In my last post, I discussed why cloud architects need to be business savvy when transforming IT to ITaaS. Part of that discussion was how to get the information needed to assess the organization and the technology. In this post I will dig a little deeper into that assessment process, starting with the working definition we use in the ITaaS class. While the definition of the assessment may be basic, the outcomes are almost always going to be huge. How many of you have executed an organizational assessment? Do you even know what the company’s governance model is, and how it is maintained and enforced? What about the economic shift? While everyone talks about the shift from capex to opex, is it really that simple?
The last bullet on this diagram is key: IT must become a service provider. This is one of the most important parts of the transformation process. Internal business units have a choice of providers, and all they have to do is pull out their credit card to use some of them. So if their IT organization becomes a Service Provider and can not only compete with offers from external providers, but can also provide ITaaS as a trusted ‘broker’, it would be a win-win for the business.
Below is a list of some of the most critical areas we believe must be included in the assessment:
At the top are the Enterprise-level assessments that must be completed first, because to be successful, the transformation process must be completed top down. By assessing the overall organization, the business can evaluate how it is designed from an ownership and accountability (governance) perspective, as well as how it measures success. The traditional approach of meeting or exceeding deadlines is no longer enough. Businesses today must be agile and responsive to changes in the market and customer demand, which requires measurement to be shifted to ‘time-to-value’ (TTV). Purchasing a large software system and spending 3-5 years on implementation is too long a TTV. By transforming IT to be a broker/provider, IT must make a competitive offer. The lines of business need a new way of interacting with IT, including accepting a shift to a chargeback model (I’ll cover chargeback more in a future post).
The next section of the slide includes more organizational and governance elements that apply specifically to IT. EMC’s Global Marketing CTO, Chuck Hollis, posted a couple of great posts along this line (In praise of the business process owner and Good help is here for your IT transformation) The point being that we have to change the way IT is designed at the technical level (cross-domain expertise) and at the structural level (new functions such as services, sales and marketing, billing help desk, and service provider liaison).
The next section of the graphic covers the GRC and Security assessments. Does IT have updated information flow diagrams? Has it developed a taxonomy for what information assets can be placed with a given service provider and under what conditions? For example, it is fairly common practice to prohibit intellectual property to flow outside the firewall. But what if IT wants to use SP resources to run a new version of the company’s code, instead of acquiring systems that would be left idle much of the time? This would require a new governance model, with new security controls, to ensure the IP is adequately protected.
The next section covers the services and Services levels (SLAs). If IT is going to provide services and be competitive, it needs a self-service portal. Does the company have a service lifecycle from creation to end-of-life? Does the company have a service catalog? A service orchestration engine? These are just a few of the issues we consider in the ITaaS class that must be part of the assessment process. SLAs are getting fiercely competitive—can IT provide SLAs that are the right cost with the right metric? If IT is typically required to deliver Five 9s, but the business only needs and wants to pay for Three 9s, does IT know how to do that?
Next is the applications assessment, which is the most important and most difficult assessment to make. You’ve heard of Server Huggers but they are nothing compared to App Huggers! When it ran the applications assessment, EMC’s own IT organization found that it had more than 600 applications, which were eventually reduced to under 400. The process for using COTS (commercial off the shelf) software also had to be adapted. Most companies find the notion of changing business processes to be repulsive, so when a COTS package is acquired, the first thing that happens is the stakeholders with the most say start driving for customizations, which is, of course, antithetical to ITaaS. In order for IT to be competitive with SaaS offerings, there must be an even playing field—the business must choose the provider who can best meet the core objectives of Cost, Functionality, SLA, and Trust as a package deal. It is important to note, however, that customers often have different weighted values for these dimensions of service based on their business needs.
Last up is the technology assessment. Some of this is quite simple and it is immediately clear if the necessary pieces are in place to stand up and operate a service-based infrastructure (IaaS), development (PaaS), and application (SaaS) environment. Key investments start with a “virtualize everything” and “standardize the platforms” basis. It may also include service catalogs, orchestration engines, federated access and identity, federated directory services, etc. Some of this may be very hard to implement – for example is your network essentially flat today? If so, how do you federate with a public provider without exposing unwanted elements to the SP network? What happens when the SP wants to perform an update to its technology that IT has federated to key applications internally? Have the systems become agnostic to upgrades or at least do they appear to be agnostic to the lines of business?
So as you can see, the assessment process requires an enormous amount of data gathering. The architect must wear a lot of hats or at least be fluent enough in several of the new domains to drive the process in the right direction and eventually to the decision-making point. Once the assessment is complete it is still necessary to evaluate the prioritization and economics of what to do first, and determine the justification and next phases of planning and design. I will cover those topics soon in a future post.