Cloud Strategy: data collection

Here is part 6 of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss how to build your strategy and data points that must be considered.

When considering & building a cloud strategy, organisations need to consider business objectives/outcomes desired, quantifiable and time-bound goals as well as identify specific initiatives that the enterprise can and should undertake in order to execute the strategy and achieve the goals set. As shown by surveys on the subject by Gartner in 2013 and 2014, process and culture are likely to be big hurdles in any move to cloud. Therefore, involving all aspects of the business and gathering the right information can assist in building the right strategy and identify potential problems ahead of time.

The first concrete step to take to building this strategy is to gather the data points to identify and define those objectives, goals and initiatives for the entreprise in the near – and mid – terms. Once the data is collected, you can review, analyze and identify the business outcomes desired, set the (quantifiable) goals and define the specific initiatives you want to put in place to achieve them. This should not be a strict price or technology evaluation.

Data Collection
The data points needed will have to come from various parts of the organisation (business units, finance, HR and IT). Some of the information required may take the form of files, but a lot of the required information will reside with your staff directly, and so interviews should be a part of the data collection process. These interviews should take up to a few hours each and focus on the interviewees functions, processes used and required/desired business outcomes, to provide insight into the actual impacts to the business before creating your cloud strategy.

With this data, you will be in a position to account for all aspects touching cloud computing, to see what it will affect and how, to evaluate its effect on the balance sheet (positive or negative) and decide on your strategy moving forward.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy – human impacts across organization

Here is part five of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss the impact on human resources.

Resources in your organisation will be impacted by this change. Both on the IT side and on the business side. While helping companies move to cloud we have had to assist with adapting IT job descriptions, processes and roles within the organisation.

As the IT organisation moves into a P&L role, its success starts to be tied to the adoption by the stakeholders of the services offered. To do this, IT needs to get closer to the business units, understand their requirements and deliver access to resources on-demand. All this cannot happen unless things change within the IT group.

As companies automate their practice, and create a self-service portal to provision resources, some job descriptions need to evolve. A strong and clear communication plan with set milestones helps employees understand the changes coming to the organisation, and involving them in the decision process will go a long way to assist in the transition. We have seen that IT organisations with a clear communication plan at the onset that involved their employees in the process had a much easier transition, and faster adoption rate than those who did not.

Our experience helping customers with cloud computing shows that cloud alters significantly IT’s role and relationship with the business, and employees’ roles need to evolve. Training, staff engagement in the transition and constant communication will help your organisation significantly move to this new paradigm.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: technological impacts

Here is part four of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on technological impacts to consider.

Not all software technology is created equal. Indeed, not every application will migrate gracefully to the cloud, some will never tolerate the latency, while others were never designed to have multiple smaller elements working together, rather than a few big servers. This means your business applications will need to be evaluated for cloud readiness. Indeed, this is possibly the largest technological hurdle, but, as with all technology, this may prove to be easier to solve that some of the other organisational issues.

One should look at the application’s architecture (n-tiered or monolithic), tolerance to faults/issues (e.g. latency, network errors, services down, servers down) and how the users consume the application (always from a PC, from the office, or fully decentralized, with offline and mobile access), to evaluate options for migrating an application to the cloud. Current growth rate and state of the organisation are often times mirrored in its IT consumption rate and requirements. Certainly, an organisation that’s under high growth rates or launching a project where growth is not easily identifiable can possibly benefit significantly from a scalable, elastic cloud model, whereas an organisation with slower growth, familiar / standard projects and predictable IT requirements will not likely assess the value of cloud computing the same way. Accountability of resources and traceability of all assets in use may be of bigger concern.

Architecture, applications and legacy environments are all technological considerations that should be factored in any cloud computing viability & readiness assessment, but that should probably not be the main driver for your cloud strategy.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: legal impacts across the organization

Here is part three of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on legal impacts on your organization.

“Location, location, location”. We’re more accustomed to hearing this in the context of the housing market. However, where your company’s headquarters reside, where your company does business and where its subsidiaries are located directly impact how you need to manage sensitive information, such as strategic projects, HR/personnel information, etc.; essentially, IT needs to account for data sovereignty laws and regulations.

