Top five principles companies can apply for cloud optimisation

Once you have brought all relevant parties together, the first step is to establish a framework of key stakeholders. Collect all requirements and make sure that legal necessities are closely matched with customer demands and technical possibilities.

The framework should ensure a lasting balance between governance, innovation and technology, enabling companies to use innovations in a sensible and risk-compliant way for their further development.

For larger organisations, it’s worth establishing cloud competence centres to serve as the lead on cloud projects. And to make sure that everyone sticks with the task at hand.

But what is the best way for companies to go about this and where should they start?

Businesses can best respond to external demands when they first define what they want to get out of the cloud – in other words, their own control objectives for the cloud journey. 

Another important step then happens automatically: a shift away from an opportunistic approach to a cloud-first strategy, as the companies respond proactively rather than reactively to external conditions. They act intrinsically.

When setting objectives, companies might ask themselves what outcome they are looking for, what control objective they wish to achieve. The answers may vary greatly, from zero access and increased security to compliance with the law.

One question that companies can ask themselves as part of this is do they have a simple application (i.e. a use case) that does not use critical data. In this case, it does not have to meet the same requirements as a complex case with sensitive data. Stricter conditions apply to some use cases than to others.

This differentiation is carried out once for the use cases and in the same step for the obstacles. One obstacle might be that customer data from the application must be stored in Switzerland.

Always keep this question in mind: how do I get to the cloud? In all cases, therefore, obstacles should be minimised as much as possible. Then the risk categorisation can take place, ultimately leading to a decision for or against cloud migration for the use cases in question and their obstacles.

In the fourth step, the experts recommend conducting a pilot run-through. Based on this test case, you can decide if the risk of going to the cloud is an acceptable one.

Considering aspects such as whether the risks are legal or technical will help you to make an informed decision. The run-through should allow you to form the clearest possible opinion about the test case.

If you decide against a cloud migration in this use case, at least you will be further on in your cloud strategy, as you will know what type of application is unsuitable and poses too many obstacles.

Doing nothing for fear of getting something wrong or breaking rules is not an option.

When developing a cloud governance framework, companies have to inform themselves in detail about compliance issues, adapt them to their own situation, set up new processes and implement innovations dynamically.

Use the following checklist to see if your cloud governance process is fit for purpose:

• Is the process fast?  
• Does it consolidate expertise within the company?
• Does the process enable the ‘technology move’ for which it was created?
• Is use of the cloud not prevented?
• Do the people using the governance process understand it?