Why You Shouldn’t Have a Cloud Strategy

Almost all IT professionals would agree that cloud computing has had a disruptive and transformative effect on how enterprise IT is delivered. Though each organization might be at a different point along the adoption cycle, technology groups everywhere are often spending significant planning cycles on how to best leverage current and emerging cloud computing capabilities for their business. As such, one of the most common statements that you hear from IT leaders is “we need a cloud strategy.”

The problem with this is that cloud computing, as a mechanism for technology delivery, has broad and far-reaching impact. And while there may be some cross-cutting concerns that need positioning, it is counterproductive to try and create one overarching strategy that answers the question of how to use cloud computing.

Don’t take an approach that assumes a conclusion. Too many companies have set strategies such as “cloud first” without really knowing why. Yes, more likely than not, cloud computing will come to be an important part of your architecture. But the approach we take to determining how to leverage these tools in our environments shouldn’t start with a predisposition towards some overarching cloud solution.

Instead, we would recommend taking a business-first approach that will enable your organization to properly adopt cloud technologies when it is most advantageous.

Set the guardrails

Before integrating cloud into your technology strategies, some questions need to be answered upfront to guide and constrain the use of cloud services. Specifically, you should be clear about the impact of cloud in three main areas—security, compliance, and financials. Ask yourself:

1. Do we have any regulatory compliance restraints that limit the use of third-party services? Are there requirements as to the geographies in which services can be hosted?
It is key to understand the external constraints imposed in the countries in which your business operates. These could include privacy laws, PCI requirements, even DoD or other government agency policies. Work with your legal and other relevant business teams to understand the limitations or mitigations that will need to be addressed.

2. What policies or standards need to be adhered to? What classifications of data are we comfortable storing in the cloud?

It’s also important to understand the internal constraints on any use of cloud services. Does corporate policy limit how and where secret or confidential data can be stored? Are these policies up to date or do they need to be revisited given the frequent changes in cloud service capabilities and regulatory requirements? The key here is to make sure that the business policymakers understand, and are comfortable with, any proposed shift into the cloud.

3. Have we worked with our finance team to understand the budget implications of moving more IT spending from capital to expense (as cloud services are likely to do)? Are there internal chargebacks or other processes that would need to be adapted or changed?
Lastly, make sure your finance team is aware of any impacts that the use of cloud services may have on the budget. Most companies are fine with moving spend from capital to operational expense as long as its positive or neutral to cash flow, and they can incorporate it into the budget plan. But surprises are never welcome, especially if it creates an unplanned drag on the next earnings report.

Answering these questions will allow the team planning your technology and application architectures to better understand the short- and long-term limits in their planning for cloud services.

Let your services drive adoption

From there, we should be incorporating cloud capabilities into our existing technology and application strategies. Instead of developing a “cloud strategy,” you’ll be integrating cloud computing into your strategies for delivering compute and storage services, application and integration platforms, collaboration, and more.

With each specific strategy, the application of cloud services towards your target architecture should be assessed across multiple aspects, namely:

• Functional capabilities
• Performance and scalability
• Security
• Manageability
• Organizational skills
• Potential vendor lock
• Data portability
• Total cost of ownership

Although the approach should be consistent across these strategies, each area will have different criteria for assessing the fit for cloud services. By making the questions more granular and focused at our defined technical services, it allows us the ability to leverage different areas of expertise to determine what makes sense for the organization in each part of the architecture.

That is not to say that these strategies do not need to be coordinated with one another. Obviously, there are likely technical integrations across the segments of the architecture that will have to be worked out. For example, your strategies for how you deliver applications and identity management must be connected. But that has always been the case even for on-premise deployments. Cloud computing is not introducing new interdependencies in those areas.

Governance must also be considered. With cloud service costs often billed to operation expense budgets, the typical capital expenditure reviews don’t apply to the consumption of these services. Without structured usage reviews, cloud adoption can drive unpredictable costs into the IT budget. IT finance and sourcing functions need to be enhanced to ensure that these costs are tracked, forecast, and managed. Additionally, the lack of good capacity management for cloud services can undermine even the most promising business case.

Stay focused on the business

Cloud is not a goal; it is just a tool. Do not to let the hype drive you into a strategy that adopts cloud computing for the sake of being in the cloud. Know your architecture—present and future—and then fit cloud services into your environment in the ways that make sense.