Who you gonna call? Cloudbusters?

Cloud market is growing 35% (Gartner, Rightscale) faster than expected and in one year, half of the enterprises are going all-in for the public cloud. In five years, you ARE using the public cloud in some sense and more than 80% is using ERP from the cloud – most of them fully.

More than 70% of the cloud users are not satisfied for the cost savings and 67% are puzzled by the compliance and security challenges.

Cybersecurirty Insiders 2019

Despite that, more than 60% are planning to move more workloads to the cloud. 

Then there are many, who does not absolutely understand what is the difference of private and public cloud? Now you can have all in hybrid, plus you can have private cloud in public cloud and some of the private clouds are hosted at public cloud. Sounds like a mess right?

Specially at the small Nordics, it is difficult to understand what the hyperscale really stands for. Datacenter of thousands or tens of thousands of servers might sound big and capable. Well, it is not. If you have 20 locations on each of the continents, all locations have half a dozen datacenters, containing hundreds of thousands of servers, THAT is hyperscale.

Why the scale matters?

Removing the variable of scale totally changes the enterprise architecture and with it, the business model. Now we are talking about the real paradigm shift. We can forget about the traditional challenges regarding infrastructure, cost and availability and we can start to concentrate on direct support for business. This is why 72% of the enterprises now seek cloud for business agility.

Deloitte, 2019

So who you are going to call?

Call the hyperscale vendors? Nope. They are just going to tell you that their one is the best and why. They rarely tell you what are their weaknesses and very ofter you hear the suspicious “yes, but…”. Usually you need to go very high in the organisation and establish high level of trust to hear the things you need to hear.

How about the hybrid vendors? Nope again. They have invested a lot of money for their private cloud and they are usually calculating costs instead of customer business value and co-creational innovations with pure business focus. 

Cloud solution providers? Well that could work, but they are usually focused on certain vendors, since their are measured and rewarded by the consumption they bring and selling multi-cloud is difficult. It is easier to select just one to lead with.

Hire your own people then? Well, that works for a while, but the person needs to be extremely well connected, continuously developing self and there will be little time for anything else than just keeping up the pace with the surrounding change. That will be very expensive.

OK, I know it is not that black and white, but the fact is, that getting good and correct information in the middle of the cloud-boom is not that easy. It is like crazy 2000 bubble again.

Who is the cloudbuster then? 

It is a company who you can trust. The one who’s business focus and investments are not on traditional computing or business models. Your advisor needs to make their money for presenting trust of giving good advises. The more trust you give, the more you gain. 

Trust does not just mean co-creation, it means taking a risk, investing when uncertain and openly exploring for new options. In this specific case, the trust comes from the best practises and knowledge what the advisor has built and your organisation is willing to receive. 

Who you gonna call?

Call the one who openly shares common goals with you. It is the one who says you need to take more than just one step towards public cloud. It is the one who says you went too fast and you need to take step back and plan your strategy and journey before you jump in to conclusions.

You cannot be BiModal

In short, no single person can be Bimodal. In contrast, many other entities can. Despite the hype and the mystery around the concept, Bimodal IT is actually something simple which actually gives you many tools for a better governance model.

CIO’s, IT departments and business leaders are all thrilled about the term and now every reputable organisation wants to master the one of the most popular hype words used by the Gartner. So what does it mean?

Gartner did not actually invent the concept of Bimodal. It was invented by Béla Bartók, one of the most important composers at 20th century. For him, the Bimodal meant simultaneous use of two distinct pitch collections, which do not need to be in traditional scales. So basically playing music in two different ways at the same time.

I do not know when the Gartner did adopt the term for Bimodal IT, but I guess it was around 2014. It started as a hype word, but it was quickly adopted to larger enterprises and by the most agile CIO’s as their favoured way of handling the new more quick-paced productivity requirements. 

