Just starting to work on your cloud strategy?

Most of the cloud strategy conversations tend to pivot around costs savings but that should not be the only factor you should consider when formulating your cloud strategy. Some key topics to include in your strategy discussion are security, resources required to configure and manage cloud services, monitoring and managing costs, governance and compliance. Let’s take on these key factors one by one to understand them a bit more in detail.

Security

No IT discussion nowadays is complete without considering security and privacy of the data you plan to store and use in or from the Cloud. In 2017 we learnt that a Yahoo breach back in 2013 had left around 3 billion accounts exposed. Along with that Equifax, the Credit reporting agency, also informed us that around 145 million accounts were breached and personal data was stolen. This is only the tip of the iceberg of the several other data breaches that occurred in 2017. This blog does a really good job in enumerating and providing information about the notable security breaches that occurred in 2017. IBM also conducted a study to calculate of what potentially it would cost you if the a security breach occurred for your particular industry. As an example, if the data breach occurred in US for a healthcare company it could potentially cost them up to $12M. You can use their cost calculator to get an idea of what it would cost you for your particular industry if the data security breach were to hit you. All this builds a strong case for you to have security and data privacy policies which are followed by the developers and IT professionals in your company. As you research and look for your public cloud provider you want to make sure that they have proper security measures in place to protect your data against any potential breaches. One thing to note is that just because you are going to place your data in the cloud, doesn’t mean you are going to wash your hands of the responsibility of security is completely. The onus of protecting your data is not only on the cloud provider but also on you thus making it a shared responsibility between you and the provider. As we are in the early stages of companies adopting and using the cloud services, the scenarios are simple for data protection. As we move into the future and large enterprises start implementing hybrid scenarios for splitting up their data between their on-premises networks and the cloud, the data security scenarios are also going to get complex. Thus, it is critical that the current best practices and policies which you may already have in place for your on-premises data security and protection are tweaked and made suitable to be applied to your data which will reside in the cloud or in a hybrid scenarios.

Expertise & resources

Skills shortage or unavailability of well skilled cloud resources is something that you are going to hit very quickly if you are new to the world of Cloud computing. There are several key roles that you need to consider, depending on your needs, for managing your Cloud assets including Cloud Administrator, Cloud Engineer, Cloud Developer, DevOps and Cloud Architect. A recent report by RightScale calls out shortage of cloud talent as one of the top key considerations for companies adopting cloud services. With the current unemployment rate of 4.1% it may be really hard to get good resources with deep cloud expertise. Another option will be to consider retraining your current IT and developer resources to learn about developing, deploying and managing cloud services . Not to mention that as you grow into an experienced cloud organization, these same resources can help you with enabling hybrid cloud scenarios and connecting your on-premise data centers to the public cloud. Getting your resources certified in various Cloud provider’s technology stacks may also be an option for you as you mature as a cloud organization.

Managing costs

Cloud spend and waste should be one of the key pillars of your Cloud strategy. According to RightScale’s state of the Cloud report 35% of the Cloud spend is being wasted. Cost management should be one of the key factors as you consider cloud adoption. Your cost should be the total Cost of Ownership (TCO) which includes all phases of adoption from trial, to deployment, configuration and the maintenance of the cloud services. All top Cloud providers are offering compatible prices but you will see differences depending on your workloads, applications and systems you plan to host in the cloud. Various tools and systems are available from top Cloud providers and other vendors to help you along the way in managing your costs effectively. Azure’s calculator is available here, while AWS offers a TCO calculator along with Google having their own pricing calculator. Google also recently introduced their billing API to help organizations manage their Cloud costs programmatically if they are using Google Cloud Platform services. Along with these basic cost calculators, both Microsoft and Amazon offer extended cost management systems for customers and partners to help them manage their Cloud spend for both Azure and AWS. There are also third-party tools like RightScale’s Optima and Cloudability’s for cost optimization and management.

Governance and Control

An important part of cloud adoption and usage operations is to have proper governance in place to make sure that you take structured approach and have proper processes and procedures in place for using and migrating workloads into the Cloud. Your internal controls will help you with making sure that not every team and department starts using the cloud services without proper oversight and alignment with the organization’s goals. Even for the departments to try cloud services for a certain Proof of Concept requires that someone reviews the requirements, provisions the services and then shuts them down once the experimentation phase is over. Major part of your governance should revolve around proper security reviews and evaluation before moving any workloads into the cloud. You should consider the security measures already built into your workload along with what your Cloud provider is going to offer. Depending on your industry type you may also have certain regulatory compliance that you have to fulfill. In this case you want to make sure that you sign up with a provider that has been certified to have the regulatory compliance in place for their services.

Compliance

Depending on your industry you may have regulatory compliance which drives your data and IT systems. As you start thinking about moving to the cloud, you want to make sure that your cloud provider has your specific industry’s compliance certification in place for their cloud services. Most of the major cloud providers including AWS, Azure and Google Cloud have gone through a rigorous process to get certified for various compliance certifications for various industries. Azure offers these compliance certifications for their customers, AWS offers these and Google Cloud has these certifications in place for their customers. Along with industry specific certifications most of the providers also offer cloud services specifically for the public sector including local and federal government agencies.

Conclusion

The above factors should have you well on your way to creating a firm cloud strategy. One factor however, that may over-complicate this is the Multi-cloud considerations. You may want to check this post for what aspects are critical for you when considering multi-cloud for your business.