Bill Clerico, IBM Cloud Advisor and IBM Cloud Solution Architect, is one of the presenters at the IBM sponsored SAP in the Cloud seminar series where he has led a session "Migrating to the Cloud: Critical Questions You Need to Answer." SAPinsider caught up with Bill after a recent session to ask him to provide answers to some of those critical questions. Bill covers a wide range of cloud considerations in this podcast, including:
- Four main strategy tenets for a successful hybrid cloud deployment
- Coping with the business and cultural changes that a shift to the cloud can bring
- The importance of following a well-designed reference architecture
- How to determine which workloads will transition well to a cloud model
Listen to the podcast, and read the transcript of the conversation here:
Ken Murphy, SAPinsider: Hi, this is Ken Murphy with SAPinsider and today I am pleased to be joined on this podcast by Bill Clerico, who is an IBM Cloud Advisor and Cloud Solution Architect for IBM. Bill is one of the featured speakers at the SAP in the Cloud Forums which are held all over the country, and he’s presenting a session titled “Migrating to the Cloud: Critical Questions You Need to Answer.” Bill, thanks for joining us today.
Bill Clerico, IBM: Thanks for having me Ken. I really appreciate it.
Ken: I was hoping we could clarify what some of those answers to those critical questions are here on this podcast. So migrating to the cloud, there are a lot of questions that people have, I was hoping we could start with why hybrid? Most companies are using hybrid cloud with the intention of gaining a competitive advantage. Maybe address what the value is of a hybrid deployment and maybe touch on one or two of the key ways it helps drive that competitive advantage.
Bill: Absolutely, and thanks for that question Ken. So, hybrid cloud represents the intersection between what we call classic or traditional IT and this emerging consumption-based business model known as cloud computing. So it allows enterprises the flexibility to acquire lots of different technical resources on an as-needed basis so if you consider a retailer or a package delivery service it typically has to deal with high-business demand during maybe a peak holiday season. In that sense, in a traditional model these enterprises have to build out their technical infrastructure based on the peak season demands but then that infrastructure sits idle for the rest of the year not doing anything during these non-peak times. So using a hybrid cloud model these enterprises can build out their needed infrastructure based on their day-to-day steady state needs and then burst to the cloud to lease the extra capacity they need to live through the peaks. IBM has many clients currently using this exact model to gain those cost efficiencies throughout the year. But there’s also many other types of workloads that can benefit from this approach: high-performance computing where you have a lot of burst need or where you have a lot of demand in a short period of time, big data analytics where you’re doing a lot of processing over a short period of time. And also for SAP workloads we see a lot of clients that are using a hybrid cloud approach for development, test, and training but also for running production of their SAP instances in hosted services and hosted cloud services that provide more than just infrastructure.
IBM has a hybrid cloud strategy that delivers value to enterprises in several ways, and we break it down into these four simple strategy tenets. The first one is choice with consistency; so cloud provides this very large spectrum of choices because essentially one size does not fit all, enterprises have these large portfolios of applications they need a variety of infrastructure and deployment models and need a lot of different options, so we provide a portfolio of offerings to meet these needs, all of which we call open by design. We embrace open technologies like OpenStack, Cloud Foundry, Docker, and many others to facilitate choice and make it easy for clients to change and innovate. The key value here for our clients is this eliminates vendor lock-in in situations where often companies get locked into a technology or locked into a vendor because they want to make a technology choice.
This leads us to our second strategy tenet which is industrialized hybrid cloud. We build cloud products and offerings for the industrialized world, meaning we consider the needs of the complex enterprise when designing and creating offerings. It’s not enough to provide inexpensive compute storage and network commodity. Most enterprises require a quality of service that includes not just acquisition and deployment of infrastructure but also the ongoing operation of it in conjunction with their existing established processes, procedures, and sort of the way they do business. So if you consider the retail example I mentioned earlier those guys depend on a vendor like us to make sure that the infrastructure is highly available, it can’t go down, they basically offload the responsibility for maintaining that infrastructure to a vendor. And so that provides some level of high availability and capability to the client that they might not have otherwise. This is also the intersection of where we see slow and fast IT beginning to converge. Slow being kind of the traditional systems of record, and fast being more the new born on the cloud types of systems of engagement. These are very separate and distinct kinds of domains and they have very unique data and operational concerns, but they also require this industrial grade interoperability and integration so that creates – so we use that industrial hybrid cloud tenet to firmly put us in the market where we service enterprise clients that have these other needs besides just getting commodity compute.
This leads us to the third strategy tenet which is what we call DevOps productivity and this is where we see the center of the value mass moving to; as the cloud marketplace transitions from this cost efficiency of the cloud to more business model innovation this idea of DevOps becomes extremely important. When the enterprise can align their customer-focused development activity, their agile development activities, with the operational governance model of the business then the enterprise can get focused on their core business competencies and kind of get out of the business of IT. This is where we see the marketplace shift happening and it’s what many refer to as cloud 2.0. It’s the idea that any application can run unchanged on any cloud platform while being properly governed by established enterprise policies. This strategy tenet really represents the bridge between slow and fast IT and brings us to the fourth and final tenet, which is the idea of powerful and accessible analytics with cognitive capability.
