Beruflich Dokumente
Kultur Dokumente
cloud SaaS
IaaS
Private
cloud
Public
cloud
PaaS
The growth and maturation of the cloud Some notable examples of leading
marketplace has not only proven the software deployed via cloud services
viability of commercial cloud offerings include business productivity suites (such
but also represents a fundamental shift as Google G Suite, Microsoft Office 365),
in technology management philosophy. customer relationship management
With traditional practices garnering limited (e.g., Salesforce.com), enterprise service
return on investment and providing limited management (e.g., ServiceNow), talent
business agility, organizations are moving management (e.g., SuccessFactors, Taleo),
away from the do‑it‑yourself mentality and and even full suites of Enterprise Resource
toward using technology services from Planning (ERP) solutions. This list is rapidly
cloud services providers (CSPs), who can do expanding as software companies begin
things better, faster, and often cheaper. the transition from delivering their software
as on‑premise installations to software
While many organizations are apprehensive as a service (SaaS) delivery models.
about adopting these types of services,
the cloud is an inevitable part of IT Embracing the cloud will soon be a
service‑delivery models of the future. In matter of sheer survival. Competition,
fact, your organization is likely already in disruption, and transformation are
the cloud, with employees having the ability compelling companies to continuously
to procure cloud‑based solutions with the improve their operations to drive agility,
swipe of a credit card, whether sanctioned savings, efficiency, and enhanced customer
by your IT team or not. This creates risks experience. For many organizations,
related to ‘shadow IT’, or solutions adopted differentiation is no longer just a concern
without the consent and/or approval of IT. for the marketing department but the key
to surviving a fast‑evolving marketplace.
Moreover, your technology vendors are
going to the cloud. Cloud deployments Whether they want it or not, and whether
are becoming ubiquitous with commercial they’re ready or not, the transition is
off‑the‑shelf offerings, while on‑premise well underway. Businesses must start
deployments are becoming the exception. “thinking cloud” if they want to survive.
3
The cloud is here: embrace the transition | The cloud’s sunny side
On‑demand self‑service
Users can provide their own computing
capabilities as needed with each service
provider, with no need for human
interaction.
Resource‑pooling
The provider’s computing resources are
pooled to serve multiple consumers,
with resources reassigned according
to demand.
4
This page has been intentionally left blank
The cloud is here: embrace the transition | Avoid common pitfalls
• Vendor lock‑in
The following are some of the most
common pitfalls of cloud adoption: • Data security and privacy
6
The cloud is here: embrace the transition | Avoid common pitfalls
A key tenet of the cloud computing value PREVENTATIVE MEASURES CASE STUDY:
proposition is cost reduction. Large CSPs, Financial analysis — A business case
particularly those that provide infrastructure should be developed to justify the migration A healthcare company 3
as a service (IaaS), are commonly cited as of workloads to cloud environments to
being capable of delivering computing at a mitigate risks related to cost management. Challenge — The operating costs
price point internal IT organizations can’t The financial analysis should align with for cloud services were preventing an
match. In addition to operating leading and the organization’s cloud strategy, provide organization from meeting its budgetary
optimized IT infrastructure, CSPs can take guidance on in‑scope cloud service models target. Moreover, the services were
advantage of economies of scale and offer and workloads that can be migrated, under‑performing.
competitive pricing. So while consumers and account for additional investments
understandably expect to realize these cost in people, processes, and technologies. Solution — The organization reviewed
savings, many of them find in reality that not Revisit the business case after the its predominantly Amazon Web
only are there are no cost reductions but transition, to validate its realization. Services (AWS) cloud infrastructure
indeed cost increases of up to 20 percent 2. and determined a few things needed to
Workload analysis — A technical change. These included reconfiguring
CAUSES review of the proposed workloads to the existing cloud infrastructure,
Cloud adoption costs — Implementing migrate to the cloud should be completed. creating detailed future spend
public cloud resources may require Leverage methodologies and toolsets projections, implementing VPN/network
technology investments (network redesign, that look at multiple facets of the improvements, and conducting regular
identity and access management toolset, proposed workloads such as performance, and ongoing staff training on cloud usage.
