The report also tells us that different management roles see digital growth initiatives, and the challenges and opportunities they represent, through different eyes. It goes without saying that there are shared concerns, but the focus and the priorities are often just a bit different. CFOs and, by extension, public sector CIOs, who are required by their professional background and role to work in a compliance-based world are, for example, thinking in a very specific way about the impact of the cloud on their operations and the balance between the strategic innovative power of the cloud on the one hand, and its potential risks on the other. Certain challenges may sometimes appear to be conflicting, or even perceived as counter-intuitive, although our expertise can demonstrate that this doesn't have to be the case. Nevertheless, there are a number of points to consider. Here is a shortlist of examples.
#Point 1: compliance and security
Compliance and security are important topics when dealing with the cloud. Especially for compliance-driven organizations such as the public sector, pharmaceutical companies and banks. What measures do you as CFO or CIO need to take in relation to security, privacy, collecting and sharing data? In the cloud, it becomes a little more complex, not because the cloud is likely to be less secure. That's a myth that is not true. The security options in the cloud are many times more rigorous than anything you can achieve on-premises.
However, data sovereignty creates an additional challenge because of jurisdictions. This means that data is subject to the laws and regulations of the country in which the data is stored. For example, public data centers run by Amazon AWS and Microsoft Azure may struggle because they're owned by US companies whose privacy legislation is a bit more awkward due to 9/11 anti-terrorism measures, or at least is different to that in Europe.
In any case, the public sector generally is skeptical about moving data into the cloud. Until further notice, it therefore makes very limited use of the public cloud. It is, however, now becoming clear what opportunities it is missing out on as a result, and we're also noticing that a move to 'rethink' this is underway. Reaching clear agreements and classifying data – data labeling – can simplify this. What do you and what don't you move onto the cloud? One of the major benefits of data labeling is that it creates awareness about data security, an important step towards having an information security strategy.
#Point 2: from investing to expermenting
Continuous tuning and improvement of life cycle management are inherently part of the cloud consumption model. A comparison may help: if you buy a car and you aren't happy with your purchase, there's every chance that you'll carry on driving it. After all, you've made the investment. If you get a rental car and you're not satisfied, there's every chance that you'll exchange it for another one almost immediately. This is how things work in the cloud. It means that the learning process to fine-tune things can happen on a day-to-day basis. In a data center context, in contrast, this happens once every four years.
The cloud supports the PDCA model (Plan-Do-Check-Act) and helps to implement a powerful concept of improvement – the constant evolution of things – in the organization and with users. If you lock into a certain technology in the cloud, you may find it's no longer supported after a while. It's a risk that you avoid completely with this model, because it's no longer enough to invest in a particular component once every four years and to then implement it.
It's a culture in which you must (learn to) move with the times. You're actually forced to do so, and that has its benefits, because it rules out long-term investments and allows you to make changes in the shorter term. As an organization, you become more agile because you're no longer working in an investment culture, but with a consumption model that allows you to experiment and improve without much risk.
#Point 3: technical debt is a brake on progress
Technical debt is a way of describing something that hasn't yet been resolved and that circumstances cause you to defer as a 'think about it later' item. You may fix something because the situation right now demands it, for example, but at the same time you build up a deficit of things that still need to be addressed later. It's a bit like a financial debt that becomes an obstacle if it piles up and is not repaid.
It is of course a sound principle, that the sooner you tackle and resolve problems, the less complex and cheaper they are – so lean and agile. For example, a bug fix at the beginning of a project costs just 10% of a bug fix at the end. Or vice versa, the longer you continue to push out certain issues, the more complex these become - exponential factor 2.1, and the more expensive their cost. You may even reach a point where they cannot be resolved.
In this way, technical debt can slam the brakes on progress, which is something you really need to try and avoid. From a management point of view, this sometimes seems counter-intuitive. In the sense that postponing an investment almost seems like good management practice, because you're not spending money, right? Nevertheless, it's not a good idea in the long run, and the cloud allows you to do this in a much more efficient and convenient way so that the apparent risks or disadvantages don't outweigh the benefits it brings.
