Enterprises are continually under threat of being undermined by the competition. In seeking market leadership status, each internal department is charged with finding opportunities for greater cost efficiency, improved agility, and flexibility. Cloud services feature high on the list of strategic priorities for IT directors, as cloud provides many of these benefits and enables competitive differentiation and innovation by removing many of the obstacles that occur in traditional IT delivery models.
Yet, cloud services are not featured prominently as part of mission critical IT services. Organizations explore and test cloud platforms, issue requests for proposals and, in some cases, business units procure cloud services directly from providers without the knowledge of their IT department. Many of these initiatives are successful and deliver on the value promise made by cloud providers. However, often these projects reach a dead end as organizations elect to move only their non-critical workloads into the cloud, while continuing to deliver critical services from dedicated on-premise environments.
Why isn’t cloud used for all IT services?
There are two main reasons why cloud services are not considered as a primary delivery model for enterprise IT:
Traditionally, service providers have encouraged clients to start small, with low impact application migrations and use cloud for dev/test and user acceptance testing (UAT) initiatives. Their hope is that this will foster extended cloud growth over time to other areas of the enterprise.
In the past, cloud providers targeted these “easier” use cases for cloud and built their offerings to deliver the requirements of these applications rather than for mission critical production workloads.
In light of this, IT directors reach a crossroads when the time comes to refresh production application environments. On the one hand, cloud has proven to deliver on the promise of agility, scalability, and cost efficiency that defines its value proposition. On the other, it has not proven itself capable of providing a secure and reliable environment in which to host an enterprise’s critical production workloads.
In situations such as this, it is important for IT directors to seek out a cloud services partner who can meet not only the basic technical and governance criteria of their applications, but can also provide the consulting and migration services needed to optimize this journey.
Factors for selecting the right cloud provider
IT directors must take into account five criteria when determining which applications can be officially migrated to the cloud. In the case of production and revenue impacting workloads, it is critical that the migration occurs seamlessly.
Service level agreements
Many providers are able to provide a service level agreement (SLA) based service, but often this can come at an additional cost, or with complicated measuring criteria. IT directors should never fall into the trap of assuming that the cloud provider’s definition of availability is the same as theirs as it can lead to costly outages which do not result in any form of penalty or compensation. A well-understood SLA, which forms part of the basic service offering from the provider without adding any additional overhead, is key to providing peace of mind.
Perhaps the greatest objection to any cloud migration is the matter of security and the level of control that governs the cloud platform operation and design. Cloud provider compliance continues to become more important and it is critical for organizations to choose providers who comply with relevant certifications. Specifically, SSAE 16 SOC 1 and ISO 27001 certifications are fundamental in determining whether a cloud provider is able to deliver their service with the necessary governance and control that hosting production workloads in the cloud demands.
Additionally, the underlying security architecture of the cloud platform, the mechanism by which client data is segregated and the tools in place around platform access, is also key to a safe and secure operating environment. Providers should make use of best practice tools and architectures to effectively segment network and data access, and they must be willing and able to demonstrate capabilities in this regard. IT directors should also have the option of defining their own security posture based on their unique requirements by choosing how users access their systems, implementing multi-tier architectures to logically separate low, medium, and highly secure applications components and defining the types of traffic allowed into and out of their environment. They should also not be required to expose their data to the open internet when replicating between a provider’s multiple sites.
Production workloads are also subject to additional considerations around geography. While the hosting location of a dev/test/UAT system may not need to take any data sovereignty laws into account, a production application which is constantly storing, generating, and manipulating data definitely does. By that same token, while non-core applications can absorb latency-induced slower response times, any poor performance from a production system not only affects the efficiency of its users, but may also lead to a greater overhead on the IT service desk managing user complaints. Lastly, the ability to roll out application presence within a target region is key to being agile in order to address new market opportunities, while not sacrificing speed of access or governance.
Production workloads require a proven, leading-edge infrastructure platform, consisting of enterprise grade technologies that deliver applications within expected performance parameters while achieving uptime targets. The platform architecture should be designed in such a way as to avoid performance issues such as “noisy neighbor” in which excessive resource usage by one company affects the performance of another, as well as storage hotspots which result in reduced I/O and cause longer wait times for applications to write and receive data. IT directors must be confident in the capacity planning capabilities of their provider to ensure readiness should their business needs escalate quickly and require significant scale.
In the cloud, building brand new applications or moving loosely coupled or non-core workloads can be done easily with a simple set of steps. Moving a tightly integrated business critical system is far more complex, made infinitely more complicated when multiplied by the number of production systems that a typical enterprise operates. In addition, a move to the cloud often requires a re-architecture or refresh of technology as well as certain organizational changes to accommodate potential modifications in administration and management of these systems, accessibility and control, as well as cost management. For this reason and many others, choosing a partner with migration and consulting expertise is important to ensure that the cloud is leveraged in such a way as to minimize impact, unlock efficiencies, and improve overall service value.
The key message for any company considering moving production workloads to a cloud service provider is to choose a partner with a platform designed with production applications in mind. One that is able to offer their service with the necessary service guarantees and compliance alignment that enterprises consider critical to operations. Some cloud deployments will be best served by a broad set of features and capabilities that are powerful and can often speed up deployment and delivery times.
However, for production workloads with custom code and unique implementation architectures, it is more important that once deployed they are able to run reliably, securely, and predictably to truly deliver the benefits of cloud in a mission critical environment. Lastly, a partner with a rich set of complementary services, such as consulting and migration which enable effective cloud adoption and usage, can prove to be the difference between introducing an innovative shift in the way IT services enables their organizations, instead of simply maintaining the status quo.