Gartner has a nice glossary, which states the explanation for the term like this:

Mode 1 is optimized for areas that are more predictable and well-understood. It focuses on exploiting what is known, while renovating the legacy environment into a state that is fit for a digital world. Mode 2 is exploratory, experimenting to solve new problems and optimized for areas of uncertainty. These initiatives often begin with a hypothesis that is tested and adapted during a process involving short iterations, potentially adopting a minimum viable product (MVP) approach. Both modes are essential to create substantial value and drive significant organizational change, and neither is static. Marrying a more predictable evolution of products and technologies (Mode 1) with the new and innovative (Mode 2) is the essence of an enterprise bimodal capability. Both play an essential role in the digital transformation.

To me, this is just a part of the explanation. When I saw the presentation of the Bimodal IT at the first time, I thought that very agile organisation could actually just be fully on Mode 2 and the whole model is nonsence. Very soon I realised, that even the most agile startup would still require some more stable systems or services for the basic parts of the business. Why would you need to have very agile Mode 2 management on your email services, since you just basically want it to work? Using Mode 1 makes sense on more stabile, traditional or legacy parts of the information management. They do not need to be complex, just more stable.

When the use for Public Cloud started to come common in business applications, it came apparent that the new way of working with new services and platforms required a new approach for the governance and processes. Cloud architects adjust the enterprise architecture much faster than in the traditional infrastructure model. Business development is faster and whole business processes change in very fast pace. Managing all this cannot be done in traditional way, waterfall organisations react too slowly and old project models fail to their own complexity. Mode 2 is needed and this really is the sweet-spot for it. Services, professionals around them and the management model are all Mode 2. 

There is one additional aspect of Bimodal IT. The most important part of all business and management is the people. The people are also Bimodal. So you cannot personally be Bimodal, but you are either one, Mode 1 or Mode 2. If you think about the Gartner’s explanation, it states the characteristics of the modes as predictable, improving, renovating, exploratory and experimenting. These definitions suite to humans as well as IT. When listening to our employees feedback and wishes for the IT, there were clear split between two major groups how the people wanted to work and to use the tools in their preferred way. It is also very dependent of the individual role and the daily tasks. You should not point out who is Mode 1 or Mode 2, since it would not be correct, but you should be able to offer a Bimodal options for daily work and let everyone pick the ones they prefer.

As a summary, Bimodal IT is important and every organisation needs it. Everything can be split to Bimodal, but only governance models can handle both at the same time. The more future proof you want to be – in any aspect, the more Mode 2 you need to have.

You are wasting your money to the cloud

Digital super through

…because you are probably doing the Public Cloud in a wrong way

Transformation to the cloud. Which is more important, the destination or the journey?

In our digitalized world, where even the most outrageous hypes are quickly realized as everyday commodities and everyone is raving about the future, the journey itself seems barely relevant.

I think that underestimating the journey is the worst mistake we can make. It is easy to talk about the benefits of new technologies on the cloud, while referring to organizations that have successfully made the transformation. In reality, they have had a rocky journey and usually succeeded only partly on their set business goals.

Public cloud services have long been in the spotlight and liberal use has been made of the terms IaaS, PaaS and SaaS, depending on the business requirements and technological capabilities of the organization in question. We can talk about two different levels of utilization. The first level is so-called “lift and shift”, whereby a traditional IT infrastructure has made the transition to a cloud infrastructure model. This involves little need for change, but very little cost-effectiveness and additional business values are achieved. Success is usually measured using a maturity model with a variety of miscellaneous, technology-related indicators.

In most cases, this is followed by another level – a genuine transformation to the cloud involving the creation of new business applications, data structures, integrations and changes in business processes. Efficiency, scalability and completely new business scaling capabilities are thereby achieved. This is referred to as adaptation, whose metrics tend to be more business-oriented and quantitative than maturity indicators.

Few experts or organizations have genuine capabilities and even fewer have wide experience of their own in planning all of the changes needed to make optimized and innovative use of public cloud services. However, without such changes the benefits remain small. It is also easy to be blinded by the market hype and the concentration of expertise on a particular solution. Poorly executed projects can even lead to negative final results, without attaining any of the promised objectives.