Point #4: from CapEx to OpEx
One of the well-known drivers for introducing the cloud is the so-called 'opexing' of costs. While the shift from CapEx (capital expenditure) to OpEx (operational costs) is undoubtedly attractive for many companies, it's one that needs to be planned within a cost management framework. In this respect, the cloud provides a completely different, more consumption-geared dynamic. Normally, you will no longer buy, but lease and pay per consumption. For certain organizations such as public authorities, who are often still working with fixed annual budgets, this can have far-reaching consequences.
Point #5: cloud = self-service
The cloud typically provides a high level of self-service. You can scale components and services up and down as needs change. The biggest challenge is to predict the capacity requirements as accurately as possible and choose the price plan that's most cost-effective for this. By correctly forecasting both current and expected consumption, you'll gain more control over the cloud and its associated costs.
Some things, such as IaaS, are quite predictable in terms of cost, and also really easy to calculate. However, the more you move to the service end of the scale, the more difficult forecasting becomes. This form of on-demand management is a complex subject – and probably the most difficult one. Failure to scale down regularly can lead to overcapacity and hidden costs, just as failure to scale up in time can cause costs to rise unexpectedly.
It also depends on having good price contracts in place from the start, but also accepting that things may well fluctuate. On the other hand, you need continuous and active budget tuning in order to continue to benefit from the potential and flexibility of self-service. This requires a certain amount of 'new thinking', especially if you need to work within a traditional purchasing policy with public tenders where certain decisions are just made in advance.
Point #6: cost management is also about ownership
In fact, the cloud self-service model brings some democracy into IT, because it puts some of the control in the hands of the departments and users involved. Sounds good, but where it often ends up in practice is a full cost management model with clear cost recharging or coding of IT resources. If you want to manage your costs – important for a consumer model like the cloud – it's no longer just a finance or IT problem. It shifts into ownership by all the departments that use the dynamic self-service. Internal recharging and reporting are crucial here.
Point #7: purchases and contracting, know what you want
There are also some points to consider about contract negotiations for the cloud. In the public sector, for example, you don't just go out and buy what you want – you're bound to a large extent by laws on government contracts. At the same time, the purchasing process needs to take account of the reality of the cloud, the cloud vendors and the features it involves. Cloud providers tend to build their services and pricing models around standardization, which makes the margin for negotiation seem tiny. Of course, this doesn't mean that you, as a government or company, can't generally impose any requirements. So it's important to know what you actually want. After all, if you don't know what you want, you probably won't get what you want. Comparative market research can help here.
Point #8: the cloud is only the means to an end
Knowing what you want brings us to the last, and perhaps most important, point to consider. Namely that technology, and that includes the cloud, is just a means to get to where you want to be. It's not an end in itself. In order to benefit from the strategic value of the cloud, you first and foremost need to know what your business drivers are for moving to the cloud. Which aspect of the cloud are you looking for, what benefits do you think you'll achieve through it, what's the purpose?
Asking 'why' provides the basis of your strategy and allows you to map out the benefits, consequences and risks of the cloud. Once you have a strategy, you can also draw up a detailed plan and set priorities, where it's best to review multiple dimensions, and not just look at the technology. Creating traction and communication are important aspects here. Everyone needs to know their own role in this process, because in the event of cloud adoption, it's not just the IT department that is affected. The best cloud strategy is created at the interface between the business and IT.
It's therefore important to always keep the reason for the cloud in the front in your mind. There is certainly nothing wrong with questioning certain avenues. You may even have to go back to the drawing board with this, together with all the stakeholders. The cloud offers the flexibility to do so. It doesn't all have to happen at once, either. There are companies that rightly opt for a softly softly approach, and start with small steps.
In other words, change is the key word. After all, when we talk about a strategic transition to the cloud, it's about change, irrespective of whether it's big or small. You need to be fully aware that the cloud, in whatever form, will have an impact on your processes, on the way you procure things, negotiate prices and manage costs, on how you build infrastructure and deliver IT, and even on how you manage your skills. Once you're aware of this, you can also embrace the change as an opportunity.