everythingpossible - Fotolia
Although some are still trying hard to resist, organisations across all sectors are moving to the cloud, making it one of the fastest-growing market segments of the decade.
While moving to the cloud is at the forefront of most IT enterprise strategies, questions have to be asked and answered before a business embarks on such a large transformation project. To reap the rewards of cloud, you need to get the essentials right. Do you go for a private cloud solution? A hybrid environment? What in-house systems do you keep? How do you ensure your data is secure?
At the latest CW500 club, experts talked of the importance of getting the IT architecture right, making sure security is up to scratch, and avoiding supplier lock-in.
Before jumping on the bandwagon and moving your data to the cloud, you should take stock of your overall framework and heritage estate, advises Don Kavanagh, former chief architect at the Home Office Security Industry Authority (SIA) .
Look before you leap
It’s important to understand which pieces of your old estate you can move.
“People are trying to move far too much,” he says. “It’s far better to come up with a roadmap of the key systems you want and look at how you can re-engineer them because the capabilities offered from the cloud are far beyond the capabilities we have when they were built.”
Another tip, from Abdul Sheikh, chief technology officer at Cintra, is to baseline your current architecture and understanding where on the map you currently sit before embarking on a cloud implementation.
Another key factor is the structure of the organisation, he says. “Evolving the architecture role, the security role, the network security role, the data management role – all of these things are important.”
Sheikh adds that there is a huge opportunity to modernise the on-premise estate ahead of a cloud implementation. Looking at the current state of your IT and setting out a roadmap to where you’re going will help “shorten the wide gap that usually exists between IT and the business requirements”.
Sheikh believes that getting ready for a cloud implementation also brings opportunities to improve on-site IT security.
“In a non-optimised estate you have difficulty enabling security because of the sprawl you typically see, and the cost of enabling security options becomes financially unfeasible as you modernise and consolidate your on-premise estate,” he says. “That sets the foundation for enabling those security options you’ve traditionally steered away from because of the cost.”
Get your security right, but don’t be afraid
One of the biggest worries among organisations looking to the cloud is security. According to the Gemalto 2016 global cloud data security study by the Ponemon Institute, cloud data security is still a major challenge, with only one-third of sensitive data in cloud applications protected by encryption.
Worries around the cloud “not being secure enough” are common, and some hold onto the belief that on-premise is safer. However, Mark Nicholls, head of technical solutions and security at the Peabody Trust, says: “Cloud is good. Don’t be afraid of it.
Mark Nicholls, Peabody Trust
“Sometimes our datacentres are not secure, as much as we like to think they are, so it’s about exploring what options are available in the cloud that can give us that extra security. In some respects it’s even better, as there are cloud solutions that are designed specifically around keeping data at its most secure, which is even better than we can achieve with our own datacentres.”
He adds that it’s important to get your contracts right. You need to get down to the nitty-gritty – breakout clauses, what will happen if your cloud provider goes bust, and who is responsible for the data are all important considerations. “Setting that strategy at the same time as establishing the cloud strategy sets a solid foundation.”
The changing world of cloud also brings a change in capabilities and roles. Typically, an organisation would have a security role that sits in a network team, but that “doesn’t cut the mustard any more”, Sheikh says. “We really need cloud security experts specifically for governance, so we really need to reinvent ourselves. Some organisations are more progressive and dynamic, others are more permanent in their structure and so don’t change much. That’s where we often see new roles and recruits coming in.”
There are other security issues to consider as well. Kavanagh says it’s important to apply the appropriate security to the appropriate risk, and adds: “Most people don’t understand the risk of the data they have.”
With the general data protection regulation (GDPR) coming into force on 25 May 2018, it’s important to ensure it’s on your radar. Failure to comply will result in a fine of around 4% of your global turnover – a significant hit to any organisation.
“It’s important we understand what data we have, the risk of that data, where we can afford to separate that data so parts of it can be placed into the cloud structures and parts of it into others if it’s necessary,” Kavanagh says.
Understanding the profiles of the data, its security and the threats to it are also important, he adds.
Keep up with the changes
Although cloud has been around for a while now, the journey to it is changing.
Kavanagh says that whereas in the past, organisations were searching for “the one”, now they are looking at several cloud solutions, figuring out how many they need, and how to join them up. “Organisations are typically pulling together six, seven, eight clouds, so it’s now becoming hybrid multicloud environments that have to connect back into the legacy estate,” he says.
A lot of organisations are moving to an “app-type” world, using several microservices. They may decide to go with a certain provider, but choose to retain the data copies in the organisation.
Read more from the CW500 Club
- Trusting IT systems and trusting people are two very different things. Add big data, cloud and the new data protection regulation to the mix, and it becomes a minefield.
- Digital transformation is not an easy feat and requires not just the right technology, but also the right investment, people and engagement.
- To make DevOps work, organisations need to get rid of change request forms, make friends with change control management and get teams to communicate and share ideas.
Agile working and DevOps are also becoming more popular. “You got to become much more responsive and work at the velocity of the business,” Kavanagh says. “You got very small scrum units needing to develop products very quickly and putting enablers around them that take them forward and are not seen as a blockers.
“A lot of organisations are now starting to put pattern books together – structures that say this is how you use you DevOps and the development pipeline, through much more advanced accelerated continuous integration, deployment and development, and on top of them they're placing patterns and structures to be able to communicate good form.
“Architects need to be able to now become much more agile in their working. It’s not ‘I’ll go and knock you out a model for a while and we’ll come and make sure it then fits.’ It’s being able to step into a development team, into a scrum environment, listen to what they’re trying to do, and as you enter problems and issues you start to adjust it. The more building blocks you can drop around that rapidly to be able to deliver it, the better.”