for example) and staff (new roles, training) application architecture and integration
to enable proper management of a hybrid requirements to name a few. Also, use this Result — Implementing the fixes
IT environment. In some instances, these as an opportunity to rationalize duplicative reduced monthly operating costs by 30
investments can be significant; they applications within the enterprise percent and drove the consolidation of
must be taken into consideration when the existing IT infrastructure footprint by
estimating potential cost savings. Governance processes — Governance 25 percent.
processes specific to the consumption of
Limited governance — Uncontrolled cloud services should be developed: who is
usage of cloud services can significantly able to request them, how many resources
increase the costs because they’re billed can be provided, and what approval(s) are
on a pay‑per‑use basis (e.g., per user/per required. In addition to setting quotas,
resource/per hour), and sometimes include providing visibility and reporting usage
charges based on consumed bandwidth. will help to hold users accountable.
These costs can dramatically change the
business case, if they are not properly Cloud optimization tools — As the
understood and proactively managed. usage of public cloud services grows, so
Cloud environments offer the benefit too does the need for tools and capabilities
of scalability but the cost implications to help companies more effectively
must be clear and known in advance. manage expenses. Capitalize on tools to
reduce cloud expenses by identifying and
Unsuitable workloads for public right‑sizing overprovisioned resources,
cloud environment — On‑premise take advantage of pricing changes,
deployments may be are better suited and identify ways to use and release
for some workloads, such as those IT resources more cost‑effectively.
that have high‑resource utilization and
extensive, complex integrations. The
vendor may also not have selected the
most appropriate cloud model, as each
model has different cost/benefit drivers.
7
The cloud is here: embrace the transition | Avoid common pitfalls
Vendor lock‑in
Becoming dependent on a single vendor is a Multi‑cloud managed services — Using business requirements, as well as using
situation no company wants to find itself in, services that work across multiple CSPs cloud‑ready market solicitation tools and
in any area of business. Vendor lock‑in can for various cloud functions is also a good techniques, will help companies make a
manifest in many forms, but two of the more strategy. By maintaining a diverse and fair comparison of vendor offerings.
likely forms involve technology and contracts. vendor‑agnostic set of cloud services,
With technology lock‑in, the challenges organizations can lessen their reliance on a CASE STUDY
relate to repatriating or migrating a large single vendor and reduce the requirements
IT service portfolio built on a specific cloud related to cloud service migration. A gaming and
platform to another CSP and/or in‑house.
Market‑leading vendors — Soliciting entertainment
Being locked into a contract can have cloud services from established organization 4
a number of consequences, including vendors such as Amazon Web Services,
significant financial penalties for terminating Microsoft Azure, among others, will Challenge — As the volume
services early, an inability to renegotiate limit risks of being subjected to the and complexity of online games
pricing if commercial costs change ongoing cloud market consolidation. grew, a gaming and entertainment
throughout the duration of a contract, and organization found it difficult to scale
an inability to migrate to an alternative Containerization and open source its IT infrastructure. This affected
CSP that offers more attractive services. technologies — Technical solutions the front‑end performance of its
can help protect against vendor lock‑in. online games. To overcome this issue,
CAUSES For example, Docker, a containerization developers sought the convenience of
Market consolidation — The IaaS market technology, has a solution that increases a database‑as‑a‑service (DBaaS) model
has consolidated significantly over the last workload portability while simultaneously while maintaining complete control
few years, and trends suggest only a handful reducing licensing and IT operations over its technology stack in an attempt
of very large CSPs will eventually operate costs. OpenStack, another open source to maximize flexibility and limit issues
in this space. Customers who were early toolset, provides application programming related to vendor lock‑in.
adopters of IaaS and made considerable interface (API) capabilities, which can
investments may be required to move increase the ease in which workloads Solution — The organization migrated
to alternative CSPs in the near future as can be moved across various cloud its data to a multi‑tenant cloud platform,
the market continues to consolidate. environment. Other solutions include which provided the development
VMware on AWS and Azure stack. teams with the ability to build their own
Limited cloud standards and database service for all the company’s
interoperability — The lack of Mature vendor management studios and developers. This empowered
coordinated cloud standards across cloud capabilities — The demand for effective the teams to use dedicated cloud
service providers has made it difficult vendor management capabilities increases infrastructure to store unique data sets
for organizations to move workloads in direct correlation with the volume of and, therefore, increase the front‑end
between CSPs and/or to private clouds. cloud services in operation. In addition performance of its games.
