Migrating infrastructure to the cloud -- what the board needs to know
If you serve on the board of a UK organization, it’s likely that digital transformation is high on your agenda as you look strategically at futureproofing your business. A key part of that is ensuring that the IT infrastructure supporting your company is functioning robustly as a platform on which to build competitiveness, rather than a legacy anchor holding back innovation and growth. Moving to an Infrastructure-as-a-Service (IAAS) set-up is increasingly the way that companies aim to unlock potential and enable more dynamic, flexible business processes.
The benefits of IAAS are clear: It’s flexible and can easily scale as your business grows. It removes the burden of maintaining legacy systems and allows the easy deployment of new technology and, ideally, you only pay for what you use on a predictable opex basis; you won’t be paying to maintain capacity that is rarely needed. It also allows you to add on services such as analytics and disaster recovery-as-a-service and it’s the perfect environment for the big data projects requiring large workloads and integration with business intelligence tools.
All these drivers mean that boards can be under pressure to quickly sign off on cloud migration projects. However, it could be a case of more haste, less speed if boards don’t ask the right questions before they sign on the dotted line. It’s important that decision makers don’t simply view IAAS as a commodity purchase -- there are a range of providers from hyperscalers to vertical sector specialists and they’re not all the same. Boards must undertake due diligence when making the IAAS decision and there are some key questions that should be asked to ensure that the project delivers both the operational and also the strategic outcomes required.
What’s the scale of our ambition and what business outcomes do we want to see?
We tend to see cloud migration projects falling into one of two camps. In the first, businesses simply want to "lift and shift" their current operations and replicate them exactly in a cloud environment. Naturally they want to see the benefits of cost and flexibility, but fundamentally they want a similar experience after the migration to what they had before. The second scenario sees companies wanting to fully overhaul their infrastructure and deliver a completely different model back to the business -- more of a true digital transformation.
It’s important to know which camp you’re in and be sure that your prospective IAAS provider is aligned, because in either case, ending up with the alternative scenario will cause pain. What should be a straightforward process becomes overly complicated when the destination is not clear from the outset.
How much support do we require at onboarding and ongoing?
Support for the initial cloud migration varies between providers from do-it-yourself to a full concierge migration service.
If you opt for a hyperscale provider, you’ll find the approach is more on the DIY side -- there are a wealth of options but it’s up to you to figure out what’s best for your business and mix and match accordingly. This works if you have in-house capability or are happy to employ consultancy expertise in order to manage the move.
At the other end of the scale are providers offering an end-to-end concierge service to get you up and running with onboarding, deployment and testing. Your IT team will be expected to bring their existing skillsets, but little additional learning is required.
In both cases, you also need visibility of the ongoing costs associated with support for your cloud environment and the availability of that support.
What are our security and compliance requirements and how will they be managed in the cloud?
Managing risk is a significant board responsibility that only increases as regulations tighten. Company data is one of the most high-risk assets the business possesses and its safety in the cloud has to be beyond reproach. Prospective CSPs should be able to provide assurances of the security offered by their cloud that meet or ideally exceed the organization's compliance requirements.
Assurance at the start is one thing, but ongoing auditing and reporting is also critical. The GDPR, for example, requires that organizations demonstrate how they are taking steps to protect data on a continuous basis and you’ll need to work with your CSP to achieve this.
Again, offerings differ. Some providers will expect you to take responsibility yourself, bringing your own security and compliance team, software and processes with you. Others, including iland, have built a dedicated practice around compliance that is at the disposal of customers. This can be invaluable if your compliance team is small or you don’t have in-house support. Either way, it’s another important consideration when adopting IAAS.
Pricing -- How flexible is flexible?
The lure of only paying for the resources you use is a powerful motive for moving to IAAS. Whichever provider you choose, it is likely to be more cost-effective than your legacy environment, but to really reap the full economic benefits, you need to ensure that there’s a good match between cloud workloads and cloud resource utilization.
Some providers will allow you to reserve cloud resources based on exactly the amount of GB required, with billing based on actual compute usage, while other work on a "best fit" basis, offering a range of predetermined instance sizes. There is a risk here of paying for resources you don’t use, so it’s important to check that your requirements are close to the instance size selected. You also need to ensure that you understand the billing system and have visibility over any additional costs such as VPNs or burstable charges that might be incurred. You certainly don’t want any nasty surprises further down the line.
Fundamentally, adopting infrastructure-as-a-service is a sound decision, but it still needs careful scrutiny to make sure the business gains the maximum benefits possible. Even though boards are under pressure to sign off deals, they should ask the right questions to make sure their investment delivers the business outcomes they’re looking for.
Johnny Carpenter is Director of Sales EMEA at iland Internet Solutions