Are you a master of the public cloud or just a digital flop? 

In the CIO 2018 workshop, I claimed that the journey towards exploiting the public cloud in Finland and Nordic markets are distorted by market forces and certain megavendors with a strong local presence. This point of view is based on my interpretation on several studies according to which 85% of global use of the public cloud occurs at application level (IDC 2018, Rightscale 2017), when the corresponding figure for Finland is around 50% (BizTech 2017). This view is supported by a new term publicized by Gartner this year, “Digital Super Through”, which refers to the digital flop of the years 2019 to 2020. 

The underlying cause of the digital flop lies in the perception that exploitation of the public cloud does not produce the promised and desired results in terms of growing a business. IT management scales, but businesses do not. 

Why does the application level (or SaaS at the public cloud) matter? Because the outsourcing of IT infrastructure, as such, to the public cloud only provides scalability for corporate IT management, but does not scale the business model in question. This, which is also known as ‘reactive service development’, is the simplest form of public cloud service utilization. We are still taking our first steps into the public cloud.

Operational excellence can only be achieved by refining the use of the public cloud infrastructure to the ‘nth’ degree through automation, architectural expertise, an IT service management system (ITSM) and with the right partners. This means taking IaaS optimization and utilization to extremes, but the same could have been achieved in a private cloud or even in one’s own IT infrastructure. The company’s service culture is very IT-oriented.

The counterpart of operational excellence is business innovation. A company’s orientation, business and IT management cooperation work smoothly, but either the business model, processes or partners are not quite ready for using the public cloud in business development or the management of core IT functions. 

When the required expertise is in place and an adequate level of process automation has been achieved, the paradigm shift can be made from commercial innovation to the proactive generation of business value. IT management’s role lies in innovating and facilitating new data-based business opportunities. Only this level represents the sustainable digital transition of the future and a genuine model for benefiting from the public cloud.

Reality is often driven by compromises. Even if 50% of companies have an “all-in” strategy for benefiting from the public cloud within the next couple of years, in practice only around 40% of business data will be processed through the cloud. So it is worth letting those inflexible legacy systems wind down to end of their lifecycles, to focus on building applications in the public cloud from the cleanest possible slate. 

Do not, therefore, seek a better end result based on your original goal, but set wholly new goals for benefitting from the public cloud and your data. Allow, enable and encourage innovation. Appointing or recruiting a cloud architect is often the first step. 

When you use cloud services, your number of partners is bound to increase. So create a partner strategy, take care to choose the right strategic partners, and try to create a Service Integration and Management (SIAM) model. The role of IT management should become that of a broker for partners and services, where businesses and end users only see the data and service layer.

To benefit from the public cloud, you will need a completely different management model. Explore the Bi-Modal management model and remember that a agile (Mode-2) management model is needed in order to manage the public cloud. You will not succeed with traditional models.

While 85% of the respondents in our workshop had only reached the reactive level of benefiting from the public cloud, their transition into the cloud was already underway. Achieving business scalability requires a transformation in management models and processes, which is always an executive decision and has at least some impact on every process and beneficiary of processes within an organization.

Bringing the enterprise to the public cloud, or the public cloud to an enterprise?

As I have said before so often, the technology part is easy, but change and leadership of all kinds are difficult. To move from beating about the bush to gaining a significant business edge, public cloud processes should be brought into companies, not the other way around.

Processes can be broadly divided between four different target groups: management, the organization, architecture, partners and IT management.

Change management is the key to managing a public cloud. The first step is to prioritize actions. This can be done in a very traditional manner by creating a vision, strategy and roadmap. Next come developing and managing competencies, alongside budgeting and new responsibilities (particularly cloud architects). If IT management is not yet BiModal, it must be established immediately. Use of the public cloud must be based on an agile (Mode 2) organizational model and very few organizations can cope without any kind of traditional (Mode 1) organizational model whatever.  Finally, documentation, contract templates and IT management principles must be developed in a public cloud-required manner. IT management consists of service catalogs, response times, data security, contract management, service risk management, and various auditing and maintenance tasks.

