Winning the Journey to the Cloud

By Priya E. Abraham

According to global IT consulting services company Avanade, organisations will increasingly move from on-premises to cloud over the next three years. Infrastructure as a Service (IaaS) will increase from its current rate of 14% of all enterprise cloud solutions to 30% while Platform as a Service (PaaS) will increase from 8% to 25%. At this point, migration to the cloud is so popular that Amazon's cloud business is now the fifth-largest business software provider in the world.
But for enterprises and organisations in highly regulated industries such as banking, the benefits and costs combined with the immense pressure by the industry to jump on the cloud bandwagon are outweighed by the security challenges involved in migrating their customer's private data to the cloud.
Another less-talked about but much greater challenge exists in my opinion, however, of mindset. Organisations migrating to the cloud have a tendency to focus on the technical with complete disregard for the culture of the organisation. 

The Dark Side of the Cloud

Let's take a step back and review the traditional advantages of migration to the cloud: easy access to updates, scalability, significant reduction in time and cost,  automatic downloads, and process optimisation. Not to mention the consequences involved if enterprises choose to remain 'on premise': higher cost, lack of agility, and being perceived as lacking innovation.  
Then there’s the double-edged sword: in highly regulated industries, customers don’t trust organisations which move their data to the cloud. At the same time, agile customers demand fast and innovative services and don’t care if their data sits in the cloud or not.

How can the migration to the cloud satisfy both types of customer?
To answer this question, I would first pose the question: What do we mean when we talk about the importance of culture of an organisation? From my experience working with enterprises and startups, I would describe it as the human factor, a dynamic process created and recreated by interactions amongst and between employees and leaders and, specifically the trust between the different parties. Migrating to the cloud involves trust not only in interfacing data and employees but also trust between all of the employees within an organisation.
​
For example, the challenges related to trust in the journey to the cloud might include:

• violation of the confidentiality and integrity of the data
• security of the infrastructure and architecture
• non-compliance with a national or international regulatory body
• reputational risk in case of a data breach
• trust issues with the subcontractors
• bankruptcy of the provider

​Beyond the listed challenges, neglecting the necessary organisational transformation by not taking into consideration the mindset of the employees and management can cause massive delays, which in turn, result in an increase in cost and a huge risk to the reputation of the decision-makers. 

Ensuring a Successful Journey with Change Enablement

How do you ensure your organisation's successful journey to the cloud? The answer lies in change enablement, which essentially, is enabling your enterprise, its employees and management, to adapt their work behaviour in order to adopt new ways of working. ​

Many bank employees have privately lamented to me: "But we aren't allowed to migrate to the cloud." The reason for this is a lack of change enablement within the organisation which starts well before adopting new technology to your enterprise. Change enablement continuously assists your organisation by constantly defining more efficient ways of working and in proving the value the migration will bring to your team.  
For instance, if an organisation wanted to encourage the adoption of a new cloud service, it might first communicate the purpose and benefits of the cloud service to its employees and management through internal project marketing. It might then pursue training and further education with the people development team and only then develop an external communication strategy with the assistance of its marketing team. On the technical side, it would develop a Proof of Concept (PoC) which would outline the advantages of the migration to the technical team and gain buy-in from decision-makers.
To ensure success in adoption of any new cloud project, decision-makers must be organised and communicate their needs effectively with their team. Here is a quick preparation list for decision-makers to keep in mind when collaborating with the change specialist: 
​

• Sharpen the cloud strategy. Develop guiding principles for your enterprise IT cloud strategy. Analyse the key people involved in the journey across departments and support a common understanding of benefits from the cloud roadmap and support process to reach management buy-in.
• Engage the key people involved. Assign them as change agents that can disseminate the message in the organisation.
• Develop a common cloud glossary comprehensive for non-techies. It is important that everyone throughout the organisation can refer to the same terminology and speak the same language.
• Analyse the impact of the cloud strategy on existing job roles. Everyone on the team should be aware of what to expect.
• Describe potential skill gap. Develop an employee training plan to meet this gap. Identify relevant skills for future cloud operations.

​You can read more about how change management was an essential part of the journey to the cloud at Amazon Web Services. 

Understanding the Impact of Cloudification on Processes

Remember that at the end of the day, the technical IT project is merely the vehicle of your digitalisation journey. Before delving into the technical details needed to pursue the migration, you should develop a Proof of Concept (PoC). PoCs are typically implemented in one business unit or in one geographic region to illustrate the advantages of the journey in a low-risk way, to learn from the experience, and to gain the necessary buy-in from decision-makers as well as disseminate the message across the organisation.
Think of it as a way to harvest low-hanging fruits after the implementation of the project.
​
Here are two examples of PoCs:

Migration of documents and records management
The documents and records management landscape currently has multiple on-site implementations due to high latency, limited bandwidth and scaling issues. As a result, it limits the cross-company information-sharing and communication and creates issues with data synchronisations and application integration. The goal of migration is the reduction of on-site implementations (in other words, they want to "go server-less") and to improve business continuity provided through hosting across geographies. The PoC would illustrate how this is accomplished by leveraging the Microsoft Azure cloud platform and its services.

Migration of the CRM database
A strategic business unit of a bank wants to improve the customer relationship management through better customer care to increase customer retention and improve performance. The PoC includes research, examination, selection and implementation of a database solution. The selection of the cloud must comply with the regulatory body applicable for the financial service industry.
​
The PoC should include documentation on the impact of current processes and tools, describe the interfaces between IT functions, the impact on operations, governance and sourcing, and define the billing and cost distribution model. Providers must also present documentation that meets the industry standards. In contrast, most providers' platform-driven business models only offer high-level hyperlinked pieces of information on compliance required by the decision-makers in the legal departments of enterprises for a thumb-up to migrate to the cloud. In the highly regulated financial services industry FSI, for example, the fragmented style of presentation of much needed legal details is insufficient.

Cybersecurity + Privacy = Cybercapacity

Chief Information Security Officers, or CISOs, have often disclosed to me that many employees are even unaware if the software they use is hosted in the cloud or on premise. That’s a concern that spans issues involved in cybersecurity and privacy.

Although cybersecurity does interface, integrate and eventually overlap with other areas, it is important to understand that these blurred lines often lead to misunderstandings and end up reducing the attention cybersecurity requires. For example, the raised attention of the GDPR coming into effect at the time of this writing coincides with people working on becoming GDPR-compliant. Many times, organisations assign the cybersecurity method of multi-factor authentication to the GDPR.  We must keep in mind that cybersecurity isn’t the same as data protection, which is more concerned with privacy and how data is being used.

Migrating to the cloud requires that enterprises build capabilities to mitigate cyberrisk caused by human behaviour, as well as reducing opportunities for cybercriminals to exploit human weaknesses. Raised awareness of our own behaviours as well as our own superior cybersecurity and privacy should be an integral element of the workplace culture.
This includes a change in mindset on cybersecurity and on privacy – in essence the development of your organisation’s cybercapacity. You’ll need to analyse the skill gap, develop an employee training plan to meet this gap, and identify relevant skills for becoming cybercapable.

Transforming into a Cybercapable Organisation

Transformation of the workplace culture is vital for a successful journey to the cloud. It all starts with change enablement and empowering your employees to adopt new ways of working. Gaining buy-in from decision-makers through internal communications and a PoC is key. When your organisation is successful in empowering change in the culture, you’ll be able to enjoy the many benefits of cloud migration while minimising – if not fully eliminating – its dark side. 
​

Image: Pixabay CC0 Creative Commons by Atlantios