Cloud computing is a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies.
At a technical level, cloud integrates applications, deployments and networks to produce more seamless business solutions. At a strategic level, cloud creates opportunities for organizations to create new digital services for customers and employees, make workloads more cost-effective and efficient — and generally enable the enterprise to respond at speed to changing needs during periods of disruption. High inflation and the threat of recession are only increasing the focus on whether to accelerate the movement of workloads to the cloud.
Capturing the benefits can be challenging, however. If you move workloads to the cloud but neglect to modernize them, for example, you may actually increase operating costs and fail to improve business agility.
Make sure to determine the relative priority of different strategic goals before proceeding with migration. Such goals might be to create new revenue opportunities, expand the customer base, improve customer experience or optimize costs.
The public cloud is playing a key enabling role for CIOs in the acceleration and delivery of successful digital business outcomes. Greater agility/flexibility is the top reason for transitioning to the public cloud. The use of the cloud is about business value, obtaining flexibility and agility, and reducing or eliminating the need to maintain and support hardware and software.
When measuring the direct impact of the cloud on a specific business area, or in its strategic value to your organization as a whole, leaders must correlate cloud performance metrics with specific business metrics to ensure alignment and value. However, a strategic assessment of cloud value must focus on longer-term improvements to agility, competitive leverage and ability to innovate.
To become more digitally innovative, organizations must be able to increase the pace and quality of their research and development (R&D), as well as how well they produce results. The effect of cloud adoption on R&D can be measured in lower startup costs for new experiments. In addition, less time will be spent on test configuration and management, and in the “digital leverage” an organization can sometimes obtain from using a cloud provider’s advanced platform services, e.g., artificial intelligence and machine learning. The business value of these services must then be measured in the quality and pace of new product introduction.
A cloud strategy answers the “what” and “why” questions. Only later does the cloud implementation plan answer the “how” questions.
It is best to craft a comprehensive cloud strategy before adopting cloud computing, but, in reality, most organizations build out their cloud strategy after they’ve gained some experience with its use. But the sooner you establish a cloud strategy, the more issues you’ll avoid.
Cloud strategy should be optimized for business outcomes, including speed, resilience and agility, and aligned with supporting strategies around data, security, governance and architecture.
Design cloud strategy for speed and business value
Start by mapping cloud strategies to three key CIO priorities (as aligned to enterprise strategy):
Strategy and innovation. How can cloud services help to solve business problems and drive innovation?
Governance and security. Can cloud enable adaptable governance frameworks flexible enough to handle different implementation demands and risk profiles?
Mobilization and migration. How can cloud support enterprise initiatives such as digital transformation?
Build resilience into application architecture
Cloud models, architecture and service providers will be key components of your operating model and their selection must support cloud strategy — now and in the future. Consider as part of your strategy what key outcomes you expect to capture in terms of capability, reliability, agility, automation, efficiency and cost optimization. (Also see ‘What are the key types of cloud computing and cloud services?’)
Cloud skills and talent
Cloud strategy must include a review of your readiness to enact and evolve that strategy. For example, ask if you need a chief cloud architect to lead a cloud center of excellence. If you’re migrating to the public cloud, you may need to hire new talent and upskill existing employees to bridge skills gaps.
Cloud-native refers to something created to enable or optimally leverage cloud characteristics. Cloud-native has been growing in popularity as a term and refers to optimally leveraging cloud characteristics. It is increasingly being used as a principle in cloud strategies and digital transformation efforts.
The more something aligns with core cloud characteristics, the more we consider it to be cloud-native and the more cloud-native outcomes can be enabled. Cloud-native can be applied to architecture, infrastructure, applications or operations, as well as thinking.
In traditional organizations, most applications are hosted in on-premises environments. The public cloud, therefore, is a form of outsourcing. Decisions about which applications and workloads to migrate — and to where — depend on the criticality of those applications and workloads. Cloud implementation can leverage a range of cloud types, cloud management platforms and cloud services.
Private cloud is deployed on-premises and can become costly and difficult to manage but may be favored by organizations that require direct control over their environments to meet security, business governance or regulatory compliance requirements.
