Cloud-first strategy forces big shift on IT infrastructure, skills

Reliance on hyperscale cloud infrastructure grows

Sorenson, which offers in-person and video-based interpreters, captioning services and video relay products for Deaf and hard-of-hearing people, is expanding beyond North America as it pushes to enter markets globally. Using cloud-based services will eliminate the need to set up data centers in various countries, Nickolaisen explained.

Cloud services are also a good fit for a business that is as data-intensive as Sorenson's. Setting up video connections for sign language interpreters and transforming spoken communications into captioned text in real time require what Nickolaisen described as "heavyweight infrastructure" to process many terabytes of data and hundreds of thousands of calls per day. "If we want to move into new markets, we'd have to replicate that very large infrastructure footprint before we add even a single new customer," he said.

When Postulka joined the Boston Fed two years ago, he discovered, to his surprise, that the independent government agency faced many of the same imperatives as private-sector businesses.

"At first, I thought there would be unlimited funds," he said. "But that's not the case. Like any business, we have to mind the budget." That necessity has spurred a move to lower costs and increase IT efficiency by adopting cloud infrastructure and services. "There's clearly a focus on shorter time to value rather than being in the data center business," Postulka said.

The Boston Fed's cloud initiative is two-pronged. For functions such as CRM, HR and email, Postulka said it plans to adopt SaaS applications that meet the moderate impact level of the Federal Risk and Authorization Management Program (FedRAMP) standards, which specify the security and data protection measures that federal agencies must require of cloud service providers.

The other thrust is to move the organization's mainline, high-security applications from on-premises implementations to cloud services that meet FedRAMP's high-impact level for the most demanding security and reliability requirements. Those applications include ones that support tax collection, government payments under measures such as the COVID-19 relief bill, and wire transfers between banks and the U.S. Department of the Treasury.

More IT workloads, applications bound for the cloud

Organizations like the Boston Fed and Sorenson are part of a strong cross-industry trend to prioritize cloud migration and deployment. On average, more than three-quarters of existing on-premises workloads are possible candidates for migration to the cloud in the next five years, according to the ESG survey. Meanwhile, 60% of respondents said their organization develops and deploys production cloud-native applications now, and another 27% said it planned to start doing so in the next 12 months.

Still, there are signs that, as a whole, cloud adoption might be approaching a point of equilibrium. As part of an annual survey on IT trends that the Society for Information Management (SIM) conducts among its members, 77% of respondents said their organization increased its external cloud usage in 2021. While that was up from 75.4% in 2020, it's still not as high as what the SIM survey found in the three years before that, when the levels of increased use all topped 78%.

ESG also reported findings that point to some leveling off of the cloud growth rate. The percentage of respondents to its survey who said using the public cloud for applications and infrastructure was their organization's most important IT initiative dropped from 17% for 2021 to 11% for 2022. Also, the percentage who said they have a cloud-first deployment policy was flat year over year.

In a report on the survey published in November 2021, ESG termed the phenomenon a "temporary stasis" caused by organizations looking to strike the right balance between cloud and on-premises deployments, including the desire to make their data center environments more cloudlike. It also cited an increased feeling that cloud strategies are in order and organizations can prioritize other initiatives instead.

But even if the rate of cloud migration is stabilizing, the cloud has assumed what appears to be a permanent and, in many cases, leading role in IT infrastructure. As further evidence, 44% of respondents to the ESG survey said they expect more than 40% of their business applications to run on public cloud infrastructure in three years -- nearly two-and-a-half times the number who are at that level of cloud usage now.

Cloud infrastructure changes IT roles and responsibilities

Widespread use of the cloud has significantly changed the duties of IT teams and their leaders. "We no longer unbox things, rack 'em and stack 'em," said Wayne Sadin, an author, board advisor and former CIO.

But if IT leaders in cloud-first organizations aren't managing the process of deploying hardware in data centers, what are they doing? Generally, their responsibilities sort out into the following priorities:

• to get the best deals possible from cloud providers;
• to develop strategic applications;
• to ensure that cloud systems and services are configured optimally;
• to monitor compliance with service-level agreements by providers; and
• to continue to tie IT to business objectives.

"There is a role for IT professionals in an organization, but the role is not [installing] big iron and running a data center. I would be very happy not to run a data center. The exciting piece is the use of technology to improve the way we do business," said Keri Pearlson, president of KP Partners, an advisory services firm for C-level executives. Pearlson, who holds a DBA in information systems from Harvard Business School, is also executive director of the Cybersecurity at MIT Sloan research consortium.

Even in the cloud, organizations can gain strategic advantages through how they apply technology, she added. "It could be the way you configure your processes and your people with your processes. In the cloud, the data is still yours. The way you configure the application is yours. No one uses plain vanilla everything anymore."

IT executives agreed. "I'm sure the server team is thrilled that they no longer have to get up in the middle of the night and head into the office to replace a failing disk drive or a burned-out power supply," said an IT director for a company based in New York, who asked to remain anonymous.

But there's still plenty of work to do in managing cloud services to deliver business benefits, he explained. "IT's value will continue to be how those systems and applications are being used: setting up interfaces correctly, managing applications, maintaining acceptable performance levels, ensuring meaningful and accurate data, providing value to the business, delivering functionality, ensuring security and privacy."

"The IT profession is becoming less and less connected to hardware, which has become commoditized," Nickolaisen said. "My profession has become much more about service delivery than hardware." He sees that as a welcome shift: "Hardware management is not what made [it] interesting."

To Postulka, using the cloud leads to a sharper focus on what matters most. "The cloud is enabling the CIO to be about business enablement -- [through] software, solutions and automation," he said.

