Journey to the cloud on an enterprise scale

Journey to the cloud on an enterprise scale

Michał Grela

Relationship Manager at Future Processing

Contact me

Jakub Garszynski

Partner at Deloitte

Most enterprises have already started their Journey to the Cloud, more or less. The industry faces a revolution in a way key players provide services and move from traditional IT to modern, faster and scalable tools.

But the bigger the organisation is, the harder the journey. Challenges of knowledge transfer, overcoming siloes, communication, getting rid of legacy, managing risk and staying on top of a huge cloud migration – there’s plenty of things to watch out for. Luckily our guest knows all the ropes of the journey to the cloud on an enterprise scale, and I didn’t hesitate to ask him how to approach this challenge.

Michał Grela (MG): Hello, and welcome to yet another episode of IT Insights by Future Processing. Today the topic of our conversation is Journey To The cloud On an Enterprise Scale. Most enterprises have already started their journey to the cloud more or less, but the industry faces a revolution in a way key players provide services and move from traditional IT to modern, faster, and scalable tools. But of course, the bigger the organization is the harder the journey. Challenges of knowledge transfer, overcoming silos, communication, getting rid of legacy, managing risks, and staying on top of huge cloud migration processes, there’s plenty of things to watch out for.

So luckily our guest today knows all the ropes of the journey to the cloud on an enterprise scale. And I promise I won’t hesitate to ask him how to approach this challenge. My guest today is Jakub Garszynski, partner at Deloitte. Thanks for joining me, Jakub. Can you introduce yourself?

Jakub Garszynski (JG): Yes. Thank you for having me. So hello everyone. My name is Jakub Garszynski. I’m a partner and my primary field of expertise is technology risk, or nowadays we like to call it digital risk. But I am also part of a core team running Deloitte’s cloud business in central Europe. And personally, I also look after our Google cloud relationship in the region.

MG: Thanks, Jakub. I’m really looking forward to our discussion. So journey to the cloud on an enterprise scale, how would you approach such a challenge? I mean, of course it’s a huge elephant that you have to eat a bite at a time. But how would you even start? I mean, how do you usually approach it?

JG: The challenge is that there is no such thing as a usual approach for.. Maybe the first thing to acknowledge is that the situation is very different between enterprises and the startups, the so-called digital natives, the more let’s say nimble organizations, because the second group probably it’s safe to say that they are on the cloud already in a substantial manner, which is not the case for enterprises, right?

Obviously, large organizations have their own unique sets of challenges. And it’s very hard to launch a company-wide transformation in any area, and cloud is not an exception here, right? So actually what we’ve been observing speaking to our clients about this is that, first of all, almost nobody, at least in our region, almost nobody tries to do it all in one go, which is interesting because, for instance, Deloitte has experienced this in the other markets, most notably in the US markets, where there are companies, large companies, that have taken the decision to basically shut down their data centers and go all in to the cloud. We are not seeing this.

And I’m not saying that these are common scenarios, but we’ve worked in the US. We’ve worked with a number of large clients, also in the regulated industries, like the banks, that have taken that decision and actually migrated everything to the cloud, right? We have not been seen this in our region.

And if not a big bank and a company-wide transformation then what els, right? And the answer is the favorite answer of consultants, that it depends, right? And every client that we talk with is different and they choose their different paths, right? My look at this is that it’s hard to come up with a common denominator when it comes to the cloud because in principle, everything is possible, right? The cloud presents organizations with so many new opportunities from the technology perspective, from the way they work perspective, from the time to market perspective, processes perspective, what have you. But you have to start somewhere.

And sometimes it is a challenge of its own to pick the starting point when the opportunities are so diverse and so vast. And every organization would be different. And usually what we observe is that you need to have a senior stakeholder in the organization that wants to embark on the cloud journey, right? And the organization then starts there. And sometimes it’s IT, sometimes it’s the client facing side of the organization, sometimes it’s the back office. So yeah, it differs basically.

