“Cloud first” simply means when evaluating new IT requests, IT should default to secure, reliable, cost-effective cloud-based solutions if available. Sounds pretty reasonable,right? But, it has some unintended consequences.
For example, by requiring IT teams to evaluate cloud solutions, a cloud-first policy can drive awareness of cloud. And, since cloud isn’t for everyone, it can also show what not to put into the cloud. Any requirement that’s too specialized or has very stringent security requirements probably shouldn’t be moved to a public cloud.
By giving priority to web-based applications and services, leadership is also being fiscally responsible. By this time, most realize that cloud can deliver dramatic cost, agility, and innovation benefits when used correctly—exactly what a cloud-first policy wants to encourage.
Finally, a cloud-first policy helps line of business managers—many of who are IT novices—make better decisions. By bringing cloud front and center, there is no longer any reason for a business manager to “make the wrong choice” and sign up for possibly wrong services or put enterprise information in jeopardy due to security problems.
What might a cloud-first policy look like? It should be simple, like the one I stated in the opening of this post: when evaluating new IT requests, IT should default to secure, reliable, cost-effective cloud-based solutions if available.
This effort will almost immediately uncover missing organizational capabilities. For example, how can one determine reliably if a cloud provider is secure if one has no method to gauge the impact of data confidentiality, integrity, and availability? Our history of focusing on “99.99% uptime” is necessary but insufficient to gauge cloud computing risks.
We all know that a policy alone isn’t enough to encourage change, especially of this magnitude. So the policy needs to be stated and managed. Three core organizational tasks can help drive the policy:
- Make it known that this is important at the C-level. Require the cloud-first policy to be part of individual development plans and employee goals. Tying policy to career is usually a good way to make it happen.
- Fund the learning and experimentation that it takes to develop the capacity to make good cloud computing decisions. Incorporate dates by which initial teams and procedures must be completed. Name applications for analysis, set targets for decisions, and remember to properly fund these initiatives.
- Highlight wins and teams’ decision making. Note that a “win” might simply be helping to avoid a catastrophe by not moving a particular business function or application to a public cloud provider. Encourage dialog between teams in IT and the business about making the right decision.