10 lessons on the journey to the public cloud – Part 3: What’s holding you back?
In the first two parts of this blog series we have looked at why organizations should shift to public cloud.
You think that the public cloud could help you. So, what’s holding you back? A 'lift and shift' approach, simply moving your current IT operations to the cloud, might seem easy but it needs the same investment as any major technical innovation and may not actually achieve much.
Virtual Clarity knows from experience you will not get the most out of public cloud unless you rethink your operating and IT model to take advantage of the cloud’s possibilities, but ‘fear of the unknown’ is a big factor, according to Avi Deitcher, Principal Consultant at Virtual Clarity. “It’s like that movie, Monsters Inc," he says. "Once you open the closet, you realize that the monster was just a jacket with a hat on it.”
It’s certainly important to tackle the unknown, and that starts with an in-depth understanding of the existing estate – environment, IT platforms, applications, infrastructure and data – as part of the precise and practical approach and advanced analytic methods Virtual Clarity uses to discover and assess, removing obstacles to success and deliver results. Qualifying the suitability of workloads for migration means you only migrate what adds value.
Lesson six: Security will be different
Companies used to worry about the security and longevity of public cloud providers, but it’s now clear the public cloud isn’t blowing away any time soon. Amazon Web Services (AWS) – currently the largest cloud infrastructure provider – is growing faster than its parent company, with $9bn in revenue in the third quarter of 2019. Microsoft, the number two, recently reported a 59% growth in Azure cloud revenues in the same quarter; Google Cloud, meanwhile, generates some $8bn in annual revenue.
I think people are losing their fear of information security gaps at hyper-scale cloud providers. These ‘CSPs’ put more money and bigger teams into doing security better than even a large enterprise could possibly do - certified to globally recognized and national standards, and thoroughly audited. The challenge is how you plug in to that safe space. Most people should be more concerned about the security of their own underlying platform and operations than about trusting the provider. Some of the most famous recent security breaches, like the big break in at Capital One, turn out to be the fault of failure to comply with safe practices and would have happened, cloud or no cloud.
Robert Grey, Head of Transformation adds that, while companies have fewer worries about the security of cloud providers’ actual platforms, they have more valid worries in how they themselves make use of public cloud services. “They are concerned about security and making a mistake in configuring their cloud environment,” he explains, “or that they click the wrong button or set something up incorrectly, allowing the data to be made public. That what’s keeping CIOs up at night.”
Chris Buckley, Lead for Modern Platforms, observes that companies are used to infrastructure and applications sitting in a physical location, with a lockable door. “In the cloud world, we can’t see it,” he says. “We don’t always know where the boundary is, we are consuming third party services and we are exposed to the internet rather than just an internal environment. We can have greater security than ever before, but we need to think about security in a different way.”
Lesson seven: Control costs in a subscription-based system
The cloud is fundamentally different from an on-premises IT platform. Before, you had well understood, amortized, depreciated capital assets – and gatekeepers to control spending. Now, your server and service costs could change from one day to the next, so the users need to be aware of, and be accountable for behavior that drives costs. “The question is how to control consumption without stifling speed,” says Grey. What if someone spins up all these services in the cloud, and goes on holiday for two weeks? Unless you are in control of this, you could end up with a surprise bill that you don’t get to negotiate!”
Buckley advises a pragmatic rethink as the cloud lets you work in a different way. A software release that doubles your cost overnight or an uptick of outside consumers could cost you more in traffic. He points out “the right people need to be aware of the costs in real-time; it also means you need to manage your forecasting differently.”
Lesson eight: you need a culture shift
You won’t get the most out of the public cloud unless you change how you work. There is inertia to overcome - the people you currently employ might currently work in tight silos and be unwilling or unable to think about infrastructure as code, for instance.
Deitcher believes that even using the cloud in a limited way can give your business benefits – but you could also use this chance to transform it. “Take a good, hard look at how you build your applications, how you manage them and what your life cycle is,” he advises. “Instead of just ‘going to’ the cloud, be cloud native in your designs and processes.”
This will need a change in mindset and new skills. In his experience, Grey says, you will find people and teams who want to jump on board: so, activate them! “Make sure you have a business case, financial planning and a small, multi-discipline team able to make decisions and bring people together.”
Lesson nine: Should you worry about locking yourself in?
Whenever dealing with vendors, businesses should ask themselves not only about the costs of onboarding the service, but also the cost of switching it off some time in the future, i.e. “lock-in”.
Cloud providers are vendors, and thus subject to the same old question: should I worry about lock-in?
“If you go all in on public cloud,” says Matthew Povey, Principal Consultant, “you have to ask yourself questions about ‘lock-in’ – the idea that if you move to something, and can’t get off that, it could be a serious problem.”
The same question applies to how you manage and deploy the cloud resources themselves. You might decide to integrate wholly with a public cloud, writing your applications to interact with it directly; or you could place abstractions, like HashiCorp Terraform (an infrastructure-as-code tool) between your management and the cloud provider, to make your infrastructure code much more portable.
“The downside to software which provides abstraction is that you have to maintain that tool and all of its upgrades – while if you use the cloud native tool, the cloud supplier deals with all of that for you, which is why cloud native tools are so attractive,” says Povey. “The key is to understand where the value of a particular public cloud native service is sufficient that it’s not worth abstracting. Lock-in is just a price you pay for the benefits of public cloud.”
I believe that the public cloud skies are far from a monopoly, and competitors are likely to help you jump ship if you really want to. “If you were with Vendor A and the services began to degrade, do you really believe that you couldn’t go to Vendor B?” he says. “Lock-in is a cost, not an irrevocable barrier, and you could always move somewhere else. It may take time, and you should maintain the same vendor risk mitigation plans that you always have for key suppliers.”
“You have to pick a pony to bet on,” adds Buckley. “AWS has north of 165 different services, but many are potentially proprietary to AWS, particularly in the way you integrate with them. A lot of fear of lock-in leads to going to the lowest common denominator: a virtual server and some storage. However, I can do that with VMWare. What value am I getting at that point? Just the peaks and not having to build everything myself. There’s some great innovations to tap in to, so in many cases, there’s actually good reason to opt to make use of those proprietary services”.
Lesson ten: Assemble the right team quickly
When you know what you want to do, create a team to drive action, while you have momentum and everyone’s attention.
Make sure the business and control functions are part of your team – as well as outside experts who have done it before and know the pitfalls, advises Grey.
“Ask yourself: do I have the right people in the discussion at the beginning, at a senior level?” he says. “If you don’t, you will have a big problem further down the line when someone’s going to say no. You need a clear and consistent strategy for how you are going to move forward, and you need to manage that aggressively.”
Talk to the team at Virtual Clarity - experts who know exactly what it takes to help you transform your enterprise in the cloud and become a fast-moving innovator in your own right.
What are you waiting for?