MG: Thanks. It really is a broad context and plenty of things to take into consideration in the spectrum. But let’s assume that a product usually starts with some sort of planning and strategy phase and building a business case for the stakeholders. So how important is that good analysis when it comes to establishing a cloud first strategy?

JG: Well, obviously it’s super important, right? And actually what I believe is the case in our… I mean, in the market in general and our geography in particular is that there are not that many experiences in larger organizations when it comes to actually formulating or coming up with a cloud strategy and a sound business case, right? Obviously, I’m not going to mention names now, but probably the audience of this podcast have already heard about some of the organizations in Poland specifically or in the region that have been pretty vocal about their cloud strategy. But I would call those organizations rather the exceptions rather than the norm.

And what we’ve also observed working with our clients is that even if they had established a cloud strategy after having been implementing that strategy for some time or following the cloud adoption journey they learn that actually they need to revise the strategy, maybe not in terms of priorities but in terms of the level of detail about the sequence of things, about the approach, about the involvement of different stakeholders in the organization or outside of the organization.

So what I’m trying to say is that I would assume that… Organizations should not expect to be perfect with their first try with the strategy, but it’s just the way it is, right? So the experiences, as I said, are limited still. For many of the organizations or the market as a whole this is still a little bit of uncharted territory, and it’s just the way it is, right? So we need to be comfortable with the fact that we will not be perfect from the get go, and that this is something that probably we would need to revise as we progress probably even on a regular basis, right?

And maybe one last thing is that when I was saying this, I was thinking about organizations that really try to get the most out of the cloud, right? Not organizations that just want to do lift and shift type of migration, which is one of the ways you can approach a cloud migration, but it’s not actually what you should aim for, right?

MG: Yap. I also see that is a very important factor. So you briefly touched on performing a cloud integration already, but what about including aspects such as security, regulatory compliance, how that works at scale?

JG: Well, obviously this is a very… Well, this is one of the reasons why organizations, specifically large corporations or organizations operating in regulated markets such as the financial services or energy, hesitate to go to the cloud, right? Because they are afraid of the complexities of making sure that they remain compliant with the law but also with their own internal regulations. And this is specifically challenging when it comes to international organizations that have their own security policies and operate in different markets and have spent millions actually unifying their IT environments to be able to serve international other legal entities in different markets in different legal contexts.

So now introducing something such revolutionary, as you can say, as cloud is into that regulatory context is a challenge right? So this is the regulatory compliance context. The security context is… Obviously, there is no discussion about cloud without mentioning security. Those two come together basically. And actually what we observed is that it’s very interesting because Deloitte runs different surveys among our clients is that if we look back, I don’t know, like probably five or six years security in the context of cloud security was mentioned as a concern, right? So companies were asking the question is the cloud secure, or how do we make sure that the cloud is as secure as our own on-premise IT environment, right?

But now the organizations are asking a different question. So how do we leverage cloud to enhance our security? And this is a very different situation. Obviously still we have stakeholders within organizations that question the security of the cloud as a whole, and they like them to mention about some security incidents that they hear about in the media. But in most cases, they are not the incidents of security of the cloud itself. It’s rather misconfiguration or mishandling of the security features of the cloud by the user, right?

I would say that cloud makes security slightly more tricky because it’s introduced this so-called shared responsibility model that the cloud vendor is responsible for the security of the cloud as a whole, meaning infrastructure and the core services, but the user organizations responsible of actually using the security features and adjusting the configuration to make their deployments or assets in the cloud secure and also compliant with the relevant regulations or security policies, right?

Maybe the last thing that I would like to mention here is that it’s not only about the technology. It’s also about the legal aspects and contracting. And this becomes especially tricky in the international global organizations when they have shared services and specifically shared IT services that are delivered out of a number of locations and so on and so forth, right?