Public cloud is increasingly the primary architecture for modern workloads and public cloud end-user spending is surging. But, cost mistakes often accompany cloud migration and ongoing cloud costs can spiral.
Hybrid cloud models combine public and private cloud computing so use and manage a mixture of internal and external cloud services.
Multi-cloud models use two or more cloud computing vendors at once. Most organizations are using a single provider for their workloads, but 30% will likely diversify a portion of their application portfolio on a secondary provider.
Distributed cloud computing is the first cloud model to incorporate physical location of cloud-delivered services as part of its definition. With packaged hybrid offerings, public cloud services (often including necessary hardware and software) can be distributed to different physical locations to meet hybrid and private cloud needs while retaining the advantages of classic public cloud consumption.
Industry cloud leverages underlying cloud services to offer business and technical capabilities that are specifically relevant to a vertical industry. Industry clouds offer a "whole product" experience to customers and can offer agility by offering a composable approach.
Sovereign cloud describes cloud platforms that are isolated from (legal) interference from regions or countries outside the jurisdiction the cloud service is provided in, and that functionally and technically can compete with (or are even based on) leading international cloud platforms.
Infrastructure as a Service (IaaS) offers pay-as-you-go access to the infrastructures you need to run workloads in the cloud, for example to replace a physical datacenter. The worldwide IaaS public cloud services market grew 41% in 2021, but just five providers account for over 80% of the total market: Amazon, Microsoft, Alibaba, Google and Huawei.
These so-called hyperscalers have distributed their infrastructure across thousands of physical servers and millions of virtual machines so can be more agile in scaling service up and down with demand. However, their dominance could create risks from cloud outages, their role in critical infrastructure and public concern about their influence.
Platform as a Service (PaaS) allows you to lease the cloud infrastructure you need for an entire application lifecycle from development to maintenance. Common examples include Google App Engine and AWS Elastic Beanstalk.
Software as a Service (SaaS) allows you to lease on a subscription basis cloud services hosted by SaaS providers. Important functional workloads that can be moved to SaaS include human capital management (HCM) within enterprise resource planning (ERP), email and collaboration, procurement and sourcing, customer relationship management (CRM) and IT service management.
Unprecedented levels of complexity and accelerating rates of change demand an operating model — and service provider partnerships — that will best support your cloud strategy.
Cloud management is a complex domain, and no vendor currently offers a comprehensive range of capabilities across all the major cloud providers. Cloud management tooling enables organizations to manage hybrid and multicloud services and resources. Cloud management platforms (CMP) integrate management of the architectures themselves.
Gartner sizes the cloud management tooling market at approximately $1.5 billion, with an estimated 20% compound annual growth rate (CAGR) through 2025. The primary use cases for cloud management tools and the main cloud management functions in each case are:
Cloud provisioning and orchestration. Automate cloud resource provisioning/deprovisioning/modification. Users: provisioning and orchestration.
Cloud service brokering. Manage the interaction between cloud consumers and providers. Users: service enablement; monitoring and observation; and provisioning and orchestration.
Cloud governance. To enforce policies and controls to ensure compliance with best practices of cloud activity. Users: identity, security and governance.
Cloud resource management. To manage the overall cloud estate (for example, cost tracking and cloud resource optimization). Users: inventory and classification; cost management and resource optimization; and migration, backup and disaster recovery (DR).
Tooling can be procured and operated by central IT organizations (for example, I&O, cloud center of excellence and platform engineering/operations), or within specific lines of business, and could be deployed on-premises, in a customer’s public cloud account or purchased as a SaaS service.
Any tool should offer:
A consistent view across all cloud environments.
Modularity, so you only use and pay for the functions you need.
An SaaS option to eliminate the need for an on-premises deployment.
Effective use of AI and machine learning (ML), where relevant.
Cloud management platforms (CMP), integrated products that provide for the management of public, private and hybrid cloud environments. Vendors in this space offer bundled multifunctional tools but many are beginning to “thin out” their initial product offerings and concentrate on more-focused areas (for example, IT asset management or provisioning). Most Gartner enterprise clients choose not to deploy a broad function CMP, opting instead to leverage native tooling and/or cloud management tooling that provides more limited functionality.
