2. Context
The “lockdown” brought on by the COVID-19 pandemic is an
opportunity to make the transition from “on-site” to “cloud”
with reduced risk.
A contemporary buzz word in the world of IT is the cloud. The
word “cloud” says it all – few have a clue what it exactly stands
for and is supposed to to. Wooly, fuzzy, no boundaries, moving
goal posts, Each and every IT vendor takes the meaning of
cloud that best suits them and makes an ill-fitting 3-piece suit.
A more specific description maybe, that if you move any of
your hardware, software, applications, IT or ICT out of your
premises then you have opted for something of the cloud.
With the gale force of the internet & mobile it was and is
inevitable that the cloud is going to become a part of your life
whether SME, Medium, large, Fortune 1000 or MNC – whatever
your industry vertical or horizontal.
In essence you are moving your “data-centre” off your
premises to a “cloud” virtual remote off-site location.
A key aspect of cloud is a change in cost and possibly reduced
cost from Cap.Ex to Op.Ex., Fixed to Variable cost and possibly
indirect to direct cost.
Less licenses, increased collaboration, single-view, quicker,
faster, safer, 24x7x365, less dependency on scarce techie
resources, improved business continuity, quicker disaster
recovery, wider reach are all potential further intangible
benefits.
Who is using the cloud?
1. You. In everyday life. Google, Amazon, Apple. ALL the digital
products you use every day is using data-centres, big-data,
analytics and AI to do the big computing to personalize and make
you feel unique using your digital product or service.
2. To name a few … Siri, Tesla self-driver cars, most flying drones,
UBER, Cogito, Netflix, Pandora, Echo, Nest, Boxover.
3. The applications include … purchase prediction, music or movie
recommendation, fraud detection, video games, social
engineering, social media, search engines, online customer
support, smartphone maps, security surveillance, News generation
(including fake news and voter influence), integrated smart home
devices.
4. Most startups today will need some or many of the above from a
scalable perhaps global cloud platform.
3. 5. Healthcare is an early user of AI. Predicting epidemics, genetic
mapping, disease diagnostics, early-stage cancer detection & much
more.
Key-focus points
1. Listen to the old adage “If it aint’ broke don’t fix it”, however the
problem is you have to adapt, survive, thrive and for that the
mobile, internet and the cloud is the way forward.
2. Being in “command and control” is the key. Pre-event, in-event
and post-event you have to have “Prediction”, “Prevention”, “Post-
mortems” in place. Know the un-knowable, prepare for the worst,
hope for the best. Your competition, the government, suppliers
and customers, stakeholders all seem to want to get you.
3. Transparency. Policy. Process. Standards. Methods – do help
99.99% of the time, and that’s what you want. There are no 100
solutions.
4. Even the most complex of cloud architectures can be simplified to
3 basic parts …
i. Computing. CPU, GPU and TPU. FLOPS to Tera-flops.
ii. Storage. Network storage, media streamers, server-farms.
On-demand. Online, offline.
iii. IO. Input-Output. Bandwidth, occupancy, capacity, routing,
switches, IPv6, wireless, wired, RF to a host of related
technologies.
5. Collaborative global intelligence such as a “Google search” is
available to every global citizen. This is driven by ENORMOUS
databases, big-data, analytics, Artificial Intelligence techniques
such as Machine Learning (ML), Natural Language Processing
(NLP), Artificial Neural Networks (ANN), Tensor-Flow, Deep
learning (DL) & more. EACH and ALL requires ENORMOUS
computing, storage and IO.
6. Then there is the tangible and intangible. Savings, earnings,
features, benefits, feel-good, leadership and more. What I need.
What works for me. What I have and am willing to spend. What
will I get in return.
Benefits
o The inherent benefits of the cloud maybe obvious. Cost saving
being the first. It involves zero to minimal Cap.Ex. everything
can be Op.Ex. You can start attributing it to DIRECT cost rather
than INDIRECT costs – thereby managing your profit and
bottom-lines better, especially if you are a very IT dependent
type of business. You can take it as VARIABLE cost rather than
FIXED, availing of higher resources as and when you need it.
4. o In essence you are also out-sourcing your IT. Which means
you do not have the costs of a captive location, power backup,
utilities, redundancy, fail-safe, physical security, IT manpower,
IT admin. Staff. IT developers, IT maintainers the list may
seem quite endless.
o You can now focus on your core-competencies, your business
and where your marketing, sales, revenue, customers,
suppliers and value-addition lies.
What if?
A good question to ask is … what if I don’t migrate to the cloud? What
will happen? Setting out a 5-year timeline of what if I do not migrate is
an excellent place to start. The age-old adage in IT of “If it ain’t broke
don’t fix it” and “If it is working leave it alone” is very good first-level
advice when it comes to “cloud migration”.
Inherent Risks
In the very paradigm shift of “data-centre” to “cloud” is a list of inherent
risks as you will recognize if you think about some of the points earlier.
