Parting the clouds: tips for creating your enterprise cloud strategy...

I’ve been helping CIOs with their Cloud Computing strategies for over 5 years.  The least successful strategies seem to position cloud as simply an IT budget slashing mechanism.  The most successful strategies position cloud as an enabler to doing things within the business that otherwise would be impossible. 

An industry statistic says that 65% of cloud investment decisions are being made by C-suite business executives without any IT involvement.  They are making those choices based upon business requirements and the promise of how cloud can help meet them.  These decision-makers are looking at things like collaboration capabilities and business agility that cloud enables, not the intricate technical terminology or functionality.

Yet, I think the IT organization plays an essential role in guiding the cloud strategy.  As technologists and engineers, we are professional problem solvers but we’re also pretty good at problem deterrence.  Cloud provides powerful capabilities but it is not the answer to everything.  As a matter of fact, I usually say that cloud is not the solution to anything; it enables solutions.  Regardless, when deployed in a sub-optimal way, cloud-based solutions can actually introduce risks, exposures or even increase business expenses. 

The technology behind cloud is like the themes from my favorite children’s television shows; it’s about sharing and collaboration – just with a whole lot of automation.  However, all this sharing should occur with a healthy dose of “stranger danger” akin to what we teach our kids.  Not everything should be shared with everyone.

The resources shared in a cloud differ based upon model.  There is Infrastructure as a Service (IaaS) which shares physical assets, Platform as a Service (PaaS) which shares environments, Software as a Service (SaaS) which shares software solutions and Business Process as a Service (BPaaS) which shares the full business process.  Each cloud model can be deployed in private, public or hybrid clouds…on-premises or off-premises.

Yet, somewhere underneath each PaaS, SaaS and BPaaS solution sits IaaS.  It’s just that in some cloud models, somebody else worries about the daily operations associated with the Infrastructure.  But, do not be lulled into indifference... Whether public or private, on-prem or off, the underlying cloud infrastructure is ultimately your concern because of the business implications that can arise from faulty cloud infrastructure.

A single client can and often does deploy multiple cloud models within the enterprise.  You want to avoid scatter-shod situations where business leaders buy something impulsively or in isolation, and then toss it over a fence to you in IT to make it work.  Rather, you want to guide the business to create a comprehensive, integrated, enterprise cloud strategy.

The first step is to assemble the team: 1) visionary business leaders to set direction and overall guidelines, 2) business and technical analysts to help guide the strategy, and 3) financial and operations experts to deal with the practicalities of accounting, procurement and operations.

I recommend using the “Practical Guide to Cloud Computing – v2.0”: published in April 2014 by the Cloud Standards Customer Council.  Here’s a summary of strategic planning steps from that document modified with some of my thoughts:

1.  Educate the team: IT and business people need to understand what cloud is and what it can do as well as the various models.
2. Understand the current business and IT environment: Cloud does not happen in a technology vacuum so it is important to understand the current state of both business and IT so that the integration piece is not overlooked in the strategic planning.  Integration often provides some of the most profound benefits from a cloud-based solution.
3. Understand what the business needs and why: This requires creating the business case for the cloud-based solution.
4. Think long-term and enterprise-wide: Don’t just address one business problem or opportunity; look at several business uses for cloud; create a prioritized roadmap.
5. Crunch numbers: look at all the costs of implementing cloud and migrating the workload to it; model multiple scenarios.
6. Don’t break things: Do an impact analysis to ensure that availability, performance, security, privacy, governmental regulations and internal auditing requirements are addressed.
7. Set goals and milestones: Get executive buy-in on metrics; set metrics keeping in mind this is a long-term, multi-stepped roadmap; don’t set milestones so far apart that the stakeholders lose interest or confidence that this will deliver business benefits.
8. Understand legal and regulatory implications: cloud-based sharing and sourcing often involves multiple companies and/or countries; it’s essential to understand national and supranational regulatory bodies and compliance mechanisms. 
9. Create your skills plan: what skills are needed, what skills can/should be developed in-house versus sourced externally?  What is the skill acquisition and enablement plan? Make it comprehensive including business people.  A lot of technically sound cloud-based solutions struggle to deliver business value because training business people on process changes did not occur.
10. Track results through the execution of the cloud roadmap: use trend information to adjust the roadmap; publish successes to build momentum.
11. Have a migration and exit process: When are the cloud-based solutions considered “deployed?”  What are the responsibilities during and after the migration of workloads into the cloud?  What are the service agreements and divisions of responsibility between the internal or external cloud service providers and the business consumer of the services?