Various countries have already voted or are moving towards voting on more restrictive data sovereignty legislations that will control the transit of information out of border. For example, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) already governs how IT organisations can collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. Essentially, all personally identifiable information must stay in country, at rest and in transit, meaning that using a cloud provider in the US or any other country with said data could expose the company – and you – to a lawsuit, unless the cloud provider can guarantee no aforementioned data ever leaves the country at any time, including for redundancy/DR purposes.

While the previous Act covered what must be protected, the American law (the USA Freedom Act, and its previous incarnation, the Patriot Act) enables the US government to access any and all data residing on its soil, without owner’s authorization, need for warrant and without even the need to notice the owner before or after the fact. The few data privacy provisions in the bill apply to American citizens and entities only. This means all data housed in the US are at risk, especially if said data is owned by an organisation whose headquarters are out of country.

If in Europe, laws vary from country to country, we find that the regulations on data protection are becoming more stringent, requiring the establishment of procedures and controls to protect personal data and obtaining the explicit authorization of persons to collect and use their information. All this imposes guidelines to the use of the cloud within the country or outside their borders.

Typically, data sovereignty should be a concern for most organisations when looking at cloud and, as the current trend is for countries to vote in more stringent laws, any and all cloud strategy should account for local, national and international regulations.

Benoit Quintin – Director Cloud Services – ESI Technologies

Cloud Strategy: business impacts across the organization

Here is the second part of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on business impacts on your organization.

Most markets are evolving faster than ever before, and the trend seems to be accelerating, so organisations globally need to adapt and change the way they go to market. From a business standpoint, the flexibility and speed with which new solutions can be delivered via cloud help enable the business units to react faster and better. So much so, that where IT organisations have not considered automating aspects of provisioning to provide more flexibility and faster access to resources, business units have started going outside of IT, to some of the public cloud offerings, for resources.

Planning for cloud should consider people and processes, as both will likely be directly impacted. From the requisition of resources, all the way to charging back the different business units for resources consumed, managed independently from projects’ budgets, processes that were created and used before the advent of cloud in your organisation should be adapted, if not discarded and rebuilt from scratch. IT will need to change and evolve as it becomes an internal service provider (in many instances, a P&L entity) – and resources broker for the business units.

Considering the large capital investments IT has typically been getting as budget to ‘keep the lights on’, and considering that, until recently, this budget had been growing at double digits rate since the early days of mainframe; the switch from a capital investment model to an operational model can impact the way IT does business significantly. Indeed, we have seen the shift forcing IT to focus on what it can do better, review its relationships with the vendors, ultimately freeing up the valuable investment resources. In many organisations, this has also translated to enabling net new projects to come to life, in and out of IT.

Once this transformation is underway, you should start seeing some of the benefits other organisations have been enjoying, starting with faster speed to market on new offerings. Indeed, in this age of mobile everything, customers expect access to everything all the time, and your competition is likely launching new offerings every day. A move towards cloud enables projects to move forward at an accelerated pace, letting you go to market with updated offerings much faster.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud computing: strategy and IT readiness – Transformation in IT

Here is the first of a series of articles that provide both business and IT executives insights into the key issues that they should consider when evaluating cloud services, paying particular attention to business and legal ramifications of moving to the cloud environment, whether it is private, hybrid or public.

cloud-question-mark-710x345For the last few decades, IT organisations have been the only option for provisioning IT resources for projects. Indeed, all new projects would involve IT, and the IT team was responsible for acquiring, architecting and delivering the solution that would sustain the application/project during its lifecycle, planning for upgrades along the way.
This led to silo-based infrastructures – and teams -, often designed for peak demand, without possibilities of efficiency gains between projects. The introduction of compute virtualization, first for test/dev and then for production, showed other options were possible and available and that by aggregating requirements across projects, IT could get significant efficiencies of scale and costs while getting more flexibility and speed to market, as provisioning a virtual server suddenly became a matter of days, rather than weeks or months.
Over time, IT started applying these same methods to storage and network and these showed similar flexibility, scalability and efficiency improvements. These gains, together with automation capabilities and self-service portals, were combined over time to become what we know as ‘cloud offerings’.
In parallel to this, IT, in some organisations, has become structured, organized, usually silo’d, and, unfortunately, somewhat slow to respond to business needs. This has led to a slow erosion of IT’s power and influence over IT resources acquisition, delivery and management. Coupled with the existing commercial/public cloud options these days, capital is rapidly leaving the organisation for 3rd party public cloud vendors, also known as shadow IT. This raises concerns, not the least of which being that funds are sent outside the organisation to address tactical issues, typically without regard to legal implications, data security or cost efficiency. These issues highlight IT’s necessity to react faster, become more customer driven, deliver more value and provide its stakeholders with flexibility matching that of public cloud. Essentially, IT needs to evolve to become a business partner; cloud computing providing the tools by which IT offers flexibility, scalability and speed to market that the business units are looking for in today’s market.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud’s Biggest Challenge: Data Sovereignty Laws