No longer your staff. Your data-information-knowledge is no longer with
you. Not your hardware anymore. Your software license – server licenses
and client-licenses are now very different
Paradigm shift in mind-set
Even if you have a huge digital presence, eCommerce and online activity
the shift from a data-centre to the cloud is YUUUUGE in terms of mind-
set. Think about business over the last 200 years. On Friday evening (or
whatever) you shut shop, lock the doors, take care of the keys, put
security people in place and go home – peacefully over the week-end till
Monday morning. Everything is as you left it.
Not so with a data-centre on the cloud. It’s open 24x7x365 and not just
locals, your city, state, nationals and global citizens are free to walk in
browse around, buy, seel and do things to your business you would love
to or HATE it. It’s all in the mind.
5. On the practical side there is a clear set of action-plans that have to be
put in place. Command & Control. Monitoring, knowing EVERYTHING
that is happening. Notifications, alerts, crises moniroting. Business
Continuity, Disaster Recovery. Cloud-watch is your key set of keys to
your business.
What kind of risks exist?
1. Where your servers are located in the cloud face the SAME problems
you may have at your data-centre – though they may be better
managed.
2. In many ways the resources are SHARED. Inherently ANY sharing
poses a list of risks of its own.
3. As this is a NEW area and a ONE-OFF, you will NOT have the skill-sets
necessary to do this.
4. Murphys law – If things can go wrong it will. Also in life “$!)*#
happens”
5. As you migrate from a data-centre to a cloud you have PRE-migration
risks, IN-migrations risks and POST-migration risks.
6. Real benefits may accrue only after the above 3 phases are done
with.
Our method
1. Essentially we could be the Project Managers. Actual
migration and help with Staff-augmentation, partnerships or
T&M as needed will be added, extra and optional to you.
2. Deploy a collaborative “Risk Register” tool such as “clextra”.
Every single stakeholder can add his or her long laundry list
of all the risks they see.
3. Risk audit – We will review YOUR migration plan. Include
line-items into our “risk-register” from YOUR plan.
4. Have a training programme with all stake-holders to brain
storm and bring up all possible situations to add to the
above “risk register” – make it as comprehensive as
possible.
5. Now establish a 5-point likelihood scale for each of the
above. You could make this also a collaborative opinion –
remember no one can forecast the future.
6. With this establish a 5-point impact scale base on monetary
loss for each.
6. 7. Even an intangible such as reputation loss or PR disaster can
be quantified into the above 5-point scale.
8. You will now get a “sorted” list your highest risk line-items.
9. Now work on each-line item to reduce the impact if it were
to happen or the possibility of likelihood.
10. Once done, you have the residual risks – what you have to
live with and hope it does not happen, but prepare for the
worst.
11. Mitigation strategies for each line-item.
12. Assign an accountable person and develop with each such
person a plan in the event of … a BCP (Business Continuity
Planning) and DR (Disaster Recovery) for each and all line
items. Find the dependencies and inter-dependencies.
13. Remember for the SAME LINE ITEM, the PRE-migration, IN-
migration and POST-migration parameters may vary.
14. A physical and virtual audit of the BCP and DR plans can be
done BEFORE an event. This would be along the lines of ISO
27000, ISO 31000, SSAE 16 etc. IT, security and Risk audit
processes.
15. We also have a date-wise (or each of the 3 phases) ISO
27000 Assessment checklist cloud collaborative tool.
16. ALL the plans for migration must be in a PARALLEL different
site neither data-centre NOR cloud to ensure access to
“Migration plans” as a “Risk contingency” – that’s a core-
part of our methodology. “Don’t’ put all your eggs in one
basket”.
Commercials
1. We are a group of firms and experts drawn from an essential
core-group. This includes “Technology”, “IT data-centre
management”, “Cloud expertise”, “Governance, Risk-
Management & Compliance” and Business Experience in various
industries including Manufacturing, Healthcare, Banking, PSU’s,
Railways, Multinationals & more.
2. We have and can include skills such as SAP, SAP Hana Oracle,
Microsoft, Azure, AWS, IBM, Cisco, Intel, Dell, NVidia, HP, etc.
and legacy systems and further as needed out-sourced skills as
a “migration risks project”
3. Your payment options can be one of …
a. One-time pre-negotiated fee based on project scope.
b. A percentage of the overall migration budget.
7. c. Annual contract as a “Risk auditor” – monthly/ quarterly
subscription.
In ALL cases we would include our top-management, cloud
tool platform, on-site and off-site resources AND any other
related costs to ensure the LEAST risk for your “migration”
project.
4. We could be Tier-2 or Tier-3 partner component within your
current contracted INTERNAL or EXTERNAL IT, Audit or
Management entity – put us in touch with them.
Migration Phases
Contact Information …
Please do get in touch to take our advisory services in your “Migration to the
cloud” journey.
Casper Abraham
casper.abraham@edgevalue.com
Cellphone : 91-98450 61870
Principal architect of clextra (http://edgevalue.com/clextra) http://clextra.com
Founder Director Riskpro India Ventures Pvt. Ltd. (http://riskpro.in)
Document version and date : July 1st
, 2020
Casper Abraham Bangalore INDIA