How not to fail a Cloud Transformation
Six common paths leading to failure, and how to avoid them – a Swiss perspective
The COVID-19 crisis has disrupted the way Swiss organisations are working and collaborating, leading to an increase in adoption of Cloud services. Although Cloud may seem a purely technical endeavour, it isn’t. Failing to consider Cloud with a holistic mindset may result in costly mistakes. Therefore, drawing on clients’ experiences, Deloitte presents six common ways in which Cloud adoption can go wrong and provides recommendations on how to avoid them.
The six most common reasons for failure in Cloud transformations in Switzerland
1. Cloud journey without executive sponsorship: In the majority of cases among our Swiss clients, Cloud is introduced by the CIO or CTO, or emerges from strategic COO or CFO initiatives, while other executive members do not fully grasp its value or implications. The result is a lack of executive buy-in and support for strategic Cloud adoption. Cloud sponsors should actively involve IT, Business, Risk and Legal functions to clarify and explain the benefits and risks of Cloud and align the organisation towards a unified vision and strategy. In many cases, if an isolated Cloud project (for example in the area of HR) is successfully concluded, this leads to false assumptions, that the organisation is now fully Cloud-ready. We have repeatedly seen that this has led to huge frustration when the organisation discovers that no or insufficient Cloud foundations are considered and built, leading to tension between IT and business and finally causing significant delays in Cloud adoption.
2. Uncertainty on legal, security and cyber risk exposure: We observe that clients often find it challenging to identify and assess their exposure to new Cloud-specific risks. Relevant topics and questions are, for example: the changes required to the risk management framework; exposure to international law; cross-border data exchange; extraterritorial lawful access of data; compliance with industry-specific regulatory requirements; and classification of personal and sensitive data. Cloud extends service management, often with new or changed third-party business relationships, introducing new technology, interfaces and processes. The work involved in integrating this new role of service consumer rather than classic build & run throughout the organisation is often underestimated. If not considered carefully, it will multiply complexity and result in high costs and inefficiencies throughout IT, legal, security and cybersecurity. Our clients manage this complexity by executing a holistic risk assessment. The outcome of this assessment is used to decide risk-based actions, change the operating model and risk management framework, including security rules embedded in the architecture standards, and conduct awareness campaigns to ensure users are up-to-date with best practices for Cloud usage.
3. Unrealistic business case: Some of our Swiss clients have faced situations where actual Cloud financial benefits were missing their targets, sometimes invalidating the migration business case. Higher costs, often unexpected ones related to Cloud usage, or because the on premise data centre footprint had to remain larger than expected, mean that additional costs of Cloud services are not offset by lower existing IT costs. Forecasting Cloud total cost of ownership (TCO) savings is complex. A proof of concept should accompany the exercise, as well as in-depth analysis of non-Cloud costs, in order to identify precisely which current spending will be superseded by Cloud and over what time period. We rarely see short-term and significant cost reduction from the use of Cloud services. Cloud adoption should be seen as a significant mid to long-term transformation, permitting a more flexible and agile business in the future.
A bank manager found her business case invalidated when unexpected costs showed up after the migration
4. Shadow IT: The inability of IT to act upon useful timelines and with agility often comes from insufficiently defined and/or implemented guidelines and governance. This pushes business units or other corporate functions to shop for themselves, sometimes using private credit cards as a means of payment for Cloud services. The lack of a clear Cloud strategy is often the root cause of dangerous and uncontrolled situations. Thus, aligning the entire organisation around a common vision and setting up appropriate guidelines is vital before embarking on a Cloud journey. Deloitte therefore has developed a Cloud Target Operating Models (cTOM) which helps to accelerate identification of necessary actions and required adaptions of the target architecture.
5. Unclear applications deployment path: Many of our Swiss clients run their own data centres, sometimes in the form of a private Cloud. When adding Cloud services to their IT portfolio, there is often a lack of clarity around both the existing and newly deployed applications, provoking repeated questions such as, “Where shall we deploy this new service? Which on premise applications can be migrated to the Cloud? How shall we deal with legacy applications?” To provide clarity for these tricky choices, a Cloud suitability assessment and business case should be carried out in order to find the optimal target environment for each application, based on its unique characteristics.
A CTO at a global NGO complained about the lack of clarity in the deployment path of new applications, leading to an inconsistent and scattered IT portfolio
6. Vendor lock-in: Contracting and engaging with a Cloud services provider may be facilitated and supported by the vendor; however, moving away from the vendor may be a completely different story, especially when contractual or technical aspects make changes difficult. To reduce vendor lock-in risk, our experience shows that prioritising platform-agnostic technologies (for instance, containerised solutions), adopting a multi-Cloud strategy and planning an exit strategy at the beginning of a Cloud journey is key. It is then possible to remain agile and able to procure best-in-class solutions at financially competitive price tags.