to understanding the cloud marketplace
PREVENTATIVE MEASURES and the suitability of cloud services for Result — The operations teams retained
Multi‑cloud and multi‑vendor strategy — industries and functions, it is critical to complete control and access to their
A hybrid cloud strategy consisting of a approach cloud service contracts as an code throughout their technology stack
manageable number of different vendors ongoing set of relationships—consistent while simultaneously having access to
and cloud services will help reduce vendor monitoring of the cloud market, particularly a scalable and flexible cloud service.
lock‑in. While this may increase the in more nascent segments, is necessary. The organization also consolidated its
complexity, management requirements, and IT environment, which has improved
integration requirements of the overall IT Cloud procurement tools and performance and reliability.
environment, it will provide the flexibility to techniques — Cloud solutions are often
select the most appropriate vendors and the difficult to evaluate due to variables across
ability to switch CSPs with eyes wide open. IT infrastructure, service levels, cost, and
performance. Providing a baseline set of
8
The cloud is here: embrace the transition | Avoid common pitfalls
9
The cloud is here: embrace the transition | Avoid common pitfalls
Meeting regulatory and compliance Rapidly changing landscape — A relatively CASE STUDY
requirements in cloud computing is new market offering, cloud solutions are
complicated to practice and execute. still maturing in terms of industry standards A broadcasting network 7
Compliance covers government and operating models. Regulators are
regulations, such as Sarbanes‑Oxley and also evolving and many don’t yet provide Challenge — The value proposition of
the European Union Data Protection clear guidance regarding cloud computing. cloud computing made it an appealing
Act, as well as industry regulations As various alliances, industry groups, option for replacing an aging email
such as PCI DSS for payments 6. and government agencies continue to system at a public broadcast agency. It
develop their standards, organizations was critical to comply with the regulations
Moving to a public cloud infrastructure must ensure CSPs are keeping pace with and controls imposed on public sector
platform requires giving up some level of compliance and regulatory changes. entities.
compliance controls to the cloud vendor,
which is a challenging situation for many PREVENTATIVE MEASURES Solution — A thorough analysis was
auditors. CIOs and CEOs want to know Well‑defined organizational controls undertaken to assess the risks of cloud
how to leap into cloud computing in a related to cloud purchases and use — computing, both in general and as it
way that preserves their good standing With an enterprise risk‑management pertained to email and collaboration
in regulatory and compliance functions. perspective in mind, companies should tools. The agency also developed
develop and implement cloud‑specific a formal framework to evaluate
CAUSES procurement guidelines with preferable cloud‑hosted email solutions and the
Limited organizational control of cloud terms and conditions as well as create lessons learned along the way helped
purchases and consumption — It’s the necessary mechanisms to enable it identify key criteria around regulatory
possible for stakeholders to procure cloud a well‑engineered move to cloud. and compliance requirements.
services with little oversight from their
procurement and IT teams, which has led to Cloud vendor landscape evaluations — Result — The analysis of the company’s
many organizations assuming a higher level Organizations should establish fundamental regulatory and compliance requirements
of risk than with traditional IT procurements. guidelines around compliance and enabled it to pick the right public cloud
For example, cloud vendors offer data regulatory requirements for cloud solution and successfully replace
repatriation capabilities for up to 60 or 90 services, which will provide a baseline its legacy email system within a
days, but the data may not be returned for vendor evaluations. It’s critical to three‑month period.
in a usable format, and the associated understand what to look for in terms and
metadata may or may not be included. conditions, and determine what constitutes
an acceptable level of risk based on
Limited negotiation with cloud service business priorities. When evaluating cloud
providers — CSP are typically not open vendors, they should look for baseline
to negotiating their standard terms and compliance requirements such as user
conditions. Different kinds of clients use identity and access management, data
public cloud environments, and providers protection and incident response, and data
don’t yet offer services customized for residency requirements, among others.
unique or specialized requirements.
