As service providers transform how they deliver services to organizations, the cloud has become an inevitable part of the delivery. However, many employers still prefer on-premise-based solutions versus cloud-based solutions.
In most cases, this is a result of: challenges around contracting for cloud services, the perception of cloud’s security, and the readiness of the organization to adopt and manage cloud services.
But the majority of software as a service (SaaS) providers are actively moving applications to cloud-based platforms, so it’s not a matter of if it will happen, but when.
This is forcing employers to adopt cloud-based solutions irrelevant of the organization’s readiness to adopt and govern them. While the major legacy enterprise resource planning (ERP) providers have legacy on-premise code base they support, their strategic direction is to move clients to the cloud in order to reduce costs and bring new capabilities to market more quickly.
Legal and procurement issues
As organizations begin their journey to the cloud, one of the early areas they will need to address is the contracting of cloud services. Many organizations’ legal and procurement teams are unfamiliar with the nuances of contracting when it comes to the cloud and will need to hone their skills in this area.
One of the key concepts of cloud contracting is the limited ability to change the contracts for cloud services. The majority of cloud providers present very few options to amend cloud contracts, with a “take it or leave it” approach.
Legal and procurement need to have a strong understanding of how to contract in the cloud and, more importantly, how they become a partner with the business in order to understand and mitigate cloud contracting elements such as penalty frameworks and indemnity, which are limited in the context of cloud-based solutions.
The next major area of focus is securing the platform and data within the cloud.
There continues to be a misnomer that cloud solutions are not yet secure. In reality, cloud providers continue to invest millions of dollars annually to stay on top of security advances and capabilities. Major cloud platform providers offer employers the tools and technologies needed to effectively secure their environments.
It is said that people can have the most expensive home security system in the world, but if they leave the front door open, criminals will come in. On that note, the majority of employer breaches announced in the press have been because of a failure to adhere to best practices for cloud security, thus exposing organizations’ data or assets.
Building a strong cloud-security competency at an organization, or outsourcing this capability to a specialized third-party provider, can help to mitigate this risk.
However, even if the cloud-based solution is fully outsourced, employers will still need to address the skills and organizational changes needed to adopt, manage and govern the cloud.
Key focus areas for many organizations should include:
Procurement and legal: Cloud procurement and contracting is fundamentally different and requires organizations to train and educate their legal teams on these processes. In some cases, organizations have developed specific business units to solely manage cloud legal and procurement.
Governance: Developing a cloud governance model to manage and control the adoption and ongoing use of cloud services is key to success. Unfortunately, many organizations have bypassed this activity and it has led to challenges such as spend issues within the cloud or shadow IT (such as business leveraging the cloud without the correct oversight from IT). The key is to make the governance processes flexible enough to encourage innovation, while having the right gate checks and controls to manage risk to the business.
Security: This is about enhancing existing security capabilities to include skills and processes around securing cloud-based workloads, and managing providers that are delivering cloud security services. This is a highly specialized area of the cloud journey and many employers are now leveraging outsourced cybersecurity firms to deliver such capabilities.
Vendor management: As resources move from legacy support roles into newer cloud-based roles, the ability to proactively manage the ecosystem of cloud-based vendors will be important. Building this skill set doesn’t happen overnight but it is critical to the successful adoption of cloud-based services moving forward.
Moving business and outsourced processes to the cloud is inevitable. Readying an organization to leverage cloud-based outsourced services requires them to rethink how they procure and consume cloud-based services.
It’s estimated 86 per cent of organizations globally will embrace a multi-vendor cloud ecosystem across SaaS, PaaS (platform as a service) and IaaS (infrastructure as a service), according to a 2018 survey by Virtustream and Forrester Consulting.
So, the question at hand is: How does an employer drive synergies across multiple cloud providers, enable innovation, and simultaneously manage risk?
Don’t be afraid — embrace the transition to the cloud. Organizations are driving significant benefits from the consumption of cloud services and it’s only a matter of time before most employers are “in the cloud.”
David Brassor is a director and national cloud and infrastructure leader at Deloitte Canada in Toronto. He can be reached at email@example.com or for more information, visit www.deloitte.ca.
Top 5 reasons why companies outsource
• to cut costs (59 per cent)
• to focus on core business (57 per cent)
• to solve capacity issues (47 per cent)
• to enhance service quality (31 per cent)
• it’s critical to business needs (28 per cent).
Source: Deloitte’s 2016 Global Outsourcing Survey
© Copyright Canadian HR Reporter, Thomson Reuters Canada Limited. All rights reserved.