Chapter 11

Begin Your Transformation Journey

“When it comes to moving a large organization, cloud transformation is 70% cultural and 30% technical.”

Philip Armstrong, Chief Information Officer, Great-West Life

There is an old Chinese proverb that states, “The best time to plant a tree was twenty years ago. The second best time is today.” Cloud transformation has become imperative for any organization that wants to not only survive in a changing world but wants to thrive. An IT leader may have reservations about cloud transformation based on two primary concerns: Can cloud transformation happen without making disastrous mistakes? And can it be done securely? The answer to both questions is “yes” and here are some best practices as gleaned from many of the IT leaders in this book on how to accomplish a seamless and successful cloud transformation for your enterprise.

Overcome resistance

A decision to start down the cloud path is often prone to resistance. The level of resistance to change varies from organization to organization—people are comfortable with what they have been doing, and how they have been doing it. The technology, network configurations, applications, and data centers that have been purchased or built at great expense are still functioning today. Why disrupt that?

The cloud brings about a dramatic change that entails giving up the physical control of servers, hiring new talent, training developers and IT support staff in new technologies, and getting an organization to work together towards a new mandate. The sunk cost in security gear and multiple layers of alerting and reporting tools will be written off. But, as can be seen from the many stories from the IT leaders featured in this book who have successfully navigated their cloud transformations, the benefits are real and multifold.

Cost savings, agility, better security, and new capabilities can all help drive that decision. Some of the IT leaders in this book took an all-in approach, while others took an incremental path.

Make a plan

Evaluate the business areas or applications where cloud adoption can have the most immediate impact. Convene a team of stakeholders including your architects, security team, finance, and senior management. Get a snapshot of where the company stands today versus where it has to go from a technology perspective. Is there a need to modernize, similar to what Philip Armstrong at Great-West Life shares in Chapter 9? Do your customers expect more of you? Have you had a breach recently? Did NotPetya or WannaCry impact your operations? Are you having trouble staffing your DevOps, security, and IT leadership roles? Do you have the right people, partners ,and technology to embark on the phases of this transformation journey?

Map your network and future plans for new locations. Quantify the amount you spend on MPLS circuits. Have you budgeted for a gateway refresh to upgrade your firewalls? Do you understand what your traffic mix is—internal versus external? How much of your traffic is encrypted?

How did your last M&A experience fare? Could you quickly consolidate IT operations or is that still ongoing? Will there be any future M&A activities?

Considerations before you begin

As you embark on your cloud journey keep these four things in mind:

Finding the budget

Alex Philips at NOV used cloud transformation as a cost savings measure. A downturn in the oil and gas industry created an immediate requirement for his organization to reduce costs. He discovered that he could provide more services at a higher quality and with less budget. For others there may have been a need for additional budget, especially when launching cloud projects in parallel with legacy approaches, with a plan to switch over later. Demonstrate to your team and superiors how future savings from getting out of the data center business will provide your organization with a return on that investment.

Get your team onboard

Perhaps the greatest challenge to a successful cloud transformation is changing the mindset of your team. This starts with top leadership—you need to create champions and supporters. They have to be convinced that moving to the cloud is the right decision for your organization, and they have to communicate that conviction clearly.

Overcoming this hurdle starts with having the right team to execute on this journey. You may have to hire new talent or bring in an experienced team of consultants. One CIO (not interviewed for this book) took a dictatorial approach. He convened a meeting of his IT staff to announce their cloud-first strategy. He informed them that if anyone who was not happy with this new direction should quite simply “pack up and go hug their server goodbye.” That may be the right approach at some organizations to get change to happen, but more the exception than the norm. Most leaders will find that winning the hearts and the minds of their teams will be more productive.

Start by creating a simple and clear message that can serve as a mantra for the organization. Offer training in cloud services to your developers. By now most developers understand that career advancement comes with being cloud savvy. A firewall administrator may wonder what will happen to his or her job if there are no more firewalls. Fortunately, there are always valuable roles for security and network people. They can be engaged to ensure that applications get refactored securely. They can spend more time on red/blue team exercises. The mundane day-to-day tasks of upgrading and patching the firewall policy change control can now be replaced with strategic decisions and activities that put them on the frontline of cyber defense for the organization.

Select the right cloud service provider for your business needs

Your planning exercise should aim to lay out the requirements for the technology stack. Understand what is required from your SaaS services. For application transformation, prioritize which internal applications need to be moved to the cloud. For network transformation, prioritize meeting with your telecom provider and learn who they partner with. Learn what technology has worked for companies of a similar size and geographic distribution. Be aware of the technology interdependencies in your network and security stacks.

One aspect of ROI that is hard to measure is the cost savings from avoiding security incidents. If you have historical data on the time and costs associated with out-of-cycle patches, the clean-up of infected hosts, password changes to compromised accounts, and recovery from ransomware, you will be well armed to claim those cost savings for your return on investment calculations.

