There are several key considerations for Enterprise Architects when it comes to establishing an effective Cloud strategy. Organizations typically have a combination of formal and informal technical guiding principles, but fail to establish a strategy that truly addresses every aspect. As part of the organization’s broader strategy, it should formulate a holistic Enterprise Cloud Strategy. Even if an organization doesn’t believe that Cloud is currently the right approach for them, having an articulated strategy will help support that position (i.e., demonstrate what that position is based on and why), as well as provide criteria as to when and if that position should be revisited in the future.
Accenture recommends a series of introspective questions an organization should ask itself in the formulation of its Enterprise Cloud Strategy. Although the list appears to assume that Cloud technology is a foregone conclusion for the organization, it does raise some useful topical aspects that a good strategy should address:
- How do I separate the realities of the cloud from the hype?
- What are my options for adopting Cloud Computing?
- What steps should I take to get started in the cloud?
- The cloud seems very tactical – why do I need such a broad strategy?
- How concerned should I be about privacy and regulation?
- Which of my mission-critical applications are candidates for the cloud?
- How does my operating model need to evolve to support a cloud strategy?
- How do I procure for the cloud?
- How does the cloud change my strategic investments, now and in the future?
An effective Cloud Strategy should have a few common elements, which include the incorporation of business-oriented strategic elements, identification of key security considerations, declaration of intentional adoption pace, definition of the enterprise-level Cloud reference architecture, and an alignment to relevant industry cloud patterns. A real world strategy would be more complex still, but this should give you a good starting point.
Business-Oriented Strategic Elements
IT and cloud, by themselves, may not accomplish much. It is important to determine how cloud adoption aligns business strategy and its relationships, and how it complements other changes to products, processes, people, and partners.
While often presented as a business imperative, cutting costs is not really a strong strategic business strategy per se, unless the intent is to free up funding for other strategic initiatives.
Several years ago, The Open Group published a white paper on building a Cloud Computing Return on Investment, which argued that both Cloud Computing ROI models and Cloud Computing Key Performance Indicators (KPIs) can be aligned to four common dimensions: Time, Cost, Quality and Margin.
The Time dimension recognizes the advantages and metrics related to the acceleration of solution delivery in a Cloud environment. The Cost dimension identifies the financial impacts resulting from Cloud investment. The Quality dimension focuses on the potential experiential improvements (or degradation) over the current computing model. The Margin dimension drives awareness of how Cloud investment impacts the bottom line of the organization to assess investment effectiveness.
As each of these dimensions reflect business-centric considerations, you’ll quickly (and correctly) surmise that these aspects are not unique to Cloud tech and could be adapted to the organization’s current KPIs. The benefit of this approach is that it takes some of the ‘mystique’ out of Cloud and provides a more objective means of assessing its fit to the organization’s economic objectives. It is beneficial to incorporate these aspects and dimensions into the Enterprise Cloud Strategy ahead of time, rather than trying to ‘back into’ benefit justification at a later date.
Strategic Pace of Adoption
An effective Enterprise Cloud Strategy needs to outline the firm’s position on how quickly and to what extent Cloud technology will be adopted across the enterprise; the objective is intentional control without unintended constriction.
Cloud technologies are still maturing: short of SaaS offerings like iServer365, not all products are enterprise grade, all-encompassing solutions and often require taking a heterogeneous integrated product solution approach.
Each organization will have to weigh the risk/reward, institutional appetite for change and the ability to execute against the Cloud landscape as it continues to mature. This self-awareness should then define how rapidly the organization will intentionally adopt, migrate, expand and/or contract Cloud Computing capabilities, either holistically across the enterprise or on a divisional scale. An effective Cloud Computing Strategy will know exactly how a business plans to utilize cloud capabilities and under what conditions.
Cloud Implementation Patterns
Identifying and incorporating cloud implementation patterns into a Cloud Strategy provides high-level guidance for solution architects and design engineers to follow. This level of detail may seem to be a bit excessive as part of a strategic position on Cloud, particularly if the organization is simply planning to sign up with a Cloud Solution Provider and consume their services ‘as offered’. In some cases that may be true, and it may perfectly acceptable to not delve this far into the details.
However, businesses may intend to develop their own cloud services, or rely on SaaS providers for high risk/high value transactions. In these instances, ensuring the robustness of the underlying technology architecture is just as important as that of any other mission-critical solution the organization operates on, be it cloud-based or not.
Cloud Reference Architecture
The same rigor applied to other reference architectures within the firm should be equally applied to Cloud technologies, including clarification on the use of Open-Source components. The purpose of the Enterprise Cloud Reference Architecture is to outline strategic Cloud implementation patterns and provide solution delivery teams with clear guidelines from a deployment governance perspective.
The more specific suggestion here is to identify and define what Cloud investment should look like structurally, when it is appropriate from a contextual perspective, and how it should be implemented in terms of approved tools, vendors, protocols and patterns.
An important aspect of a successful Cloud Reference Architecture is the identification of targeted design/deployment patterns, sometimes referred to as Prescriptive Architecture. A firm may decide that all net-new development should follow a ‘design-for-cloud-first’ approach to ensure that the fundamental architectural underpinnings for all new applications are appropriately optimized for the Cloud from the start.
Another consideration for cloud suitability lies in the nature of the application’s transactional patterns and scalar volume fluctuation requirements. Reference architecture should not only identify the targeted Cloud technology stack components, but should also identify when cloud solutions are not the preferred target environment.
Information Security
Rapid globalization of technology and the ever-expanding interconnectedness of the ‘Internet of Things’ will continue to demand our constant attention to considerations around information security; all channels, all devices, all the time. Cloud tech introduces a host of potential threats by virtually extending our computing perimeter, typically beyond our control perimeter. It is critical that the Enterprise Cloud Strategy clearly articulates how it aligns to and is compatible with the organization’s information security standards.
Cloud security considerations span a range of concerns; resource connectivity, user entitlements, data loss prevention, transitory/stationary data handling and encryption policies, data security classification restrictions, cross-border information flow...the list goes on. It is not uncommon for information security considerations to run counter to cloud solution patterns. Without clear information security guidelines articulated in the Cloud Strategy, it is unlikely that the organization will be well protected from security risks in the cloud.
It is important to note that Cloud solution providers have varying levels of information security performance agreements built in. While offerings have been improving as Cloud technology continues to mature, some providers are still so bold as to say that security is completely the remit of the cloud consumers, thereby ascribing no liability for themselves. Enterprise Architects need to be extremely diligent in ensuring that a rush to implement ‘fast and ready’ computing resources in the cloud doesn’t carry with it excessive risk and unintended vulnerability exposure that might result in a perimeter breach or loss of sensitive data.
Summary
In this blog we’ve identified several elements that effective Enterprise Cloud Strategies should contain. These elements are not exhaustive, but can strengthen and enhance the impact the strategy can have on the organization. Benefits of developing and executing an intentionally articulated enterprise-level Cloud strategy include:
- Opportunity to align (or realign) Cloud with the broader Enterprise Architecture definition and strategy
- Clear guidance to solution engineering and delivery teams on when and how Cloud capabilities should be utilized
- A means to assess, challenge and evaluate Cloud Service Provider offerings in the context of the needs of the organization
- Availability of Reference Architecture definitions and images designed to support rapid provisioning of consistent, standardized cloud environments
- A baseline set of Cloud guidelines that can be used to establish convergence roadmaps to redirect non-strategic implementations over time