 A few more key things to consider when developing your cloud strategy:

• Workloads: What workloads have an affinity for providing business benefit if deployed in a cloud model?
• Data: Where should the data reside?
• Integration: What else do you have to integrate this with?
• Governance: What are our new decision-making processes regarding the workloads and data?  This involves security considerations too.
• Control: How do we make sure our policies are followed so we don’t have exposures?  This also involves security.

I mentioned in an earlier blog article that many CIOs struggle for a seat at the table with the other C-suite executives.  Often, introducing the idea of creating an enterprise cloud strategy is a great way to earn a seat at the table.

Thoughts on Resilience

Global enterprises are increasingly vulnerable to disruptions of different kinds. Though they can’t stop many of these disruptions, with adequate planning they can make their organizations resilient. For regulated industries such as banking and finance having massive business impact due to disruptions, business resilience capability is of utmost importance.  For this reason, multiple U.S. governmental agencies published an interagency paper on sound practices to strengthen the resilience of the U. S. financial system, http://www.sec.gov/news/studies/34-47638.htm. This paper suggested that an enterprise’s board of directors should review business continuity strategies to ensure that plans support the firm’s overall business objectives and risk management strategies. Regulators also want banks to provide safe, secure, sound, efficient, accessible and resilient services.

Recognizing this significant evolution, IBM created the Resilience Maturity Assessment Framework (RMAF) to help institutions determine their preparedness. This framework is based on quantifying the business resilience as an index to measure and improve it further. The quantification includes key resiliency aspects that are meaningful to businesses. While RMAF provides a strong basis and broad coverage, we are always considering further enhancements to keep it relevant.

Business resilience assessments of some sort should be done proactively and periodically to ensure resiliency capabilities improve and are aligned with changing market dynamics and regulations. I recommend starting with a limited assessment scope, in order to realize rapid improvements.  For example, banks could focus on one or two massive-impact business processes or an associated business unit rather than a bunch of processes or a large organization. Payments, internet banking, ATM, POS, integrated core banking services, card issuance and management, and mobile services are examples of bank business processes.

In IBM’s assessment methodology, we consider six layers:

1)      Business / IT processes

2)      Applications

3)      Data

4)      Technology

5)      Facilities

6)      People

To calculate an organization’s resilience, we develop a resilience model by identifying components. For example, common components of a typical payment process could be payment application, server, storage and data/voice networks, email, Data center (DC), offices, IT service management (ITSM) processes and people. Each component has one or more attributes which describe various capabilities of the component.

IBM’s methodology also considers substitution and dependency relationships amongst components to arrive at a more realistic resiliency model and an improved Resilience Maturity Index (RMI)⁺. For example an email component depends on the network component while the primary data center (DC) can be substituted by the secondary DC during disruptions. Furthermore, substitution is always qualified with the degree of substitution.

Once components, attributes and relationships are identified, the resilience model is complete and attributes are given a score between 1 and 5 based on standard maturity definitions. Raw component scores and rationalized component scores are calculated.  The rationalized score takes into account factors like substitution (increases a component’s raw score) and dependency (decreases the raw score). Eventually, all component scores are mathematically combined to give the organization’s overall RMI score.

The methodology also helps determine a component’s impact.  For example, if the overall score increases when an individual component’s score increases, then that component is said to have a higher impact on the organization’s resilience. This sensitivity analysis helps prioritize components, which is essential for prioritizing improvement actions and associated investments.  

End to end resiliency consideration, followed by resilience index determination, sensitivity analysis, improvement actions and then revising the index calculation form a continuous resilience improvement cycle. In addition to strengthening the enterprise’s resilience, this cycle helps document resilience capabilities in a way that can be reviewed by the board or regulators.

