Why change management is critical to cloud success

LessonsfromtheCloudFace_blog_01

And other lessons on cloud adoption and management.

Managing services, applications and workloads in a cloud environment is different to on premise. Not better or worse, just different. These differences are more marked in public cloud, but apply to private cloud and hybrid cloud as well. So getting people ready for the cloud journey is as important as preparing the strategy and plan and working on the technology.

A move to public cloud especially will most likely change the nature of some people’s jobs – which may have been performed the same way for many years. Some functions will stay the same, some will transform, and some may disappear. (Some may of course be passed onto a service provider.)

For example, some tasks that system admins have been doing for twenty years will need to change with public cloud. Take server outages: traditionally seen as a problem to be investigated or rectified in on premise or even highly virtualised environments. Many monitoring toolsets raise alerts at outages and trigger processes aimed at rectification. But in a public cloud environment, where machines may be switched off anytime when they are not needed to provide a service, this set up needs to be amended.

Even if a workload does cause an issue in this environment, it can be readily destroyed and a new one redeployed in its place. This action can be logged for review in the morning rather than cause a major alert. In this context, the traditional mindset of a server down always equating to a serious issue needs to be updated, along with the related processes.

So people will need to reskill and think differently to ensure successful cloud service delivery. This need may be reduced if much of the management is outsourced to a third party, but there will always be a learning curve of some kind required to ensure the business can make the most of its partner’s or partners’ services and support.

There is often understandable resistance to these changes. Change management is therefore a crucial aspect of any transition to cloud and a key consideration to build into cloud strategy and planning. As part of the transition stage of cloud adoption, we spend time with customers to explain what is to change operationally, from a people and process perspective.

The positive flipside of all this challenging change is the huge opportunity for individuals and organisations alike to be empowered and prosper in the cloud era.

With public cloud in particular comes much potential automation of traditionally manual processes. The same can be said of private cloud or even traditional environments, of course, but these kinds of systems by definition have limits that public cloud does not. Nevertheless, with any cloud environment, automation of processes is an important reason why it offers more benefit to an organisation than legacy infrastructure.

The server destroying and redeploying process described above can in fact be wholly automated, with no manual intervention necessary to maintain the service. This mentality of coding and automating is another mindset shift that people need to make to get the most out of cloud.

More automation means that a single engineer may be able to manage 300-400 virtual machines instead of many fewer. It also means that they can focus less on servers, as such, and more on what they deliver. That is, they can get more involved in higher value activities, such as capacity planning and service management and delivery. As automation progresses, these same engineers may become more strategic and powerful in terms of the scale and importance of what they oversee and control.

This and other essential lessons on cloud adoption and management, learned by Datacom over years working at the ‘cloud face,’ are contained in a new white paper available for download now. If you would like to talk to us about it, or cloud adoption and management in general, then please get in touch at cloud@datacom.co.nz.

Q&A: The Future of Cloud and Evolution of Multi-cloud in Australia and New Zealand

Cloud services in the Asia-Pacific region are expected to deliver a compound annual growth rate in excess of 30 per cent from 2012 to 2016, according to the IDC. The way these services are consumed by organisations large and small is beginning to change. Businesses are starting to shy away from purely private cloud configurations in favour of more scalable and agile multi-cloud configurations. We talked with Rob Purdy, Director of Cloud and Tools for Datacom, on what this shift means and how Australian and New Zealand organisations can take advantage of what cloud has to offer.

Q: In your opinion, what have been the key barriers to entry for cloud computing amongst enterprise organisations?

A: There have been a number of key barriers for enterprise customers adopting cloud, mainly around security and sovereignty of data. I think that’s been a problem in the past but I think that’s actually becoming less and less of an issue as time goes on with cloud.

The other barrier is just pure knowledge. Knowing what’s out there and knowing how to embrace it and basically how to leverage it back into existing business processes has been quite challenging.

Q: What are the top three areas organisations should consider when thinking about using cloud services, regardless of the type or number?

A: One of the top three areas that businesses need to consider when adopting cloud is security. So considering, “How secure is my data with a third-party provider?”

The second one is sovereignty. We might have to worry about state and federal law in Australia, but also if the cloud provider might be based in the US, you have to worry about US law. Not only that, but they may house the data in Singapore, therefore, we’re operating under Singaporean law. So that basically creates a complex matrix of law that we need to worry about.

And the third part is really about IT and the business talking together, making sure that when decisions are made, they are cognisant of the impact they will have on the business going forward.

Q: How can organisations prepare themselves now for a path to cloud adoption?

