True North Tech Series: Building an Effective Cloud Strategy

Although the concept of cloud computing has become mainstream, it may be surprising to learn that many CIOs struggle to develop an effective cloud strategy. Cloud is a foundation for 21st-century digital businesses, yet research conducted by North Highland shows that only 50 percent of organizations have adopted a strategic vision for the application of cloud technology.

Setting a strategic vision for cloud and reimagining legacy infrastructure can be difficult steps on the path to IT modernization. For example, one global food service company is working with North Highland to redesign its accounts receivable application environment and architecture through the strategic use of cloud-based technologies—solving for stability, ease of maintenance, and technology modernization challenges. Previously, the client had relied upon multiple cloud-based data services, tied together with custom, unreliable point-to-point interfaces. We’re helping to redefine requirements for a new account routing system, supported by a new enterprise data integration architecture. To do so, we’re moving our client’s critical infrastructure to a software as a service (SaaS) and platform as a service model (PaaS), comprised of a data integration platform and API platform. This new design allows for maximum flexibility, integration, and interaction between the organization’s cloud and on-premise environments.

With more businesses considering the financial benefits of moving IT infrastructure to the cloud, successful cloud adoption can be a tall order for CIOs as they realign to business priorities. It is critical that CIOs have a solid decision framework in place to help them cut costs and account for organizational risk tolerance, workforce skill levels, governance posture, and infrastructure budget targets – all while meeting ongoing business needs. Now, let’s put the core fundamentals of cloud decisioning into practice.

Three Critical Considerations: The Materials for Building a Cloud Strategy

At the onset, it’s vital that CIOs consider three layers of decision-making criteria when building a cloud strategy. Each layer requires a structured approach, with each decision impacting the direction your cloud strategy will take.

  • STEP 1: First, enterprise deployment model requirements must be identified. The four types of cloud deployment models – public, private, community, and multi-cloud (any combination of two or more private, community, or public clouds) – offer different trade-offs in regard to cost, scalability, governance, and security.
    • Evaluation criteria - Risk. The organization’s risk tolerance is the key evaluation criteria for choosing a deployment model.  Organizations in industries that are highly regulated, such as energy/utilities, may have more stringent security requirements that drive them toward private cloud models.  In some cases, these may be required by regulatory mandate (e.g., NERC-CIP).
  • STEP 2: Second, a service model needs to be determined. The primary service models are software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). While these terms can be confusing, it is important to note that additional “as a service” offerings are basically an aggregation or subset of these three service models.
    • Evaluation criteria – Workforce skills. Different service models rely on different levels of in-house workforce application development and infrastructure management skills.  Thinking about how mature your organization is in domains such as DevOps, Capacity Management, and Microservices Design can help you gauge if you would be able to get full value out of an IaaS or PaaS model 
  • STEP 3: Lastly, an implementation option needs to be established. Primary choices include enterprise data center (EDC), managed service provider (MSP), or cloud service provider (CSP).
    • Evaluation criteria – Governance Need. Organizations that are highly regulated typically will have significant requirements to maintain compliance information.  Today, many cloud solutions offer compliance functionality that a few years ago was only available via eGRC systems.  In either case, the budget required to support this compliance infrastructure can be significant.  And for companies with no compliance requirements, it may be time to question if governance practices tying the organization to legacy EDCs are luxuries given the recent advances in cloud-based governance solutions.

cloudStrategic Scoring: The Cloud Decision-Making Framework for CIOs

Now that you’ve made these decisions, how do you decide which strategic approach is best for your organization?

Using a simple scoring model can demystify the cloud decision-making process in three ways. First, developing a qualitative understanding of the organization’s risk tolerance (think high versus medium versus low) in a given cloud use case can inform the optimal deployment model.

Second, understanding your organization’s existing workforce skills and training can inform your service model selection.

And third, understanding your regulatory governance requirements and technology infrastructure budget targets will guide implementation options.

As an example, let’s consider two organizations. Organization A is a heavily regulated financial services institution and Organization B is a regulated consumer packaged goods manufacturer.

For Organization A, the CIO might want to balance the business’s desire for rapid development (to enhance customer experience), with a need for a high degree of governance (to satisfy regulatory expectations).

Due to a low risk tolerance, private cloud is the preferred deployment option.  With an in-house workforce that has significant development skills, a PaaS solution could offer development flexibility advantages while decreasing infrastructure costs. Finally, with high governance requirements and a significant infrastructure budget, an EDC implementation is feasible.

The CIO of Organization B wants to meet the demand for best-of-breed software capabilities but realizes the organization will not support the amount of training required to maintain an in-house development workforce.

With Organization B’s overall risk tolerance being medium-low, public cloud could be a viable option. The in-house workforce will transition to low development skills over time, so a SaaS solution would offer software capability advantages for the business while decreasing development and infrastructure costs. Lastly, with minimal requirements for governance and a target for lower infrastructure budgets, implementation through a CSP would be practical.

This flexible approach can be applied at varying scales across the enterprise. For instance, an organization might deploy multiple cloud strategies (multi-cloud approach) to accommodate varying levels of risk tolerance and governance requirements by line of business. By enabling CIOs to flex and adjust cloud resources based on business need, this approach enables effective collaboration and alignment with counterparts in finance, marketing, strategy, and risk.

As business moves at the speed of digital, a three-layer decision framework ensures that CIOs are equipped to deploy a flexible cloud strategy, meet the requirements of multiple lines of business, and demonstrate how an effective cloud strategy truly does support the bottom line.