For more information on the Resilience Maturity Index, feel free to contact me at sambath.narayanan@in.ibm.com.

Many thanks to my guest contributor: Dr. Sambath Parthasarathy, an executive consultant in IBM’s Systems and Technology Group Lab Services organization

⁺RMI is a patent pending innovation from IBM Research

Getting IT a Seat at the Table

I’ve noticed a growing trend where CxO business leaders bypass the central IT organization for IT projects.  Often it’s the product of a “chicken and egg” situation. 

Business leaders feel IT isn’t responsive enough filling requests so they form their own workgroups that choose “best of breed” solutions, the implementations of which wind up failing (see previous article about the extremely high failure rate of projects) and then they dump the project in IT’s lap to save the day.  Why doesn’t IT respond quickly to business requests?  They’re consumed retrofitting “best of breed” solutions chosen by teams that didn’t involve the IT organization or didn’t involve them early enough. 

Statistics indicate that business leaders bypass IT as much as 65% of the time.  The sheer volume exacerbates the problem because the central IT team just gets more swamped performing personal heroics to salvage projects undertaken without sound infrastructure considerations early in the process. 

So, how does a CIO break this cycle and win a “seat at the table” with the other business leaders.  I’ve coached clients on many effective approaches but here are a few to try. If you’re interested in more details, send me a note.

1.  Ask to be part of the business strategy sessions.  If that is not possible, then ask to see the business goals and key projects that emerge from the business strategic planning process.  This gives you much more advance notice of the types of projects that will require IT.  Few strategic business projects these days don’t involve IT and many are outright IT projects.  Gather your team to determine the IT implications for supporting the strategic business projects and approach business leaders with ideas for the plan.
2. Explain the value of coordinating across all IT projects and having the IT organization lead that coordination.  Since IT is a component for almost all business projects, it puts IT in a position to increase collaboration between the individual strategic work streams for the business and to take a holistic approach rather than piecemeal one.  For example, one client for which I helped create an IT strategy had over 20 business projects that involved Analytics.  By the CIO leading the overall effort, the IT organization helped create an optimized infrastructure to support a prioritized roadmap for the full set of 20+ analytics projects.
3. If the business leaders will not invite you to their business strategy sessions, invite them to your IT strategy sessions.  If you do this, you will need to take a business approach to your IT strategic planning.  Understand business goals and key projects across all disciplines, have the business leaders prioritize across the full set of projects and then determine the IT implications for supporting these projects. This effort should also include exercises to understand the current and desired future states for the IT Provider Relationship (see previous article 1 and previous article 2) as well as all IT capability areas. 
4. Improve IT service quality in key areas.  Many times the IT organization is seen as providing sub-optimal IT services.  They might have enough ITIL certifications to wallpaper the office yet still have poor service quality.  Fix your IT service framework so that you truly offer services rather than just call applications services.  Take a practical rather than academic approach to instituting your IT service model.
5. Invest in a few good architects who can bridge between the language of business and the language of technology.  Many times IT is not invited to the table because they are seen as speaking a different language from that of business.  This results in IT being seen as techies rather than business people.  A few good architects can work miracles to change that perception.
6. Engage outside assistance.  As the saying goes, prophets are often scorned in their own land.  Sometimes using an outside organization to facilitate IT strategic planning or IT Service management improvement efforts gains a lot of credibility because the IT organization cannot be accused of being insulated or self-focused.
7. Institute effective governance and enterprise architecture processes.  Most business leaders circumvent IT because their project will deliver time-sensitive competitive advantage that can’t endure idling in the IT project backlog.  Enterprise architecture aligns business and IT at many levels to ensure IT can provide needed competitive differentiation efficiently as well as run mundane daily operations effectively.  Governance defines decision-making processes and authorities and includes offering, portfolio and project management.  Many clients that consistently deploy projects successfully use architecture boards as governing bodies to focus IT on the right projects and create architectural standards to streamline solution creation, deployment and maintenance.  If IT lacks the capability and capacity to deliver the highest priority business projects in a timely fashion, there’s usually governance and/or an architecture issues lurking about.
8. Assess IT resource (financial and human) deployment between day-to-day maintenance and competitively differentiating work.  The results of such analysis, when packaged in business language, are often good fodder for having a discussion with business leaders.
9. Combine business and IT project management offices.  This demonstrates you understand business and IT interdependencies required for successful project execution and increases project success. 
10. If you can’t win-over the CEO or full C-suite, find one advocate in the group and undertake a project with that business leader.  This demonstrates the value of business / IT partnership in planning the project all the way through execution.  If you do this, you need a strong project manager because you want to showcase this with other CxOs.  Hope for winning over skeptics diminishes if the project stalls or fails.

