In November, I spoke at a webinar about cloud cost optimization and closed by mentioning two key strategies to consider: governance policies and contingency planning. We didn't give these topics much airtime during the webinar, but five months later, they've become top of mind for tens of thousands of organizations that have now transitioned staff to fully remote work.
I'll dive into the ideas of governance and contingencies as they relate to cloud optimization, using the lens of business continuity to illustrate the importance of paying attention to both when optimizing cloud infrastructure.
Cloud optimization and strategy
Too often, cloud optimization conversations take one of two forms. First, there's the "We're in the cloud, so we're automatically optimized -- right?" response. Second is the conversation focusing solely on third-party tools and services that can track and help optimize costs related to cloud usage.
While it's true that cloud services can enable you to easily scale your resource usage up and down, and that tracking tools can help you identify ways to save on your bill each month, the problem with both of these approaches is that they ignore the role that strategy plays in cloud optimization. Specifically, you must know what you are trying to accomplish by using cloud resources in the first place.
Without a strategy stating your desired business outcomes, focused cost management efforts won't necessarily help you.
Think of it this way: If you want to run a marathon and you download a workout plan to follow, you can perfect your form and performance on every exercise in that plan. But unless it's specifically designed to help people train for marathons, it's not going to do you any good at completing a 26.2-mile run.
Strategy is not a technology concern; it's a business concern and a people concern. Strategy defines not only what needs to get done but also when and why these things need to happen. In the section below on governance and contingencies, I'll outline the importance of understanding who needs to have access to what and when, as well as what happens if an unforeseen event changes your reality. That, of course, is exactly where we find ourselves today.
Grappling with governance in a remote environment
One friend I spoke with this week mentioned that his company's cloud governance policy includes hundreds of levels of access. While maybe 50 people have anything-from-anywhere IT privileges, the other tens of thousands of people did not. Suddenly, all of them were faced with the challenge of getting their work done remotely.
If you don't have a clear governance policy (or if you do, but it's out the window because of our current reality), you might try shutting down access to everything for everyone, then granting access as people demand it. That's a conservative option that errs on the side of security. However, it likely causes major headaches for the IT folks who must deal with the angry access demands of people who can't do their jobs.
The reverse is also an option. You can give everyone access to everything and work to patch any potential security gaps as they become evident. The main problem with this option is that it's a potential security nightmare, but not for the reasons you might think.
When everyone at an organization is in the physical office, it feels normal to adhere to governance rules. Plus, those rules were likely designed for an environment where employees were in physical proximity to each other.
When everyone is working from home, previously established processes that haven't been tested in real-world scenarios tend to break down. People in a new environment are likely to behave in new ways. This is particularly true for organizations with many manual processes; attempting to recreate them without the infrastructure of an office may be too cumbersome.
For example, imagine that one of your developers needs more storage to complete a project, for which they need approval from their supervisor. In the office, they'd just swivel their chair and get the all-clear; at home, they ping the supervisor digitally. But the supervisor is on a call and doesn't reply right away. The developer might get frustrated waiting or have a deadline they must meet. This may lead to them charging compute resources to their personal credit card so they can get the task done.
Suddenly, a breakdown in the governance portion of an organization's strategy can make its cloud cost management much more complicated.
Managing costs in a time of contingency
Governance, of course, becomes a much bigger concern in a period of extreme contingency, as when your organization transitions from in-office to completely remote work.
On the one hand, organizations with cloud-based infrastructure may be well prepared to transition to remote operations. On the other hand, cloud infrastructure is far from the only consideration. Common questions and issues include whether employees have the physical equipment they need to do their jobs from home and what kind of equipment the company will have to furnish.
And then there's the question of licenses. One colleague I talked to works at an organization that decided in the last week to move to fully remote work, effective immediately. The organization was then faced with the reality that it needed 10,000 additional VPN licenses and an expansion of its mobile device management platform to enable remote access for its staff.
The transition was going to cost millions of dollars in unplanned expenses. But the alternative -- having staff sit idle for the (unknown) duration of the pandemic -- was worse. Here, having a clear business strategy (which, in this case, involved keeping employees working) made it clear that the unexpected cost was worthwhile when compared to the alternative.
A fully cloud-based organization may find itself in a better position because employees can easily transition to home-based work. But problems can still surface. What if the cloud setup was inefficient? What if its cloud usage had unnecessary redundancies and lacked standardized billing preferences, or had no clear governance policies around new instances or accounting for increased data ingress and egress fees? Scaling up in response to a crisis would only make those problems bigger and more expensive.
The point is that strategy matters. A clear definition of business objectives allows everyone in the organization to understand exactly what is needed, when it's needed and why. While no organization can plan for every situation, a clear set of business goals can serve as a North Star around which the rest of an organization can orient itself.
In the good times, this will help ensure efficient use of all resources. In trying times, it will help create an easier, more straightforward process for deciding how to respond to challenges.
About the author
Chris Rechtsteiner is vice president at ServerCentral Turing Group. SCTG offers cloud-native software development, AWS consulting, cloud infrastructure and global data center services.