We said in an earlier post that it’s now easier to justify moving workloads to the cloud than it is to justify not moving to the cloud. But the concerns that you had while planning persist: quality, reliability, security, customization, lock-in, and others. These can be broadly categorized as fear of losing control.
- The cloud world is very different from on-prem corporate computing:
- The cloud service provider owns the physical premises and controls access to the facilities
- The provider owns the hardware, software, and network access, none of which are dedicated to any single customer
- Multiple customers could be using the resources (multi-tenancy) at the same time
- Common technical and operations standards apply across all customers
- SaaS applications are pre-defined and may be configurable but have limited customization
Because you retain ultimate accountability for results, asserting that accountability is key to maintaining control over the many variables that affect performance. So how can you maintain control when so many variables are delivered by the provider?
- Control over data – The business will always be accountable for the security, privacy, and appropriate use of corporate data. It’s important to remember that the standard for data management isn’t perfection, but the cloud service provider should be at least as good and ideally far better at data management than your company IT team. Don’t stay fixated only on data at rest, as your data will be in motion over paths you don’t control most of the time.
- Control over functionality – Cloud-based commercial applications often can be customized to meet your process requirements. But there are limits to each, so being clear on what is strategic for your value proposition and what can be leveraged in support of ease of use and a great customer experience that is key to engaging customers.
- Control over assets – Businesses today is more dependent on access over ownership, and that is the key to the cloud. You can have access to a far wider range of capabilities without the need for an upfront financial commitment. Walk your ‘server huggers’ back from the ledge. Mitigate any risk with a continuity of business approach that manages dependence on single points of failure, and that includes provider partners.
There may be other things that need to be considered, but you get the idea. So what control mechanisms can you establish to achieve your objectives:
- Executive control (governance) – Enterprise leadership is ultimately accountable for controlling IT resources, regardless of the implementation choices. This includes ensuring the service provider meets basic standards, is capable and is trustworthy. Appropriate legal and contractual controls must be in place, security and performance must be monitored, and service providers must be audited. The kind of governance with cloud deployment is different from that needed with on-prem solutions.
- Operational control – There must be a balance between agility and letting the cloud be the wild west of your IT function. First step: decide who can affect the resources consumed. If you don’t, prepare to be shocked when the monthly invoice shows up. Be prepared for the certainty that outages will occur, breaches will happen, and changes will be needed. The service provider will make global changes that could have adverse effects… someone needs to monitor that environment to plan accordingly.
- Solution control – We have seen a pattern in history of IT: server sprawl led to virtual server sprawl which leads to cloud sprawl. While agility is the main benefit of cloud deployment, you don’t want to make it too easy to set up new environments because you can. Controls include procurement guidance, technical standards, and best practices.
- Financial control – Cloud computing is a utility model where consumption creates expense. Continuous monitoring of resource consumption will preclude surprises. Unit prices for cloud resources are seductively low, but consumption can escalate the total expense very rapidly without effective monitoring and controls in place.
This isn’t anywhere close to a full discussion of cloud control, but it does highlight some of the areas that IT and corporate leaders need to consider. An appropriate perspective is how best to share the controls among a wide group of stakeholders while maintaining strong oversight. And to underscore the obvious, select cloud service providers as your partners that can best create the conditions for your success.