Chapter 1
What does it mean to be cloud-enabled?
To pave the way for new business models, CIOs need to rethink how they build applications.
The drive to maximize IT agility to support new business requirements, while holding down costs, is leading many CIOs to reimagine their core IT infrastructure. Many are choosing a hybrid approach that integrates on-premise with cloud-based resources.
This approach gives them the best of both worlds — operational continuity on the one hand, and an affordable way to rapidly scale and absorb new workloads on the other. Integrating their data centers with a service provider, however, should only be regarded as the first step in a cloud-ward journey.
To take full advantage of the cloud’s potential, an enterprise must become fully cloud-enabled. And this means going native — cloud native, that is.
From EY’s perspective, cloud-native applications are the inverse of all of the above. Tightly integrated collections of cloud-based microservices can sidestep component failures to provide resiliency and scale easily when workloads change. Application components can be reused, mixed and matched to speed development, and their inherent flexibility makes them much easier to deploy.
Such applications can be written in any programming language and make use of any technology stack. And since different microservices can be developed with different technologies, this opens the door for TMT companies to quickly adopt the most current technologies.
When traditionally architected applications are ported to the cloud, they don’t run any differently than they did in their original environment, and all of their limitations and drawbacks remain in place. To maximize the benefits and realize the cloud’s full potential, TMT companies need to adopt new, cloud-native application architectures supported by new, agile models of development.
A recent report by IT market forecaster Forrester sums all this up nicely. “In 2019,” the report’s author Dave Bartoletti writes, “cloud computing will firmly establish itself as the foundation of tomorrow’s enterprise application platforms. It’s the best way to create the compelling software experiences that your customers demand and your competitors fear.”²
As these trends gather momentum, here are some important questions for TMT business leaders to ponder:
- Is your business as agile and resilient as the marketplace demands? And if not, how are you confronting this challenge?
- Are you taking advantage of the hybrid-cloud model to rapidly provide all the network capacity and scalability that your applications need?
- Have you taken this a step further and embraced agile development, microservices and cloud nativity — or are you still caught up in releasing software changes once every six months?
Chapter 2
Security and trust in a cloud environment
Many assets need protecting. The most important are the bonds businesses have with their customers.
But can the cloud be trusted?
Worldwide, spending on security-related hardware, software and services is forecast to reach US $103.1 billion in 2019 — an increase of nearly 10% over 2018. The telecommunications industry alone will spend over $6 billion this year to guard against online incursions.³ Yet at the same time, 66% of IT professionals say security remains their most important concern around their cloud-computing strategy.⁴
This reflects a widespread prejudice among IT professionals that on-premise data centers — because they’re more directly under an enterprise’s control — are more secure, more compliant and therefore more trustworthy than cloud-based operations. But is this true?
Cloud-computing security
66%Percentage of IT professionals who say security remains their most important concern around their cloud-computing strategy.
Although many aspects of security are the same for cloud environments — be they public, private or hybrid — as they are for on-premise data centers, the cloud is highly interconnected. This makes it easier for traffic to bypass traditional perimeter defenses.
“Preventing unauthorized access in the cloud requires a shift to a more data-centric approach,” says Amr Ahmed, Managing Director, IT Advisory and Technology Transformation at EY. “It’s one that relies more on safeguards such as encryption, two-factor authorization and multilayer security.”
Moreover, since virtually everything in the cloud is virtualized, security is more software- than hardware-driven. This has pros as well as cons. Among the positives are that cloud security is heavily automated and dynamic. “The parameters can be changed nearly instantaneously in response to new threats and changing circumstances,” according to Ahmed.
A potential negative is that it is possible to access every cloud process from a single control console, and if users fail to secure their console properly, they can pay a heavy price. Although the default settings provided by most service providers are designed to keep data private, there are numerous instances where configuration errors on the part of customers have exposed their data to the world. Perhaps the most infamous occurred in 2017, when National Security Agency operatives misconfigured their cloud-security settings, giving the world an unwelcome view of a secret US intelligence-collection program.
To remain viable in an unrelentingly dynamic market, today’s TMT companies must strive to become tomorrow’s adaptive digital enterprises. In the process, they need to embrace the cloud as a primary enabler of new product development and accelerated time-to-market.