All organizational process updates are based on roles and sponsors. No new strategy can function unless it is clear and has the strong support of executive management. Such change also requires the training and orientation of the entire staff in the operating models of the business environment. Although the public cloud sets new demands on staff, it also creates freedoms and the possibility to introduce new types of standards for the efficiency of the work environment. Built-in services become similar to self-service, frequently recurring tasks are automated, and IT management serves as a broker of services rather than a provider.  As always, communication is the key issue during organizational change. The importance and clarity of internal communication can never be overemphasized. 

Recommendations on the architecture are similar to general advice on best practices. In every case, the cornerstone is the enterprise architecture, and a cloud map serves as part of this. An architecture model can be used to evaluate the information service portfolio, integration requirements and technology choices. Technology choices involve deciding whether you prefer cloud independency or want to focus on vendor-locked, optimized services. The implementation of the enterprise architecture is supported by a cloud architect responsible for driving cultural change in collaboration with communications, alongside his or her architectural work.

Partner management has a certain, specific feature. When benefiting from the public cloud, the number of partners will rise, regardless of the organization’s intentions. 

Special attention must be paid to the choice of partners, since changing partner will be very difficult. Many organizations have introduced a Partner Management Service (SIAM), where one of the primary partners is responsible for ensuring that the policies and processes of the other partners are a good fit with the end-customer. The choice of partner must be based on the classification and prioritization of workloads. Once the workloads have been categorized (security, latency, scalability, location, cost structures, lifecycle and own competences etc), the partner providing the most suitable services can be selected on their basis.

In most cases, IT management is already prepared for change, but it is worth mentioning a few key issues here. A frequent complaint concerns the inflexibility of legacy systems in the public cloud. If this is the case, such systems should be left unchanged until the end of their life cycle, while a replacement system is specifically designed for the public cloud. IT management can use the public cloud at infrastructure (IaaS) level, but only applications and platforms (SaaS, PAAs) should be offered to enterprises and end users. Public cloud services are often better than than in-house ones, but it is worth paying attention to the verification and recovery of information in particular. Here too, speed and easiness are the key benefits. You should therefore invest properly in various test environments and agile development. Tests, pilots and trials of the minimum viable product (MVP) are inexpensive and easy to implement. However, to understand all this, you will need a team whose expertise is focused on public cloud solutions and partners. You will not succeed without an open mind and sufficient competencies.

I have tried to explain what the public cloud is, why its use has run into some difficulties, especially in Finland, and how the issue should be managed as a whole. I hope that I have provided food for thought, and challenged and guided you towards development in new directions.

Stop rubbing your software

ITIL

If you still do it, stop. This is absolutely the final chance for you to stop it.

I am talking about software and how to use them. It does not matter if you are a CIO providing software solutions to your own organisation or a SaaS-provider, providing software from a fancy multi-tenant application environment.

Doing your own stuff made sense when solutions were developed by small companies, even smaller than your own. They just had the basic functions and user interfaces were clumsy. People were unfamiliar with IT and wanted everything look and work exactly as they used to have (in analog or digital).

Once I was part of a identical CRM-project two times in a row. First project took more than two years and the result was less than satisfactory. The second one took four months and everyone was happy. The biggest difference between the projects was, that the second company adopted the best practise processes of the application vendor as their own. The first one was more keen on forcing their own (old) processes and every button needed to be at the right place. Can you guess what happened when it was time for major version/feature update?

Another time I saw a huge development and customisation project around the first versions of “certain” very popular cloud portal. They did over 5.000 hours of work. After two months of the completion, the vendor rolled out their first version update to the cloud. Customised application died, totally. People were not pleased.

