The push to digital is a constant topic of discussion among today’s business leaders. But the road map to digital is often confusing and unclear. What is the role of the CIO in the digital enterprise? What about the IT team and the capabilities needed to infuse digital into the DNA of the organization? These and many other questions must be answered in order for an organization to become a modern digital enterprise. Understanding the foundational building blocks of cutting edge IT and how to use them to drive business goals is critical to maintaining a competitive advantage and truly becoming a digital business.
Achieving digital means enabling your innovation-minded people with the organizational structure, governance, and technologies so that functional silos are removed and the organization operates as one delivering unique and impactful customer experiences.
Finding the right balance of people, processes, and technology
Digital transformation isn’t just about buying new technologies and gadgets or hiring new talent. It’s a fundamental shift in the way a company operates on a day-to-day basis. Getting the right blend of people, processes, and technology to extract real value from a digital strategy is the most challenging aspect of the process. At the center of the push to digital are the people, mindset, and skills required to adapt to a digital world.
The new digital team needs traits that are different from what most of us are used to in today’s technology environment. People need exceptional skills in collaboration, communication, problem solving, learning, and troubleshooting to be successful in the modern workplace. The best digital people also have a product mindset and are inquisitive about new ways of doing things and new technologies. This allows them to rapidly adapt as operating models are disrupted and new strategies need to be implemented.
Digital transformations require fundamental process shifts as well. Simply implementing automation on a legacy system is not going to take advantage of the full power of the technology. Processes must be evaluated and re-engineered to fully harness automation and cognitive computing technologies as well as workforce skills. Developing and deploying a mobile application to complement an existing web application does not necessarily result in a more meaningful engagement with users or customers. It must be supported by robust processes and an effective team.
Technology is now an integral part of the business. The IT department shares accountability and responsibility for revenue, customer satisfaction, profit, and growth. Taking the ecosystem of applications and services in the enterprise, we can segment the elements into digital DNA components. Each of the digital DNA components relies on the other components, and each is connected to the others through a complex tapestry of data.
This series will help you decipher the digital enterprise and provide insights into making digital part of your organization’s DNA. Make sure to bookmark us at http://thinkwgroup.com/insights/
Many organizations are rightfully excited about the benefits of cloud, but often minimize the challenges that it can bring. In order to make good decisions about cloud deployments, companies must understand the risks.
Security – Security is one of the primary concerns when implementing a new cloud deployment, particularly in the public cloud. Entrusting critical applications and sensitive information to third parties can create great anxiety for organizations used to managing their IT infrastructure. In a recent survey, the top perceived threats were unauthorized access (63%) , account hijacking (61%) , and malicious insiders (43%). It is notable that users also fear that they cannot trust their cloud providers. 71% of respondents to a survey said that they did not think their provider would alert them if customer data were stolen, and 72% believed they wouldn’t be notified if confidential business information were stolen. One of the major sources of these fears is a lack of visibility. One recent survey found that approximately half of an enterprise’s cloud applications aren’t visible or fully accessible to the IT professionals on staff. This obviously can create significant trust issues, causing many organizations to be wary of cloud solutions.
Although there are unique security risks to using a public cloud implementation, in reality it is often much safer to use the public cloud than on-premises IT. Tech leaders like Amazon and Microsoft have significant budgets, with experienced professionals working to ensure that their clients’ data and applications are safe. In all likelihood, the IT security branch of these providers is significantly better funded and more experienced than those of their clients. However, it is still important to understand the security risks at play and carefully vet cloud providers to ensure that they are a proper fit for your organization and applications.
Financial – Cloud technology can help turn IT from a major expense to a significant profit enabler. By reducing costs through outsourcing much of the IT department to third parties and reducing the need to invest in expensive infrastructure, organizations can improve their overall profitability. Other companies are leveraging the cloud by using data collection and analysis, automation, and other new technologies to reduce expenditure and increase revenues. It is critical to stay abreast of current trends in order to maximize revenue and productivity and minimize expenses.
Still, many organizations remain reticent about new cloud technologies and are unsure what their real financial impact will be. IT professionals and executives need a solid framework upon which to base their cloud decisions in order to ensure that they are maximizing cost-effectiveness and getting the most from their cloud services.
