An Implementer’s View of Cloud Computing Readiness Assessments
Perhaps you have recently been tasked with the goal of determining your organization’s "readiness" with regard to adopting a particular technology, for example cloud computing. In general, it can be assumed that this task is being invoked because there is a question regarding the impact for adopting a new technology. This impact of adopting a new technology can be financial, organizational, operational, etc., which leads to the complexity of the task.
The first thing one needs to do in assessing readiness to adopt a new technology is understand the value, cost and associated best practices available for adopting said new technology. Of course, there’s a good chance that any information available early in a technology’s availability will be anecdotal, which means that it is all that more difficult to measure. Next, one must understand and analyze hurdles the organization has had adopting other technologies. Finally, you must be able to envision what will change once you adopt this new technology. This task requires a deep understanding of the technology you are adopting as well as the capabilities it provides and the types of solutions it enables.
It can be argued that readiness is a bit of a red-herring, that no one can with any specificity predict the outcome of adopting a new technology and that the exercise is nothing more than an attempt to provide evidence for or against adoption. In some organizations, this may be an accurate portrayal of the readiness analysis project. However, in most cases, readiness does provide the IT executive with a basic understanding of the challenges ahead of them in choosing to move forward with adoption. Moreover, it can identify if other pressing challenges must be addressed prior to undertaking this new effort or risk derailment of existing projects or likelihood of failure during the adoption process.
This article presents the potential and problems associated with cloud computing readiness assessments.
Cloud Computing: Are We Ready?
One of the most difficult pressing issues regarding cloud computing readiness assessments is understanding what the individual or group that is seeking the outcome of the assessment a) believe cloud computing is, and b) what are their expectations for a readiness assessment. Let’s explore each of these in further detail.
The most critical element of succeeding with your readiness assessment is to first define cloud computing. Here’s a sample of the types of questions that would be requested in this regard:
- Who is the primary stakeholder for cloud computing?
- What is the expected goal for adopting cloud computing?
- What types of services will we be providing through our cloud computing offering?
- Who are the primary consumers for our cloud computing services?
Note, the definition is not defined by a hardware architecture, standards body or specific reference implementation, but by understanding consumer audience, governance body, and service offering.
Next, it is imperative to understand what your management is expecting to get out of readiness assessment. Some business leaders are seeking a justification for moving ahead with adoption, while others are looking for clarity and roadmaps. These are two different outcomes and each requires a different approach to the assessment. A justification seeks to identify value parameters and evaluate those against current operating parameters. If the outcome is clarity and roadmaps, then one must undertake an architectural understanding of the current environment, develop a To-Be architecture and perform a gap analysis of the two. Both are reasonable outcomes and both may be sought simultaneously. Setting expectations regarding level of effort is important to these efforts.
Your Business: An Honest Perspective
Many business leaders choose to hire outside consultants to perform cloud computing assessments because it is believed that they can be more objective about the organization than an employee with all the political ramifications surrounding delivering an honest assessment. Being an internal employee assigned to deliver a cloud computing readiness assessment may put you on par with the likes of the police department’s Internal Affairs Division. If you have the opportunity to recommend using outside assistance, it is a highly-recommended option.
Given the many objectives of cloud computing, it would be a book not an article to discuss the possible paths forward at this point. For purposes of this article let’s assume the business is seeking both operational cost savings and greater agility; these are usually most common expectations. Delivering on these goals means that you must analyze your operations team’s past performance regarding incident management, capacity management and system availability. You need to document the systems and processes in place to support these efforts as well as rate their overall operational maturity.
Issues due to low to medium maturity will be amplified with adoption of cloud computing. If the operations team is not mature in delivery of infrastructure services, adding support for self-service, showback/chargeback and secure multitenancy will only overburden them further. Hence, it is key to identify a known industry scale for measuring IT operational performance. Both lowering operational costs and gaining agility requires a very mature infrastructure operations organization with strong processes and using some automation.
You also need to select a method for measuring the maturity of governance, risk and compliance (GRC) within your business. Weak governance models will only become political hotbeds once cloud computing is introduced into the environment. This is because cloud computing makes it much more difficult to keep a stratified IT organization. Additionally, multitenancy requires additional layers of security controls compared to managing silo application stacks. Your GRC efforts should help to identify problem areas within the organization with regard to security and governance, and should be corrected prior to adopting cloud computing.
Measuring organizational performance in these areas can be a daunting task. Individuals often withhold critical information necessary to deliver an accurate state of affairs—this occurs even with outside contractors, finding industry benchmarks and metrics to use to measure maturity around operations and GRC is very difficult as these are often tightly-held secrets of consulting organizations and vendors, and there can be backlash to identifying problem areas within the business.
Reporting Readiness Outcomes
As mentioned, readiness determination is a complex and daunting task, however, equally daunting is the approach used to convey readiness to the business. The business does not usually have the technical breadth and depth to understand the consequences of each and every point of evaluation. For example, business leaders typically will not be able to correlate that cloud computing requires inherently more security controls than the current application stacks. Moreover, they probably don’t understand why the current application silos are more expensive to manage than a converged application architecture, such as cloud computing.
Hence, presenting readiness as a concept back to the business requires the ability to relate practical cause and effect in a concise time period. One method of achieving this is the dashboard. The dashboard can present multiple dimensions of data simultaneously in a visual manner. For example, something akin Figure 1 below can convey a lot of information very quickly without having to drill too deeply into the underlying metrics. Although, it is very reasonable and should be expected that certain individuals will be interested in understanding how these recommendations were conceived.
(Click on the image to enlarge it)
Another approach is to deliver the outcomes in the form of a SWOT (strengths, weaknesses, opportunity, threats) matrix. Business leaders are very adept at using SWOT analyses to help direct the business. The justification aspects of a cloud computing readiness assessment align nicely with this type of representation. Obviously, the roadmap artifacts require much more details than either of these approaches can support.
Having performed a number of these assessments for customers, the reality is that readiness assessments provide three critical elements: a) appropriate expectations for cloud computing adoption, b) factors that support and hinder adoption in the organization, and c) a maturity model for IT that can also be a driver for IT transformation and delivery of IT-as-a-Service (ITaaS).
Cloud computing readiness assessments are also liked wooded areas at night. It’s easy to follow the wrong path and get lost. Once you start, it’s customary to want to understand all the factors related to each and every area of study. However, chances are you probably don’t have the time for this project that is required to ascertain all those answers. You need to be very structured going into the assessment and stick with the plan. Deviations from the plan or too detailed plans could lead to one or more of the following outcomes:
- Too much data to analyze
- Dead ends
- Too much interference with the operations
- Dwindling support from the business
- Not delivering on time
Most importantly, and this cannot be stressed enough, cloud computing is still deemed threatening for many IT professionals. The current data regarding companies’ migrations to cloud computing has yielded labor cutting. This is most likely a short-term outcome. The cloud does change certain roles and skills requirements, but will lead to job growth in the future. Still, expect to get stonewalled and that some individuals will not be forthcoming with information to support your assessment efforts due to their fears and other political pandering. When this occurs note the lack of data or hindrances in acquiring it and move on as this is as valuable as getting to the ultimate goal of knowing if your organization is ready for cloud computing.
About the Author
JP Morgenthal is one of the world's foremost experts in IT strategy and cloud computing. He has over twenty-five years of expertise applying technology solutions to complex business problems. JP has strong business acumen complemented by technical depth and breadth. He is a respected author on topics of integration, software development and cloud computing and is a contributor on the forthcoming "Cloud Computing: Assessing the Risks" as well as is the Lead Cloud Computing editor for InfoQ.
Roy Rapoport Aug 28, 2014