One company made a huge extension to third party cloud solution. The extension was meant to be core of their business model. After couple of months, the cloud vendor released a version, which included everything and more that the small company has made. If was the end of that small company.

The examples go just on and on…

So why am I right and you are wrong? I am not right, but the megavendors are. If major players invest billions of dollars for research and development work and they have constant feedback of even hundreds of millions users, what is the odds that you are the only person or organisation inventing a place that should be developed better?

The best part of modern cloud-based SaaS-solutions is that they force you to update newer versions. Essentially, that means best practise processes, future-proof compatibility and more security than you could ever achieve in your customised application environment.

Most CEO’s and some CIO’s think that their business is different. Well, it is not. Not at least from the information technology point of view. Of course there are exceptions and very specialised industries, but I challenge you to try! Next time when you do a transformation, do it the standard way. Use the common processes, API’s and integrations, but do not customise the applications. After a while, you will be surprised how good it actually works and when it is time for update, you will have a smile and reasonable budget!

Is there any IoT security?

IoT security by ENISA 2015

Since the Internet of Things (IoT) is rapidly growing to be one of the largest businesses in the ICT-world, everyone is talking about it. Even more, everyone seems to be concentrating on security and how bad it is.

I saw an extensive university study which came to conclusion that all of the tested IoT home appliances were vulnerable for cyber attacks. Well, I could saved their time, since absolutely everything connected to internet is vulnerable. Their recommendation for the situation was to use stronger passwords. True, you should always use strong passwords, but unfortunately that will not help you to secure your home or business IoT environment.

There are security vulnerabilities in home IoT-appliances and usually they are deeper and more complex than bad Wi-Fi password. In most cases, they cannot be secured by the every-day user. Bad design and structural problems causes unwanted backdoors and exposures of confidential information to the maleficent side of the internet. As an example, smart TV’s have cameras which can be accessed remotely because of a software glitch. Remote controlled light bulbs and air conditioners use proprietary wireless connection which reveals your “how ever strong it is” Wi-Fi password in plain text to public. 

So what to do then? You have couple of options. You can always use an additional security device to help you to secure your environment – just like companies do. The stuff is very new, the first shipments are just beginning at Q1 2016: F-Secure SENSE, Luma smart Wi-Fi router, Dojo ja Cujo. 
http://thenextweb.com/insider/2016/01/04/4-devices-that-can-help-secure-your-homes-iot/

Another option is to make a personal risk assessment and classify your environment and privacy. Do you have to connect the specific device to the internet? What functionality will you lose if you use it as a stand-alone device? If it needs to be connected to internet, can it be secured sufficiently? It it gets hacked, what information you reveal or loose? Does it really matter or is it very important or sensitive? Can the data be used against you or others?

Then there is one additional information important to understand. Even if the data is not important to you or the connected device is more or less harmless, it could be used to cause harm to some-one else. There are cases where captured IoT-home appliance has been used from spamming email or cause Distributed Denial of Service attacks. Regular user would not even know that this kind of illegal activity is happening.

So as always, you first need to think what you are doing and connecting to internet at your home. If you do not know, ask from a friend, or better yet, ask from a professional. If you are not able to do any of these, just do not plug it in.

No business platforms, no business

The time for IaaS, PaaS and SaaS is nearing to its end. Mastering business growth requires platform-oriented thinking and architecture. Gartner talks a lot about platforms, but what it simply means, is that you have do decide what you want your business capabilities to be and then build (or buy) platforms capable of delivering the services required by your business. Only thing that matters is the ease of how you are capable of delivering the required result.

Let say you want to provide weather reports. Then your platforms will consist of partners, solutions, services and innovations capable of gathering, processing and delivering weather data. Platforms also include things like digital marketing, management models, go-to-market models and many more tools to use when needed.

The difference of platform versus process is that the platform is flexible and capable of actually delivering the final required result. You do not need a solution or a service, you need a platform for your business.