When you move applications to the Cloud using Cloud services built on a global level, the complexity and the risk of your environment goes down. In a multi-dimensional model, tackling one area and reducing it by half through cloud, can reduce total risk/complexity exposure by 4x-8x. A 25% reduction in application risk factors can lead to a 75% reduction in operational risk. In addition, the operational risk you reduce by moving to Cloud outweighs the risk of lock-in and portability.
As mentioned above, one of the biggest challenges in assessing risk is using the right lens to look at it. Based on my personal experience in dialogue with CSPs, clients and other parties, when 10 risks are called out, then usually, out of every 10 risks for Cloud:
- Four do not exist and are based around incomplete information
- Another four or five risks may exist but have specific mitigation actions already worked out through CSPs and GSIs like Wipro.
So only one or two risks remain. And even in that, the biggest risk we see is not the Cloud itself but the successful transition of the organization into a Cloud-powered organization. Think of it this way – you are driving on a highway and want to change lanes. Both the lanes are safe by themselves, but the change may come at some risk. Now imagine if you make this change while changing your steering console AND changing the driver! That is the risk that organizations should really focus on – the risk that comes with a combination of technology improvement, process improvement, operational improvement, and upskilling and cross-skilling of existing resources for a migration. It is all simply about change and there is nothing inherently risky or different on cloud versus legacy - the risk is the organizational journey.
Please note: We are not saying that the cloud is riskless or that any journey is riskless, but rather that the unreliable/unknown dependencies and failure items have had much more engineering into their reduction/elimination.
Are you making the right decisions? A click down on risks
A typical application landscape in an organization is often a big ball of mud of organically grown legacy. This is not a criticism but a reflection of the well-known truism that technical debt increases over time. Let us not forget, for example, that COBOL turns 60 today, and some applications in your enterprise may not be much younger. The total number of things that interact with each other inside a major enterprise application platform can be almost mindboggling. Everything is touching everything and connected in a complex way in all directions. What you have here, is change risk. If you change anything, you have no idea what it might impact. It could affect code stability and create security, latency, or people risks.
Terrified of what might happen if they meddle with the system, organizations resist change, and that costs them in terms of strategic growth – which is a higher cost to pay. This was happening to one major financial client of ours. They had a host of legacy applications and the bank’s change budget for them was surprisingly low and didn’t present a lot of saving opportunity. But when we dug deeper, we realized that the change budget was low because they didn’t want to open that can of worms. Every time that they had tried to make changes in the past, it had cost them millions of dollars while messing up other parts of this complex ecosystem. So, all this while they chose to not change, accepted that limitation, and instead ended up risking business growth.
Another aspect organizations often consider is business knowledge. They believe they know more about their systems, processes, and their complexities than an external provider ever will. This leads them to believe that moving to Cloud will mean a loss of this knowledge. This was a concern that yet another major bank voiced when discussing Cloud transition. They had people with over 30 years of experience on their systems, who knew their application processes inside out. And they were reluctant to let go of this control. But what they failed to consider was that they were dealing with a much greater risk, this is particularly (and tragically) relevant in today’s COVID-19 world. If you have a high people dependency, you have higher risk. What if the key people you depend on retire, resign, or meet with an unfortunate accident? What is your fallback option? It’s much less risk to move key applications away from terribly complicated environments to the Cloud.
It doesn’t help that people are also resistant to change. Change is inconvenient. It means they have to learn to do things a new way. If they have been working on something a certain way, they don’t want to change it no matter how great the new option is.
On the other hand, the transformation to Cloud involves one of the most exciting opportunities for enterprise application owners and developers to not only improve the stability of their applications but also to stand on the shoulders of giants in terms of automation and service innovation. This also allows them to spend their time on business improvements and on learning new (and highly market valued) skills instead of mitigation activities that have already been solved by CSPs.
Break the mould to unlock business gains
Traditional decision models are not suitable when it comes to evaluating a move to the Cloud. CIOs need to adopt multi-dimensional thinking and look at the impact of each scenario on the business KPIs. Isn’t it worth investigating whether you can trade 10 old risks for three new ones? Either way, you are dropping seven of them! In the next article, we’ll talk a little more about these models and how a right approach can fast-track your business toward achieving ambitious goals.
Please click here to read part 3 (The key to achieving ambitious Cloud goals, bringing Costs and Risks together) of the blog series.