud also makes it more necessary to properly determine which applica-tions (and the corresponding business processes) are truly unique and will not usually be available in SaaS form, and what applications are used by every other similar organization (industry-specific applications) or any organization at all (generic applications). It should be clear: the likelihood that these applications will be available in SaaS form with a matching feature set will increase as their use is more generical. Continuity requires continuous attention, but security management will require just as much given the proliferation of devices and locations and the business data they contain. End users and cloud providers both have a responsibility to protect business data and ensure that content cannot leak or be edited inadvertently. Both subjects are strongly related, because it would be impossible to implement a professional level of security management without a clearly designed IT landscape.
Fear of data leaks
For various reasons, cloud computing is marred by a great fear of the US intelligence services, which are widely thought to have unfettered access to all data. However, this should not form a barrier to storing data in the cloud. It’s a matter of smart use of data. Although we speak of ‘the cloud’, there is a big difference between a public cloud and a private cloud. Data that is not classified and is public may be highly suited to storage in the public cloud if there are benefits from doing so, for example, being able to share it easily. In the case of highly classified data, this will require some thorough, rational decision-making, and it may often prove wiser to keep the data within the walls of the organization. The organization then puts time and effort into defending its own fortress with firewalls and various other facilities. Regrettably, in many organizations the thinking about information security ends here, and the trend is that more and more organizations are convinced that external suppliers have this better managed.
The transition to the cloud means it is necessary to determine which applications are unique to your organizationcenter
In the traditional IT environment, there is a mix of on-site IT and contracted IT. This requires a strong control function. At least two roles are needed in the buyer’s organization: the buyer to handle the arrangements with suppliers and an internal service delivery manager to receive and appraise the services. Together, they fulfil the relationship management function. In a complete (public) cloud environment, this is all much easier. Here, the user is simply buying a service, selected by himself, and contracted on the basis of a purchase protocol. Furthermore, they agree on how many units (e.g. licenses, storage volume) can be used. The service is therefore normally purchased ready for use. In organizations that have completely transitioned to this type of cloud, the governance function takes on an entirely different character. The classic governance function seems to be superfluous and is replaced by cloud brokerage and cloud orchestration, as described earlier in this white paper.
However, most organizations are still not here yet. In practice, there is a hybrid environment in 99 percent of cases, consisting of a mix of traditional infrastructure sourcing, hosting, SaaS contracts and some aspects that have been transitioned to a cloud platform environment. In addition, application development and maintenance will have been partly outsourced and methods such as Agile and DevOps will increasingly be used. In terms of management and administration, the diversity makes things interesting, but also complex. Each form requires its own management method; once concluded, for example, a SaaS contract requires hardly any maintenance and is limited merely to confirming that the service purchased has actually been delivered, checking that the invoice from the vendor is an accurate reflection of the actual use of the service, and whether the data can be reused at the end of the contract.
In the case of hybrid environments, governance functions will need to remain in place. This is because a certain control function is always required to regularly check current contracts and check that the agreed updates and upgrades also have been implemented by the supplier.
Earlier in this paper, we noted that many vendors do not provide software that enables users to monitor the services provided and the actual use thereof. This is now changing: a growing number of cloud providers give users access to a customer portal which sets out the contracted services and how they are used, so the user can monitor things in real time. The governance function can then see on a dashboard exactly what has been used and what the resulting costs are. This makes providing insight into the services supplied – including license management and financial settlement – a whole lot simpler and more transparent.
In 2013, Quint wrote that the cloud will have a major impact on governance, especially in regard to controlling integrated services, while warning that the efficiency gains generated by outsourcing should not be offset by increasingly expensive control. The governance function should focus primarily on the things where they can add value and let go of aspects where this is not possible. This saves time, further bolstering the business case of the virtual services. The governance function should focus in particular on the strategic services which are unique to the organization. As mentioned previously, these are usually not available in the form of SaaS. For operational services, which are not unique, the governance function may be limited to issuing guidelines and ensuring cooperation within the organization.
This white paper examined the impact of cloud computing on the organization. There is a lot of choice in cloud service types and in the methods to control them. Fortunately, organizations can prepare and equip themselves to ensure best use of the cloud. The cloud offers many opportunities and the threats can be mitigated provided that thought has gone into how it is used. By assessing their ‘cloud readiness’ (not just in a technical sense) in advance, organizations can work out what they should or shouldn’t do to integrate cloud services in their organizations. This is important to know, because insufficient preparation can lead to false expectations, unnecessary costs and wasted time and effort. Every organization will have to submit themselves to this test in the period ahead. It is not a question of if, but when and in what form the transition to the cloud will be made. It is important in any case that careful thought, consideration and preparation goes into it.
- The NIST Definition of Cloud Computing (2012). NIST Special Publication 800-145.
- Cloud Sourcing 2016. Giarte.
- White paper on cloud adoption (2016). AGConnect and Proact.
- IT Outsourcing Study 2016 Netherlands (2016). White Lane and Quint Wellington Redwood.
- Vision Paper: Sustainabil-IT, verduurzaming van én met IT (2016). Quint Wellington Redwood.
- Yonatan, Reuben (2015). The Incredible Environmental Impact of Cloud Technology. www.getvoip.com/blog/2015/01/19/environmental-impact-of-cloud/
- Israëls, Ronald (2013). Regie ‘goes virtual’: De invloed van de cloud op regievoering. Outsourcing Magazine, August 2013.