Fig 1: Cloud Risk Elements
For instance, overspending is a risk when it comes to the Cloud economic model. You could achieve the most elegant IT implementation, but what it would cost could break your business. Spending more than planned is a frequent occurrence with as many as 69% of companies reportedly overspending on their cloud budget by 25% or more[i]. Wasted cloud spend runs into billions of dollars every year! Managing this risk is not just a financial but also a career-level discussion for many leaders.
When it comes to data, there are security risks that raise questions like - Who holds the encryption keys? Where is the data? Where is the data being replicated to? Are the services externally contactable? Are we using Zero Trust? The truth is that while there are many things that are perceived to be risks on data in Cloud, a well-architected Cloud Data Platform is no more risky than any global enterprise data platform today.
Creating an app migration strategy also comes with its share of risks that are a part of any transformation and not specific to Cloud. For instance, migration of applications from legacy code to new code may not duplicate functionality and result in risky/unpredictable behavior. Then there are operating risks during implementation. If you aren’t geared to do it right and move too many things at the same time or too quickly, you could tip the balance. An organizational ability and maturity to manage a process, which is poorly planned and ends up partially on Cloud and partially on-prem, may end up increasing the number of Cloud to non-Cloud handoffs. This could put too much strain on existing IT resources and processes. And a botched implementation could mean unhappy employees and attrition that could further damage operational stability. These risks have nothing to do with Cloud as a platform!
In essence, risks to Cloud Adoption are absolutely complex and multi-dimensional and managing them, like managing Cloud adoption, requires an integrated strategy.
An integrated approach for cloud risk management
For successful Cloud adoption, the planned initiatives must have a balance of risk vs. reward in a specific timeframe. For example, you may want to consider:
- How much cash can I expend in one quarter?
- What is the return I'm going to get on this expense?
- What are the risks to business because of this initiative and how can they be mitigated or managed?
A good approach would be to map out what is the risk to business, what are the potential benefits, and what will be the cost to achieve these (See Fig 2). For example, let’s say you’ve planned 7 initiatives A, B, C, D, E, F, and G over three quarters. In Q1 when you go ahead with A, B, and C the aggregate risk and cost is acceptable, but benefit is insufficient. Similarly, in Q2 when initiatives D and E roll out, the benefit is high, and the cost is ok, but the risk is too high. This mapping can be done for all initiatives planned for the entire journey and optimized accordingly.
For example, in Wipro Cloud Studio, we have a methodology to classify projects and programs in a standardized way, which helps consistent treatment of these within an enterprise’s overall risk posture and level of comfort.