Although the six symptoms seem unrelated at first glance, they are all smoke signals from the same fire: rushed Cloud adoption. The stakeholders pushing Cloud tend to focus on the technical migration and sometimes get the ball rolling before the broader organisation is aligned on Cloud expectations and conditions. While we encourage the realisation of early Cloud proofs of concept to validate assumptions, it is worth keeping in mind that proofs of concept only validate technical aspects without covering key areas such as business involvement or legal, risk, and cyber considerations required to protect valuable data and stay compliant. A data breach could provoke scrutiny, and the Cloud adoption process may be open to criticism, along with those who were in charge of it. In order to avoid this, Deloitte recommends a holistic, end-to-end approach, which requires the implementation of key prerequisites before any adoption of Cloud.
Conducting cloud enablement activities is the recommended first phase of a Cloud journey
A number of Swiss clients perceive the migration phase as the first step in their Cloud journey and sometimes fail to understand the value of an enablement phase, where the implementation of key prerequisites paves the way for full-fledged digital transformation.
Instead of asking questions such as, “Who should be my preferred Cloud provider?” or “How can I migrate to the Cloud as fast as possible?”, professionals should rather consider “How is my business affected by Cloud, and what are the impacts on the organisation model?”, “What benefits do I get from using Cloud services?”, or “What risks do I need to mitigate before using any Cloud service?” Based on our experiences with Swiss clients, the following approach to Cloud adoption based on four pillars has proven successful:
High-level end-to-end Cloud journey
Cloud Strategy: A group of key stakeholders including at least Business, IT, Risk, Finance and Legal should ask “What do we want to achieve with Cloud?” “How does Cloud transform our business and IT functions?” “And how does it impact our Service Management Model?” This process typically involves the definition of Cloud visions, perceived opportunities and risks, key challenges and success factors and agreement on strategic decisions such as high-level Cloud architecture and an exit strategy. The outcome is a sound Cloud roadmap.
The Head of Infrastructure from a global Consumer Goods company aligned the organisation’s key decision-makers by developing a Cloud strategy involving non-IT stakeholders. Although this slowed down the adaption, it was critical to its success.
Business Case: The decision to start using the Cloud should be based on a solid business case and include at least technical, financial and risk/compliance considerations. Conducting a Cloud suitability assessment prior to any Cloud migration decision will help to ensure a structured and consistent assessment of the technical feasibility and benefits of the Cloud adaption. Based on our experiences, as soon as you start asking these questions you will uncover many additional topics that need addressing if a Cloud transformation is to be successful. We have rarely seen a pure financial business case for Cloud, as the transition phase is long and expensive. Therefore, other factors like future business flexibility and scalability, infusion of innovation by Cloud providers, and preparation for a future where a decreasing amount of applications are provided on premise must be considered and explained.
Cloud-enabled IT Operating Model: Cloud triggers a cascade of organisational rethinking – such as how to adapt IT operations to Cloud applications? How to fully propagate Cloud agility in the wider organisation? How to infuse the Cloud-enabled mindset in business lines? Upgrading current operations to a Cloud-ready state is anything but simple. We therefore recommend conducting a gap analysis between the current organisation’s operating model and a future Cloud-enabled operating model. The transition to the new model will not only include technological changes but also changes in how you deal with risk, compliance, and cyber. A very important factor is also to define how to train your current staff and restructure the organisation.
Risk Management & Governance: While on the upside Cloud might help to reduce some risk responsibilities (depending on the consumption model), it also comes with new risks that need to be identified, quantified, taken ownership of and in some cases mitigated. For example, an organisation-wide data classification process needs to be implemented, combined with a risk assessment. This will support the application’s migration path decision and the related conditions. In some cases these conditions state that data may be hosted by a foreign Cloud provider as long as data physically remains hosted in Switzerland.
Based on our Cloud adoption work with clients in Switzerland we believe that the move to the Cloud is inevitable over a longer period. On many occasions it starts with ‘simple’ cases such as Office 365. Instead of focusing only on a first application, we cannot stress enough the importance and need to define and plan your Cloud journey holistically and over a longer term, in order to avoid frustration, failure, and costly mistakes. Transparently defining the Cloud strategy and framework within your organisation, involving the key stakeholders and educating your people, is key to success.