Cloud transition - but how?

The benefits and ease of adoption of a cloud platform have long since spread beyond IT departments. Many departments are now even able to build their own solutions easily and without consulting IT. However, these solutions are usually on shaky ground and are the beginning of a series of problems. Generally speaking, the wrong approach to building a cloud platform can result in security gaps, failures of productive applications and systems or uncontrolled cost growth.

What are the stumbling blocks?

• No holistic recording of the ACTUAL state, lack of information on the current state of the IT landscape
• Missing information on governance, compliance or security
• Lack of know-how about cloud computing or about the individual cloud providers as well as the possibilities with the respective providers
• Attempting to have all relevant topics for cloud adoption properly and completely addressed from the outset
• Adapting cloud computing to the on-premises world, thereby eliminating the benefits of cloud computing from the outset.
  
  

To prevent this from happening in the first place and to remove the stumbling blocks on the way to the cloud, a structured approach is needed when introducing the cloud, which, apart from technical aspects, also takes organisational and strategic aspects into account. Trivadis has developed its own procedure for this, which is elaborated in the "Cloud Transition Plan". This is divided into the three sub-phases "Cloud Readiness", "Organisational Basics (Cloud Governance)" and "Technical Basics (Cloud Foundation)".

Figure 1: Trivadis Cloud Tranistion Process Model (© [Nisanth Muthukirushnasamy, Trivadis AG])

Phase 1: Check cloud readiness

Before the introduction of a cloud platform takes place, the current status and the requirements of various areas in the company must first be clarified and prioritised in the "Cloud Readiness" phase. In addition to the requirements, a vision for and with cloud computing should also be developed. From this, it should also be possible to derive a strategy for dealing with the cloud services.


The recording of the current state and the requirements can be divided into four main areas and one optional area:

1. Strategic: What is the strategic direction for the use of cloud computing and the future of the IT landscape? Specific questions to answer include:

• Do you have a company vision that takes into account the topics of digitalisation, IT or cloud?
• Do you want to rely on one cloud service provider or do you want to use several (multicloud strategy)?

2. Business: What difficulties, restrictions and requirements do business departments face in order to use modern technologies from the cloud and optimise their processes? Concrete questions that need to be answered include:

• Are there contractual agreements that can make it difficult or impossible to use the cloud?
• Have there already been cases where business projects could not be implemented due to IT resource limitations?

3. Organisational: How is the current IT organisation structured? Is the organisation still strongly geared towards individual infrastructure areas or is it already organised towards BI-modal IT or services/products or solutions? Concrete questions that need to be answered are, for example:

• Is there a training plan for the team to obtain the necessary skills?
• Are the roles of information security officer and data protection officer filled?

4. Technical: What requirements are already in place for technical integration and which still need to be created? Concrete questions that need to be answered include:

• Are there requirements for a central monitoring solution?
• Are IT security components used to secure the network, e.g. firewall, web application firewalls, proxy, etc.?

5. Cloud Journey (Optional): Has the organisation consciously or perhaps unconsciously (shadow IT) already started using cloud services? If started consciously, where is the organisation now? Concrete questions that need to be answered include:

• Have you already carried out initial PoCs with one or more cloud service providers?
• Are cloud services being used but not integrated into the existing company organisation?
  
  

Phase 2: the organisational basis for the use of cloud computing in an organisation

To benefit from cloud computing in an organisation sustainably and in the longer term, it also requires some preparations and changes in the organisation. In the second phase of the cloud transition process, the findings of the cloud readiness assessment are used to develop a cloud transition plan for the organisation.

The motivation of the Cloud Transition Planning is to create a concept that shows which organisational, procedural and technical measures have to be implemented in order to create the framework for the handling, use and integration of cloud services.

In the second phase, the organisational basis necessary for the use of cloud computing is also developed, whereby the following delivery objects could be developed:

• Cloud Strategy
• Cloud policy
• Evaluation criteria for cloud providers and cloud services
• Technical architecture specifications (IAM, network, operations, etc.)
• Organisational structures (roles, committees)
• Role-based training plan
• Processes for cloud services use and integration
  
  

Phase 3: Develop a technical basis for the solution with the Cloud Foundation

The Cloud Foundation lays the technical foundation for a stable, expandable and secure infrastructure in the cloud, independent of the provider, building block by building block. All governance, security and compliance requirements of the company are taken into account right from the start of the implementation.

The Cloud Foundation is divided into three building blocks: "Governance", "Core Infrastructure" and "Operations".

The first step is to define all necessary guidelines and guard rails in the "Governance" building block and to answer the following questions:

• How are the resources organised within the cloud environment?
• What are the security policies?
• What is the auditability of the cloud environment and individual resources?
• How is cost control ensured?

Depending on the cloud provider, different tools are available for implementing the defined governance guidelines and guard rails.

The second step in the "Core Infrastructure" building block is to develop and implement the solution design from the following components:

• "Identity & Access Management" for the management of digital identities and their access to resources.
• Connectivity and Network" for the connection of the local data centres and the environment in the cloud as well as the network design in the cloud environment.
• "Security Management" for monitoring, managing and controlling the security aspects.

Equally or even more important for a sustainable cloud solution than the evaluation, design and implementation of the two building blocks "governance" and "core infrastructure" are the operational allocation, optimisation and further development of the solutions. To ensure this, the IT service management processes must be adapted to the new solutions or newly introduced. The third building block, "Operations", therefore includes the following areas:

• "System Management" to define and execute the operational processes.
• Automation", to automate the operational processes as far as possible and to reduce the operational effort.
• Service Management to manage the lifecycle of the services and handle new requirements.
  
  

Figure 2: Trivadis Cloud Foundation (© [Nisanth Muthukirushnasamy, Trivadis AG])

Summary: How is it done in practice?

Figure 3: Trivadis Cloud Foundation (© [Nisanth Muthukirushnasamy, Trivadis AG])

• Provide a small team for cloud adoption.
• Build general knowledge of the cloud and specific knowledge of the provider.
• Record the current state and the requirements in a structured way.
• Identify an initial business project as the driving force for cloud adoption, low criticality and low dependency.
• Implement the first relevant topics from the Cloud Foundation, which can vary greatly depending on the organisation, e.g. Governance MVP.
• Complete or expand the topics from the Cloud Foundation by means of ongoing projects and migrations, and also make the necessary organisational adjustments.
• Plan and implement the whole in short but effective iterations.