EY - Cartoon clouds isolated on blue sky background

Accelerate cloud adoption by addressing five key hurdles now

Kamyar Sanaei Kamyar Sanaei

EY Canada National Cloud Engineering Leader

7 minute read 20 Apr. 2023
Related topics
Consulting
Strategy by EY-Parthenon
Cybersecurity

Contributors: Irfan Mirza and Sandeep Singhal

Executives are challenged to do more with less — they’ve been charged with introducing new technologies into their ecosystem even when the landscape changes by the second.

In brief

  • Cloud infrastructure investments are hitting new heights, all while technology and markets evolve quickly.
  • Unleashing the greatest possible ROI from existing and future cloud investments requires organizations to be more strategic about their cloud approach.
  • Embracing a refreshed model that engages users in the upsides of the cloud and enables continuous data-backed tweaks can help businesses make more of cloud now.

How EY can help

Enterprises are poised to pour billions into cloud infrastructure — from data-in-cloud and platform-as-a-service (PaaS) to software-as-a-service (SaaS) technologies. In today's market, executives are challenged to do more with less — they’ve been charged with introducing new technologies into their ecosystems even when the landscape is changing by the second. That means businesses looking to get the very most out of cloud investments would do well to recalibrate their strategies first. Doing so now can help any organization tap into the full lift of benefits that cloud can provide.

 

Why reevaluate cloud frameworks and strategies in 2023?

Cloud technologies have become the foundation that enables businesses to transform, differentiate and gain market advantages.1 Adoption and implementation have only accelerated in the last few years as seismic, pandemic-driven shifts have pushed organizations to act quickly. Looking ahead, that pace isn’t expected to slow. In fact, IT research firm Gartner projects cloud application SaaS spending to reach $195 billion in 2023, up 17% over 2022.2

With so much cloud adoption happening so quickly, organizations have undoubtedly begun to unleash new upsides from operating in this way. In fact, Nucleus Research has reported that cloud deployments delivered four times the ROI of on-premise workloads from January 2018 to November 2020.3 What’s more, organizations were able to recover the cost of their initial investments 2.5 times faster 4 than for on-premise deployments.

Even so, cloud complexities and unknowns abound. Not only is the technology evolving at a remarkable pace, but the broader operating environment continues to present obstacles that could be holding organizations back from fully adopting cloud.

To break down organizational silos and pain points, users need to take an enterprise view with a human-centred approach to make the best use of cloud’s benefits and capabilities. The real question is: how do you begin?

Build a continuous cloud model that brings users on board by highlighting the benefits and then evolves continuously based on real-time feedback. Start by seeking to understand the common obstacles and pain points that tend to hold users back, and build your model from there.

Security is an issue

Addressing evolving cybersecurity threats through a strategic approach to cloud

Organizations continue to worry about the security of their data in the cloud and potential cyberattacks that could compromise sensitive customer information. In one study by AMS, 95% of organizations admitted to being concerned about cloud security.5 Data leakage, data privacy and accidental credential disclosures were all concerns.

Case in point: a large public company was looking to drive a major cloud transformation to Azure. They were keen to ensure that data, compute, network and storage services had the same underlying architecture and multi-layer protection with native and third-party tools. Using those tools to classify, label and protect data wherever it was located was also a priority. To make that happen, we used the Collibra data governance platform to profile, classify and decide which data elements needed to be protected. We also implemented a data protection capability that enabled the company to mask and/or redact sensitive personally identifiable information data in DataBricks and in the data visualization layer (PowerBI).

This strategy helped gate the graduate data migration through the same mechanism. It also allowed us to vet security and privacy protection before data was loaded, analyzed and ultimately consumed. We were then able to implement an Azure security baseline and DataBricks security recommendation to safeguard data secrecy and privacy.

All of this matters to end users, who need to trust an institution’s platforms. Now, they can work with and operate within the institution’s environment securely. Putting humans at the centre of the cloud approach means always thinking about security through the end users’ lens.

How EY can help

Cost considerations are ever present

Doing more with less to continue building cloud momentum

Moving to the cloud requires upfront investments in hardware and software licences, as well as ongoing costs for maintenance, support and staff training. That can add up quickly for large organizations.

 

To that end, clearly articulating cloud benefits can help generate the kind of enterprise-wide buy-in that drives broad adoption and outcomes. Thorough strategy conversations that dig into the business case for cloud can spark progress. Different business users will have varying degrees of understanding where cloud is concerned. Close those gaps now to build application owners’ trust in what the program — and its intended benefits — could ultimately look like.