A: Businesses can prepare themselves for a path to cloud adoption by basically getting IT to talk to the business. All too often, IT sits in the back office and thinks they know what the business is doing and the way applications are being used. I’ve been involved recently with a customer where, effectively, IT thought they had a number of applications that were no longer used by the business. When we went out and actually talked to the business, they found out those applications were still very integral to the overall business process. So it’s really important for the IT department to get out and actually discover what’s going on in the business.

Q: What are some aspects of the cultural shift that needs to happen for an organisation to fully embrace cloud from top to bottom?

A: The business needs to really talk to IT and IT really needs to talk to the business. The other thing is they actually need a change agent in the business who understands the way technology can be mapped back into business processes by using cloud. Maybe consider putting in a CDO or a chief digital officer as Gartner’s alluded to recently to help that transition of the business going from traditional IT infrastructures into cloud or multi-cloud.

Q: Up until recently, there seemed to be a big push for organisations to decide public vs. private. Recent research from firms such as Forrester shows that hybrid and multi-cloud approaches are becoming more considered amongst organisations. Why has there been this shift?

A: Yes, it’s interesting that Forrester has pointed out that it used to be people were thought just to go straight to public clouds, but over time, it’s been quite apparent that a multi-cloud approach or a hybrid cloud approach has been adopted. And really that’s because no one cloud solves every problem. It really comes down to the fact that you might need a number of clouds to solve it, whether that be on-premise with a private provider or a hybrid provider or even a SaaS application that still needs to integrate with the existing business process.  So I don’t think there’s one option that solves all business problems.

Q: How sophisticated does an organisation have to be in terms of cloud services usage or readiness when considering a multi-cloud approach?

A: Businesses don’t have to be that sophisticated in adopting cloud. The reality is that the business can actually adopt cloud without even talking to IT or talking to any sort of adviser. Rather, they can just go online, swipe a credit card and buy a SaaS application. What’s really needed is a strategy or a road map, maybe a framework, that’s quite simple but just talks to the way the business should adopt those services and clouds. It’s really important that when the business thinks about adopting those things, they’re already thinking, “How’s this going to solve my particular business problem?” and, “How is it going to integrate back into all of the other IT information that we’ve got?”

Q: Multi-cloud allows for more agility – how can businesses continually decide the best way to mix and match their cloud services to best align with the needs of the applications and business?

A: One of the things you need to be able to do is revisit your decisions periodically. Now, that might be once every three, six, 12 or 18 months just to make sure that you’re adopting the best technology for the best outcome. And one of the things that’s really important, particularly in cloud, is that you’re not locking into long-term contracts. The reality is that cloud is evolving so rapidly. Maybe making a decision on a particular software service or platform service or infrastructure service might be right today but, in six to 12 months, there may be something better out there.

Q: What business processes will we see transformed as a result of a multi-cloud approach?

A: I definitely think that the business processes that are going to change over time are procurement and IT mainly, and really that’s because the business can go out now and seek products and services without even involving those two departments. Albeit, there might be some governance needed around it from other areas, but the reality is that those two areas of the business I think are going to be affected most by multi-clouds.

Q: Multi-cloud equals multiple cloud services and providers and, thus, a lot of potential complexity. What should organisations do to ease the challenges around adopting a multi-cloud approach?

A: One of the things the business can do is put in those frameworks or road maps so they’re making choices cognisant of other decisions that have been made in the past around cloud. In addition, they can consider potentially using a provider like Datacom to help them along that path. There are other technologies as well that are evolving particularly when you want to manage data flows between applications in the cloud, things like BizTalk-as-a-Service from Microsoft, Boomi from Dell. There are things that are coming out in the market that will help customers manage complexity in multi-clouds but it’s really early days for this sort of stuff.

How to Determine if your Business Would Benefit from a Multi-cloud Approach

Cloud offers your organisation a lot of different hosting options and methods of delivery. Yet for years, many businesses have felt as if they are pigeon-holed into just one choice — one that can prevent your organisation from fully leveraging cloud to automate and optimise key business processes that can drive performance, productivity and innovation. Using multiple cloud services or providers could be the better option for your organisation, as it allows you to use different cloud services to map to specific budget, security and systems needs amongst your workloads. Consider if your organisation might be primed for multi-cloud by looking at these three key areas.

  1. You have varying types of workloads with different requirements

As cloud computing has evolved, organisations have gotten hip to the idea of best-placed workloads: that is, the cloud that is most suitable for the applications you are running. This concept accounts for changing workload needs or fluctuating levels of cloud performance, infrastructure and price. The portability of multi-cloud presents the option to benchmark applications and workloads across different clouds to see where they perform at their best. So if you have a mix of workloads that have low or partial utilisation levels, such as batch processing, and workloads subject to wild spikes in traffic such as public-facing apps, the ability to leverage and shift amongst different cloud platforms reduces the risk of downtime and helps control costs.

