“There’s been an awakening. Have you felt it?” — Supreme Leader Snoke, obviously referring to enterprise IT now embracing cloud instead of dismissing it as a rogue effort.
Since AWS launched EC2 in 2007, cloud adoption in the enterprise was tactical, born out of the necessity to move fast. Teams could launch their app on the cloud in days instead of months. It was a triumph of self-service over the slower service-desk approach.
Cloud adoption wasn’t planned: it just happened. It was organic. And regardless of whether the adoption was a slow creep or an explosive burst, IT needed to figure out how to handle it.
Let’s call this tactical adoption “Cloud Management 1.0”.
Cloud Management 1.0
Cloud management was all about the application: migrating existing applications to the cloud, deploying new ones. If you think about it in that context, it’s clear what the challenges were: provisioning, orchestration, configuration, and monitoring, to name a few.
Cloud Management 1.0 birthed a host of startups, each set out to address one of these problems. Chef and Puppet immediately come to mind. Enstratius and CliQr too. New Relic and AppDynamics as well. I could go on.
Companies adopted a collection of tools, each addressing a single challenge. Band-aid, ad-hoc solutions proliferated. Silos formed. Fragmentation increased. Inevitably, however, a new class of problems started to form. These problems, such as reporting, are not application specific, but rather span the entire organization.
Organizations were adopting cloud one move at time, discovering the game as they played it. It became a game of chess where they only ever looked one move into the future. And who could blame them? The problems were unknown.
This first wave of Cloud Management was a disintermediation of IT. For the first time, central IT had competition. Central IT was slow. Its service model, the service desk, was manual and ticket-based, and couldn’t keep up with demand. With the introduction of cloud, developers could go around the gatekeeper and straight to the cloud for resources.
With developers now going around it, Central IT had an even harder time performing its mission. For instance, IT finance has a tougher time predicting cash flows if developers can launch new machines without consulting finance first. Budgeting became a problem in the self-service model.
Same goes for IT security. If developers can launch new machines without getting security (or even compliance) involved, the organization is at a greater risk of attack.
With this disintermediation, the role of IT has changed. It isn’t –and certainly can no longer be– the gatekeeper to infrastructure. That model has come and gone. Instead, its role is to handle the needs of the centralized functions in a decentralized IT world.
Enter Cloud Management 2.0.
Cloud Management 2.0
The second and current wave of Cloud Management is about more than deploying applications to the cloud. It’s about bringing the entire organization to the cloud. It’s the meaning behind being a “cloud-first” company. It’s what people mean when they say they want to go “all in with AWS” or Azure, or Google.
In the self-service world, it’s easy to move fast at the expense of others. We once had someone like that at Scalr. He was one of the most prolific people in the company. But he obtained that status by forgoing the needs of other team members: he (didn’t bother to) expense reports, giving the finance team a hard time; he rarely documented his code, making it tougher to leverage his constructs; in meetings, he took and never gave.
You can only tolerate a few of those people before your culture breaks. I like to think of these types of people as taxing: they make the organization 20% less productive. The moment your organization reaches a certain size, that 20% exceeds their marginal utility.
The key to moving fast with others is what, in software engineering, we call “loose coupling”, a form of separation of concerns. It’s not “everyone holds all the concerns” like those that would promote DevSecFinOps (or longer versions of that name). The concerns that are application-dependent, covered by the Cloud Management 1.0, should be borne by the application team. Addressing the concerns that are not application-dependent, those belonging to Cloud Management 2.0, is the new role of IT.
The New Role of IT
To be successful, IT leaders should preserve the speed and velocity afforded by the “non-blocking” self-service model, while still injecting the necessary safeguards into the cloud toolchain. These safeguards include ensuring workloads get placed into secure networks, ensuring costs get optimized with resource reclamation and rightsizing, and ensuring auditability of people and workloads.
IT leaders will have to ensure maximum app team autonomy–they won’t ever have the bandwidth to gather all the context required to make application-dependent decisions–while non-intrusively injecting the guardrails.
Thus IT leaders will want to evaluate cloud management platforms on the following criteria:
Cost Control – Business units and teams must be held accountable for costs, and the system should make this easy for them through transparency and financial guardrails.
Security & Compliance – Workloads must comply with non-application-specific security policies, and expose resources to user based on their identity and permissions. The system should simultaneously protect the users from the cloud, and the cloud from the users.
User Productivity – Team autonomy and self-sufficiency must be preserved. The system should have clean separation of concerns so IT security and IT finance don’t become bottlenecks for developers again. The system must not reduce optionality by introducing lag between new cloud functionality and system support for said functionality.
Infrastructure Flexibility – The business must provide platform choice and platform optionality. The system should accommodate involuntary sources of multi-cloud, such as M&A or application-specific team decisions, and must have the flexibility to adapt to re-orgs and corresponding changes in responsibility.
In summary, Cloud Management 2.0 is about operationalizing the cloud: helping the entire organization be successful on the cloud rather than focusing on a series of individual applications. Only once IT has understood its role in delivering cost controls, security & compliance, user productivity, and infrastructure flexibility, does the business gain advantage.
The result is an agile enterprise that grants maximum autonomy to their dev teams via self-service while ensuring federation and safeguards for finance, security, and compliance.