Vivek Kundra’s decision framework for cloud migration

In my last blog, a cloud of two speeds, I mentioned Vivek Kundra’s very readable cloud strategy and the industry stimulus effect this approach can have on the emerging cloud industry. By presenting his strategy not simply as a way to cut costs and reduce budgets, but as a way to get more value from existing IT investments, he enlisted IT as an ally to his plans, instead of a potential opponent. Section two of the strategy is a pragmatic 3 step approach and checklist for migrating services to the cloud which can also be valuable for organizations outside the government and outside North America. 

The following is a short summary of this “Decision framework for cloud migration”.

A set of principles and considerations for each of these three major migration steps is presented below.

Two dimensions can help plan cloud migrations: Value and Readiness.

The Value dimension captures cloud benefits in three areas: efficiency, agility, and innovation.

The Readiness dimension captures the ability for the IT service to move to the cloud in the near-term. Security, service and market characteristics, organisation readiness, and lifecycle stage are key considerations.

Services with relatively high value and readiness are strong candidates to move to the cloud first.

Efficiency: Efficiency gains come in many forms. Services that have relatively high per-user costs, have low utilization rates, are expensive to maintain and upgrade, or are fragmented should receive a higher priority.

Agility: Prioritize existing services with long lead times to upgrade or increase / decrease capacity, and services urgently needing to compress delivery timelines. Deprioritize services that are not sensitive to demand fluctuations, are easy to upgrade or unlikely to need upgrades.

Innovation: Compare your current services to external offerings and review current customer satisfaction scores, usage trends, and functionality to prioritize innovation targets.

In addition to potential value, decisions need to take into account potential risks by carefully considering the readiness of potential providers against needs such as security requirements, service and marketplace characteristics, application readiness, organisation readiness, and stage in the technology lifecycle.

Both for value and risk, organizations need to weigh these against their individual needs and profiles.

Security Requirements include: regulatory compliance; Data characteristics; Privacy and confidentiality; Data Integrity; Data controls and access policies; Governance to ensure providers are sufficiently transparent, have adequate security and management controls, and provide the information necessary

Service characteristics include interoperability, availability, performance, performance measurement approaches, reliability, scalability, portability, vendor reliability, and architectural compatibility. Storing information in the cloud requires technical mechanism to achieve compliance, has to support relevant safeguards and retrieval functions, also in the context of a provider termination. Continuity of Operations can be a driving requirement.

Market Characteristics: What is the cloud market competitive landscape and maturity, is it not dominated by a small number of players, is there a demonstrated capability to move services from one provider to another and are technical standards – which reduce the risk of vendor lock-in – available.

Network infrastructure, application and data readiness: Can the network infrastructure support the demand for higher bandwidth and is there sufficient redundancy for mission critical applications. Are existing legacy application and data suitable to either migrate (i.e., rehost) or be replaced by a cloud service. Prioritize applications with clearly understood and documented interfaces and business rules over less documented legacy applications with a high risk of “breakage”.

Organisation readiness: is the area targeted to migrate services to the cloud pragmatically ready: are capable and reliable managers with the ability to negotiate appropriate SLAs, relevant technical experience, and supportive change management cultures in place?

Technology lifecycle: where are the technology services (and the underlying computing assets) in their lifecycle. Prioritize services nearing a refresh.

Rethink processes as provisioning services rather than contracting assets. State contracts in terms of quality of service fulfillment not traditional asset measures such as number of servers or network bandwidth. Think through opportunities to :

Aggregate demand: Pool purchasing power by aggregating demand before migrating to the cloud.

Integrate services: Ensure provided IT services are effectively integrated into the wider application portfolio. Evaluate architectural compatibility and maintain interoperable as services evolve within the portfolio. Adjust business processes, such as support procedures, where needed.

Contract effectively: Contract for success by minimizing the risk of vendor lock-in, ensure portability and encourage competition among providers. Include explicit service level agreements (SLAs) with metrics for security (including third party assessments), continuity of operations, and service quality for individual needs.

Realize value: take steps during migration to ensure the expected value. Shut down or repurpose legacy applications, servers and data centers. Retrain and re-deployed staff to higher-value activities.

Shift mindset: re-orient the focus of all parties involved to think of services rather than assets. Move towards output metrics (e.g., SLAs) rather than input metrics (e.g., number of servers).

Actively monitor: actively track SLAs and hold vendors accountable, stay ahead of emerging security threats and incorporate business user feedback into evaluation processes. And track usage rates to ensure charges do not exceed funded amounts  “Instrument” key points on the network to measure performance of cloud service providers so service managers can better judge where performance bottlenecks arise.