  1. You anticipate needing to bring a cloud-based project back in-house

A misconception with cloud computing is that once you migrate a service or application to a cloud platform, it should stay there forever. Cloud is meant to provide agility, and there’s no reason to believe you won’t have to shift one of your services to another cloud platform or provider or migrate it back on premise in the future. IDG Enterprise’s Cloud Computing: Key Trends and Future Effects Report found that 42% of cloud-based projects are ultimately taken back in-house. The reasons for this shift include security (65%), technical/oversight problems (64%) and the need for standardisation, or one platform, (48%).

A multi-cloud strategy — especially one overseen by an IT systems integrator — can help your organisation transition systems back on-premise as soon as you need them there. This multi-cloud approach will cut out the complexity of migration issues, service contracts and potential data loss as you already have a multi-pronged arrangement with multiple platforms and providers that understand your need to stay nimble.

  1. You want to avoid commitment to one cloud services provider

Organisations today are outsourcing to multiple providers for a range of business needs. There is no reason why this trend can’t extend to cloud. According to ZDNet, 39 per cent of IT decision-makers feel locked in with their current suppliers. With multi-cloud, you get more freedom of choice, allowing you to easily switch providers if their SLAs, costs or privacy guidelines change. In fact, the University of Sydney’s School of Information Technologies’ Centre says a hybrid or multi-cloud approach is the most cost-effective, efficient way to manage various cloud computing resources.

A multi-cloud strategy can work for a range of business types, whether you’re a local or multi-national organisation, an SME or large corporation, or one that is already using cloud computing or that is still ironing out a path to cloud. Remember to consider using an IT systems integrator to help make your multi-cloud implementation less complex andensure cloud computing success.

Why More Businesses are Considering Multi-cloud Services

In September, non-profit IT association CompTIA reported that greater than six in 10 cloud users have “made secondary shifts of infrastructure or applications following their original transition to the cloud.” This means these organisations are using a “multi-cloud” approach — leveraging at least two cloud services to reduce risk of data loss and performance issues. The idea is that organisations can choose the right cloud type and service to balance the varying needs of their systems and data. Here are some of the benefits of considering multi-cloud for your organisation.

Ramped-up redundancy

Some notable cloud service provider failures in recent years have prompted many businesses to take a good, long look at the safety of their systems. A multi-cloud approach lets you put your servers in different data centres managed by different providers, so that if one provider fails, it doesn’t cause a catastrophic loss of service to your business. Distributing your servers across providers also reduces the impact of potential electricity and networking provider outages. You have the mobility to take your cloud servers from one provider and move them to another to protect your business.

Fool-proof flexibility

There’s a standard rule to follow when pondering cloud services for business: What’s secure might not be the most cost-effective and what’s cost-effective might not be the most secure. Organisations might initially be tempted to drop everything in a seemingly fail-proof private cloud — but that can be mighty expensive. Yet there are data and workloads that absolutely cannot legally or compliantly go into the public cloud.

Having a multi-cloud strategy enables organisations to maximise costs, performance and security by switching between providers and cloud types or even moving applications or infrastructure back into their own data centres for security reasons. Organisations have become more opportunistic in how they evaluate cloud services, always looking for a better price, customer service and features, points out the CompTIA research. This approach also prevents vendor lock-in.

Appropriate application fit

Some tasks perform better on certain clouds. If your organisation has a need to deliver elastic services to a wider number of users over the internet, a public cloud option will work best. But even then, each public cloud provider offers different features. A Gigaom article from last year points out that organisations running certain frameworks for data-intensive-real-time apps might suffer from performance issues on more generic public clouds when they try to scale. A multi-cloud approach lets you move these applications to a different public cloud that might be better equipped to handle the latency of this intensive workload.

A multi-cloud approach may be where the future is headed, but it still takes strategic planning and a migration strategy. Enlisting the help of an IT and cloud service integrator can provide a whole-picture approach that takes into account system and application needs, compliance issues and budget to find the right mix of clouds for your business.

4 Crucial Cloud Computing Lessons

As cloud computing has evolved from competitive advantage to necessity, there are a few givens that organisations considering or already using cloud services should know. Most come down to knowing the responsibilities of your organisation and your cloud services provider so you canenable a more secure cloud computing experience that cuts business risk while offering true scale.

1.  Your organisation remains ultimately responsible for cloud security. This lesson doesn’t mean cloud services that claim to be secure, SAS 70 Type II-compliant aren’t required to live up to their advertising. It simply means that no cloud solutions, no matter how focused on security, can keep your organisation’s data safe if the IT department doesn’t set and enforce cloud computing access policies, as well as compliance standards specific to your industry and geography. Of course, certain cloud services may cater to industries and regions.

