At a recent gathering of Chief Information Officers, the moderator asked by show of hands who had a Cloud Strategy. Two of 30 raised their hands. The moderator then asked how many had at least one application running in the cloud. 30 of 30! What was going on here? How could so many companies be venturing into the Cloud without a strategy of why or a plan of how? Do you need a Cloud Strategy? I say the answer is, “Yes!”

I can hear some of the naysayers now. “You don’t need a Cloud Strategy, or a Digital Strategy, or an IT Strategy, because what you really need is a Business Strategy”. I could not agree more. None of those things are about the technology, they are enablers of the Business Strategy. They should all help drive the business toward its goals. Assuming you work for a company that has a clearly defined strategy count yourself lucky. For the rest of you, your first step might be to help the company articulate its strategy. If you are unable to affect that shift, at the very least, you need to define the strategy as you understand it as a basis for any technology strategy.

Just as an IT Strategy needs to be part of a broader Business Strategy, a Cloud Strategy is a part of an overall IT Strategy. It should answer the question of “why” and “when” in business terms, not in technology terms. In my former role as CIO. we took a very aggressive “cloud first” strategy to as part of the corporate strategy.

For a 100-year old company, we were very entrepreneurial. We wanted to be able to start new business ventures quickly. If they could provide jobs, provide revenue, or both and they fit within our mission, we didn’t want to wait months or years on IT to “catch up”. Therefore, one of our “Whys” was “agility”.

To support those ventures, we need to be able to ramp up quickly and without a long term commitment. If the venture was not successful, we need to be able to shut it down just as quickly and without a lingering financial burden. This led us to our second “Why”: “elasticity”, the ability to scale up and collapse down on demand.

Finally, we had to do all of that, without adding new headcount into IT (similar to the second “Why” this would add lingering financial burden). IT could not grow linearly with revenue and need to show economies of scale. Our third “Why” was “lean”.

Our Cloud Strategy Statement read:

To provide agility and elasticity in support of the ever dynamic business environment and to maintain a lean IT team, when a new application is needed, or a refactor of an existing application is called for we will follow the order of:

  • Software-as-a-Service (SaaS) offerings – if none found –
  • Hosted applications offerings (author’s note: IMHO these are different than SaaS) – if none found –
  • On Premise applications (more on this later) – if none found –
  • Build it ourselves in a “Cloud Ready or Friendly” environment

We will examine our existing application portfolio and identify opportunities to leverage as-a-Service cloud offerings when and where appropriate to enable the IT team to focus on higher-value projects and tasks.

We estimate current time allocation is 80% Keeping the Lights On (KLO) and 20% New Functionality and Innovation. We believe by following this strategy we will swing the allocation in favor of New and Innovation, therefore furthering the Mission of the Organization. In addition, we believe implementing this strategy will enable our fellow employees to have access to our IT assets any time, any place via any device, enabling them to perform their roles more efficiently and effectively.

The strategy then needs to tie back to the overall Company Strategic Plan by referencing key points in that plan, identifying the impact to the Key Performance Indicators (KPIs) you will achieve (or in some cases defining new KPIs). As an example, if you are retail company you might say, “By focusing more on innovation, we will identify ways to increase store efficiency, improve the shopping experience and therefore drive revenue per customer visit up by 15%.”

There are two key areas a Cloud Strategy should also address, one obvious, and one not-so-obvious: Security and Vendor Management.

From a Security perspective, it is important to understand the business’ overall stance on security (and compliance). What are the data the company values most? What personal information about its customers and employees does it retain? What applications contain this data? How does this data need to be secured? What compliance standards or regulations does the business need to achieve?

The answers to these questions should be addressed specifically in the strategy. How will they be addressed and what limitations do they put on the strategy? Just because your data is being stored by a cloud vendor, does not relieve your company from the responsibility of protecting the data and meeting compliance standards or regulations.

For us, part of our IT Strategy, that flowed to our Cloud Strategy, was the stance that we were not going to store customer credit cardholder information in any of our applications or let it traverse our network “in the clear” (unencrypted). That strategy statement led us to implement applications, processes and technologies in a much different manner than had been done in the past.

The second area of Vendor Management might come as surprise to many, but it can play a significant role in the implementation of a Cloud Strategy. Afterall, Cloud is really just a different form of outsourcing. Vendor Management encompasses a lot of different aspects many of which I will dive into in future articles. I do want to mention two areas here. As with any relationship between two companies, the contractual agreement is critical. Agreements should be reviewed by counsel who has experience in technology contracts and more specifically, cloud technology contracts. Areas like Service Level Agreements, data ownership, access during disputes, and, liability and indemnification related to data breaches must all be spelled out clearly and fairly. (You’d be surprised how many standard SaaS application agreements don’t include these clauses).

The other aspect of Vendor Management that should be called out in your Cloud Strategy is “cultural fit”. Because the company will be entrusting some of its critical applications and processes to a vendor partner, that partnership will be vital to success in many cases. The Cloud Strategy should call out when a cultural fit is important to what degree. For example, there is little need to have a cultural fit with an email SaaS provider. Typically, there will be very little interaction with the provider. However, there will be significant interaction with a Business Intelligence SaaS, Disaster Recovery-as-a-Service or Infrastructure-as-a-Service provider. Therefore, the level of cultural fit will be much more important.

Do you need a Cloud Strategy? My answer is an emphatic “Yes (as a part of your overall IT Strategy, in support of your overall Business Strategy)!”