So let me give you an example. So we were working with a client recently and advising about making one of their cloud projects compliant with the regulations. And when we were starting the project, we’ve drawn a map of what we believe… jointly with the client actually. We’ve drawn up a map of what we believed would be the legal relationships or contractual relationships between different parties, right? So we had our client, we had their headquarters, we have their IT services, legal entity, and we had a couple of cloud vendors that they were using for that particular project. So like five boxes on the diagram, right?

And when we were finishing the projects, I think that we had over 30 boxes on the diagram because of the complexities of actually different components being contracted and sourced out of different legal entities and so on and so forth, right? And it took us months actually to discover this, right? And if you operate in a regulated industry, actually in most cases this is something that you need to disclose to the regulator or you need to make transparent to your own stakeholders, to your clients, to your security personnel, and so on and so forth. And I think for me, that was a very, very interesting experience because we were expecting technical challenges. So how do we prove that the security configuration is in line with the regulations. But actually most of the struggle came from the legal and contractual streams of the project.

MG: And that’s really interesting. And I guess this legal aspects you just mentioned that came up during the process are just perfect example of things that you have to take into consideration at scale, whereas doing a smaller cloud migration project would not incur such hurdles to overcome. Nonetheless, you also mentioned that there are incidents sometimes, and that’s my next question, when things go wrong how to stay on top of the risks.

JG: Well, that is the question, right? Yeah. Well, obviously, planning ahead is paramount. What we’ve been also working with our clients on is how do you… how do I best put this? What’s the best way actually to introduce the cloud to the organization, right? Should it be just a single point of entry? Should you only do it through your IT department and try to centralize thing, or should you make it promoted across even the business departments and make them familiar with the concept and what they can get out of it, and mobilize a larger group of people within a organization to be on board and to understand what this is about and work together to get the value out of it, right? Because we need to remember that actually if you introduce cloud to the organization and you encapsule, for lack of a better word, you just encapsulate it within your own IT and then continue to have the same interactions that you had before between the IT and the rest of the organization actually you’re not changing much, right?

So what we’ve been actually discussing with our clients and encouraging them to do is to also change the way they operate, and change the way the IT is positioned within the organization. And also role of the head of IT, that it’s not just the provider of stable services, actually it’s a partner for discussion of what path the business should take, what should be strategic direction of the organization and so on and so forth.

But I’m sort of diverting from the question at hand. And getting back to what you were asking about, how do you manage risk, how do you stay on top when things go wrong. Well, obviously planning is key, but also trying stuff, rehearsing, running some small non-critical projects just to get people familiar with the technology, right? Getting a broader group involved, so obviously the security people because you don’t want the security to kill your project on the last stretch. So the legal people, the security people, the operations people, obviously different parts of the IT organization, and also the business people.

And have a fallback plan in place, which actually is a legal requirement in some of the industries. But it’s always good to have a fallback plan if things go wrong and also a clear decisioning criteria, whether this is something that you want to continue with the initiative or the project or you want to close this, right?

But maybe let me conclude with referring back to what I said before that actually what we’ve been observing in the market here in our region is that large organizations are inclined to start slow and carefully. So we very rarely or almost never see a client that wants to migrate in the first instance that they want to migrate one of their core applications, right?

Sometimes it’s just one of the non-core systems. Sometimes it’s a disaster recovery environment, but in many cases it’s the approach that we’re not touching our current, but we will try to launch every new project or any new development on the cloud, right? So this way, we’re not actually risking that we break things up if something goes wrong. We are limiting our risk to the extent that if something goes wrong, it is limited to the project that is… And the project is something new, right? So we are able to continue with our current operations as we would otherwise. Obviously there is an opportunity cost, but there is no business continuity risk as such.

MG: Thanks. That’s really to the point. And I really like this personal experience and takeaways derived from the programs you run. So looking forward, what sort of trends and predictions, what sort of insights can you share on the path this journey will follow when it comes to the enterprise in the cloud?

