“There’s been an awakening. Have you felt it?” – Star Wars’ Supreme Leader Snoke, obviously referring to enterprise IT now embracing cloud instead of dismissing it as a rogue effort.
Since AWS launched EC2 in 2007, and until recently, cloud adoption in the enterprise has been tactical, born out of the necessity to move fast. Teams could launch their app on the cloud in days instead of months. It was a triumph of self-service over the slower service-desk approach.
Cloud adoption wasn’t planned: it just happened. It was organic. And regardless of whether adoption was a slow creep or an explosive burst, IT needed to figure out how to handle it.
Let’s call this tactical adoption “Cloud Management 1.0.”
Cloud Management 1.0
Cloud management was all about the application: migrating existing applications to the cloud, deploying new ones. If you think about it in that context, it’s clear what the challenges were: provisioning, orchestration, configuration and monitoring, to name a few.
Organizations were adopting cloud one move at time, discovering the game as they played it. Companies adopted a collection of cloud tools, each addressing a single challenge. Band-aid, ad-hoc solutions proliferated. Fragmentation increased. Inevitably, a new class of problems started to form. These problems, such as reporting, were not application-specific, but rather spanned the entire organization.
This first wave of cloud management was a disintermediation of IT. For the first time, central IT had competition. Its service model, the service desk, was manual and ticket-based, and couldn’t keep up with demand. Developers could go around the gatekeeper and straight to the cloud for resources.
This made it even harder for central IT to perform its mission. For instance, IT finance has a tougher time predicting cash flows if developers can launch new machines without consulting finance first. Budgeting became a problem in the self-service model.
Same goes for IT security. If developers can launch new machines without getting security (or even compliance) involved, the organization is at greater risk of attack.
With this disintermediation, the role of IT has changed. It isn’t—and certainly can no longer be—the gatekeeper to infrastructure. Instead, its role is to handle the needs of the centralized functions in a decentralized IT world.
Enter Cloud Management 2.0.
Cloud Management 2.0
The second and current wave of cloud management is about more than deploying applications to the cloud. It’s about bringing the entire organization to the cloud. It’s the meaning behind being a “cloud-first” company. It’s what people mean when they say they want to go “all in with AWS” or Azure, or Google (News - Alert).
In the self-service world, it’s easy to move fast at the expense of others. But that can break an organization.
The key is to move fast with others—what, in software engineering, we call “loose coupling,” a form of separation of concerns. It’s not “everyone holds all the concerns” like those that would promote DevSecFinOps (or longer versions of that name). The concerns that are application-dependent, covered by the Cloud Management 1.0, should be borne by the application team. Addressing concerns that are not application-dependent, those belonging to Cloud Management 2.0, is the new role of IT.
The New Role of IT
To be successful, IT leaders should preserve the speed and velocity afforded by the “non-blocking” self-service model, while still injecting necessary safeguards into the cloud toolchain. These safeguards include ensuring workloads get placed into secure networks, ensuring costs get optimized with resource reclamation and rightsizing, and ensuring auditability of people and workloads.
IT leaders will have to ensure maximum app team autonomy—they won’t ever have the bandwidth to gather all of the context required to make application-dependent decisions—while non-intrusively injecting the guardrails.
To make this possible, IT leaders will want to make sure their cloud management platforms can help them accomplish the following:
- Cost Control - Business units and teams must be held accountable for costs, and the system should make this easy through transparency and financial guardrails.
- Security & Compliance - Workloads must comply with non-application-specific security policies, and expose resources to users based on their identity and permissions. The system should simultaneously protect the users from the cloud, and the cloud from the users.
- User Productivity - Team autonomy and self-sufficiency must be preserved. The system should enable a clean separation of concerns so IT security and IT finance don’t become bottlenecks for developers again. The system must not reduce optionality by introducing lag between new cloud functionality and system support for said functionality.
- Infrastructure Flexibility - The business must provide platform choice and optionality. The system should accommodate involuntary sources of multi-cloud, such as M&A or application-specific team decisions, and must have the flexibility to adapt to re-orgs and corresponding changes in responsibility.
In summary, Cloud Management 2.0 is about operationalizing the cloud: helping the entire organization be successful on the cloud rather than focusing on a series of individual applications. Only once IT has understood its role in delivering cost controls, security and compliance, user productivity and infrastructure flexibility, does the business gain advantage.
The result is an agile enterprise that grants maximum autonomy to their dev teams via self-service, while ensuring federation and safeguards for finance, security and compliance.
Edited by Mandi Nowitz