You might be familiar with some of these common (and competing) myths about cloud computing:
- Cloud is less secure than on-premises capabilities.
- Cloud should be used for everything.
- “The CEO said so” is a cloud strategy.
One thing is certain: Every organization needs to have a cloud strategy, even if it’s for “someday.”
“Organizations that do not have a high-level cloud strategy driven by their business strategy will significantly increase their risk of failure and wasted investment,” said David Cearley, vice president and Gartner Fellow.
To get started, Mr. Cearley recommends that you first think about your business’ different modes, or IT approaches. In bimodal IT, one part of the technology organization (Mode 1) is responsible for keeping the business running reliably. The other part (Mode 2) is responsible for agility, speed and innovation. Mode 1 is technology-centric; Mode 2 is business- and customer-centric.
What is your business’ strategy? Is it focused on stability or innovation?
Create a decision framework
Next, plot a matrix that has “Risks and Challenges” along its horizontal axis (“high or unmanageable on the left to “low and manageable” on the right), and “Benefits” along its vertical axis (“low or uncertain” at the bottom to “high and clear” at the top).
Then for each cloud application or use-case scenario you’re considering, evaluate and mark the framework with:
Potential benefits: How high-priority are the benefits or rewards that cloud provisioning could offer? If the business has requested a customer-facing microsite for a seasonal promotion, cloud benefits might be rapid time to solution and access to innovation. Benefits under other scenarios might be cost savings, solutions to capacity problems, or better handling of workload imbalances or volatility.
Potential risks and challenges: What are the potential downsides or dangers to using cloud services? For an insurance company considering moving its claims adjustment application into the public cloud, security and regulatory challenges might be issues. In other use cases, risks and challenges might be potential lock-in, integration difficulties or market immaturity.
Refine and adjust
You’ve taken the first steps toward determining where and how to provision via the cloud. There’s still some tweaking to be done, and some of your dots might shift in the framework as a result.
For example, the availability of risk mitigation options (for example, using encryption or tokenization to address security concerns) could have an impact on your overall assessment. Likewise, your organization’s experience with cloud computing and having best practices to secure, manage, and govern access and usage of cloud services can help offset risk.
Applications that land in the upper left, where cloud service benefits are high and clear but the risks or challenges are also high, may be good candidates for a private cloud approach.