This is a guest post by Tony Tai, Senior Product Manager for Microsoft Online Services.
As a product manager for Office 365, I focus each day on addressing our customers’ current and future needs for cloud workloads. Recently, I created a framework of key considerations for taking a public cloud approach. As you assess your next cloud implementation, you might reference ideas in the post Why Move to the Public Cloud?, including whether a hybrid, private and public cloud implementation might be your ultimate solution. In this post, we will learn from others about building a history of successful implementations, through their top considerations in moving to the public cloud.
Selecting the Right Workload
Even a quick review of existing best practices for cloud migrations reveals that organizations are carefully assessing which workloads to migrate before implementing SaaS solutions. Among infrastructure leaders in this group are Microsoft’s CIO, Tony Scott, and Vivek Kundra, CIO for the United States. Both leaders are significant stakeholders in the promise and potential scale of cloud computing in their organizations. According to Vivek Kundra, “An estimated $20 billion of the Federal Government’s $80 billion in IT spending is a potential target for migration to cloud computing solutions.”
How, then, have wise cloud adventurers approached SaaS migration? Almost universally, I have found that CIOs are using a decision framework which considers technical needs as well as business needs in determining which applications, or workloads they will move to the cloud. Mark White, CTO for Deloitte Consulting‘s technology practice weighed in for Network World:
“You’re looking for places where there are islands, so less legacy investment or less subsequent re-integration. However, that doesn’t mean you can’t do the larger, more complex, legacy systems with integration. But our analysis shows the likelihood or timing for large enterprises to look at core systems such as integrated financials, manufacturing, inventory and supply chain management is much later in the public cloud cycle.”
Validating the Workload and Preparing to Manage Services
With a workload identified, you will want to validate your choice. Determine what you will need to invest, and what the return will be in terms of cost savings or even increased revenues. Perhaps you have an ecommerce site with capacity issues, and moving to the cloud will help you provide better customer service and reach more customers. Briefly outline your security needs, identifying risks. Examine challenges such as maintaining data privacy. Next, create a reasonable performance goal for the cloud solution, and project your return on investment. If the SaaS scenario has no major obstacles and meets or exceeds your organization’s financial criteria, move onto readiness.
More and more, IT leaders are overseeing resources which are not tangible assets within their organizations. As part of this, infrastructure leaders create their own SaaS history, learning a great deal in the process. Kevin Jackson of Forbes recently wrote about what he learned from private industry experiences, through attending the 2011 Cloud Business Summit. Reviewing and summarizing his remarks, my guidance is:
- Engage in formal planning, including in adjusting your model for governance
- Define roles and responsibilities regarding managing your cloud infrastructure
- Anticipate human resource needs, such as in re-training and in modifying teams’ objectives
- Take an inventory of your assets to adequately assess ROI for cloud solutions
- Assign adequate program management resources to oversee implementation
Tailoring the Solution
Whether or not you need to tailor your solution will depending on the size, complexity, and specialization of your organization, and on the workload you have chosen. Organizations such as US federal agencies which have immensely complex workloads with dynamic parameters resulting from changes in regulations and legislation, must tailor public cloud solutions. Also, they must plan to re-visit and revise the implementations over time.
If your organization has already migrated standalone applications to the cloud, your up-front analysis may reveal that migrating a critical core, business application such as supply chain management is cost-effective and is now strategic to your business. If so, you will need to plan to tailor the system to interface with your suppliers. In short, be sure to plan for necessary tailoring and testing to achieve critical user adoption, and consider any need for tailoring and its effect on ROI as you select your workload.
Securing the Workload
As business people learn more about the benefits of cloud computing, their needs are driving organizations to justify public cloud solutions. As a result, at times IT does not drive the choice to move a given workload to the cloud. Jeff Vance at Microsoft observed this for Forbes and offers specific advice in these scenarios. Pragmatically, organizations need to assure IT is “at the table”. Of course, part of the critical work which IT must champion is in planning to secure the workload. Ask your IT team to consider the security technologies and practices in place in your organization and through your SaaS provider, and then work to address gaps. Cloud migrations bring specific challenges which your staff might anticipate. For example, for a business with multiple SaaS workloads, Single Sign On can become increasingly important to users.
In some organizations, SaaS security requirements are incredibly broad. The US federal government’s security challenges remind us that securing the cloud encompasses more than technology considerations, and more than technology and process considerations. Managing risk, or planning for “what could happen” is part of the security challenge. According to US CIO, Vivek Kundra, “FedRAMP [the Federal Risk and Authorization Management Program] defined requirements for cloud computing security controls, including vulnerability scanning, and incident monitoring, logging and reporting.” … “To strengthen security from an operational perspective, DHS [Department of Homeland Security] will prioritize a list of top security threats every 6 months or as needed, and work with a government-wide team of security experts to ensure that proper security controls and measures are implemented to mitigate these threats.”
While cloud security includes technical, procedural and risk mitigating considerations, it is not an obstacle. Network World cites this quote from Executive Director of IT, Nathan McBride, AMAG Pharmaceuticals who is building an IT infrastructure wholly in the cloud:
“Security is my favorite topic because I’ve yet to meet a single person who can show me specifically in some legitimate, substantive, concrete way that the cloud is less secure.”
Industry, public and private institutions are creating a new history of public cloud implementations. Even with a brief roll-out history, perhaps you agree that care in selecting applications, in planning and securing implementations are critical aspects for this work.
The opinions and views expressed in this blog are those of the author and do not necessarily state or reflect those of Microsoft.