Organisations are continually looking for ways to reduce the time and cost of managing their IT so they can focus on new initiatives to develop their business, not spend time updating user desktops or managing aging servers. Is cloud the solution, able to provide what outsourcing promised but ultimately failed to deliver?
It’s tempting to think so, as cloud enables organisations to eliminate much of their in-house infrastructure and buy IT services on a ‘pay-as-you-go’ basis. It has certainly enabled many to keep working through the pandemic by delivering services to staff working from home. However, there is more to running IT successfully than simply consuming applications from the cloud. While cloud is likely to be part of the solution, it is not yet the whole picture for most organisations.
Some IT services are not yet cloud ready
The ‘promised land’ is a world envisioned by cloud evangelists (a.k.a. vendor sales staff) where there is a suitable SaaS offering for every operational requirement in every market sector, enabling IT to become a utility.
We can simply choose whatever services we need from a web portal, configure them to meet our specific organisational requirements, and consume them as we choose. However, apart from some common services such as CRM, email, file storage and ITSM (IT Service Management), there aren’t yet SaaS options for every specific industry, niche and complex requirement. There are three key hurdles to overcome.
First, while cloud enables individual services to be obtained in a modular way, almost all organisations will require multiple services to replace their internal IT services, so will still require the capabilities to knit them together and provide an integrated solution to its users, as well as the ability to innovate and adapt as needs change. This can be a particular challenge for mid-sized organisations, which typically have the skills to manage their day-to-day operations but need external help to deliver change –and with expectation that with cloud ‘it’s easy’, these changes will come more frequently, with the expectation they are delivered faster.
Unless there is a suitable SaaS offering available, with IaaS and PaaS application security and patching remain an in-house responsibility, and for IaaS add design, configuration and ongoing management to the list. Even with SaaS, integration, authentication and data transfer must be handled in-house. And of course, cloud providers – and their bills! – need to be monitored and managed. It will be some time before business IT services become a utility that we buy like electricity or water.
Second, it may not make commercial or operational sense to move many legacy applications to the cloud. This includes bespoke applications developed in-house, those which have been customised to organisational needs and others which depend on older versions of other applications, for example if they are hosted on an older or proprietary database. Most organisations we speak to have at least one business-critical application in these categories.
Finally, simply ‘lifting and shifting’ existing applications into public cloud IaaS will not improve performance, reduce complexity or deliver digital transformation, in the same way that outsourcing did not provide an improved IT service because you simply handed your existing infrastructure, warts and all, to a third party to run, hopefully for slightly less than you believed it was costing you, and in the hope, rarely realised, that the outsourcer would significantly improve it. They were generally willing to provide improvements, but with a big bill, over and above the contract price, attached. Unless contractually mandated there was no optimisation or improvement, simply a transfer of equipment and responsibility.
Unless an organisation first changes how it does things, it will continue to carry out the same processes in the same way, even if services are provided by a different supplier. Whilst IaaS gives you the hardware and the hypervisor, you still bear responsibility for connectivity, OS and application configuration, monitoring, management, security, licensing and support.
‘As a service’ does not have to mean cloud
Another option is ‘IT as a Service’ (ITaaS), in which organisations contract a third party to optimise and provide a managed solution for either a discrete service or an entire IT environment on an as-needed, pay-as-you-go basis. Unlike other ‘as a Service’ options, it is not necessarily cloud based, although services can and often are provisioned from cloud environments.
However, like cloud, it enables an organisation to consume services on an as-needed, pay-as-you-go basis, thus providing limitless capacity, almost total flexibility and increased efficiency. And, also like cloud, it frees up in-house time and resources for strategic projects – particularly useful for mid-sized organisations, where some 80 percent of IT resources are spent on managing the current infrastructure and firefighting.
It’s important to note that ITaaS is not the same as outsourcing. With outsourcing, the existing service was simply handed to a third party. To successfully provide something ‘as a service’, whether through cloud or other means, it first needs to be reviewed to ensure it matches the organisation’s vision of the future. It should be aligned with business needs and optimised to ensure that it is fit for purpose, before being delivered through whichever means is most appropriate. Based on our experience, there are three main points to consider.