JG: I’ll start with stating the obvious that we expect the cloud adoption to continue and the presence of cloud in large organizations to continue to grow. We believe that there is no other way. It is a process that will take time. So probably we do not expect larger organizations to make very bold decisions and try to do a big bank approach or try put it all in one go. We believe that cloud will just become the natural solutions when you come to the end of life of one of the components of your IT organization, or you take a decision that you need to replace it or upgrade it or substitute with something new, and it’s already started happening, then your default would be a cloud-based solution and not a legacy… not legacy but a on-premise traditional type of software.

And we also need to remember that in conversations like this we tend to use the keyword cloud. But we tend to forget that in that cloud bucket, for a lack of a better word, actually, we’re putting lots and lots of different things, right? So we’re putting infrastructure as a service there, virtual machines, or platform as a service, or the different building blocks that are available at the cloud hyperscalers that you can build your custom solutions with. But it’s also the software as a service, right? And every major vendor actually now provides their solution in software as a service model, right?

And obviously those different models trigger different challenges or requirements from the user perspective, right? So I think there is no questions that companies will use the cloud more and more. I think an interesting question is whether they would be more inclined to using SAS type of solutions, or would they try to build significant infrastructures in the infrastructure as a service model and then deploy business software on top of that, right? And I think it’s yet to be seen. And again, probably stating the obvious, we ar expecting a mix, but it would be very interesting to see how this mix would look like, right?

From the compliance standpoint, we believe that the challenges will become less difficult to tackle for organizations, maybe not necessarily from the perspective that the regulations will change but the experience, the whole body of experience in the market will be larger. So organizations will be more familiar and more comfortable that they will be able to solve the compliance issues or ensure that their cloud-based solutions are secure and compliant. We just need some time to get there, but we’ve been making great progress.

MG: Indeed. Yeah. Thanks, Jakub, for sharing all that. I really enjoyed this conversation. We went from building a business case, discussing potential scenarios of planning the strategy, performing the cloud migration. We touched on regulatory compliance, legal aspects, security, staying on top of risks, and some sort of trends and predictions as well, all that from the perspective of cloud at an enterprise scale, which was really interesting and eye opening plenty of times.

JG: I mean, apologies for interrupting, but just to maybe… just chip and comment or to mix things up even more, we’ve been discussing with clients recently how to use cloud to limit their carbon footprint, right? And think this is the whole field that we are just starting to explore, that look at the cloud not… because we tend especially people like you and I with the technology background, we tend to look at cloud predominantly from the technology standpoint, how the technology is different, how is it better from what we used to have. But actually there is a proposition from the cloud also to people that are with different fields of expertise, for instance, right?

And actually we’ve seen organizations using cloud, not necessarily to enhance their IT but to make changes in the way they operate, make changes they.. the whole thing about this transitioning from products to service is just that, I’m opening a Pandora box now, but how different organizations have transitioned from delivering products to their clients to providing services to the clients that’s only possible with the cloud, right?

And something that people of technology background would not expect that how it actually can be used for the so-called green purposes and actually making sure that we are not, as an organization, more environmentally friendly, and we limit our impact on the environment through cloud adoption. That I think is very interesting. If we are getting back to trends prediction, I will say that it may be the next big thing actually that we’ll be speaking about.

MG: Definitely. I couldn’t agree with you more. The talk about going green is been… People are turning the volume up a bit for it definitely. And I think that’s something definitely to consider, especially for larger organizations that have to prove somehow they walk the talk when it comes to CSR, or they have due to their large scale according large impact on local societies or the society in general. So that’s really building me up that people start to take that into consideration.

Thank you, Jakub, for sharing your thoughts. It was a really interesting to pick your brains around the journey to the cloud on an enterprise scale. And thank you our listeners for being with us on this another episode of IT Insights. If you liked it, don’t hesitate to share it. And let us know if you’d like any other topics to be covered on one of the other episodes. thanks.