If companies wish to take advantage of the diverse benefits of cloud-based working, they need a customized strategy for moving to the cloud and should develop an approach that has been carefully thought out and includes issues of resource allocation, risk management, cost optimization, and, above all, alignment with the overall corporate strategy. Moreover, it should minimize risks such as cost overruns, security gaps, or non-compliance with regulatory requirements.
Identifying potential use cases is a key element in the development of a cloud strategy. A thorough assessment of all current business fields to determine what potential the cloud can offer as well as to identify potential risks at an early stage and limit them from the outset is fundamental. The identified use cases should also be analyzed in their interaction with the processes currently in place as a prerequisite for the exploitation of potential benefits.
One possible use case is the specific establishment and utilization of scalable cloud environments that flexibly adapt to the company’s actual requirements. A simple example of this is the use of development and test environments that are not continuously required. Depending on demand, they can be ramped up or down on weekends or during off-hours to generate significant cost savings. Furthermore, companies can test different environments in advance at low cost and decide on the most efficient setup.
The cloud strategy should go hand in hand with the overarching corporate strategy as this is the only way to create synergies that will drive the company forward in the long term and maximize business profits. The development of the cloud strategy must be preceded by the identification and analysis of all relevant overarching factors. It may be necessary to adapt the corporate strategy to the new requirements of cloud-based working, including all internal and external processes — whether they are currently in use or will be added during the transition.
Two possible adjustments of the cloud strategy to align it with the business strategy are the integration of FinOps and the planning of an exit strategy. FinOps (financial operations) monitor cloud use with the aim of optimizing running costs and complying with budgetary planning. A well-designed exit strategy ensures a safe exit from the cloud in the event of possible political, legal, contractual, or technical challenges, minimizing risks and securing IT flexibility.
Governance combines processes for the definition, implementation, and monitoring of policies that serve as guardrails for cloud operations. Governance can build on previous IT practices, but must take into account the special demands of working in the cloud. Proper governance is tied to all parts of cloud operations, enabling it to improve the performance and efficiency of the organization by securing transparency and suitable control mechanisms while simultaneously enhancing organizational security and resilience and meeting internal and external regulatory requirements.
Target operating model (TOM)
A successful cloud strategy requires agreement among all decision-makers regarding the desired perspective of the cloud environment and the related processes and so all cloud processes must be adapted to the general demands of the company. Interviews and workshops are required to identify these demands. In addition to the technical aspects, organizational considerations are another basic element of any target operating model (TOM) that will be implemented. Besides skill, talent, and change management, process adaptations and the cloud technologies used must be considered if an integrated approach of people, processes, and technology is to be ensured.
Forward-looking change management is essential for the development of an overarching strategy of this nature. The transition to the cloud involves significant organizational changes. The effective realization of these changes is critical to secure a smooth transition. Clear communication about the benefits and changes of the cloud and training for employees to help them to adapt to the new technologies and processes are indispensable.
Companies can select an architecture suitable for their environments from the wide range of offerings from cloud service providers and then adapt it to their specific requirements. Possible options are the consolidation of all services with a single provider or the alternative of a multi-cloud approach. Even a private or hybrid cloud approach can be considered. The service models depend on the specific use cases, and today’s “Anything-as-a-Service” (XaaS) offerings go far beyond traditional options of IaaS or SaaS to include complex AI models and even a digital workforce. Service level agreements (SLAs) can provide clear assurances concerning availability and performance and define compensation for downtime, but should be weighed from the budgetary perspective.
Different architectural forms also influence the portability of data and applications. In a classic server-based landscape, applications are hardwired to the underlying infrastructure. Containers, on the other hand, encapsulate applications and their interdependencies, making it possible to separate individual applications and deploy them agilely across different environments. A third option is serverless architectures where applications run only when they are launched and developers are not concerned with server infrastructure.
Companies are well advised to establish a cloud center of excellence (CCoE) as this facilitates the decision-making process for all of these issues. The CCoE serves as a central point of contact for cloud initiatives and contributes significantly to the efficient long-term use of cloud services by predefined reference architectures and other features.
Very few companies start their journey directly in the cloud, a situation that would enable them to build cloud-native application architectures from the outset. Instead, most have legacy systems and processes that must be evaluated and adapted during the migration. During the migration process, organizations decide which systems and processes to keep and which ones they want to change or replace. Such decisions cannot be made without a careful assessment of the current IT landscape.
The assessment is used as a starting point to define an individual path to the cloud for each application or service. This can mean moving services to the cloud unchanged (lift and shift), using existing cloud solutions to replace legacy or homegrown services (replace), or even developing an entirely new, cloud-native successor to the original service (rebuild). In addition, they should be adapted to the target operating model whenever necessary.
When procuring new technologies, companies should develop an understanding of cost structures, agility, and security in addition to the necessary expertise so that they holistically deploy the selected cloud technologies. By doing so, they can benefit from collaboration with external service providers who support implementation and ensure continuous maintenance and optimization of the cloud solutions.
A solid tooling strategy can help to maximize the efficiency of the used resources. The selection of appropriate tools in accordance with the strategy allows services for automation, monitoring, and orchestration to be provided reliably.
Another critical factor is ensuring that cloud personnel have the required skills. To this end, current staff should be given further training and new staff with appropriate experience should also be recruited. The cloud center of excellence can perform the role of a coordination and knowledge center within the company. It should provide employees with specific training programs and further education as optimal preparation for the cloud journey.
In the face of the constantly growing number of data protection regulations, gaining and maintaining a comprehensive understanding of the regulatory requirements for working in the cloud represent a significant challenge.
Companies must take into account a number of general regulations and standards when migrating to the cloud, including the General Data Protection Regulation (GDPR) and ISO/IEC 27001 as well as industry-specific requirements such as BAIT (Bank Supervision Requirements for IT) or DiGAV (Regulation Regarding Digital Health Care Applications). Companies should continually review the certifications applicable to their specific situation to ensure their seamless compliance with regulatory requirements.
Successful cloud strategy development is complex and requires careful planning and orientation to business goals. Challenges such as cost management, safety, regulations, skill gaps, and technical issues should be viewed as opportunities for growth. The transition to the cloud is a paradigm shift of multifaceted potential. The journey to the cloud requires continuous learning and adaptation. A clear strategy, an awareness of challenges, and a focus on specific targets are critical for the exploitation of the full potential of the cloud.
Many thanks to Matteo Alessandro Lang for his contribution to this article.