From EY’s point of view, bonds of trust with customers take years to build, but failing to safeguard their data and privacy can destroy them very quickly. Yet this threat is just as prevalent in on-premise data centers as it is in the cloud.
The risks posed by cloud computing are somewhat different, and these must be recognized and properly managed. But the biggest risk is letting misplaced fears over security vulnerabilities deter a business from capitalizing on the competitive advantages that the cloud offers.
With the cloud posing new security challenges, TMT leaders would be wise to consider:
- Has your security strategy evolved to address the different threat profiles posed by the cloud? Have you developed an encompassing security architecture that establishes the necessary requirements and controls for a cloud environment?
- Are you providing the requisite support for your solution architects and developers? Do they have access to the tools they need to provide effective security controls for your cloud deployments? Have they embraced the security development operational mindset, commonly known as DevSecOps, that everyone is responsible for security?
- As part of your cloud-security governance procedures, do you routinely identify, locate and protect the high-value assets that you store in the cloud?
Chapter 3
Digital transformation and the cloud
Cloud computing is already disrupting the TMT sector. But the full extent of its impact has yet to be felt.
“No-one knows where the cloud journey will end,” observes EY’s Greg Cudahy, “but it’s now widely accepted that the cloud paradigm will give TMT companies the means to accomplish things that were previously considered impossible. To remain successful, these companies must rapidly respond to constantly evolving customer expectations. And the only way for them to do this is through the cloud.”
TMT companies that are leveraging the cloud to achieve digital transformation are reporting rapid growth and greatly improved efficiencies. When, for example, the quality of its online video games fell behind those of its rivals, a well-known game-streaming service rolled out an innovative cloud-based service that guaranteed its gamers a sub-35-millisecond response time.
Likewise, when a major cable and internet-service provider wanted to upgrade its flagship video product, it turned to the cloud. The hybrid service it utilized provided both the scale and security the company required to deploy new features several times a week instead of once a year.
EY advisors believe that the cloud paradigm will help transform TMT companies by greatly accelerating their ability to roll out new products, gauge their customers’ responses and make rapid-fire adjustments. And by applying cloud-based analytics to all the user data that they generate, these companies will gain far greater insights into their customers’ behavior than was ever before possible.
But to accomplish these ends, porting an application to the cloud will no longer be the relatively simple “lift and shift” procedure it has largely been until now. Designing, deploying and securing applications that can be offered as services requires a new agile mindset, along with a cloud-based development model that makes it feasible to modify, track and protect the hundreds of moving parts on which these applications depend.
However, while the complexities will increase, so will the payoffs, as service-centric applications become the basis for new subscription and pay-per-use business models. Such models open the door to new sources of recurring revenue and — by migrating all of its operations to the cloud — enable the entire business to run that much faster.
This reality is beginning to hit home. “Five years ago,” says EY’s Cudahy, “only the most progressive boards would engage in discussions about cloud computing. Today, the cloud is a regular topic on board-meeting agendas at companies of all shapes and sizes. Rather than a cost to the business,” he adds, “It’s now seen as a revenue generator and enabler of innovation.”
No-one knows where the journey will end, but the cloud paradigm will let TMT companies accomplish things that were previously considered impossible.
From a strategic standpoint, EY encourages TMT leaders to reflect on the following:
- Is your current cloud strategy helping or hindering the pace of your digital transformation at your company?
- Is your cloud strategy solely geared toward improving operational efficiencies, or does it also provide you with the necessary flexibility to pilot and tailor new business capabilities and allow for immediate scale?
What role does the cloud play in helping you respond to market demands? Are you really taking advantage of the cloud’s resiliency and flexibility to deliver the optimum customer experience?
Summary
Leading TMT players have already moved key applications to the cloud and are reaping the benefits. The most forward-looking are going further and using the cloud to re-envision how they roll out new products and respond more rapidly to customer demand.
TMT companies that cling to a traditional, application-centric development model will fail to keep pace with today’s unrelentingly dynamic markets. Only by fully leveraging the cloud can a TMT company achieve the speed and agility it needs to sustain a long-term competitive advantage.