10
The cloud is here: embrace the transition | Avoid common pitfalls
11
The cloud is here: embrace the transition | Doing cloud “right”
12
The cloud is here: embrace the transition | Doing cloud “right”
“As we scale our streaming service, we are developing technology and utilizing
third party ‘cloud’ computing services… If we are not able to manage the growing
complexity of our business, including improving, refining or revising our systems
and operational practices related to our streaming operations and original
content, our business may be adversely affected.”
For the company, cloud computing is not simply a means to operate information technology
but is a pillar of its business. Taking advantage of the benefits of cloud computing (e.g., high
availability, scalable IT infrastructure) is a critical success factor for the organization to deliver
on its value proposition and maintain its market share.
NOTABLE SUCCESSES
Netflix operates an almost completely public cloud environment. It runs its own content
delivery network, called Open Connect, that’s hosted in Amazon Web Services (AWS). Open
Connect partners with internet service providers (ISPs) across the globe to securely deliver
Netflix services, which are optimized to the specific needs of each client based on its unique
network conditions.
The entertainment powerhouse also developed multiple open source solutions (OSS) that
have been adopted by organizations worldwide, the most notable of which is Simian Army.
This solution is a series of tools that test the tolerance of cloud deployments by randomly
shutting down certain systems in order to determine how well they tolerate random failures.
A second challenge for Netflix is that it’s hosted completely on AWS. Users who follow such a
path are locking themselves into using only one cloud provider.
13
The cloud is here: embrace the transition | Doing cloud “right”
Acting on these findings, Adobe developed a roadmap to transform its website and evolve
the sales model of its software. In partnership with AWS, Adobe launched its cloud‑based
Creative Cloud Suite in 2013, which helped the organization achieve record levels of revenue
in both 2015 and 2016. Using a cloud‑driven, subscription‑based model, Adobe has been
able to increase its user adoption in part due to its flexible licensing agreements and reduced
adoption requirements.
NOTABLE SUCCESSES
Enabled by cloud services, Adobe was able to increase user adoption by eliminating its
costly one‑time licensing costs (which could be upwards of USD$2,500 depending on the
application suite) and allowing users to select their preferred applications and subscription
licensing model.
The Creative Cloud also gives customers self‑service account access and management
“anytime and anywhere.” It also always has the most up‑to‑date app versions, since Adobe’s
DevOps teams can take advantage of highly efficient and agile release‑management
capabilities.
Adobe managed to transform its commercial product suite and its revenue model using
cloud services in less than three years. It’s reaped the rewards: the organization has
achieved greater levels of revenue and profitability selling their software suite using a
subscription‑based model than it did selling it as a hard good.
14
The cloud is here: embrace the transition | Doing cloud “right”
The shipping industry requires advanced IT capabilities to enable the precise tracking of
assets and customer shipments as they move around the world. Matson’s vessels, shipping
terminals, container equipment, and truck shipments all require highly reliable technology
to ensure its transportation network operates at world‑class levels. Moreover, its customers
count on cloud‑based applications to provide real‑time visibility and analytics to manage their
own supply chains.
NOTABLE SUCCESSES
Migrating all the enterprise applications to a cloud environment has enabled Matson to
focus on innovating its business services even more. Even better, it reduced its IT costs an
impressive 50 percent by closing its four on‑premise data centres.
15
The cloud is here: embrace the transition | Follow the steps
16
The cloud is here: embrace the transition | Follow the steps
STEP 1: LEARN
Understand the benefits, risks, and issues
associated with cloud computing and
install controls to govern the proliferation
of cloud services within the organization’s
IT environment
STEP 2: PLAN
Based on the organization’s cloud maturity,
define a set of strategic objectives and
make a prioritized plan to achieve them
STEP 3: FORMALIZE
Develop cloud policies, standards, and an
operating model to manage cloud solutions
STEP 5: EVOLVE
Enhance service delivery, automate IT
management functions, and migrate to
cloud environments
17
The cloud is here: embrace the transition | Follow the steps
Step 1: Learn
Service level management — How This first step does not seek to halt or
will service performance be tracked, impede an organization’s progress toward
monitored, and reported? cloud adoption. Many organizations
18
The cloud is here: embrace the transition | Follow the steps
Step 2: Plan
The second step is initiating planning are necessary to support the delivery of cloud and functions the cloud can take
exercises to identify where the organization cloud solutions. Although cloud‑specific on will inform the next steps. As noted
is going and the best way to get there. capabilities aren’t required, managing and earlier, not all workloads are suitable for
Our experience tells us successful cloud operating cloud solutions without such cloud environments and, similarly, not
adoption is primarily founded on two things: fundamental IT capabilities would risk all cloud capabilities may provide the
mature IT fundamentals and solutions that exacerbating existing IT issues. Companies same level of strategic alignment with
are just the right fit for the organization. should conduct a maturity assessment an organization’s vision. Completing a
to determine which business capability cloud readiness assessment identifies
Mature foundational business capabilities areas could be hosted in the cloud. the gaps the organization may have
and processes—such as vendor in its cloud capabilities and defines a
management, service management, and Finding the right fit between functions roadmap to remediate those risks.
