Everyone knows that the cloud is the way of the future, yet some enterprises are still hanging back, mostly claiming security concerns. In this interview with The Enterprisers Project, John Purrier, CTO of business automation software company Automic, and former CTO of CenturyLink, explains why this is a strategy for failure.
The Enterprisers Project (TEP): Why is now the right time for companies to adopt an enterprise cloud solution?
Purrier: We are in the midst, the start really, of a transformation in enterprise IT that will be as significant as the shift to virtualization has been over the past 15 years. The adoption of cloud technologies inside of corporate data centers enables quicker delivery of internal IT services, higher velocity in delivering customer-facing applications and services, and enables the business to be more agile in responding to competition.
Couple this with modern development tooling and DevOps practices and the resulting business value is huge. Companies that ignore these trends will be left behind and become more and more irrelevant over the next 10 years.
TEP: How do you respond to concerns that the cloud is too insecure for mission-critical data?
Purrier: Security concerns are, and have been, the focus of cloud providers for several years. The fact is that cloud service providers (CSPs) at any kind of scale have more network engineers, security engineers, compliance experts, and operational personnel than most companies that run their own data centers. The providers should be able to walk through their policies, technology, and remediation systems in detail to any customers who want assurance that the infrastructure meets their requirements.
TEP: Are there some functions or data that should never move to the cloud?
Purrier: Are there functions or data that should not be moved to external data centers? Absolutely, there may always be some combination of requirements that make a company invest in its own data centers and operational teams. This is OK, not everything needs to be run outside the firewall. However, in order to make this truly viable, the automation and orchestration systems that provide the governance and points of control to the business need to be architected to be multi-data center and multi-cloud capable.
TEP: What factors should companies consider when deciding what to migrate to the cloud?
Purrier: As enterprises look to make their own digital transformations there are a few critical questions to be answered. Adopting cloud technologies and potentially moving applications and data outside of the corporate firewall is a technical challenge, but the larger challenge is cultural. The move to the cloud requires process and procedures that need to be made integral to the IT and company culture to be successful. The internal evangelism and adoption of cultural change is probably the biggest challenge.
A realistic inventory of existing systems and processes needs to be done, and decisions made as to whether current applications and data systems:
- Stay where they are and are maintained;
- Move to cloud architecture and frameworks, perhaps through PaaS or other application tooling;
- Are sunsetted and retired;
- Or re-implemented as cloud-native applications.
Orchestration automation is a valuable tool in making the existing systems continue to run seamlessly while IT directs development and operational resources toward the cloud-based systems.
In working with enterprises on their application journey to the cloud, common patterns for best practices have emerged. Starting with significant but non-business critical applications such as marketing sites, brochure sites, and short-lived campaigns and running these as pilots gives teams a good feel for new cloud-based processes and tools. These pilots also allow for simultaneous deployment of DevOps tooling and processes. Through an iterative cycle of develop/deploy/retrospective-learning, organizations find their own rhythm and cadence for cloud-based deployments.
After the pilot period, the processes can be scaled up to rapidly move more applications, moving from non-business critical to mission critical. At this point it is critical to have a solid DevOps and operational automation strategy and implementation process to ensure repeatable and reliable deployment.
Understand that cloud system management, orchestration, and automation tooling will increasingly allow multiple data centers and multiple cloud infrastructures to be part of an overall enterprise IT solution. This will allow truly level playing fields amongst the providers, preventing lock-in and giving the enterprises the governance, insight, and control they need to accelerate their business.
TEP: What are the risks or drawbacks of not migrating to the cloud?
Purrier: Transforming enterprise IT to become more responsive to business requirements and competitive demands is an ongoing challenge. Adopting modern automation and governance tooling provided by cloud systems and DevOps practices allows IT to accelerate the value it provides to the overall business. Cloud, automation, and DevOps practices and systems have reached a maturity level where they can realistically become part of the operational plans of any company.
By not adopting digital transformation best practices, enterprise IT departments risk falling behind competition that is currently becoming more agile, delivering faster time-to-customer interaction, and providing higher value to the overall business. Beyond velocity and delivering higher levels of SLAs there is a lot of value in being able to control and manage IT spending through smart use of on-premises and external cloud resources.
TEP: What advice would you give CIOs around cloud migration?
Purrier: Senior management needs to be a strong advocate to support the cultural, procedural, and technological shifts that the digital transformation of the business will require. In order to be competitive going forward, all businesses need to accelerate their internal IT operations in order to bring more value. The enterprise IT path forward will increasingly be collaboration between business, development, and operational teams facilitated through automation, analytics, and distributed computing and cloud infrastructures.
It is key that CIOs and IT managers understand the network security, tenant isolation, and data security models of the cloud providers they are thinking of engaging with. Additionally, if applicable, CSP policies allowing data sovereignty and regulatory compliance should be explored. These are the big concerns many enterprises have with going outside of their own firewalls. Next up would be performance and uptime SLA agreements, along with support policies and issue escalations.