read

Establishing a Cloud Center of Excellence

By Charlie Cuddy

The Cloud is a Model...Not a Place

As more and more companies move workloads to the cloud, it is important to remember that the cloud is not a place, but rather a model. The cloud creates a new digital orientation for the entire organization, and it is vital to recognize it as not just a shift in terms of where data is stored, but a transformation of day-to-day IT operations and processes. This evolution of people, process, and technology to the cloud can be challenging. Finding the right tools and establishing a well thought out cloud strategy where “team members begin to identify themselves as a vital part of this new technology model” is essential to the success of any company's progression to the cloud.

From small changes such as establishing a cloud-based identity for your IT operations team that focuses and reinforces this new direction, to more systemic changes such as ensuring there is a blend of new, adjacent cloud skills on your teams, which supplement or replace existing roles can have a huge impact in business efficiency. As challenging as these changes may be initially, putting them off with the mindset that managing the cloud is no different than managing an on-premises datacenter will eventually catch up with the organization creating even more difficult issues down the road. To adopt the cloud effectively, it is important to be aware of (and adhere to) best practices as early as possible, establish a team of experts with a diverse background to leverage the advantages of the cloud, and create a clearly defined, central collaboration hub where all teams can work together, monitor, and scale your cloud securely and with purpose.

Collaboration in the Cloud

When implemented correctly, a Cloud Center of Excellence (CCOE) can be the driver of change across the enterprise, the focal point of transformation that is broad as well as deep. Clearly defined objectives for your CCOE allow your organization to take advantage of all the reasons for which you moved to the cloud in the first place; increased speed and business agility, freedom for your teams to securely make the best decisions for your organization, while paying only for what you use. The CCOE also ensures each plan is secure, is implemented properly, and adheres to industry standards (like CIS and NIST CSF) as appropriate. It doesn’t matter the size of your company, or the amount of spend you have in the cloud – it is never too early to start thinking about creating (or maturing) your Cloud Center of Excellence.

All three major hyperscale public cloud providers (Azure, AWS, GCP) have laid out clear plans on how to build a Cloud Center of Excellence through their Cloud Adoption Frameworks (CAF). These frameworks all speak to who should be a part of a CCOE, how to establish an appropriate process based on where you are currently at in your cloud journey, and why having a CCOE is so important to establishing business success in the cloud. Concisely, the team should be diverse, get complete support from leadership, create a precise and well-defined plan for the cloud, quantify progress, and identify drift, as well as have a plan in place to address misconfigurations. With on-premises data centers, companies typically have a gated process with discrete expertise to review changes prior to moving them to production. But the flexibility and speed of working in the cloud allows more users the ability to deploy – creating more opportunity for misconfiguration in production. Clearly, the advantages of the cloud do not come without risk. In a Smarter with Gartner post, the company states “Through 2025, 99% of cloud security failures will be the customer’s fault”.[1] A CCOE provides up-front vision, allows monitoring throughout, and drives communication and collaboration between teams in order to limit, and then address, those inevitable cloud security failures.

In that same post, Gartner goes on to state “CIOs can combat this by implementing and enforcing policies on cloud ownership, responsibility and risk acceptance. They should also be sure to follow a life cycle approach to cloud governance and put in place central management and monitoring plans to cover the inherent complexity of multicloud use.” When it comes to organizational collaboration in the Cloud Center of Excellence, and your organization as a whole, having the appropriate individuals in purposeful roles, and using innovative cloud-based tooling is what drives productive conversations rather than heated debates.

Ensuring the availability of appropriate resources for key contributors of your CCOE is a game changer as you shift to or scale up your cloud environments. It doesn't matter whether the CCOE is a “command and control” group of experts that customizes policies and authorizes deployments, is more of a “collaboration center” that oversees the day-to-day operations of teams and opens up communication, or is a hybrid of both – the important thing is that your CCOE has complete vision into cloud resources with appropriate tools to assist as needed. However, this precise vision also applies directly to where an organization plans to go, and specifically how they plan to get there. More importantly, when operations and applications begin to drift from this vision, there always needs to be a deep understanding of the overall security posture of the organization.

CCOE Goals, Implementation, and Best Practices

The main goal of a successful CCOE should be to make it easier for everyone in the organization to use cloud with one than it is without one by implementing best practices through clear and secure processes that discourage individuals from working around the guardrails in place. The CCOE, lending its unique and diverse expertise, acts as the bridge between departments - opening communication, providing pointed direction, and offering full-vision insights for delivering business success. Ultimately, this new, digitally-focused model must shift well beyond workloads moving to the cloud. Without a shift in day-to-day IT operations, newly defined roles, cloud-based tooling, and updated processes any move to the cloud is not only incomplete but can lead to heightened risk. However, once the right pieces are in place, and with the support of leadership, a successful Cloud Center of Excellence can become a force multiplier and the central hub, that enables your company to evolve and remain relevant in the cloud era.

Dig deeper into recent Gartner research on how to ensure long-term viability of I&O teams as the implementers of cloud strategy, with a complimentary copy of their report, Evolve Your Infrastructure and Operations Organization to Remain Relevant in the Cloud Era[2], available for a limited time.

 

[1] Smarter with Gartner, Is the Cloud Secure?, 10 October 2019
[2] Gartner, Evolve Your Infrastructure and Operations Organization to Remain Relevant in the Cloud Era, 6 February 2020, Craig Lowery

Tags: Cloud Security Posture Management, Cloud Governance, Cloud Security, Cloud Center of Excellence