demand management, among others— the company wants to push to the
Step 3: Formalize
With a cloud vision and strategy in place, an Vendor management — What is are assigned throughout cross‑functional
organization can formalize its cloud adoption the organization’s role in managing IT groups to provide guidance and help
through the development of policies and an the delivery of cloud services? make each function more cloud‑capable.
operating model. The purpose of policy isn’t
to limit but to enable, since organizations Information management — How Selecting and developing the right cloud
can drive value from their cloud investments must data be managed in the cloud? operating model will depend on an
through effective policy development. organization’s IT maturity, structure, and
IT security management — How must skillsets, among other considerations.
From experience, we’d recommend data/information be secured in the cloud? What works for one may not work for
taking a proactive approach to cloud another, so it’s important to conduct an
policy development. This requires an Governance — How will decisions specific assessment at the outset to ensure the
organization to apply its knowledge of both to cloud solutions be made? Who holds right resources are put in the right place.
current and future cloud requirements accountability? How can governance be
in order to manage its exposure to risk. made flexible enough to manage risk while
Building such a policy typically involves supporting innovation and cost reduction?
providing guidance in the following areas:
In addition, companies will need to define
Contract management — What how they envision the future of cloud within
terms, conditions, and clauses their business and the form it will take within
must the organization be aware their existing organizational structure. There
of and actively manage? are two typical options for an operating
model: centralized and federated. In a
Financial management — What are the centralized model, a dedicated cloud
financial requirements as they pertain to team is responsible for supporting
payments, budgeting, and accounting? cloud solutions and supplementing
cloud‑applicable business activities. With
a federated model, cloud‑specific roles
19
The cloud is here: embrace the transition | Follow the steps
When organizations have finished preparing manage cloud solutions: self‑service cloud and doesn’t align with the organization’s
the groundwork, the next logical step in provisioning, which enables users to request own cloud management approach.
their journey to the cloud is to adopt and cloud resources by way of a self‑service
implement the tools they need to provision portal; IT orchestration management, By using vendor‑provided tools as they
and manage their selected cloud solutions. which automates processes that manage adopt and integrate cloud services, IT
While early adopters have well‑articulated and execute the creation of requested IT organizations can assess their needs and
visions for how they should manage cloud resources (such as virtual machine); and make an informed decision about whether
services, many organizations are not at financial management, the processes that they need to go to market to acquire a cloud
that level of maturity. They’re looking to track and charge IT costs for cloud resources. management platform (CMP). The CMP
commercial toolsets to provide guidance. also needs to be supported by a robust
We recommend adopting the various tools A cloud management platform may cybersecurity platform and competency.
provided by CSPs since, given the rapid be a tempting option, since these are
evolution of cloud services, the market highly capable. But choosing this route
for management tools is still immature. at the outset risks investing in a solution
that provides limited value relative to
In our experience, three fundamental vendor‑provided tools, is unable to
capabilities are needed to effectively support future cloud services models,
Step 5: Evolve
The last step in the journey is for Modern cloud‑based solutions, such organizational change management to help
organizations to take full advantage of as platforms‑as‑a‑service (PaaS), offer staff cope with ongoing change, modern
the capabilities and the IT environments organizations the ability to rapidly functionality creates opportunities for
they’ve cultivated. The highly scalable transform their operations with limited employees to rethink how they do their job.