Cloud technologies are now integrated in the solutions used by companies: the promise of standardization and simplification without regard to physical or geographic boundaries, meets the requirements of corporate flexibility for an access to data anywhere, at all times on all their devices.

This explosion of virtualized data now requires countries to legislate to protect their citizens’ data, and forces cloud providers to implement practices which respect increasingly strict rules of governance, requiring from companies that collect, use and store data to keep them in the country where they were collected.

Organizations rely on the expertise of cloud solution providers but the best technology does not exempt them to think and plan, as ultimately they remain accountable for their data, no matter where they are hosted. Organizations have the responsibility to respect the laws of the countries where they operate.

How can we ensure to deal with a cloud provider who complies with the laws of the country?

It is the organization’s duty to establish proper governance rules and controls to ensure compliance of solutions in place. If technology is an invaluable resource, you must not make the mistake of being influenced by a specific solution. In other words, do your homework!

  • Data_Center-1024x682Create your roadmap – Where do you plan to expand your market? In case of expansion, start to gather information on the laws in force in the target countries to know the restrictions imposed by their legislation to assess what it will cost you to comply with them.
  • Learn about your cloud provider – Where is your data stored by the provider? Does it respect your governance rules? Is the provider able to provide proof?
  • Assess the strategic importance of compliance – Compliance with governance rules is not the same for everyone. How important is data protection to your business and how many resources are you willing to dedicate to it? You can manage data sovereignty on your own, or entrust it to an external provider.

Canadian integrators and datacentre providers are the way to go to give companies the option to do business with partners who understand the needs of their stakeholders, close to where they do business.

Patrick Naoum, Executive Vice-President – Strategy, Alliance and Client Solutions

See on this subject the article by Mike Ettling, President of SAP SuccessFactors: http://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/

Got your head in the cloud? Keep your feet on the ground!

A couple of weeks ago, ESI in partnership with NetApp, hosted a very special event on cloud computing & associated data privacy legal issues. Guest speaker for this event was non-other than Ms. Sheila FitzPatrick who is recognized by data protection authorities worldwide as one of the world’s leading experts on data protection legislation and the compliance process.

I had the chance to be briefed on this presentation by peers at ESI at which some of our clients were conveyed and one thing really hit me in the same way it hit all the participants at this event: the most important thing to remember with cloud services is that your company and you as a manager of that company will be held accountable for any data privacy issues of the cloud service provider you signed on with.

There you have it. You remain the owner and the person responsible for that data even though you no longer have control over it.

cloud-keyGiven that there is no transfer of legal responsibility from you to the cloud provider with regards to data, a long checkup list ensued that included questions such as: how does the cloud provider separate my data from other clients’ data? Where is it stored (under which jurisdiction)? How strong is encryption? How does it get moved to the cloud provider? Where are located my backups? How secure is data transfer?… This is only a very small sample of that checklist.

A local presence by a cloud provider doesn’t mean your data is entirely local. Often your backups are sent offshore in another country governed by different laws and in some cases this goes against the legislation to which your company must comply.

In short, cloud technology is much less about technology than it is about legal compliance, SLAs and contract management. Of course, there is still obviously a strong technology component to it. At ESI, and its network of partners like that of Ms. Sheila FitzPatrick from NetApp, we can help companies navigate through this to set their cloud strategy in motion in full understanding of what is at stake, since it all comes down to a question of risk management: what to move into a public cloud, what to keep in a private one.

Charles Tremblay, ESI Account Manager