“The key to a great landing is a stabilized approach”
Two of my passionate interests are aviation and leading enterprises in their cloud adoption journeys. Interestingly, I have discovered that enterprise cloud adoption is analogous to piloting an airplane. Common elements such as detailed planning and crisp, clear communications, combined with flawless execution, are all vital to success. Keeping this analogy in mind, let us look at the critical phases of flight, and relate them to a successful journey to the cloud.
Thorough and deliberate planning is absolutely essential to a successful enterprise cloud program. Here are the critical elements which must be carefully considered prior to takeoff:
- Check the Forecast
- What does the political landscape look like in the organization?
- Do you have solid senior executive sponsorship and support?
- Is everyone on board with the cloud program?
- Are there any distractions that could potentially stall the project?
- Are the application owners actively engaged, and in support of the program?
- Is your information security team actively involved and endorsing the cloud adoption?
Answers to all these questions must be well understood prior to initiating a cloud program. I have seen large cloud adoption projects struggle to get off the ground due to the lack of executive sponsorship, organizational resistance and misalignment with application owners. Your information security team is also critical to success and must be actively engaged from the start. If your entire organization, from the top down, is not truly committed to the cloud program, it will stall. You must have a “Cloud First” strategy, with strong organizational alignment.
Who will be your pilot in command of the program? You need a cloud champion in the organization who is responsible for all aspects of your adoption effort. This leader must also have the organizational authority, with executive support, to make quick decisions on the overall program.
Flying requires significant training and practice, and so does the cloud. Get your staff properly trained and cloud certified by implementing a comprehensive cloud training program to develop the necessary skills throughout the organization.
You also need to identify a cross-discipline core team, and they should ideally be 100% dedicated to the cloud initiative. I’ve seen many cloud projects falter because they utilized a loosely defined, virtual team who were constantly distracted by their “day jobs.” Your cloud program needs laser focus, with dedicated resources, to be successful. Establish a Cloud Business Office (CBO).
The inherent transformational nature of cloud programs absolutely necessitates establishing a cloud governance function within your organization. Trust uson this one, you need it. Name it whatever you want: steering committee, center of cloud excellence, etc. CTP uses the term Cloud Business Office. Your cloud adoption program will impact and transform all areas of the organization and involve many stakeholders. Therefore, the CBO should comprise leadership from all functional areas across the organization, including IT Ops, Development, Information Security, Finance, Legal, HR, Architecture and Application Owners.
Traditional Job definitions and responsibilities will change in the cloud. Lines will blur between development, support and IT Operations, into a more agile, cloud-centric, DevOps/CloudOps/SecOps model. Therefore, standards must be established to identify approved service catalogs of cloud elements the organization can consume and implement. And processes must be enhanced to accommodate and support data privacy and data sovereignty concerns in the cloud.
The CBO should oversee and champion all these changes, and remove conflicts and roadblocks within the organization. The CBO should be a permanent, governing organization that acts as the central point of decision-making and communication for your cloud adoption program.
A comprehensive and detailed plan is absolutely essential for success. The development and management of this plan requires the leadership skills of a very strong program manager. He or she must have the political capital and skills to navigate the transformational land mines in the organization.
Cloud adoption is a perfect fit for agile methodologies due to the iterative nature of the implementation. It should include iterative sprint planning, and working against a backlog of epics and stories. Once the plan is developed, it needs to be published and well understood by all parties.
Like it or not, a pilot is expected to understand and comply with all FAA regulations when operating an aircraft. My personal favorite is this one:
91.103 Preflight action.
Each pilot in command shall, before beginning a flight, become familiar with all available information concerning that flight.
The same holds true with a cloud program. All available information must be considered, including regulatory compliance. You must involve the governance, risk and compliance and legal teams early in the project to ensure compliance in the cloud for your organization. HIPAA, PCI, CIS, SOC, HITECH, CSA, FISMA, NIST, ISO and Reg SCI are just a sample of the typical regulations and frameworks you may be expected to comply with.
CTP has vast experience with cloud implementations for highly regulated industries, and we can assist your organization to successfully navigate this very complex regulatory landscape. Also, our managed solution offerings include capabilities to ensure and enforce ongoing, continuous compliance with these regulations.
You have your pilot and crew, checked the forecast and developed a winning plan. Now it’s time to buckle up for takeoff. This critical phase of flight is exciting, but prior to wheels-up, you must have a well-defined landing zone.
The most effective way to to establish this landing zone for the migration of your application workloads is to utilize a Minimum Viable Cloud (MVC) approach. The MVC is a core concept to CTP’s cloud adoption methodologies, providing many benefits to an organization. It involves building, in line with NIST 800-53 standards, an initial cloud platform that:
- has a highly available and resilient architecture leveraging multiple compute regions
- includes a hub and spoke architecture design
- utilizes a shared services design, which houses common, centralized elements, such as logging/monitoring platform, continuous integration/continuous development (CI/CD) components, etc.
- is highly secure, including full encryption in flight and at rest
- supports your application’s RTO/RPO Disaster Recovery requirements
- is fully represented in automation code (including networking and all security components, such as identity and access management, asset tagging and naming, firewalls, etc.)
- is instrumented with appropriate CloudOps logging/monitoring/alerting capabilities
- is able to support proper financial governance through asset tagging, monitoring and reporting
- includes secure and redundant connectivity to on-premise networks
- has complete documentation and operational runbooks in place prior to production deployment
The MVC should utilize an iterative approach with multiple phases leading up to a production-ready environment. The first phase will establish the foundational elements for the non-production environments, and subsequent phases will lead to full production readiness.
In doesn’t make much sense to “build a house” without actually “moving in.” Selecting an initial pilot application for migration to the MVC environment is absolutely critical to a successful adoption program. Migrating an application to production immediately after implementing the MVC will not only exercise the actual cloud infrastructure, including all of the associated processes and controls, but it will also force all teams to fully engage during the process of application refactoring, migration and ongoing support. This exercises the collective muscle of the entire organization.
Every project will experience rough air at some point. Yes, you WILL encounter turbulence and/or headwinds in your flight to the cloud. But if you have conducted a thorough pre-flight inspection and have a solid plan, you will be able to ride out the turbulence with minimal repercussions. When faced with a stiff headwind, embrace it. The project’s reduced velocity will provide opportunities to validate your course, check in with your crew and make any necessary adjustments.
For a pilot, it’s all about the landing. Even if you accomplished a perfectly executed flight, everyone remembers a rough landing. Utilizing the stabilized approach of the MVC, along with the implementation of a CBO, proper planning and staff training, will undoubtedly lead to a smooth and successful landing for your cloud adoption program.
Have a safe flight!