In the wake of high-profile cases of disruption caused by supply chain and technology failure, international regulators have begun to focus their attention on operational resilience. This theme also surfaced in our client roundtables and conversations within the last few months in the EY Region of the Bahamas, Bermuda, British Virgin Islands and Cayman Islands. However, just as regulatory guidance was maturing in this area, the COVID-19 pandemic forced the corporate world into an unprecedented test of almost every aspect of the organization, not only across its technologies, but supply chain, operations and even culture.
While there are many lessons to take away from this time, one that will stand out is the role modern technology solutions have played in supporting businesses’ transition to a “work-from-home” operating model. The scale of increase in remote working over the past few months would have been unimaginable even 10 years ago. This transition has been enabled primarily by the capabilities offered by virtual interaction and collaboration tools, and the adoption of cloud technologies.
It is no surprise that organizations with a cloud-enabled IT operating model have been less prone to disruption of their business operations during the pandemic, in particular due to the following benefits delivered by cloud:
- Working from anywhere: Cloud-centric architecture is a key component in ensuring a smooth transition into a work-from-home model.
- Scalability: Some organizations will have been able to flex their operations to meet the flood of demand from a world stuck at home; others will have helped margins by scaling down their IT operating costs as processing demand wanes.
- Continuing operations: In times where non-essential movement is restricted, keeping infrastructure operational has been less challenging for those who do not rely on on-premises data centers.
For many organizations that only considered the adoption of cloud solutions in the past, it has become evident during the pandemic that the time to act is now. Accordingly, we have observed a rapid increase in the use of cloud-enabled services across regions affected by lock-down measures, driven primarily by the increased use of online collaborative tools.
Remote working is just one of the many benefits afforded by cloud technologies, and it is evident that as the business world is shifting to new paradigms of work, the need for the resilience, security and scalability offered by cloud technology solutions is becoming more vital than ever for the enterprises to maintain a competitive edge. According to International Data Corporation (IDC) research, performed in May 2020, on the potential impact of COVID-19 on application delivery and digital innovation strategies in Europe and the role of the cloud platform in supporting business resiliency, 59% of European organizations plan to either maintain or increase spend on software as a service (SaaS) and 58% of European organizations plan to either maintain or increase their spend on cloud platforms (infrastructure as a service (IaaS) and platform as a service (PaaS)) in 2020.
However, the journey to the cloud is not one that should be rushed, nor is the right solution for your business always a fully “cloud native” approach. We have outlined some of the key areas to consider along with steps to help define a cloud strategy that delivers value for your business.
1. Articulate your vision
Take time to document a vision for the future use of the cloud within the enterprise and ensure that your vision takes account of the objectives of the wider business strategy. Although initial forays into cloud computing may be light (e.g., moving from proprietary solutions to SaaS offerings), presenting a long-term view of your objectives and the associated benefits will help guide decision-making within the business, as well as help achieve buy-in from key stakeholders.
2. Present a strategy and road map
After the buy-in for the vision is received, it can be crystallized into a cloud strategy for the business and an accompanying road map to help guide short- and long-term actions. The strategy and road map should be informed by the activities outlined in points 3 to 10 below.
3. Understand your asset landscape
A comprehensive view of the infrastructure and software assets within the business will help inform your strategy and benefit analysis. This view should include cost of maintenance, replacement and expected useful life, as well as qualitative aspects of the assets, such as the level of customization and anticipated complexity to migrate.
4. Look to improve the operating model
When moving to the cloud, the organization should consider the opportunity to refresh and update the way it works. It is important to remember that a flawed process on better technology is still a flawed process, cloud or not; technology alone cannot fix process inefficiencies. Always ensure a wide range of stakeholders are engaged to help identify improvements to functionality and processes which can be unlocked in a cloud environment. This, in turn, will avoid the wasted effort of “lifting and shifting” systems, only to change them again some way down the road.
A key consideration will be balancing the advantages of retaining in-house solutions and custom functionality against the strategic benefits of a cloud native and (potentially) more standardized approach. As well as those processes that are used by employees and customers, consider also how back-office processes can be streamlined, for example, what will cloud mean for system interfacing and business continuity plans?
5. Vendor selection
Choosing the right vendor(s) will lay the foundations of your cloud road map. Vendor due diligence should be undertaken to ensure the right solutions, support and cost model are available for you. Also, consider the resilience of the vendor and the criticality of processes being migrated in order to verify the future state is within your risk appetite. As more companies move to the cloud, regulators considering the systemic risk of cloud failure may recommend that certain organizations consider a multi-cloud strategy.
6. Resource management
A move to the cloud will require project-specific resources (e.g., project management, cloud architecture, user experience, data architecture and specialist developer skill sets) as well as new operational roles post-go-live (e.g., cloud security and network specialists). Care should be taken to balance the redeployment of headcount away from retired systems with onboarding new staff and third-party support in order to meet resource requirements.
7. Benefit and cost analysis
The benefits of the cloud are well-publicized and include scalability, flexibility, reduced complexity and cost smoothing, among many others. The benefits realized will depend on the nature and scale of the cloud deployment (from SaaS to full platform and infrastructure outsourcing); however, in any scenario it is likely there will be a degree of short-term disruption to the business. Understanding both the short-term impacts (e.g., data transformation and migration requirements) and long-term opportunities (e.g., reduced infrastructure maintenance) will be important in presenting a complete business case. It is important to remember that modeling savings and projected costs can be challenging, particularly if current IT cost data is not sufficiently granular.
8. Security in the cloud
The cloud extends the digital perimeter of the organization and could broaden the attack surface (i.e., points of entry) to the network. A key area to consider both before migration and on a continual basis is how network, data and cybersecurity controls should be deployed within the cloud environment. Both regulatory and third-party requirements for data privacy will need to be considered, particularly in respect to data held or processed overseas. Establishing mature data governance processes and data leakage controls that are fit for the cloud are also key steps on the road to a successful, secure deployment.
9. Cloud governance
The IT governance model will need to adapt to ensure that appropriate accountability and ownership are taken of the applications, data, security and controls in the cloud. Steps should be taken to reduce the risk of shadow IT activity and ensure appropriate controls (e.g., license management and capacity monitoring) are established over the cloud environment.
To begin immediately, training and awareness exercises should be deployed to help embed the new ways of working. Where cultural shifts are required (e.g., moving to agile project management practices), these efforts shouldn’t be underestimated. Consideration should be given to the ongoing audits, regulatory (e.g., cross-border data sharing) and customer due diligence requirements within the new environment. Finally, policies and procedures should be reviewed and updated for core areas such as backup and disaster recovery, as well as change, service and vendor relationship management processes.