The speed of cloud adoption is continuing to increase. Organizations worldwide are rapidly migrating on-premise IT infrastructure, software and other technology to cloud services. In addition, software solution providers are building native cloud systems and converting existing offerings to the cloud. However, migrating to the cloud is no easy task.
Organizations have not been able to effectively match the cloud’s pace of change. They lack the required skills and expertise to effectively govern the adoption and use of the cloud and its associated risk and are therefore unable to optimize its value. In addition, the adoption of cloud services is often perceived as more expensive when viewed from an operational perspective. This is due to the lack of a definitive or standard integrated framework for cloud governance. At present, industry frameworks do not specifically address the impact of the cloud on IT governance and management processes.
However, there are some tips that organizations can consider to navigate the risk in a practical way and move up the maturity curve.
Develop a Plan
The first step is to develop a workable cloud strategy and road map. The plan should be achievable and realistic. Many organizations opt for a multicloud strategy by retaining some on-premise technology while gradually migrating parts of the on-premise estate to the cloud. When properly managed, this strategy can be effective. The cloud strategy should support the organizational digital business strategy.
A benefits case will aid in illustrating the benefits of cloud adoption and migration. The benefits case should be based on total cost of ownership and strategic benefits such as scalability, flexibility and agility must be considered. It is all too easy to focus on specific components such as storage to illustrate why on-premise technology is cheaper.
Next, the IT operating model and governance operating model should be adjusted to accommodate the migration to the cloud. The right cloud skills and expertise are required to make these adjustments. Once the migration process is completed, the cloud governance processes should be constantly improved and adjusted.
Good Governance During Cloud Migration
At the start of cloud migration, most organizations do not have the necessary cloud skills, expertise and experience to manage the migration project on their own. Therefore, it is essential to select the right partner to assist with the migration process. The migration partner should be thoroughly vetted and contracted with clear accountabilities and expected outcomes.
With the help of the chosen migration partner, a cloud migration framework should be adopted to manage the project. Most experienced migration partners utilize a hyperscaler cloud migration framework or have developed their own migration methodology that is aligned to published frameworks.
In addition, a decision must be made on whether workloads will be refactored or a lift and shift migration is appropriate. Refactoring will take longer and require much more effort, but the systems will be optimized to run in the cloud.
When making these decisions, there are several considerations:
- Migration Waves
Migration normally takes place in tranches or waves of interrelated workloads, which happens continuously. Migrated workloads are thoroughly tested in a test environment before being released to the production environment. Technical exceptions and teething problems can be expected due to subtle differences between the on-premise technical stack and cloud services. This is especially true if a lift and shift approach is followed during the migration of workloads. On-premise software is not designed for the cloud and there may be missed and subtle differences between software versions.
- Do Not Miss Important Cloud Controls
It is most cost-effective to bake in the right level of cloud controls from the start. Controls related to information security, disaster recovery, backups, compliance and resource configuration are among the important areas of control that must be addressed.
- Project Assurance
It is wise to conduct reviews of cloud controls during the migration project. This is a more effective way to address migration risk. An independent set of eyes on the migration project never hurts and will help to reduce the risk and provide leadership bandwidth. Because cloud migration often takes place as continuous migration waves, project assurance reviews should be aligned to this agile approach. Continuous review cycles should take place and findings and recommendations should be made available to the project team in real time to enable them to act with speed.
Operate and Optimize
Because most organizations lack the required skills and experience to operate and optimize the cloud environment, it is prudent to establish a managed service by a reputable cloud service provider who can manage the cloud environment on the organization’s behalf. The service levels associated with the managed service should be carefully monitored and managed through regular service management meetings and review of service management reports. The automation of resources through infrastructure-as-code will assist in the consistency of cloud service deployments and save money.
The cloud environment should be regularly reviewed and audited to ensure that the maturity of cloud controls and cloud governance processes remain aligned with the requirements of the organization.
Reaching Maturity
Reaching cloud governance maturity will not be achieved overnight. A process of continuous improvement should be applied to incrementally maintain and improve maturity levels once the migration project is completed. Advanced services such as containerization, functions and serverless, artificial intelligence and machine learning, cloud-native development, DevOps, and data lakes requires advanced capabilities and cloud governance processes to realize the expected benefits.
Conclusion
It is important to realize that cloud governance maturity is a journey. It will not be achieved immediately and easily. It will require time and effort. And it is crucial to lay a solid foundation right from the start. It is also helpful to use a cloud governance framework.
Editor’s note: For further insights on this topic, read the authors’ recent Journal article, “Redefining Enterprise Cloud Technology Governance,” ISACA Journal, volume 3 2023.