By Kevin J. Field, CIO and executive mentor
Dear Mavens,
I’m the new CTO of a midsize financial services company and have walked into what seems like a hybrid IT mess: Multiple cloud providers, some connected, some not, data and apps spread all over the place. Right now, everything seems to be humming along fine. But should I be worried? Can you share some best practices for addressing this issue and building a better path forward without disrupting or breaking what’s working today?
JT in Connecticut
Hi JT,
Congratulations on your new role! Now, regarding your perceived “mess,” the extremely non-technical—and definitely frightening—term for what you have on your hands is a “Frankenstein cloud.” That is to say, a mix of providers, platforms and services, brought on at different times by different leaders for different reasons, and effectively “stitched together” after the fact to create a quasi-cohesive cloud solution.
The good news is, this is not necessarily the big bad monster that its name suggests. Many organizations today very intentionally operate with a mix of public, private and hybrid clouds, each of which makes sense for a specific and valid business reason.
However, as someone new to the organization who did not have insight into, or influence over, the business decisions (or lack thereof) behind these choices, your concerns here are understandable, and not off base. Even with a well-considered, multi-cloud strategy, more complexity means more time, money and risk. It’s a lot to manage, which is why running with a very lean IT team could be reason enough to explore consolidating to a single platform. If you’re reasonably well staffed, then whether or not the complexity you’re looking at adds up to a “mess” really comes down to how well your organization is running in three key areas.
#1) Architecture – Ideally, your organization should have an enterprise cloud architect who determines which clouds make sense for the business, sets the strategic direction and design standards, identifies how identity access and application and data management should be structured in the cloud, and decides which tools can and should be used. Depending on your company size, you may also have architects at each division, down to the project or solution level, whose job is to make sure that what they’re coming up with is compliant with the overall architecture or if not, to open a dialog and potentially change standards.
#2) Governance – Closely connected to this is governance. This is the team responsible for overseeing risk and risk management for each of the divisional cloud architectures and implementations and should be working in close collaboration with the Architecture team.
#3) Security – Finally, but most importantly, is security. Above all else, your data must be vigilantly protected. That requires a CISO or other security-focused leader working hand in hand with your architect to ensure that your chosen tools and deployment paths are going to be safe and secure.
Having good coverage across these three functional areas should give you reasonable assurance your Frankenstein is tamed and can remain so moving forward. But that does not mean there aren’t hidden vulnerabilities and potential threats lurking somewhere in its disparate limbs, or the seams between them. Something as innocuous as an overlooked expired certificate can turn into a system showstopper.
The various automated cloud reports you have access to provide some valuable data points here. But they won’t really tell you whether you have an overall problem.
The best way to surface that is by running an assessment of your entire IT estate. You want to go server by server and application by application to understand the full context of each item. Who owns it? How current is it? Is it still active? Is it still delivering value? Is it being fully leveraged? And, of critical importance, what are its relationships and dependencies across the environment? Siloed knowledge is a major cause of systemic breakdowns; dissolving those siloes will give you the truly holistic picture you need.
To do this right, I recommend leaning into automation and expertise. Spinning it up into a sidebar project for your internal team would most likely distract them from the business-critical tasks they were hired and trained to focus on, without delivering the results you’re looking for.
Enlisting a partner with specific experience in cloud-native database and application management and monitoring will get you to that position of clarity a whole lot faster and with far more accuracy. They’re going to have a deep understanding of the tools you have and how those tools can best support your unique business outcomes, and they’ll know how to automate as much of the process as possible and where to leverage manual interactions for maximum impact.
This discovery process will surface your hidden red flags and help define the immediate actions you need to take to remediate them. It’s also going to reveal opportunities for efficiency and cost-savings.
Finally, but by no means final, you should appeal to the business to make this an integral, always-on part of your IT strategy, not a one-and-done event. The alternative, rinsing and repeating the whole process from scratch every few years, will cost a lot more and leave your organization vulnerable to attack—with all the financial and reputational damage that goes along with it.
When facing a Frankenstein—be it a monster or a cloud—you should always maintain a healthy respect for its power and potential. But with proper attention, care and management, you don’t have to fear it. \\
Kevin J. Field is a CIO and transformational leader, currently in the insurance industry. As a thought leader, Kevin serves as a Columbia University Executive Master’s Program mentor, on company and industry boards, as a startup mentor, influence mentor, innovation and transformation judge, and has presented his successful approach to cultivating a high-performance culture at CHRO and CIO conferences. You can read more of his tech insights at kevinjfield.com.
Pose a question to our Mavens today!
Submitting a question to Ask a Maven is quick and easy. Just send us an email at askamaven@themavenreport.com. Include your question and let us know how you’d like to be identified (provide your name, company and/or industry) or if you’d prefer to remain anonymous.
Our Mavens personally review and consider each reader submission. If yours is featured in an upcoming issue, you’ll receive a special Maven gift—our way of saying thanks for asking a Maven.