What are the stumbling blocks?
- No holistic assessment of the current state, lack of information on the current state of the IT landscape.
- Missing information on governance, compliance or security
- Lack of know-how about cloud computing or about the individual cloud providers as well as the possibilities with the respective providers
- Trying already initially to get all the relevant issues for cloud adoption right and complete
- Adapting cloud computing to the on-premises world, thus eliminating the benefits of cloud computing from the start
To prevent this from happening in the first place and to remove the stumbling blocks on the way to the cloud, a structured procedure is needed for the introduction of the cloud, which, apart from technical issues, also takes organisational and strategic aspects into account. Trivadis has developed its own procedure for this, which is elaborated in the "Cloud Transition Plan". This is divided into the three sub-phases "Cloud Readiness", "Organisational Basics (Cloud Governance)" and "Technical Basics (Cloud Foundation)".
Phase 1: Check cloud readiness
Before the introduction of a cloud platform takes place, the current status and the requirements of various areas in the company must be clarified and prioritised in the "cloud readiness" phase. In addition to the requirements, a vision for and with cloud computing should also be developed. From this, it should further be possible to derive a strategy for dealing with the cloud services.
The assessment of the current state and the requirements can be divided into four main areas and one optional area:
- Strategic: What is the strategic direction for the use of cloud computing and the future of the IT landscape? Concrete questions that need to be answered are, for example:
Does a company vision exist that takes into account the topics of digitalisation, IT or cloud?
Does one want to use one cloud service provider or several (multicloud strategy)?
- Business: What difficulties, restrictions and requirements do business departments face in order to use modern technologies from the cloud and optimise their processes? Concrete questions that need to be answered are, for example:
Are there contractual agreements that can make it difficult or impossible to use the cloud?
Have there already been cases where business projects could not be implemented due to IT funding limitations?
- Organisational: How is the current IT organisation structured? Is the organisation still strongly geared towards individual infrastructure areas or is it already organised in the direction of BI-modal IT, or based on services/products or solutions? Concrete questions that need to be answered are, for example:
Is there a training plan for the team to obtain the necessary skills?
Are the roles of the information security officer and the data protection officer occupied?
- Technical: Which prerequisites are already in place for technical integration and which still need to be created? Concrete questions that need to be answered are, for example:
Are there requirements for a central monitoring solution?
Are IT security components used to secure the network, for example firewall, web application firewalls, proxy, etc.?
- Cloud Journey (Optional): Has the organisation consciously or perhaps unconsciously (shadow IT) already started using cloud services? If it has started consciously, where does it stand now? Concrete questions that need to be answered are, for example:
Have initial PoCs already been carried out with one or more cloud service providers?
Are cloud services being used but have not been integrated into the existing company organisation?
Phase 2: Developing organisational foundations
In order for a company to benefit sustainably and in the long term from cloud computing, some preparations and changes in the organisation are also necessary. In the second phase of the cloud transition process, a cloud transition plan for the organisation is developed from the findings of the cloud readiness assessment.
The motivation of cloud transition planning is to create a concept that shows which organisational, procedural and technical measures need to be implemented in order to create the framework for handling, using and integrating cloud services.
First, the second phase is about the organisational foundations that are necessary for the use of cloud computing. The following points could be worked out:
- Cloud Strategie
- Cloud Policy
- Evaluation criteria for cloud providers and cloud services
- Technical architecture specifications (IAM, network, operations, etc.)
- Organisational structures (roles, committees)
- Role-based training plan
- Processes for cloud services use and integration
Phase 3: Developing the technical basis for the solution - with the Cloud Foundation
Independent of the provider, the Cloud Foundation lays the technical foundation for a stable, expandable and secure infrastructure in the cloud, building block by building block. All governance, security and compliance requirements of the company are taken into account right from the start of the implementation.
The Cloud Foundation is divided into the three building blocks "Governance", "Core Infrastructure" and "Operations".
The first step is to define all the necessary guidelines and boundaries in the "Governance" building block and answer the following questions:
- How are resources organised within the cloud environment?
- What guidelines apply in terms of security?
- What is the auditability of the cloud environment and individual resources?
- How is cost control ensured?
Depending on the cloud provider, different tools are available for implementing the defined governance guidelines and boundaries.
The second step in the "Core Infrastructure" building block is to develop and implement the solution design from the following components:
- "Identity & Access Management" for the management of digital identities and their access to resources.
- "Connectivity and Network" for the connection of the local data centres as well as the network design in the cloud environment.
- "Security Management" for the monitoring, administration and control of the security aspects
Equally or even more important for a sustainable cloud solution than the evaluation, conception and implementation of the two building blocks "governance" and "core infrastructure" are the operational allocation, optimisation and further development of the solutions. To ensure this, the IT service management processes must be adapted to the new solutions or newly introduced. The third building block, "Operations", therefore includes the following areas:
- "System Management" to define and execute the operational processes.
- "Automation", to automatise the operational processes as far as possible and to reduce the operational effort.
- Service Management to manage the lifecycle of the services and handle new requirements.
Recap: How is it done in practice?
- Establish a small team for cloud adoption.
- Build up general knowledge about the cloud and specific knowledge about the provider.
- Assess the current state and requirements in a structured way.
- Identify an initial business project as the driving force for cloud adoption, of low criticality and low dependency.
- Implement the first relevant topics from the Cloud Foundation, this can vary greatly depending on the organisation, e.g. Governance MVP.
- Complete or expand the topics from the Cloud Foundation by means of ongoing projects and migrations, and also make the necessary organisational adjustments.
- Plan and implement the whole thing as short but effective iterations.