Modern Cloud Migration Process Requires Careful Approach; Organizational Changes
“The cloud is here to stay” is a cliché at this point. What the cliché doesn’t address is that the apprehension is as well, although it has changed forms. Fears over “privacy and security” are now more acutely expressed in terms of specific demands from clients or business decision makers regarding compliance and data lifecycle requirements. Meanwhile, these decision makers and IT architects are aggressively looking forward, chasing the “next big thing” in an atmosphere where cost and complexity are seen as inevitable. These trends were seen in a review of three years of survey data from the Cloud Security Alliance which somewhat paradoxically indicated that many of the traditional models and ways of expressing security concerns are falling by the wayside, such as an encryption-first paradigm and myopic focus on transparency. Additionally, looking at differing response patterns between surveyed roles pointed to a need for more organizational cohesiveness in all stages of the cloud transition.
A 2012 CSA Market Maturity study identified four phases of cloud products as they release to market: Infancy, Growth, Maturity, and Decline. Year-over-year survey results indicate that these phases apply somewhat independently to different technologies – server virtualization and IaaS form the base for all other cloud technologies and are the only fully matured technology. The signs of the Maturity phase are peak market growth, slowing innovation, and difficulty differentiating between service providers, ending in that service becoming a commodity in the Decline phase. Private cloud may have reached maturity in the 2016 survey (undertaken between October 2015 and May 2016) – while active deployments rose 13% to 52%, pilots fell 2% and organizations reporting no plans to deploy rose to 20%. In 2013, the survey saw a smaller demographic of mostly technology-focused companies that tended towards being either very small or very large. In this way, private cloud seems to be chasing a declining market segment. In contrast, hybrid cloud pilots and “no plans” stayed steady while rising 19% from 2015 – 11% of this growth came from a fall in “Not Sure/Don’t Know”.
In the 2015 survey, which was undertaken between October 2014 and February 2015, concern over compliance issues was abnormally low despite the percentage reporting their organization was beholden to industry or regulatory standards remaining the same or increasing. This marked a point at which the need to migrate to the cloud became so pressing that protocols were let by the wayside in the rush. In this context, it seems that the 2016 survey represents a desire to “re-do” the transition in a more sustainable manner, with hybrid cloud being an acceptable compromise between security and flexibility. Concern over lack of cloud expertise in the organization is down as spending rises; it has been widely expected that cloud will or is already making up the majority of IT spend.
In this atmosphere, where all concerns are declining or leveling off except that of compliance, with both CSPs and organizations serving a global clientele, hybrid cloud is not only a security compromise but a way to enable rapid deployment and keep the path open for future modularization of services. This demand for a technological shift is telling of an unmet need for organizational change, which can be seen by the discord between roles in the migration process. Business decision makers and CSP respondents had a fairly strong alignment of concerns representing their client-customer relationship. They were unconcerned about internal resistance to change and an inadequate amount of cloud expertise in the target organization, while IT architects and staff were very concerned. Interestingly, these IT groups were also more concerned than the BDMs over unclear cost benefits – the “internal resistance to change” that has remained in the middle of the concerns throughout all three surveys reflects a perceived misunderstanding of the amount of work and upkeep the new cloud infrastructure requires, a fact which would understandably be glossed over in the client-customer relationship between BDMs and CSPs. Developers, meanwhile, were totally alienated from these business concerns with very few concerns per respondent and a high skip rate. It was unclear where they fit in between IT architects, staff, and the client-customer relationship. Organizational culture has fallen behind technology once again, and a new set of tools is imperative to getting the cloud transition right.
CloudAtlas® effectively implements most of the power of the CSA stack in a brandable and comprehensible way for non-developers while still allowing for highly detailed technical drill-downs.
In 2015, the security “elephant in the room” was dealt with through transparency and product offerings on the part of CSPs. In 2016 and 2017, as organizations seek an agile, cohesive cloud structure, the survey data points to a need for actionable information that takes into account all steps, present and future, of the transition process and makes use of the input of all roles involved in the transition and maintenance.