Cloud-first strategy requires a cloud-savvy IT team

The leveling off of the growth rate in cloud usage might have something to do with the failure of cloud providers to fully meet cost expectations. ESG found that only 35% of survey respondents gave their public cloud infrastructure providers a good rating for meeting or surpassing expectations on cost, while 53% rated them as adequate. Out of eight criteria asked about in the survey, cost was the only one that did not receive a good rating from at least half of the respondents. By comparison, 59% rated their experience with cloud providers as good on both performance and security.

Ramnath Chellappa, an associate dean and academic director at Emory University's Goizueta Business School in Atlanta, laid the blame for those feelings at the feet of the cloud vendors. Chellappa has direct experience with cloud costs: He contracts with AWS for cloud services used by students in the Master of Science in Business Analytics program that he runs.

"The cloud providers have done a fantastic job of confusing the clients in terms of pricing. It's unbelievable how opaque the pricing is. Usage-based pricing sounds great. It assumes [the provider and the customer] both can monitor [usage]. But that is not the case," said Chellappa, who also is a professor of information systems and operations management at Goizueta.

Pearlson said there's an important IT role to be played in negotiating good deals with cloud providers and then ensuring that the contract terms on pricing and service levels are met. "Someone has to do that, to make sure you get what you want," she said, adding that that person should report to the CIO.

Some organizations might assign the task to their corporate purchasing department, Pearlson noted. But while purchasing managers can make sure that cloud contracts are done right, seeing to it that cloud systems and services are used as specified is something that only IT leaders can do, she asserted.

The first step in negotiating contracts with cloud providers is to understand the needs of the applications you're running, Postulka said. The performance, availability, security and resilience they require will determine the kinds of cloud services that are needed. It's prudent to spend the money on top-flight services for core applications, he advised. But for less strategic ones, such as email, organizations could economize on more affordable service levels.

Both Postulka and Nickolaisen are also working with two hyperscale cloud infrastructure providers in their migration projects -- a multi-cloud approach that accords with common business practice in many realms. In the cloud, too, establishing relationships with multiple providers fosters competition and keeps a customer from being totally dependent on a single vendor.

"I expect we will have workloads in both AWS and Azure," Nickolaisen said, referring to Microsoft's cloud platform. "They each have different advantages. One is better at communication services; the other is better at data processing." The two platforms also might need to work together to support Sorenson's applications in some cases, he added.

Postulka said he's putting the Boston Fed's high-security applications on one cloud platform and the applications that require less stringent security protections on the second. He declined to name the two platforms, per a Boston Fed policy to not identify specific vendors or services.

Transition time in IT departments

A crucial aspect of IT leadership is hiring and managing a staff with the right skills to meet an organization's needs. Increasingly, that requires expertise in cloud service management, other cloud-related functions and application development rather than data center operations. But a cloud-first strategy on IT infrastructure and applications doesn't necessarily mean fewer in-house IT workers.

"The big thing I have learned is that I need an IT staff to manage these services. I can't use managed service providers," Nickolaisen said, explaining that the knowledge of his own staff regarding Sorenson's business needs can't be duplicated by a third party. IT teams must become accustomed to new ways of working in cloud environments, though. "It is a transition for the IT staff, and you have to pay attention to the cultural change that goes with these transitions," he said.

A large cloud migration can also lead to worries about job security, but Nickolaisen said such apprehensions are unfounded in Sorenson's case. Even with the push to the cloud, his staff will remain the same size. "We're not planning any layoffs," he said. Instead, he's telling his employees to focus on cloud service delivery, orchestration and optimization.

When applications and data are moved to the cloud, some IT considerations, such as electrical power and cooling, disappear because they're handled by the infrastructure provider. Other tasks, such as configuring virtual servers in the cloud or managing DevSecOps teams that are using cloud services, may require new skill sets in IT, Postulka said.

Application development skills are also in high demand but "not working in a data center," said Postulka, who comes to this attitude naturally enough. He joined the Boston Fed two years ago with a background in application development, and as CIO, he's in charge of several software development teams.

Not all organizations are structured like that, though. As a result, new management issues may arise for IT leaders who need to deal with cloud application developers outside of their departments.

"We have people developing customer apps. They don't consider themselves part of IT, and we have a hard time getting those people talking to traditional IT," the IT director in New York said. But, he added, it's important for the application developers to understand that what they create will run on cloud infrastructure and for IT staffers to configure the cloud-based systems to meet the processing needs of the applications.

Understanding the shared responsibility model for cloud security is another key skill for IT teams. Based on the type of cloud service that's being used, cloud providers take responsibility for different levels of IT security and data protection to block attacks and ensure uptime, while customers are responsible for protecting endpoint devices and other security tasks. But there are plenty of gray areas that must be accounted for to avoid cloud security threats.

"You need to plan for contingencies. Shared responsibility can't spell everything out," Pearlson said. "It's like you need your own lawyer, someone protecting your interests. You need to set parameters and have business recovery plans just as if it were on premises."

The stakes are high, Sadin noted. "The criticality of what we do keeps getting more complicated, as do the security implications," he said. Although the cloud simplifies IT infrastructure management, Sadin pointed out that even a small security slip-up can have major consequences. "One click can take down the whole infrastructure," he said.

Not a lot left in the data center

Even in the wake of large cloud migrations and adoption of cloud-first deployment policies, some IT infrastructure often remains on premises. Neither Nickolaisen nor Postulka plans to give up in-house hardware completely. In both of their cases, though, there won't be much left.

Sorenson will continue to run some systems supporting employee services in its data centers, taking up much less space than is used there now, Nickolaisen said. At the Boston Fed, the hardware that remains in place -- and probably always will -- is its network infrastructure, including phones. "But pretty much everything else moves to the cloud," Postulka said.