and on‑demand nature of cloud services procurement requirements and upfront
make them perfect candidates for investment. Using various IT capabilities, Finally, since cloud solutions reduce IT
experimentation and innovation. As organizations can digitize their services, such operational requirements, organizations
cloud environments can be set up for as DevOps, and house them in a centralized can redirect their IT staff to deliver more
comparatively less investment than in‑house system that takes advantage of scalable, effective IT and operational services. This
deployments and for short periods, they available, and secure IT infrastructure. can be done by enabling their employees
provide low‑risk opportunities to try new to acquire new IT skillsets, such as
things. As one of the most significant Since vendors control when software agile development and prototyping, and
barriers for innovation is fear of failure, the updates are released, organizations will have to take advantage of new capabilities,
cloud provides avenues for employees to the most current version available to them at including portals, resource pooling,
re‑envision business processes and develop all times. That means users will have leading and application development.
proof of concepts for little investment functions and capabilities at their fingertips,
and with limited negative impact. enabling them to improve how they execute
their work. Although this may require
20
The cloud is here: embrace the transition | Conclusion
Conclusion
When done right, the cloud offers transformative
opportunities for organizations. We see that
demonstrated in the success stories shared in this paper.
21
The cloud is here: embrace the transition | Contacts
Contacts
For more information about transitioning to the cloud,
please contact:
22
The cloud is here: embrace the transition | Endnotes
Endnotes
1. “NIST Cloud Computing Program ‑ NCCP,” National Institute of Standards & Technology, accessed October
24, 2017, https://www.nist.gov/programs‑projects/cloud‑computing; Deloitte Analysis.
2. “Financial Case for Moving to the Cloud,” Gartner, accessed October 24, 2017, https://www.gartner.com/
smarterwithgartner/the‑financial‑case‑for‑moving‑to‑the‑cloud/; Deloitte Analysis.
3. “Reducing Operating Costs with AWS,” Cloud Technology Partners, accessed October 24, 2017,
https://www.cloudtp.com/doppler/reducing‑operating‑costs‑aws/; Deloitte Analysis.
4. “Why Tomb Raider publishers created their own database service,” Cloud Computing News, accessed
October 24, 2017,
5. “Global Investment Bank, Western Europe: Solving Data Residency and Privacy Compliance Challenges,”
Voltage Secu rity, accessed October 24, 2017, https://4b0e0ccff07a2960f53e‑707fda739cd414d8753e03d0
2c531a72.ssl.cf5.rackcdn.com/wp‑content/uploads/2015/01/Voltage_CS_Global_Bank_WEurope_DataRes_
Compliance.pdf; Deloitte Analysis.
6. “PCI Security,” Payment Card Industry Security, accessed October 24, 2017,
https://www.pcisecuritystandards.org/pci_security/
7. “Challenging Compliance & Regulation Requirements for Cloud Services Adoption” Canadian Broadcasting
Company (CBC), accessed October 24, 2017, http://www.cbc.radio‑canada.ca/en/reporting‑to‑canadians/
sync/sync‑issue‑4‑2013/cloud‑compliance/; Deloitte Analysis.
8. “Oldcastle increases speed of innovation and delivery of integrations with a hybrid platform,” MuleSoft,
accessed October 24, 2017, https://www.mulesoft.com/case‑studies/soa/oldcastle‑precast; Deloitte
Analysis.
9. “Netflix finishes its massive migration to the Amazon cloud,” ARS Technica, accessed October 24,
https://www.arstechnica.com/information‑technology/2016/02/Netflix‑finishes‑its‑massive‑migration‑to‑
the‑amazon‑cloud/; Deloitte Analysis.
10. “Adobe Takes a Customer‑Centric Approach to e‑Commerce, Improving Functionality, Revenue, and
Customer Satisfaction,” Deloitte, accessed October 24, 2017, https://www2.deloitte.com/content/dam/
Deloitte/global/Documents/Technology/gx‑cons‑adobe‑client‑spotlight.pdf; Deloitte Analysis.
11. “Matson Modernizes Shipping by Going All‑in on AWS Cloud,” Amazon Web Services, accessed October 24,
2017, https://aws.amazon.com/solutions/case‑studies/matson/; Deloitte Analysis.
23
www.deloitte.ca
Deloitte, one of Canada’s leading professional services firms, provides audit, tax, consulting, and financial advisory services. Deloitte LLP,
an Ontario limited liability partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of
member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of
the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.