How to de-risk cloud transformation

One of the attractions of the cloud is that technology decisions and innovation in the cloud are inherently less risky than with legacy models. Gone are the days where switching ERP vendors or computing platforms were multi-year projects. Where once there were long-term risks and costs associated with making technology decisions, the cloud introduces agility and flexibility. We are not advocating that it is always pain-free to switch from one SaaS application to another or one public cloud to another, but it is much easier than the retrofit of equipment and data centers that these types of decisions called for in the past.

De-risk your cloud transformation by picking partners that use open standards and integrate with the other major players. Avoid taking steps that lock you into a particular supplier. Evaluate if you can move your applications across clouds—Azure to AWS to Google Cloud. If you are doing network transformation with SD-WAN, ensure that your SD-WAN investment will work with multiple telecom providers and that you can decouple your identity and access management solution from the rest of your technology stack.

Build justification for investment

The importance of measurement comes into play when you are demonstrating return on investment. If you are considering network and security transformation, make sure that the cost savings from eliminating MPLS charges and avoiding the refresh of network security gear every three years is tracked. In this way you can build support for your cloud transformation efforts. While your costs go down, your users, like those at National Oilwell Varco as highlighted in Chapter 5, will think you are spending more as they notice consistent response times from wherever they are located. They will get access to new features in applications as they come out. Performance of key apps like Office 365 will improve. No more cumbersome VPNs to deal with from hotels and airplanes.

How to begin

The cloud journey begins with identity.

The first step to cloud migration is to get identity right. Choose an identity management system that:

1. Holds all the identities of your employees and contractors

2. Integrates with multiple authentication systems (username/password, one-time password tokens, biometrics, card keys)

3. Provides granular control over authorizations by individual and group

4. Is standards-based

The key is to consolidate identity to a single provider. In the cloud world, this is often Azure Active Directory, Okta, or Ping. Have one identity for the enterprise. This is not an easy task, but it is the most critical step in getting your cloud transformation right.

Start with SaaS applications

As Scott Guthrie from Microsoft shared in Chapter 7, the best place to start your cloud journey is with SaaS. You immediately begin to experience the benefits of the cloud. Most companies start with Salesforce or Microsoft Dynamics for a CRM package, or Workday for HR, or ServiceNow for customer support. If you have a significant investment in a software application in your data center for one of these capabilities, perform a Total Cost of Ownership (TCO) analysis to see if continuing to maintain on-premises software is the best thing. Audit which custom features your team has developed over the years, and ascertain if they can be replaced by a SaaS product. Every in-house application you transition to SaaS is one less headache for maintenance and support and frees up resources for the next phase.

And then there is Office 365, which is on the radar of every large enterprise. But this requires careful planning for a successful deployment because it can be a burden to the network, has a lot of moving parts, and touches every employee.

Use public cloud for other applications

Identify your most critical business applications for which there isn’t a viable SaaS replacement. Start to refactor your applications so they can run in the public cloud. This exercise could be as straightforward as moving them from your data center to the cloud (lift and shift). You may have to “webify” the user interface or change the backend database (partial refactoring). Look at applications that have to be rewritten entirely (refactored). This is your chance to make the application fit for purpose, or expose it to more users, or even to customers.

Move to a hybrid network

Once the move to SaaS and public cloud is underway, take a look at your network usage. You will find that much of your traffic is being backhauled from remote locations just to be re-routed to the internet. Improve the user experience at those locations by providing local internet breakout as Siemens did [see Chapter 3]. Their web browsing experience will be dramatically improved, and the corporate network will no longer be a bottleneck to their productivity.

Deploying local breakouts is your chance to capture cost savings. Local breakouts enable you to downsize your expensive MPLS circuits or eliminate them altogether.

Securely connect your users to applications

As you move closer and closer to a network topology that uses the internet as your corporate network, you can progress to a cloud security model. Security and access controls are as close to the users as possible within each office, and every user connects first to a cloud security checkpost over an encrypted link. The checkpost replaces your gateway security devices, and delivers cost savings. And like other cloud services, the tasks of managing updates, configurations, and patching now is handled by your cloud security provider, relieving you of the operational overhead. A good example of this is shared by Ken Athanasiou of AutoNation in Chapter 4.

All your traffic should be over SSL to provide for secure communications. Ensure that your security solution gives you the capability to inspect SSL traffic.

To complete your cloud transformation securely, ensure secure access to all your internal applications regardless of user or device location, be it on the manufacturing plant floor, ERP systems, or IoT devices in the field. Use a cloud security checkpost to broker connections between authenticated users and the applications they are authorized to use. These internal applications now become invisible to the outside world. Only your users will be able to find them, whether they are in your data center or hosted in the public cloud. Tony Fergusson of MAN Energy shares a good example of this in Chapter 4.

Begin Your Journey

The best time to start your cloud journey is today. Use these steps to create a future where the cloud is your data center and the internet is your corporate network. It is a future where users can access the applications they need from anywhere in the world, securely.