Understanding the changing landscape – Cloud growth, automation, and other technological changes are shaping the way business is done, products are sold, and IT is managed. CIOs need to cope with this changing landscape by reallocating resources, finding personnel with the right skills, and reducing redundant staff and infrastructure. Understanding what actually needs to be done can be challenging, particularly if executives have limited experience working with new cloud technology. In order to make the right choices, organizations need to fully understand what these new innovations can actually do for the company, how they work, and how they should be managed. This requires a deep understanding of the technology and the marketplace.
Managing cloud contracts – One of the most challenging aspects of implementing the cloud in an organization is managing vendor contracts. Dealing with a range of cloud providers offering vastly different services and guarantees requires a comprehensive understanding of how the contracts are structured and what an organization really needs from the provider. Organizations must ensure that the provider complies with all local, applicable laws, that they have necessary control over any cryptographic keys used, that the provider has been recently audited, and many other similar details that might be overlooked by those who do not fully understand the current environment.
Getting the big picture – In order to manage all of these concerns, each organization needs a framework to understand where they are and where they’re going. With the shifting dynamics of the evolving IT world, businesses need comprehensive situational awareness. This allows them to understand their needs and how new technologies can help them stay competitive.
Evaluating your current state
In order to gain situational awareness and make better decisions when implementing the cloud into your organization, it is important to examine how others in your industry are being impacted by the cloud, your current state in terms of cloud consumption, and your needs. Organizations must ask themselves a number of questions.
What are the size, growth, and financial state of our organization?
How would our organization benefit from the cloud?
What cloud has our organization already adopted?
What cloud components would our organization like to implement?
Why is our business using cloud?
What cloud solutions are our competitors implementing?
How mature is our enterprise architecture and governance?
Where are there gaps between business expectations and what the cloud is delivering?
Do we have a cloud strategy to help stay competitive and reduce costs?
What are our performance needs?
Which applications can be safely moved to the cloud, and which must be kept on-premises?
Can the public cloud deliver the same or better performance as on-premises solutions?
Security and compliance
Does our company store sensitive information?
Which applications are mission-critical and need to exist in an extremely secure environment?
Can cloud vendors deliver the same or better security as the IT team?
What compliance regulations are relevant to our organization?
Do our current cloud vendors meet our cloud needs?
What are the contents of our cloud contracts?
Is our organization effectively managing our cloud vendors?
Making the move to cloud
Will the cloud be cost-effective?
Do we have the knowledge and staff to maximize the effectiveness of our cloud implementation?
What can benefit from being moved to the cloud?
What deployment model is right for our company? Will the flexibility and ease of public cloud be right, or do we need on-premises private cloud? Is a hybrid solution the best option?
What changes in governance, architecture and process are required to be effective?
When moving to a cloud environment, whether you manage your own cloud environment or use a cloud-service provider, there should be no difference between your IT management of your existing SLAs and associated systems. If anything, you should expect more from a cloud service provider, then what you may have already implemented in-house.
For example, imagine you have applied discipline to the management team of what was once a loose process consisting of one meeting a year, which usually resulted in priorities shifting based on squeaky wheels. You now run quarterly cross-functional meetings to review requirements and are holding to the priorities. In accordance with this, you are establishing a project management office (PMO). Your intent is to make the PMO not overly burdensome. Is the PMO standing on its own to help execute the individual projects on a transaction-by-transaction basis or squeaky wheel basis? Is the portfolio aligned to the business strategy? Who in the organization is ensuring the “right” technology and architecture for what the business needs? A solid PMO is a good part of the puzzle and needed for project (and larger program level) governance and execution, but without a mature enterprise-architecture function in the organization, are they the right projects? Are they ensuring the organization is making the right choices for technology to meet the business drivers and requirements, while ensuring technical risk is mitigated and stability is maintained or improved?
As part of this scenario, imagine you have many large-scale infrastructure transformation initiatives planned and some are in flight, so having a PMO to govern and manage them is a good thing. You have a roadmap to transform your infrastructure with a “rolling thunder” approach that will take at least three years and cost about $30 million. Your CFO and board are already aware and support it (even though your board may not know what the core technology is, and how it will solve the most pressing issues for the business and by when).
