This post has been adapted from the 2021 DevOps Enterprise Forum guidance paper by Satya Addagarla, Anderson Tran, Mik Kersten, Rob Juncker, Betty Junod, and Sasha Rosenbaum.
The famous ABC News radio host Paul Harvey is often credited as saying, “Growth is the process of responding positively to change.” Looking through this lens will help you understand that your journey to the cloud can be a growth opportunity for everyone involved. Whether it be the long-tenured engineers or the newest team members brought in specifically for this effort. There will undoubtedly be significant structural, procedural, and organizational change. The way your team organizes and responds to this change is critical to your success.
Leveraging Your Existing Expertise
If you think you can migrate to the cloud with your existing engineers, you are absolutely right! But no one should be under the illusion that these engineers will pick up the necessary skills organically. The differences between on-premise infrastructure and cloud infrastructure are significant, and thinking you can apply the same techniques for managing both will land you in a world of trouble.
To be clear, there are no better assets to have in this situation than your existing tried-and-true infrastructure engineers. They understand the existing architecture, they know what systems need to talk to each other, and they often have seen the infrastructure built from the ground up. As Stephen Orban says, you have to “marry institutional knowledge and culture with cloud technologies.” These engineers will be critical in pointing out issues that will be faced in the cloud before you have to learn about them the hard way. Be prepared to upskill your staff with training classes and immersive learning experiences.
One thing that you must watch out for with your current engineers is the likelihood that some will be resistant to change. This is not because they have a desire for their company to fail; rather, they have a desire to be confident in what they do every day.
Hiring New Team Members
Regardless of the scale of your migration, it is highly recommended that you acquire outside expertise in cloud-native computing. These new hires will not be able to handle all aspects of the migration on their own. In fact, there will probably be an onboarding cost associated with each person.
It’s best to embed these cloud engineers with your existing teams. Leverage them as part of the upskilling of your existing team. You should fully expect there to be cross-pollination of information: Your existing engineers will pick up techniques for working in the cloud from the cloud engineers, while the cloud engineers will become more familiar with the existing infrastructure by tapping into the existing engineers.
Involving the People
Cloud migration is both technology and people intensive. Aside from process and technology, transformation of people from a role, responsibility, and focus perspective is key in success in this space. As an enterprise customer, you should:
- Dedicate specific amounts of people (explicitly) to cloud migration/your cloud practice
- Determine the priority that is adequate to achieve your roadmap and timeline
- Ensure that knowledge required around concepts, processes, and cloud services is adequate within your organization and source that as needed (e.g., via training, consultants, contractors)
Types of Roles
What types of roles do enterprises usually create to ensure cloud transformation happens successfully? Enterprises commonly create a few groups within the organization in order to advance their cloud program and practice. The goal of these groups is to advance cloud as a practice for multiple, mutual benefits across different organizations and individuals. These can be ephemeral or persistent roles/groups that contribute to either your plan or your execution and may likely dissolve once migration/transformation is complete. This is where an enterprise needs to determine their own pivots as necessary—as every enterprise has a different roadmap for maturity.
Common roles needed to be filled include:
- Cloud Strategy
- Cloud Center of Excellence (CCoE)
- Cloud Operations/Site Reliability Engineering
- Cloud Security
- Cloud Strategy
It is important to have a cloud strategy team. This team should serve to fulfill two major outcomes: “What will happen as we introduce cloud-native development, services, and practices to our organization” onto a future-reaching goal of “Now that the cloud is here, where do we go into the future?”
Additionally, they should be responsible for:
- creating a roadmap
- prioritizing team activities
- ensuring that the team is properly balancing output and outcomes
- decision-making, if there needs to be pivots due to external forces
Cloud Center of Excellence (CCoE)
The Cloud Center of Excellence (CCoE) is essentially a cloud engineering group. The name is mostly up to your decision for your enterprise; however, the function of this group is to exist as a technology incubator and enabler. Enterprises should actively resist the temptation to utilize their CCoE as a gatekeeper or a process-centric group that seeks to recreate legacy processes and workflows that impact and hinder cloud transformation.
The key objectives of the CCoE are to:
- identify, create, and maintain reusable cloud deployment patterns to solve multilateral work (e.g., deployment)
- design, develop, and implement at cloud-native tools and higher-level services
- provide a platform approach to cloud technology consumption as determined by the cloud strategy
- prevent silos by establishing shared responsibilities across teams
- empower self-service without creating gates or ticket dependencies within the critical path of any team consuming cloud services within the enterprise
Cloud Operations/Site Reliability Engineering (SRE)
One of the largest transformations that happens alongside cloud migration is around how operations mature when cloud services and technologies are consumed within the enterprise. There are a few variants to cloud operations, which differ depending upon an enterprise’s cloud strategy, culture, and development-group topologies (e.g., outsourced, insourced).
DevSecOps naturally merges into cloud transformation efforts. Some enterprises achieve end-to-end, “You Build It, You Own It” style cloud operations alongside their development teams’ growth through transformation. Others may have more permanent approaches toward cloud engineering centricity, creating platform technology groups to relieve workload for multiple teams. Whichever is your enterprise’s intent, ensure that it meets business, governance, risk, and compliance requirements that apply within your domain and organization.
A variant to cloud operations is through establishing the Site Reliability Engineering (SRE) practice, which is an example of the centralization that many enterprises may prefer to implement to solve operational problems through automation and observability.
The key objectives of a cloud operations role are to:
- mature observability capabilities to showcase how to manage distributed components and services which are the result of creating cloud-native applications
- mature and merge business operational processes to escalate and involve the correct groups and organizations to handle problems and incidents as they best apply to your enterprise
- maintain dashboards which show a comprehensive outlook toward cloud portfolio dependencies (applications, dependent services, business application statistics, cost, scaling)
Security becomes a shared responsibility for organizations operating in the cloud. Consumers, incubator teams, information security (InfoSec), governance, risk, and compliance (GRC) teams all contribute and uphold secure processes for an organization. Cloud security services should extend the boundaries of your organization’s trust model, as more teams will be responsible to uphold standards and consistency. Additionally, cloud security concepts may be implemented with your organization during cloud migration.
Cloud security includes the adoption of:
- break-glass models for cloud service access and control
- integration/adoption of authentication services within cloud
- migration/incorporation of high throughput security services to address increased demand (e.g. private certificate authority services, single sign-on services, authentication/directory services)
- creation of modern security processes to accommodate cloud-native technologies (e.g., container creation lifecycles, adapting to shared responsibility models as stated by cloud providers)