This brings together the best of ITB capabilities in a way that levels the playing field for enterprises. One of the great benefits of cloud computing is the way that it allows any size company from start-up to Fortune 10 companies to access and participate in the broad business market. The cost of market entry is essentially the same for all so access to advanced analytics and cognitive capabilities allows virtually anyone to innovate and have market impact. So these four strategy tenets: choice with consistency, industrial hybrid cloud, DevOps Productivity, and powerful accessible analytics represent the key competitive advantages that we see our clients needing in order to be successful in the new area of business transformation that’s catalyzed by this idea of cloud computing.
Ken: With these strategy tenets laid out pretty clearly giving customers some options and decisions to make, why then do some companies struggle with moving to a hybrid cloud environment?
Bill: That’s a really good question. So it does depend a little bit on how one defines the “hybrid” environment. But if you use our idea of this industrial hybrid cloud then it’s not without its challenges; we see it as being a complex domain. So with that said there’s kind of this continuum of implementation challenges that are dependent on a variety of different things like security and compliance, service and operations management, cost management, and other kinds of requirements like that. And this is why this idea of industrial hybrid cloud is so important. Some enterprises take a simple lift and shift approach which can be effective as long as the enterprise includes the full scope of the workload, meaning they account for shifting or actually not shifting the various responsibilities that are also associated with the workload. They can’t simply just move the workload and divest of their service and operational management responsibilities. The other significant factor that creates struggle in the organization is the organizational and cultural impact that cloud adoption creates. Adopting cloud in a meaningful way is more of a business transformation than a technology adoption. Even though many of our clients and many of the adopters in the industry are looking at it like it’s a technology change, it’s really more of this business transformation and many enterprises struggle with kind of the forced change that a cloud deployment model imposes. There are often some individuals that resist change, especially since successful cloud adoption requires that the enterprise and the people associated with that adoption think big vs. kind of the small and easy stuff. When our clients focus on the small and easy things they actually don’t derive the value that the business transformation and cloud computing can bring. They need to focus on thinking big and driving large initiatives. With that said, change is hard and it requires support from all levels of the enterprise, from the C-suite all the way down to the folks keeping the lights on in the data center.
Ken: So for the company that does develop a well-planned cloud strategy, how does that company ensure it stays on track? How do you maximize a cloud deployment and still make sure that you remain aligned with overall business objectives?
Bill: That’s a really good question too and I see a lot of struggle with our clients in that area because again as our clients think about cloud they tend to think about technology adoption and we manage and strategize technology adoption very differently than we do business transformation. So with any strategy, it’s important to stay focused on the success milestones, and in this case they really need to be stated in terms of business related key performance indicators (KPIs) that provide a realistic view into the transformation progress as opposed to technology milestones that might be 10 servers on the cloud, or reduce some provisioning time, but to actually state it in terms of business, that either has some effect on the balance sheet or some effect that can be stated in business terms. Too often, the enterprise gets focused on the small and easy things so they can basically declare a victory, but they often lose sight of the fact that everything must tie directly to business value. Business value can materialize on the bottom line through cost efficiencies, or it could materialize on the top line through revenue growth or new market penetration.
Understanding that others have traveled a similar path and learning from them is also key. There’s no need to reinvent strategies and approaches for cloud adoption. There’s a bunch of us that have been there and done that, and there are well-known and well-understood patterns that have yielded very comprehensive reference architectures that are used by many. An example of this is a pattern we focus on a lot in IBM known as the Cloud Enabled Data Center. This is an extremely comprehensive reference architecture pattern that spans multiple layers of standard capability and maturity model, and covers everything from basic provisioning to hybrid cloud integration, to implementation of idle managed processes across a hybrid model. It’s quite powerful and provides a substantial starting point for many of the clients I work with, and you can see other reference architectures in the marketplace that have been put out by the Cloud Standards Customer Council, by the National Institute of Standards and Technology and a variety of other vendors.
Ken: Shifting gears a little bit, one of the things you hear a lot of customers talking about and are concerned about is security in the cloud. I’m curious what your recommendations are for overcoming those concerns in a hosted cloud model?