The strategic steps you have in mind include assessing the current state, developing the future vision (leveraging cloud and new technologies), developing the roadmap to achieve the vision, and executing. Today you are in the process of assessing your infrastructure, as a starting point. In developing your future vision you have a number of items that are known considerations, in-flight initiatives, and challenges you are facing – your enterprise requirements. They include the following hypothetical activities:
June 2016 is a milestone month. Your Enterprise Microsoft contract is up for renewal.
You plan to upgrade to JDE EnterpriseOne (your options in this regard are limited).
As has been planned, your JDEOne ERP implementation is likely to start.
As you look at renewal options you are considering migrating to Microsoft Office 365, to potentially reduce costs and administrative burden. This analysis should also start to consider integration of other capabilities from Microsoft SharePoint for collaboration, Microsoft Dynamics as a potential alternative for JDEOne, and as you are growing your B2B model and business you are possibly considering a CRM solution, which Dynamics provides as well, vs what you may have in house today.
Another potential integrated solution to investigate is Microsoft Azure. You may be able to further reduce application licensing and administrative burden, and reduce risks by going with a hosted Microsoft cloud offering through Azure.
Then, you start thinking. Today you are generally on-prem for about 50 enterprise applications. Should this be moved to co-lo or cloud? A benefit of moving away from on-prem will enable you to have resources focused on core activities. But what applications and workloads should be moved and can be moved? What are the risks?
Given the intended moves to MS and the JDE ERP installation you should be able to consolidate applications that will reduce resource requirements.
You are a VMware shop and are your IT staff is very comfortable with this. There is no issue here or compelling reason to change this.
Then as you get further into the analysis, you realize that moving applications into the cloud has network implications that need to be considered. Have you planned for this?
You also have apps that hold core systems of record in your datacenter on legacy systems (e.g. AS/400), that may not be the best candidates to re-platform (for interoperability reasons) or move off-premise (due to data privacy issues).
You’ve given a large portion of the responsibility for addressing and solving the above challenges to your IT operations manager, while maintaining, running, and operating your existing daily demands on IT.
You have heard (rightly or wrongly) that the cloud can be your saving grace to solve these challenges.
Your expectations for taking advantage of the cloud for the future minimally include lower HW investment, lower staffing requirements, and more flexibility and scale.
To further complicate the above, you may now also have existing applications or systems that are undergoing or in need of overhaul because they are not yet ready to meet new regulatory mandates. Your data may be at risk of exposure or not properly protected.
The above is a typical example of what all organizations are facing today. The challenges and obstacles are oriented on people, process, and technology. Introducing what can be perceived as disruptive technology can create additional obstructions for the business and your IT staff.
Before moving workloads to a vendor-hosted cloud, you need evidence that the vendor is already meeting regulatory standards (e.g., HIPAA, PCI-DSS, FedRAMP, FISMA) for organiations similar to yours.
As data proliferates, there is increasing improvement to standards that deal specifically with governance and management of data and information security, including the identification of risks and the implementation of security controls to address these risks. The ISO/IEC 27000-series is the most widely recognized and applied set of standards relating to the security of ICT systems.
The core standards are 27001 and 27002, with 27001 containing the requirements related to an information security management system, and 27002 describing a series of controls that address specific aspects of the information-security management system.
ISO 27001 is an advisory standard that is meant to be interpreted and applied to all types and sizes of organizations, according to the particular information security risks they face. In practice, this flexibility gives users a lot of latitude to adopt the detailed information-security controls that make sense to them, but can make compliance testing more complex than some other formal certification schemes.
ISO 27002 is a collection of security controls (often referred to as best practices) that are used as a security standard. Assuming that the design and/or operation of a cloud service provider’s information security management systems are consistent with the standard (e.g., there are no notable gaps) it can be asserted that their environment is compliant with the standard.
The 27001 and 27002 standards apply generally to the operation of ICT systems. ISO 27017 and ISO 27018 are two new standards under development that describe the application of 27002 to cloud computing. ISO 27017 deals with the application of the ISO 27002 specification to the use of cloud services and to the provision of cloud services. ISO 27018 deals with the application of 27002 to the handling of personally identifiable information (PII) in cloud computing, sometimes described as dealing with privacy in cloud computing.
