Abhijit Dey, VP, Asia – IT, Operations and Service Delivery, Sodexo
Cloud computing or Cloud Solutions and Services have been the buzz word for quite some time. To be on the Cloud or not, is not a question anymore vexing the CIOs and CEOs. Various study and white papers show that upwards of 90% of the organizations have set foot on cloud solutions in some form and shape. Investments in cloud services are increasing rapidly for all organizations, year-on-year. From the initial skepticism around security and privacy to having a cloud-centric IT approach, organizations have come a long way today.
Yet, it is a long and tedious journey. Most organization lack a consistent cloud policy and approach cloud service providers or opt for cloud solutions as a tool to be compliant and secure. It is without a doubt that the major cloud services hosting providers today provide highly professional services, in a secure and compliant manner. However, organizations need to see cloud solutions much beyond these initial considerations.
Why Cloud? Cloud solutions help an organization provide the best experience to all their stakeholders, be it clients, or consumers or merchants and even their partners. It provides a better ROI to the organization, helps the technology team to scale up resources within a short span of time and even plan for high computing resources for special events, seasonality, etc. It makes implementation of a Disaster Recovery Policy, and Business Continuity Plans that much easier. Being on the Cloud has, therefore, become a prerequisite for organizations that want to embark on a digital transformation.
Adoption of a cloud-centric approach is much easier for start-ups, but it is a gigantic challenge for large organizations that have proliferated in legacy systems. Many organizations try to circumvent the problem by doing pockets of automation and migrating compatible applications to the cloud. But creates more challenges for back-office teams than providing any actual reliefs as organizations become dual-paced. Inter-connectivity of solutions becomes a challenge, and we have people struggling to manage stakeholder expectations by building buildings or layers between these different eco-systems. What eventually happens can best be described as an ‘onion’ effect where an organization put a layer over layers to make it a complex, unviable eco-system.
How should an organization overcome these challenges? It is imperative that organizations have a holistic approach. This should primarily include:
• A digital transformation roadmap with clear timelines
• Building a Cloud Centre of Excellence – in-house or with partners
• Provide adequate training
• Find partners that specialize in Cloud Managed Services
• Make Cloud by Design a mandatory approach for any new developments
• Undertake an exhaustive study of all legacy systems for cloud compatibility and future scalability
• Make Cyber Security / Cloud Security an integral part of the design process
• Move the organization to an Agile mindset and agile way of working
• Form a Data Team and build a clear Data Strategy and Data Architecture aligned with the Cloud Strategy
Impact of legislation: While it seems planning to put everything on the cloud is the anti-dote to all the challenges that you face as an organization, it is clearly not the case. More and more countries are implementation regulations and introducing legislation on data residency, that mandates that critical data (read as data generated from financial transactions) and personal data reside within the country.
In some cases, all such data need to reside within the country and cannot be kept stored outside, while in some cases, organizations need to keep a copy of the data (mirror it) in the country.
This brings forth a completely new set of challenges and investments and importantly re-architecting the applications and solutions.
Hence organizations need to take this into considerations in their cloud strategy. The Cloud-by-design should be flexible enough to adapt to such government legislation. Micro-services architecture that is highly modular is one way to mitigate the risks. It is highly recommended to segregate the application layer from the data layer. This might enable an organization to have data reside in the local geographies and yet have a global common platform in operations.
Risk mitigation: All said and done, cloud solutions may have its own challenges and risks and it is important to have a risk mitigation plan in parallel. Some of the things to be kept in mind by organizations while moving to the cloud are:
• Choose a vendor that has a strong security practice built into the core offering – be it SAAS, PAAS, IAAS, CAAS
• Build a DRP in a location that is on a different tectonic belt (depends on countries and providers)
• Ensure an ‘air-gap’ between the production data and the back-up data.
• Build a strong contractual agreement on data loss/data leakages – as Government legislations in most Asian countries are evolved enough to provide protection in such an eventuality.
• Finally, most importantly, avoid a ‘lift-and-shift’ strategy – build a cloud-by-design application architecture before porting to cloud.
In conclusion, it is important for organizations aspiring to be digital native, to have a coherent cloud-centric approach in its core transformation plan, as it:
• Enhances speed to market
• Is easy to manage and be compliant
• Generates faster ROI
• Provides an enhanced Customer Experience
• Opens up new Revenue Streams by monetizing data.