1. Define a clear vision and align IT with business needs
Any IT change programme should begin with a compelling event that requires the organisation to change what it currently does. This could be the end of an unsatisfactory supplier contract, the desire for digital transformation, the need to upgrade key applications or replace core infrastructure or difficulties with the current IT environment.
Currently, it could well be coping with the impact of COVID on your organisation and the changing business priorities that it is bringing. There should be a clear vision of what success looks like and a plan for how to achieve it. We’ve completed hundreds of major IT infrastructure improvements and cloud migrations; the vast majority have achieved the expected benefits or savings.
Analysis shows that where desired outcomes were not achieved, this was primarily because stakeholders had misaligned expectations of what a successful outcome would be, which is why ensuring clear, agreed and documented shared outcomes between all stakeholders it is one of the key elements defined in the initiation process.
Once the vision is clear, organisations need to review existing applications and services against business needs – a business and IT alignment review. This will define the service levels required for the key operational processes that IT supports, with a full understanding of the cost, performance and availability implications.
Organisations can then decide which applications can usefully be provided via cloud or another ‘as a service’ (aaS) solution, and which, if any, to retain in-house. Each organisation will have different requirements; there is no one size fits all solution. The final element of the definition phase is to work with the organisation to embed this vision into a clear, compelling and easily understood business plan that will be accepted and signed off by your organisation to deliver the promised benefits.
2. Rearchitect and optimise your services
Once the plan had been accepted by your business, the key stage is delivering it. The plan could be anything from upgrades to a couple of internal systems to a complete transformation of the organisations business processes, core applications and migration onto a new infrastructure. Whatever it consists of, it’s not just a technology change; it will also potentially change existing policies and processes; it will almost certainly need new skills to your organisation to implement it; and once installed it will need ongoing monitoring, management, updates and security.
When using cloud services, organisations need to align their processes with those of their chosen cloud provider, as it is unlikely that a provider will change its processes to suit a customer. For the major public cloud providers, accessing human support is a challenge in itself! All these elements will need to be included, and good outcomes delivered to ensure you deliver the benefits your organisation is expecting. Also, you have one opportunity to do this successfully, and the consequences of not delivering could be detrimental to your reputation and possibly your career.
If you choose ITaaS, this is exactly the expertise and experience the third party will provide, to speed up the process and ensure the right result is provided.
3. Decide how much support you need
Different types of service require different levels of support. Take security – with SaaS, the provider is responsible for overall security of the service, and the user only has to handle authentication to the service and data transfer between service providers. The organisation is basically a passenger and outside of configuring and using the application the customer’s main responsibility is ensuring performance matches the agreed SLA and analysing invoices.
With IaaS, the user is responsible for securing access to the instance(s) and everything inside them plus security of integration between instances, unless they ask the provider or a third party to do it for them. Customer and provider share a common level of risk, defined by the shared responsibility model and organisations need to ensure they configure the set-up correctly. With ITaaS, the provider handles all aspects of security, irrespective of the platform or provider, along with all aspects of service delivery and support. It is up to each organisation to decide how much day-to-day management they want to handle themselves and use the ITaaS providers services to cover the elements they can’t provide internally.
For most organisations, the optimum solution is likely to be a hybrid. For example, a medium-sized organisation we worked had outsourced all its IT in a virtual hosting environment, but without any contractual flexibility to adapt their services. After several years, this was constraining its development and growth, the contracted organisation had been taken over twice since the contract started and there were problems with both the providers reliability and flexibility.
The organisation decided to take back control and wanted to move as many services as possible into public cloud SaaS. However, it relied on several legacy applications for which there were no suitable SaaS services available, and after analysis we concluded it did not make any sense to migrate them as is into public cloud.
For these, it chose ITaaS, providing flexibility and a pay as you go model for the legacy applications, whilst they work on the replacement of the legacy application with SaaS services that meet their requirements, but without the impending deadlines they had under their previous contract. The applications are now running on up-to-date hardware, with security and patching managed and performance measured against agreed SLAs, enabling the in-house IT team to focus on the eventual replacement of the core applications and developing new digital services that will be enabled by the new applications.