At a minimum, cloud-service customers are advised to look for providers that conform to the ISO 27002 standard for information systems security. This is not necessarily specific to cloud computing, but the principles can still be usefully applied to the provision of cloud services (i.e, as a measure of maturity and as a necessary safeguard of doing “the right things” in an IT organization). A cloud-service provider can assert on its own behalf as to its compliance with a standard, but having an independent/qualified third-party certify compliance is a notably stronger form of attestation.
In addition, customers are advised to check whether their cloud-service provider conforms to ISO 27017 and ISO 27018, standards, since they are specific to cloud computing for information security and for the handling of PII, respectively.
WGroup is your preferred and chosen advisory partner to ensure that effective governance, risk, and compliance processes exist. If they don’t, we’ll show you how to implement and deploy them. However, this is just the first step. We are here to help you through the analysis of choices and architectural decisions you will need to make, with critical input from your team. We’ll help you adapt the leading and best practices implemented by those who have made this journey.
WGroup’s vision and capabilities align with the Cloud Standards Customer Council’s 10 steps to help your organization ensure success for secure cloud computing.
Ensure effective governance, risk, and compliance processes exist.
Audit operational and business processes.
Manage people, roles and identities.
Ensure proper protection of data and information.
Enforce privacy policies.
Assess the security provisions for cloud applications.
Ensure cloud networks and connections are secure.
Evaluate security controls on physical infrastructure and facilities.
Manage security terms in the cloud SLA.
Understand the security requirements of the exit process.
Taking a holistic approach to your challenges and in-flight initiatives, WGroup develops a strategy with you and your team. We meet your most pressing needs, but also align these to next steps in meeting your business strategy. In the most cost-effective and safest approach possible, we bring higher standards to your organization through service-provider capabilities and management.
Are you looking for expert assistance in driving your cloud strategy to higher levels? WGroup’s cloud strategy consulting services could be exactly what you need. Learn more athttp://thinkwgroup.com/services/cloud-strategy/.
An ever-expanding array of cloud applications and services is available. SaaS, IaaS, PaaS, private cloud, hybrid cloud, and other solutions offer unique opportunities and challenges for businesses. Organizations need to understand this wide range of options and determine which choices fit their needs.
Multiplying XaaS options – Each organization has unique cloud needs, and public-cloud providers are offering a growing range of options to meet them. Although many non-IT focused organizations may use pre-packaged SaaS solutions, others are leveraging more flexible offerings to fully or partially outsource internal infrastructure. IaaS has seen accelerated growth in recent years, with worldwide spending having increased by more than 30% in 2015. PaaS also offers another option for organizations looking for an environment to develop and customize applications.
Although these have been the standard XaaS options for several years, many cloud providers are offering an increasing range of service options. Storage as a Service, Communications as a Service, Network as a Service, and Disaster Recovery as a Service are all now common options for business. Another new service that is expected to increase in popularity in the coming years is Big Data as a Service, with the total big data market projected to reach almost $90 billion by 2021. These offerings allow companies to leverage powerful servers to collect and analyze data more cost efficiently and flexibly than would often be possible in-house.
Public, private and hybrid cloud – XaaS options exist in the realm of the public cloud, wherein many organizations share computing resources in a generic third-party-owned solution. This provides many benefits, such as economies of scale, flexibility, and reduced need for maintenance. However, some organizations find they need to create their own private cloud using proprietary servers. Many use a public deployment option in conjunction with in-house infrastructure in a hybrid cloud configuration. This allows them to take advantage of the flexibility and cost savings of the public cloud for certain applications, while keeping other applications on-premises for compliance or other reasons. This hybrid solution can offer many new opportunities for businesses that can’t fully outsource to the public cloud, allowing them to benefit from cost savings and get products to market faster.
Rising influence of MSPs – Another increasingly important option in the cloud arena is the managed service providers (MSP). These providers let organizations outsource their IT operations, providing security, maintenance, monitoring, and other services. Although these companies began managing servers for organizations remotely, many have grown to offer their own or third-party cloud services to customers. They can provide fully managed hybrid implementations, often including mobile device management. This can offer an attractive solution for small- to medium-sized businesses (SMBs) without the human resources to manage their operations in-house.