Bill: You can never have a cloud discussion without talking about security. It’s funny in the sense that most enterprises approach cloud security, or the cloud security discussion from a point of view that they have a more secure environment in their traditional on-premise environment than they could get in the cloud. My experience tells me otherwise. In fact it’s somewhat rare for the typical enterprise to have a real comprehensive, robust, hardened, security program. A quick scan of the headlines often reveals yet another security breach that’s happened to an enterprise and more often than not the breach is in their traditional IT infrastructure, not the fault of some cloud provider that they use. So it’s impossible to boil down the security discussion to just a few minutes, but it is important to spend a minute talking about the scope of the security issues. And there are essentially three security postures that come into play in the cloud discussion. The first one typically occurs when the enterprise is selecting a cloud provider, and they want to dictate security terms and requirements. The thinking is that they want to transfer all of their security risks to their provider. This often manifests in discussions related to regulatory compliance like PSI or HIPPA, GxP, CEGIS – a variety of other acronym kinds of regulatory compliance items. This is where the enterprise is looking for a vendor really to provide a set of checkmarks against a list of requirements that in turn makes the enterprise believe they’re transferring the risk to that vendor. Now most cloud vendors will participate in a partnership with the enterprise in order to address their compliance needs, but it’s quite rare for a cloud provider to assume all of that risk. The second posture occurs when the enterprise believes their security program at large is essentially infallible and incomplete. These enterprises want to impose their security policies, technologies and practices on the cloud provider, and these enterprises are sort of taking the opposite approach that what I mentioned earlier. Instead of transferring the risk to a vendor, they want to own and manage all of the risk themselves. In order to be successful with this approach, the enterprise has to convince the provider that they have a comprehensive, robust and hardened security capability, and that they won’t introduce any risk into the other enterprises running in that cloud provider. This is an extremely rare outcome since it would require that the provider take the necessary and quite frankly very expensive steps of protecting their other clients from the unknown security capabilities of this demanding enterprise. The third posture is one where the enterprise simply ignores the risk. Sometimes this is actually an obvious and very calculated business decision where the enterprise deems that the cost of a breach is less than the cost of protecting against it. While there are plenty of workloads where this might be the case, it’s not without risk. While the theft of generic data or the unauthorized access to systems might be acceptable in terms of actual cost to the enterprise, the brand damage is much more intangible but it’s a very real risk that has to be considered. Obviously there’s not one posture that’s right when it comes to cloud security, but it is important to understand the ramifications of the choices that an enterprise either makes or needs to make. It’s also not realistic for an enterprise to think they can impose their security policies, technologies, and procedures on a cloud vendor. The cloud vendors are actually pretty advanced in their security capabilities and actually do a really good job. It’s rare that you hear of a security breach from a cloud provider. So enterprises need to partner with cloud vendors in order to ensure that they get the qualities of service that they expect, while also recognizing which security issues they’re transferring, managing themselves, or ignoring.
Ken: Last question, Bill. Can you address what a hybrid cloud model means for having to re-think workload considerations and how much of a challenge is that?
Bill: So this is a good question and often is really at the center of a lot of our discussions not long after the security discussion that we have with clients. Understanding what I’d call cloud candidate workload is essential really to a successful cloud adoption. Now notice that I didn’t say cloud migration, I said cloud adoption. And that’s because not all workload is appropriate for cloud migration. Sometimes we find that clients simply want to think about moving everything they have that’s on-prem to off-prem and that’s often not a very good approach or a reasonable approach. Sometimes there’s very little benefit to be gained by moving a workload to the cloud, and so understanding what makes a workload cloud ready is really important. I use a pretty simple metaphor when I talk about candidate workloads. I have Italian blood in me, and we Italians for whatever reason tend to communicate in food metaphors, so if you consider an application portfolio as a large bowl of spaghetti and meatballs, it becomes really obvious that the things that are easily relocatable are in fact the meatballs. They’re well-defined, they stand on their own, easy to access, you can get ahold of them easily and because of that you can easily relocate them or move them around to a different bowl of pasta, you can make a sandwich out of them, you could even throw them into a soup because they’re easy to access and easy to move around. The spaghetti in the bowl, that’s a whole different story. With some work and careful oversight that spaghetti can be moved, but I’m going to tell you it’s going to be messy and it will probably never make for a good sandwich. Workloads that have meatball characteristics are good cloud candidates because even in the worst-case scenario they can easily be moved back to their original location.
Also, application complexity does not necessarily represent what I’d call an anti-meatball pattern. One could easily argue that an SAP application portfolio is complex, which in fact I believe to be true. However because SAP is a well-understood application and has well-defined application boundaries it has actually a pretty high meatball index, not to overplay this too much. Meaning it’s actually relatively straightforward to move to a cloud-based hosting model and lots of vendors, IBM is one of them, has a lot of experience doing this so we really have an understanding of what that workload works like. The other end of the spectrum are the applications that have a lot of point-to-point integrations and mysterious application dependencies, and by mysterious I mean they’re either completely unknown or they’re just too difficult to unravel or figure out. There still might be some value in moving those applications or even just parts of them to the cloud, but the effort is going to be much greater than that of a meatball-like app. So one of the things I spend quite a bit of time on with clients is helping them understand their meatball and spaghetti index and formulate a strategy for cloud adoption that delivers business value at every step of the way.
Ken: Well now you’ve got me hungry for dinner so I think I know what I’ll have tonight. Bill, can we catch you speaking at any of the upcoming SAP in the Cloud forums?
Bill: Right now I don’t have any on my schedule but that absolutely could happen.
Ken: Great. We appreciate you joining us today to share your insights on the cloud.
Bill: Thank you so much Ken.
Ken: Again, this is Ken Murphy with SAPinsider and we’ve been chatting with Bill Clerico, an IBM Cloud Advisor and Cloud Solution Architect for IBM.