Third-party point tools focused on a narrowly defined set of functional areas, often related to a single product or function. Many vendors are now focusing and branding their tools as governance tools, the most in-demand current use case. Associated tooling vendors in areas that are not specifically cloud-related (for example, ITSM, infrastructure monitoring, application performance monitoring [APM] and backup) have been expanding their offerings to support cloud management requirements.
Cloud provider offerings from hyperscale cloud providers are evolving to enhance public-facing tooling to make it more appealing to enterprises. This effort suggests more competition between these vendors and third-party solution providers, along with cloud provider intentions to address ease of use of their overall value proposition.
Cloud migration is the process of planning and executing the movement of applications or workloads from on-premises infrastructure to external cloud services, or between different external cloud services.
Don’t assume you can and should just lift and shift applications to IaaS. Many are not worth migrating because it will be technically difficult to exploit cloud-native characteristics and the applications are not meeting the changing needs of the business anyway. It is often more appropriate to replace an application with a SaaS application or rebuild it on a cloud-native PaaS. (Also see ‘What are the key types of cloud computing and cloud services?’)
Broadly, Gartner defines five ways to migrate a workload to the public cloud:
Rehost: “Lift and shift” your application from its current physical or virtual environment onto a cloud platform, making as few changes to the application and its runtime environment as possible.
Revise: “Lift, shift and adjust” your application just enough to make it safer, easier and less costly to manage in the public cloud.
Rearchitect: Materially alter or refactor the application toward a cloud-optimized architecture, making some use of cloud-native capabilities.
Rebuild: Optimize for the cloud by rewriting the app from scratch, preserving core business logic and algorithms, but letting go of legacy code and rebuilding on cloud platforms and services.
Replace: Replace an application with a third-party SaaS alternative, configuring or extending the SaaS environment to meet requirements, and (if necessary) migrating legacy data into the new environment.
These six steps outline a rigorous approach to cloud migration:
Plan the cloud migration program. Validate the need for migrating applications to the public cloud and ensure that participants understand their responsibilities, project timelines and expected outcomes.
Make the business case for migration to public cloud. Determine the cloud migration program objectives based on the cloud and IT strategies. For each identified objective, define success metrics that are precise, actionable, leadership-relevant and articulated in business language.
Set up the applications’ assessment process. Build a cloud migration team and set up an intake process where applications are selected. Determine the criteria to rate applications for cloud fit based on migration program objectives.
Decide how to migrate each application and create a migration calendar. For the applications selected for cloud hosting, determine how to migrate each application to cloud. Define the order in which the applications will be migrated, along with ownership and timelines to create the migration calendar.
Prepare and communicate the migration plan. Create the migration plan document and inform key stakeholders about the migration sequencing, timelines and impact on their workflows.
Monitor the effectiveness of the cloud migration program. Review the cloud migration program’s effectiveness by tracking predefined success metrics and user feedback.
You will also need to build a realistic estimate of cloud migration costs. That plan is the key to avoiding cost overruns and implementing successfully. (Also see ‘How do you manage cloud costs?’)
Without careful management, public cloud costs can rapidly spiral out of control. Gartner research shows that 77% of enterprises have been “surprised” by incidents in which costs suddenly spiked and only 22% of infrastructure and operations (I&O) leaders are confident that their spending in the cloud is under control.
Unexpected cloud costs may arrive as ballooning monthly bills that destroy return on investment (ROI), as short-term spikes that interrupt critical projects, or as erratic swings that force the business into emergency budget adjustments.
Why do cloud costs behave differently than traditional data center costs? Because cloud usage is metered and billed in a “pay as you go” model, so costs are highly sensitive to usage patterns. These patterns, in turn, may vary unexpectedly due to changes in business activity, human errors such as inefficient configurations and scripting mistakes, or even malicious external attacks that can create spikes in resource utilization.
Focus on the following three techniques to build cost resilience into your cloud.
Map your points of cloud cost vulnerability. Group costs by business activity or application, and work with the business to determine what areas are most vulnerable to unexpected cloud cost increases.
Add “cost observability” into your cloud monitoring. Cloud cost observability is the ability to make accurate inferences about cost and financial impact from the system events recorded in cloud logs.
