Better understanding of risk is critical to cloud deployment
There is a still a gap between cloud awareness and cloud-readiness of organisations considering implementing cloud solutions, says Jos Creese.
This was the main finding which emerged from a workshop where we evaluated awareness of risk, value and change management issues among some 40 IT and digital leaders through a new self-assessment framework.
Going through the responses in detail it is clear that if councils are to realise the potential benefits of cloud, the main task which lies ahead for IT leads is not so much in promoting the benefits of cloud – which are increasingly well understood - but in helping to identify, manage and mitigate potential risk.
A cloud adoption policy
A crucial first step that any organisation should take is to have a cloud adoption policy. Not every service is right for the cloud so IT leaders need to work with business colleagues to define when and how cloud can be used as part of a wider IT strategy. Equally, a patchwork of cloud services engaged over time can increase IT support costs, risks and complexity, leading to service management challenges. Although just over two thirds of the group we spoke to were aware of the benefits of such a cloud policy, very few had one in place.
A second step in preparing for cloud adoption, is having a depth of understanding of all main areas of risk in cloud migration. Our research found this an area which IT leads rate as important, but where there is a patchy understanding of what precisely needs to be done. We have developed a free checklist to assist which focuses on three main areas.
Not surprisingly, much of the task centres on data protection and data handling. Organisations need to understand where data resides now, the restrictions on how it can be used, where it can be stored, what protection it needs and processes for back-up and recovery.
A second area to consider is service continuity. This is not just about clarifying how IT disaster recovery will work in a cloud context but it is about embedding resilience in a new IT infrastructure which will rely on internet connectivity necessary for public cloud services.
The other risk area for evaluation is security of systems, networks and data transfer, especially how data and information will be protected and monitored in a cloud environment.
Risk assessment in these areas will help organisations prioritise what is most appropriate for cloud migration in the near term and the areas for which more time is needed to plan carefully.
A business case that stacks up
A further significant cloud adoption gap is rooted in the difficulty in identifying precisely the business benefits of moving to the cloud.
To overcome this there are two jobs to be done.
The first is to go beyond the sales pitch and get prospective cloud suppliers to be clear about how precisely they will work with you to deliver tangible value through the services they offer and how this can best be measured. This is something which a six out of ten of the leaders we spoke to said was important but a third did not know how to do.
This is a process which should assess the costs of migration, ongoing costs for service delivery, how the charging structure changes when your demand changes and lastly, how you exit from the agreement and the costs of this. This needs to be balanced against the direct and indirect savings from cloud.
These savings can be quantified in a variety of ways, dependent on the context. For instance, savings in IT may be relatively modest but cloud should avoid future costs of IT infrastructure. Equally, cloud deployment should deliver productivity benefits for staff or reduce property costs. A key part of the business case planning is to ensure that internal IT costs do not increase by a partial move to cloud.
Just a starting point
The three areas of policy, risk and financial modelling will create a platform which will allow IT leads to have realistic, business-focused conversations about how an organisation and service areas can approach a move to the cloud.
It is, however, just a starting point.
Identifying a new operating model for the IT team so you can understand how you will provide the support the organisation needs in terms of planning and running integration projects, putting in place audit process and clarifying how you will track and manage cloud deployment all need to form part of your planning.
Taken together, a move to cloud is a major change process as well as an opportunity for any organisation. But to manage that risk and opportunity effectively, you will need to ensure you have the right support and roadmap in place from your internal team and any cloud service suppliers before you proceed.
Jos Creese is principal analyst at the Eduserv Local Government Executive Briefing Programme
Formerly head of DDaT skills across government, Ellis has taken on public sector-focused post at cloud heavyweight
Rounding up the Tories’ key pledges in the area of digital and data, including a new cybercrime force and tax incentives for investments in cloud computing
In an interview with the Civil Service World podcast, the former Cabinet Office minister discusses frustrations of attempts to push through digital and procurement transformation
Role comes with a remit to oversee the work of 140 staff across four areas