Move-to-cloud: culture and analysis

In the second article of a series of eight, our columnist Benito Diz continues his analysis of the keys to moving-to-the-cloud. It details the first major stages of change.

As I mentioned in my previous column, to transport the Inheritance in cloud, which brings agility, efficiency and cost reductions… a comprehensive nine-step process is essential for any business. I summarize them in a few key terms: digital culture, analysis, dedicated project team, mapping, virtual datacenter, reversibility, application transport, decommissions, and new production.

We will focus here on the first two main steps, often not considered much.

1D step: Digital culture

Everything must begin with acculturation[1] digital, the first important step to support the company, spread the basics, remember the vocabulary to clearly exchange in a common language, spread the ideas of DevOps, “design thinking”, “user experience”, customer experience, customer journey…

This first step is not just about IT, and also aims to remind the business that a change requires their involvement. If only for a good understanding of the recipe for new environments and for informed validation of the owners of processes and applications.

On the IT side, acculturation continues and allows teams to be trained in new methods and technologies for different profiles. For IT, training will be a continuous process due to the rapid and continuous evolution of IT services. cloud. This point is not important, it makes the teams grow to increase their skills and ensure their employability (training, considering career paths). This part will make it possible to secure the internal actors, to change the size of the resources and to anticipate the evolutions of the collaborators. We should consider this Management of Jobs and Professional Paths as an opportunity for the company to develop and improve its human resources management policy for IT and business employees.

The Dev(Sec)Ops offer (or increased agility) must be integrated into the innovation process cloudbecause it is a factor of acceleration, increase in ROI and quality for the company.

Migration to cloud contributing to the upstream implementation of all necessary tools such as automation or orchestration that make the evolution or transformation of applications more agile through integration, deployment and continuous delivery.

In this phase of digital acculturation, it is also important to inform the different populations (business, IT, etc.) of the new risks they will face so that they are aware of the need to adjust their habits and change the paradigm.

At this stage, it is necessary to update the current situation in terms of methods, processes, skills and training and in terms of data protection in order to establish an inventory to fill the gaps.

Some axes of acculturation:

  • At COMEX, CODIR and directorate level
    • Define a common language,
    • The benefits of cloud in their field and in support of the company’s strategy.
  • At the business level
    • Define a common language,
    • In the DevOps project and platforms and with the involvement of business lines (and not the representatives of business lines -MOA-), design thinkingUX, CX,
    • In their participation in the change project cloud for recipes of new environments,
    • On the need to identify the owners of processes and applications (Owners).
  • For DSI groups
    • In organizational evolution,
    • With new missions / functions,
    • Identify new professions and train people,
    • Introduction to digital, in design thinking and UX/CX,
    • Train executive teams to get things done (although they should learn how to get things done before they are asked to do them, to master the subjects they will be called upon to manage and control).

Step 2: Analysis


The second step consists of revisiting the company’s IT system and environment at 360° to respond to the regulatory obstacles applicable to the personal data processed by the company (CNIL, RGPD, etc.), to the information systems that very important regarding military programming law (LPM, NIS, etc.), etc.

An opportunity to determine the main technological footprint of the company and establish a preliminary knowledge assessment of IT heritage and its entire ecosystem (applications, flows, licenses, contracts).

It should be noted the amount of software deployed in the information system, the number of publishers and their growing complexity regarding the rules and rights of use of their solution.

This search can continue around Shadow IT in the professions, a timeless subject, while promoting the contribution of value cloud and neither the obstacles nor the arrangement accounts for the deployment of clandestine tools that often meet a need not covered by IT.

The change in cloud there is definitely a need to revisit contracts at a later stage and rethink uses, with strict monitoring of software assets. This may lead to a renegotiation of some of them in the short term.

The final stage of analysis, facilitated by the acculturation of the first stage, consists of identifying the skills available to IT specialists and the professions to pilot or implement this change.

This assessment will specifically highlight barriers that have resonance in terms of cybersecurity and the measures to be implemented. This step is also an opportunity to make an inventory of the contractual commitments made by the company and which have an impact on cyber risk management.

This review will make it possible to rationalize tools and list service providers to:

  • Verify that these service providers comply with data protection regulations as well as their solutions;
  • Check the existence of a contract containing clauses related to the protection of personal data as well as adequate guarantees in the event of transfers outside the European Union;
  • Review the flows and the data processed to adjust the security levels and obligations of the subcontractors.

Some key questions to ask during the assessment:

  • What are the regulatory barriers to outsourcing my data?
  • What are my obligations to the CNIL and GDPR?
  • Am I subject to the LPM (Military Programming Law)? Is my IS, or part of it, SIIV (Information System of Vital Importance)?
  • What is my large technological footprint?
  • Do I have a map of my IS?
  • Do I have an end-to-end data flow map?
  • Do I have a map of my interconnection networks and the technologies used?
  • Do I have an inventory of software licenses?
  • Do I have insight into my current outsourcing contracts?
  • Do my teams have the knowledge to lead or implement change?

Of course these questions are just the beginning. In my next column, we’ll take the time to focus on another question many leaders are asking themselves: which project team should be dedicated to moving-to-the-cloud transformation?

[1] It is the totality of phenomena resulting from a continuous and direct interaction between groups of individuals of different cultures and which involve changes in the original cultural models of one or other groups.

Leave a Reply

Your email address will not be published. Required fields are marked *