In some way, this is understandable. The adoption of public clouds as a foundation for enterprise computing is a prime example of a grassroots initiative. Maybe it was the development team needing a disposable test infrastructure, marketing wanting to test a new SaaS service, or a semi-unauthorised skunkworks project aiming to rapidly – and stealthily – prototype a new idea. All these use cases are a good fit for the flexible, pay-as-you-go service model of public clouds.
There is a problem, however. All the individual projects bring their own ad-hoc architectures and access control regimes – or lack thereof, as we have witnessed over and over again in many recent data breaches – not to mention the array of personal credit cards used for payment. These gradually eat into the architectural foundations that are established to ensure the integrity, security and cost control of IT infrastructure. In fact, by tactical adoption of cloud services, many organizations have gradually drifted back to managing their own IT infrastructure, despite previous strategic decisions to outsource it and concentrate on the core business.
To remedy these issues, organizations have recently embarked on programmes to centralize the management of cloud services. While laudable as such, these initiatives also have the danger of becoming yet another tactical manoeuvre laid on top of the previous ones. Instead of, or maybe in addition to, such short-term activities, organizations should start to look at the cloud as a strategic imperative, as an operating environment instead of a set of tools and technologies.
Our new report the Nordic Cloud Maturity Index (CMI) 2019, which is published on 25 November 2019, highlights this gap between operational and strategic maturity in organizations using cloud services. The discrepancy, termed “strategic debt” by the authors, uses actual numbers to highlight the empirical observation, that for far too many organizations, cloud adoption remains a primarily tactical consideration. In this fifth CMI edition, the authors also note a growing gap in overall maturity between organizations who take a strategic outlook to the cloud and those who do not.
When looking at the reasons organizations usually state for cloud migration, we can see that advantages such as agility, cost savings and security often top the list. While a tactical, use-case driven migration will undoubtedly deliver on these targets locally, the benefits often get lost in the scope of the whole organization as adoption rates increase. This is largely due to the complexities of integration and the governance of accidental enterprise architecture resulting from uncontrolled local optimization.
Despite all these issues, I am not going to argue that organizations should stop the tactical adoption of cloud services. On the contrary. These local optimizations are often the best – sometimes the only – way to validate the cloud business case in a given business context. I am, however, arguing that organizations must move towards a more strategic approach in planning their business processes and, consequently, their architecture and governance of cloud usage. If the CMI findings are any indicator, the best organizations will keep getting better at an increasing pace, and one of the key differentiators appears to be a strategic focus on cloud usage.
Review the results of the Cloud Maturity Index 2019 study and look at progress over 2015–2019 here.