Even so, the onus falls squarely on you as the customer to ensure compliance and access control. A good cloud services provider can walk you through some of the policy-related questions you’ll need to ask to ensure the right people are accessing your cloud.

2.  All data is not created — or stored in the cloud — equal. Depending upon the sensitivity of certain data, cloud solutions may not be available. Between industry standards and regulations, data containing customers’ or employees’ birthdates, government ID numbers, passport numbers and similar information may not be appropriate for your cloud solutions. Consult the legal and compliance departments early on in the cloud computing process if the initiative may involve any data one could reasonably construe as highly sensitive and that might need to remain in-house on your own servers. Your next step, once you’ve categorised the importance of your data and what information can be stored in the cloud, is to work with your cloud services provider to determine what gets stored where and who has access to it.

3.  A great cloud computing experience requires a great cloud services relationship. Many organisations fumble the opportunity to recognise cloud services providers as new business partners. Like any major on-premises solutions, cloud services providers require a solid relationship with your business, including the IT department, in order to create cloud solutions that adapt to — and perhaps lead — your organisation’s business evolution. Choosing a cloud services provider that has a local presence will give insight and access to your cloud operations and the people running them.

4.  You’re never stuck with an inflexible cloud solution. Once cloud solutions are up and running, the IT department should constantly capitalise on the opportunity to prove their value over an on-premises alternative. Regularly evaluate cloud solutions’ performance and the changing business landscape. Because cloud services provide incredible agility, there’s no reason your IT department shouldn’t stand at the vanguard of improving cloud solutions. The strong partnership with your cloud services provider will prove priceless as the IT department provides the path for business managers to have input and buy-in to the cloud solutions with the goal of providing even greater ROI.

These cloud computing lessons offer a blueprint for building successful cloud solutions across the enterprise. Knowing the cloud computing areas where other organisations have fumbled will help your business be more in-tune with what it takes to ensure a secure, strategic cloud solutions delivery.

4 Steps to Ensure Cloud Services Compliance

Whether it’s Software-as-a-Service (SaaS) or Infrastructure-as-a-Service (IaaS), cloud services have become more viable options for the enterprise in recent years. Even when outsourcing management of your infrastructure or software to a cloud services provider, organisations still retain the responsibility of ensuring these services remain compliant. If a cloud services provider stuffs up, it’s most often the responsibility of the organisation if customer data is compromised or the provider breaches Australian data sovereignty laws. Following these points can safeguard your organisation as a whole from cloud services compliance violations.

1. Demand full disclosure of all data centre locations and how data is stored. To remain compliant to your local and industry data regulations, you need to know what type of data is going into the cloud and where exactly it’s being stored. The onus falls on your organisation, not the cloud services provider, to know what data and server restrictions apply. Is your data being kept down the road, across the country or on another continent? Even if your cloud services provider offers local data centres, you might decide certain confidential data remains on your internal network. In addition to checking data centre locations, review whether your cloud services provider can host your environment across multiple, geographically disparate locations to boost availability of data, provide failover capabilities and transfer workloads cross-country. If your industry is highly regulated and you need strict data privacy and sovereignly requirements, seek applicable industry associations and consultants to guide IT through the cloud services adoption process.

2. Ensure you can get your data back if you need to. There might come a time when you are legally required to obtain access to data stored in the cloud — for instance, in a court case. To ensure you can produce this data, you should build an incident response plan into your contract with your cloud services provider. This should include a clause indicating how quickly you can retrieve the data and exactly what data you can retrieve.

3. Validate a cloud service provider’s security monitoring claims. Are the same people who are managing your cloud infrastructure, if in an IaaS setup, also monitoring for security? Or is there a third-party security team for which the cloud services provider contracts out? Request and review security certifications in detail and contact the certification company to verify certificates are current. If the data is particularly sensitive, negotiate for audits conducted by your IT team and independently-chosen third parties. Red line the SLA to include an opt-out in the event the cloud services provider’s security certifications lapse or are proven false.

4. Check their network security standards: The human element of securing the cloud is just one piece of the overall approach to protecting your data. Make sure the technical security aspects are up to snuff as well. Ask your cloud services provider if your data will be kept separate from other organisations’ data. Also ask if your network connection for your cloud services will be configured via secure VPN or private WAN connections to prevent external parties from accessing your data. Will your provider configure your firewall or will you? What type of anti-virus and virtual machine protection is there?

As cloud services become dominant and the industry matures, these compliance considerations will be concerns of the past. Until then, make these concerns top priorities when you speak to prospective cloud services providers to stay compliant with laws and industry expectations.