 

Developing a cloud migration plan with user-specific benefits in mind is part and parcel of this process. A well-defined cloud migration plan both draws a clear roadmap for migration and identifies upfront costs associated with moving to the cloud. That allows organizations to plan for the necessary investments, prioritize migration activities based on business needs and manage costs by regularly monitoring cloud usage, cost optimization and cost allocation to specific departments or projects.

 

Last but not least, make use of cloud provider support to manage cloud infrastructure and optimize costs. This reduces the burden on internal IT staff every step of the way.

 

Regulations are in flux

Understanding the regulatory landscape, and adapting cloud effectively

Heavily regulated industries must comply with strict regulations that may not be compatible with cloud computing systems. Evolving regulations are complex, causing questions and uncertainty about how to comply and govern effectively.

 

Case in point: a major bank wanted to automate cloud security posturing using cloud-native capabilities in Azure and AWS, while ensuring that the policies would be reliable and produce the required outcomes by dual-stage testing. The bank had supporting structure in in Azure and AWS and wanted to make sure cloud control objectives were met regardless of the technology or cloud environment used, all while remaining compliant with industry leading practices.

 

To get there, we analyzed more than 200 cloud security control requirements and developed policy logic to evaluate whether the control for a given resource was met — or not. We created more than 150 additional policies over two phases using HashiCorp Sentinel, Azure Policy and AWS Config with lambda functions to enforce the controls. Additional phases followed.

 

These measures established practices for continuous integration/continuous deployment (CI/CD) and Git-controlled development while exploring flexible coding mechanisms like parameter injection.

 

Each of these steps forward helped the bank bake in flexible coding mechanisms that made it easier to navigate the shifting regulatory environment. This human-centred approach to maximizing the cloud can be helpful for any business, operating in any regulated environment.

 

Data sovereignty must be addressed

Keeping data within Canadian borders, and safeguarding it well

Companies want to ensure customer data remains stored within Canada’s borders, rather than being hosted by third parties overseas. This kind of data sovereignty is particularly relevant for organizations operating in the government and public sector.

 

Meeting these requirements means choosing a cloud provider with local data centres, located in the country where the data is being collected and processed. This makes sure the data remains within the country’s jurisdiction and is subject to local data protection laws. From there, organizations can implement data encryption to protect sensitive data while it’s being transmitted and stored.

 

Organizations should consider implementing encryption at rest and in transit to protect data from unauthorized access. It’s important to develop a data governance strategy to manage data in ways that comply with local regulations, and to make sure data is used ethically and responsibly.

Loss of control is worrisome

Managing data, and mitigating privacy and compliance risk

Outsourcing aspects of IT operations to a cloud provider can leave many organizations fearing a loss of control over how the data is managed and maintained. This can create risks to customer privacy and compliance requirements.

Overcoming that hurdle requires organizations to take a holistic approach. It’s important to embrace a big-picture view that connects risk, workforce, governance, technology and operations. This helps ensure you’re modernizing in ways that make a positive impact across functional areas, and not in siloed buckets. Building a holistic approach itself covers all the dimensions, including specific challenges mentioned above, while creating a cloud strategy.

Choose a cloud service provider with a strong reputation for security and data privacy, one that’s also transparent about security and regulatory compliance practices. It’s also important to establish clear data access controls for data in the cloud. This can span everything from who can access data and when, to how they use it. What’s more, build regular security audits right into the process. This helps organizations identify and address vulnerabilities to keep data in the cloud safe.

Summary

Reevaluating current cloud models with a human-centred approach helps users who ultimately work, innovate, collaborate and connect in your cloud make the very most of its capabilities. Although CIOs and other leaders may be struggling under a wave of cloud deployment fatigue, now’s not the time to abandon course. Instead, help stakeholders learn about cloud to demonstrate value. Move away from “one and done” strategies to embrace a truly continuous and evolving cloud approach. Pursue a continuous model for implementing the cloud, evaluating its effectiveness and tweaking at regular intervals. And unlock greater cloud ROI from here on out.

Our experienced partners are here to assist you in achieving maximum returns from your cloud investments. Propel your organization into the future with the power of the cloud today.


EY and Microsoft

Together, we empower organizations to create exceptional experiences that help the world work better and achieve more.

Learn more

About this article

Kamyar Sanaei Kamyar Sanaei
EY Canada National Cloud Engineering Leader
Committed to enabling technology for adding business value
Related topics
Consulting
Strategy by EY-Parthenon
Cybersecurity
Contact us
Like what you’ve seen?  Get in touch to learn more.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.