The future of IT is in the cloud. More and more companies adopt PaaS solutions to lower their costs and streamline their operations. But what does the cloud mean in practice? How will it affect your business? There are three main changes you need to prepare for before adopting PaaS solutions - and here's advice on how to deal with them.
The technology landscape is changing ever faster
Cloud technologies, whether you like it or not, are already altering the world around us. The transformation opportunity that now lies ahead might be a great journey towards easier operations and lower running costs. However, it is not without its challenges. The journey may not be as trouble-free as the leading technology providers tend to advertise. This is particularly true of the sophisticated world of PaaS (Platform-as-a-Service) which is kind of like Lego – it's no fun if you don't try hard enough to put it together. With each paradigm change opportunity, comes a challenge. Here, it lies where we can sometimes get stuck for years – in our ways of doing things. We tend to evaluate new concepts based on past knowledge and experiences. Given the new reality, it will not lead us very far. Einstein used to say that we cannot solve new problems with the same thinking we had when we created them, and this is exactly the case right now.
Is the cloud cost-effective?
The first question each business person will probably ask – what's the price? The problem with cost is that we are used to buying bulks of countable things, such as licenses or hardware. We then add a bunch of services – per-server management cost, per-CPU performance increase, per-hour engineering work – and so on. The nice thing about it (setting aside the fact it has to be paid) is that it's easy to calculate the cost. But now, when everything is a subscription-based service, it's not that easy anymore. Of course, when you are more into SaaS (Software-as-a-Service, the kind of software you can take and use off the shelf) solutions like Office 365, you usually think subscription = number of users using it per month / year, and then it's still quite easy. However, PaaS is not about users – it is about usage. It sounds similar but is vastly different. When buying platform services, you pay for the use. What does it mean? Enter the best-for-all-occasions consultant's response: it depends.
Paying for usage
For some services it may be up-time minutes, for others – compute units (CU) time or performance level tier. Pretty vague definitions and the fact that they are usually valued in micro-dollars (fractions of a dollar) and per-minute use, don't help in getting a grasp of what's going on cost-wise. The challenge boils down to one simple question: how much am I going to pay? And the most honest answer to this is: who knows…You can estimate how much it is with some probability, but you can never be sure of what the bill will be. This is because once you get into PaaS, you will keep changing things, adjusting capabilities or introducing new services. And you will do that constantly, just because you can, with ease which has never been possible before!
So, what do I do?
One nice suggestion which I recently heard, is that you shouldn't actually care. It is still going to cost you less than if you had to put up servers for hosting similar services to the ones you've had before. And I guess this is the best conclusion to stick to.
OK, but how will I make sure my budget ends meet?
The best advice is to observe and adjust service levels on the go and keep track of your weekly / monthly use. If you don't plan to dramatically change what you have, you should be able to keep your weekly / monthly spending at a similar level going forward. Of course, set some budget aside in case your users like the cloud too much and start using it more than you'd expect.
How to take care of cloud operations?
Another interesting topic is operations which are kind of mythical within the industry. The myth relates to the entire cloud story. The belief is that there are no operations in PaaS and SaaS cloud models, because there are no servers. It is, of course, a false assumption. There are still plenty of things to do, even for a cloud-based solution. Of course, you won't be doing what the operations teams have been doing for ages (and charged you per-server for). This includes patches / updates, backups, service restarts, infrastructure monitoring, performance optimisations etc. Still, many things remain:
- Monitoring – not on the platform level, but on the solution level. You still want to ensure that whatever you're building works fine
- Accesscontrol – who has access where, how you secure your data and how you integrate with external companies and identity providers… You still need to manage all this, now more than ever, as the capabilities extend far beyond your local Active Directory
- Backup – not all cloud services have built-in backup capabilities. You'll need to pay some attention to more advanced data storage technologies
- Restore – backups are done automatically but restores, of course, are not
- Geo-optimisation of services – the cloud enables you to provide your online services globally with ease, but doing that efficiently requires proper planning
- Automation – more and more administrative tasks require scripting rather than 'clicking' skills, and with cloud services, it's no different. For agility in services management, automation is key.
Considering the conceptual change happening to operations, a new DevOps approach has appeared and it has been in the air for some time now. Adopting PaaS solutions requires a change in the way we think about operations. They now shift more towards development teams, because no strong infrastructure skills are required anymore. Also, the whole support / operations cycle is shorter when a team that delivered the solution is also included in or even responsible for its operations. This allows for blending the solution development with deployment cycles. It should result in faster time-to-market and more flexibility than the traditional models of application lifecycle management used to have. Operational procedures and service management catalogs existing in most companies will now be outdated, as most of the "traditional" IT system tasks will no longer be done. Which also means that new ones will appear.
How to keep the cloud secure?
Companies used to hide their precious data assets behind countless firewalls, gateways and VPNs in their securely managed data centers. However, outdated security policies will become a problem for many companies. We are experiencing a boom of data resulting in countless huge data sources available on the internet. Additionally, the cloud by definition is internet-facing, so data protection is very important. Thus, outdated security may hinder the process of adopting cloud technologies and winning new business opportunities with the broader use of data. That information could bring even more value when enriched with what's available on the internet.
A new perspective
Therefore, to secure what is often the most valuable asset also requires inventing new approaches. No longer is cutting off the external world a way to secure what you own. You must focus more on:
- Better identity lifecycle policies – in the dynamic world we live in today, many companies cooperate with customers, vendors, consultants and so on. They all need access to certain data to be able to work efficiently or to have proper services available. It is essential to manage these identities properly, especially because often they are not owned by the company itself, but come from external parties
- Stronger access control management – with data "flying around" across apps, services, APIs and data stores, it's more challenging than ever to have proper control over who can access which data. Especially because the same information can now easily reside in many places
- Data handling process – since data flows around the internet rather than a tightly controlled company's internal network, the way it is processed and transferred from place to place, and is accessible to APIs and applications, is becoming more important. Proper protocols, governance, means of encryption and authentication must be in place to ensure that data is not leaking anywhere.
Luckily, cloud technologies also bring new ways of security monitoring. They incorporate the latest inventions from the machine learning area, such as advanced threat analytics. This feature can heuristically identify suspicious behaviors and diagnose security problems. Yet again, we must put increased focus on a security strategy to close the gap between closed company environments and open internet ecosystem.
Into the cloud
The industry these days is filled with cloud solutions, offering, services and cloud-you-name-it concepts. Thanks to it all, the digital transformation is happening, and it is more significant than anything we could have experienced a few years ago. Any company really wanting to become more competitive with the use of IT should invest in cloud solutions. That's an undeniable fact these days, and the reasons are plenty. But it's also important to remember that the cloud doesn't solve all problems. We must still make the effort to utilise it in a proper manner. I've based these divagations on hours of discussions with the clients. Because of these conversations I believe others will face these challenges too, if they haven't already. If you need help with forming a strategy around your company entering cloud services, contact us and we will provide the guidance!