These are just 10 suggestions and I don’t recommend trying all of them at once.  Actually, I would recommend choosing only one or maybe two.  I offer a longer list because the right one to try will depend upon the business context and personalities involved.  But all of them help build the IT organization’s and your personal credibility as being business-minded rather than enamored with technology.

Building IT Leadership Skills: IBM Enterprise 2014

I began this blog earlier this year because in working with IT executives around the world, I noticed a trend that many began in technical positions and grew into their leadership positions with minimal formal training opportunities to develop their IT leadership skills.  Ernst & Young saw this same trend and noted in their study, “The DNA of the CIO: Opening the door to the C-suite,”  that most CIOs have technology-related degrees and only a small percentage have MBAs.

Yet, more and more businesses expect their CIOs to be business leaders not just technologists.  This might give pause to ask, “Why are there so few IT executives with formal leadership training if they are expected to be leaders?”

Increasingly universities offer some sort of IT Leadership track within their business programs but these programs are too few and new to have supplied the market with enough formally trained IT leaders.  Also, a quick web search reveals limited professional training opportunities to build practical IT leadership skills.  There tend to be many conferences aimed at helping CIOs build their vision but few aimed at helping them make that vision a reality.  Basically, many IT executives are learning IT leadership skills via on the job training while leveraging their natural abilities, professional networks and personal resourcefulness. 

That’s admirable but it can also be a bit scary.   I think human nature causes many people to feel a bit vulnerable if they admit they need more skills, especially if there’s no training to help them. 

In my own little way, I’m trying to help by creating this blog.  But I also tried to do something a bit bolder.  I added an IT Executive leadership training track to IBM’s very popular Enterprise 2014 event.  This year, IBM’s Enterprise Conference is being held at the Venetian Resort in Las Vegas from October 6 -10. 

Historically IBM’s Enterprise Conference has an Executive Summit track that helps IT and business executives imagine the realm of what’s possible so they can create an IT strategy which uses technology for business competitive differentiation.   This event began years ago and increases in popularity every year.  It also has a technical track directed at building very specific technical implementation skills.   This too is a very popular and effective track for its intended audience.

New to Enterprise 2014 this year is the IT Executive Management Training track which focuses on building IT leadership skills and complements the Executive Summit.  Executives can spend Monday and Tuesday at the Executive Summit hearing IBM executives provide visionary guidance on using technology as a competitive differentiator and then spend Wednesday and Thursday updating their IT leadership skills to ensure success in making that transformation a reality. 

The Executive Summit provides ideas on "what" your organization can do and the IT Executive Management track helps you with the "how."  IBM Distinguished Engineers (such as yours truly) and Executive Consultants with decades of practical experience helping thousands of clients will lead sessions based upon insights gained helping clients succeed.

Specifically the track includes the following sessions:

• How to Make IT a Competitive Business Differentiator
• Why Most IT Projects Fail and How to Make Yours Succeed
• Align IT and Business Priorities with a Structured Assessment and Planning Methodology
• Create a Common Data and Analytics Strategy that Supports all Your Business Units 
• Practical Steps to Enterprise Cloud
• Make IT Essential to the Business through Enterprise Architecture and Governance
• How to Create Rock-Solid Business Cases to Get IT Projects Approved
• Anticipate Threats and Protect Your Business with a Security Framework Based on Governance, Risk Management and Compliance
• Create a Business Architecture That Supports Mobile and Social Applications
• How to Evaluate Which Applications You Should Deploy in a Cloud

You can read the session abstracts for the IT Executive Management leadership training track by clicking on this link.

 

Hope you can join us at Enterprise 2014 where you can make personal connections with the contributors to this blog.