Build a cost incident response plan. This is an emergency playbook that every organization hopes it rarely needs to use: practical instructions that will be needed by humans moving quickly under pressure. As such, it must be simple, prescriptive, focused on realistic scenarios, tested and maintained.
Each migration approach (see ‘What is cloud migration?’) has a different profile in terms of the types of costs and when they occur and there are a host of reasons that cloud migration costs go off the rails, from rushed app assessments to hidden costs. Make sure to cost and monitor each set of key activities from planning and oversight to residual (sunk costs).
If you intend to contract for cloud migration or cloud operations, be alert to potential costs that vendors place out of scope. Vendors often know that these activities will be required at some point and hope to gain additional revenue by billing extra for them once the project is underway.
Examples of work frequently “added in later” include:
Extra effort to “live migrate” mission-critical systems
Creation and refinement of operational runbooks, including automation templates and scripts
Implementation of backup and disaster recovery processes
Special configurations to meet regulatory compliance standards
Expanded system administration duties “above the IaaS level” to maintain databases, application PaaS environments or the migrated applications themselves
Preliminary estimates for these costs should be incorporated into the complete cloud migration cost estimate, even if workarounds or alternate vendors have not yet been identified.
Cloud security refers to the processes, mechanisms and services used to control the security, compliance and other usage risks of cloud computing. Security, including governance, compliance and privacy, should be addressed from the outset in cloud strategy.
Attitudes toward security have changed significantly. Originally, many people considered the public cloud too unsecure. Now, some organizations trust public cloud providers too much. It’s important to understand what providers do and don’t secure.
For instance, your provider may secure their IaaS services, including virtual machines, storage and networking, but not the applications or data that you host there. In that case, it’s down to you to ensure that the data you put in IaaS is locked down appropriately. In other words, clouds are secure, but organizations are often not using them securely. Security is a shared responsibility, so detailing roles and responsibilities is critical to using the cloud securely.
Cloud security is the fastest growing segment in the market for information security technology and services, with particular interest in innovations to support remote working and digital business acceleration. Among the most significant emerging cloud security technologies are Secure Access Service Edge (SASE) and Security Service Edge (SSE).
Workloads aren’t the only business activities migrating to the cloud. While some data may need to stay on-premises, database management system (DMBS) deployments and innovations are increasingly cloud-first or cloud-only.
The choices for cloud data management architectures are:
On-premises to cloud (also known as “ground to cloud”) has components residing in both on-premises and cloud environments (i.e, hybrid and distributed cloud). It comprises both active data management occurring between the two environments, and “on-demand” interactions in which data usually moves intermittently between the environments.
Multicloud, in which the applications remain logically separated but reside in two or more clouds. This is nearly identical architecturally to the “on-demand” variant.
Intercloud, in which data is distributed between two or more clouds and is actively managed as part of a cohesive, logical application. The application integrates data from multiple clouds. This is architecturally nearly identical to the “active” variant.
Data and analytics leaders must balance the risks and benefits in managing data across diverse and distributed deployment environments. For example, almost all cloud providers today charge data transfer fees for data flowing out of their cloud, but not for data flowing into it, so an application architecture that requires significant amounts of data movement from the cloud or between clouds may be financially suboptimal. For this reason, it is important to both understand the financial implications inherent in the selected cloud provider and to take steps ensuring that the application topology best uses the cloud features and data flow requirements.
New trends in cloud computing are continuing to expand the breadth of cloud offerings and capabilities and Gartner expects that by 2026, public cloud spending will exceed 45% of all enterprise IT spending, up from less than 17% in 2021.
The future of cloud is related in part to:
Communications services, including consumer fixed services, consumer mobile services, enterprise fixed services and enterprise mobile services. For example, new cloud options and non-geosynchronous-orbit (NGSO) communications constellations, including low earth orbit (LEO) and medium earth orbit (MEO) satellites, and new 5G R16 and R17 capabilities, will drive broader, deeper and ubiquitous cloud usage.
Related technologies and devices. Edge infrastructure, for example, which places processing and storage capacity as close as possible to the end user and the proliferation and mobile devices
Join your peers for the unveiling of the latest insights at Gartner conferences.