We previously looked at why cloud is so important (Challenge the Status Quo and Advance Business through Cloud Computing, ), approaches to cloud strategy (Understanding Which Investments Should go to the Cloud, Cloud Strategy Begins with Value and Balances Risk ) and who the best people (Why Enterprise Architects Must Drive Cloud Strategy and Planning) are to execute. Today we’ll examine the methods, models, and tools that the enterprise architect should use for effective cloud strategy and planning.
Methodologies
As far as methodologies go, it’s usually
better not to reinvent the wheel. There are already proven general frameworks EAs can use, so try to leverage
what is already out there whenever possible. When using an existing
general-purpose framework like TOGAF, apply cloud specifics to it.
Using a framework like TOGAF can ensure that you are not missing the critical steps, questions and outcomes that every good architecture should have. This will also ensure that all the other architecture work and this work is consistent and predictable with the outcomes it produces. Below are a list of a few benefits for leveraging TOGAF as your methodology for Cloud Strategy and Planning:
- Broad Community – If a custom framework is built, very few people have expertise and experience. TOGAF has an extremely broad EA acceptance, adoption and certification.
- Deliverables and Artifacts – TOGAF comes with a wealth of “out of the box” templates that can be leveraged to architect.
- Linkages to SOA and Cloud IP – The Open Group which manages TOGAF, has other forums and working groups that builds content for specific architecture areas and domains such as SOA, Cloud, Business Architecture and Security Architecture to name a few.
- Associated Cloud Standards Bodies – The Open Group has done a great job of uniting multiple specialized and deep cloud standards bodies with the TOGAF standard to bring together the best of both worlds. The general purpose framework applied. These partners include NIST, Cloud Security Alliance and more. All this work has come together in The Open Group Cloud Computing Work Group.
Below is a visual on how Cloud Strategy and Planning extends TOGAF within this framework:
Another great visual is from Serge Thorn where he shows this from a native TOGAF view:
Check out his blog post, “Cloud Computing Requires Enterprise Architecture and TOGAF”
Is TOGAF the only methodology you use? No. Just like any other architecture work there are many different facets other than just architecture such as: Risk Management, Information Security, Project / Program Management, Software Development and Operations. There are methodologies and frameworks for each specialized area that complement your architecture work.
Some things to remember when adopting methodologies:
- Strategy Methods are Universal – The same macro/basic steps are the same and can be applied to most anything. Just like with anything you will have to tailor slightly to your needs. DO NOT REINVENT PROVEN MODELS.
- Make General Purpose Methods Specific – These were meant to be applied to a specific problem set. Cloud is no different.
- Use Extensions - Cloud tools and techniques such as CSA, NIST, and Open Group-specific resources can be very useful in giving general-purpose frameworks meaning.
When we apply these aspects to a cloud methodology you get The Cloud Strategy and Planning (CSP) Framework. It is comprised of three simplified phases and seven activities.
CSP embraces and extends proven practices in the industry and the industry resources from the following distinguished bodies:
- The Open Group (TOGAF)
- Cloud Security Alliance (CSA)
- NIST Cloud Computing Working Groups
- Sherwood Applied Business Security Architecture (SABSA)
- Cloud Security Alliance (CSA)
Activity Descriptions
Below is a high-level overview of the activities with the description of what occurs in each. The detailed steps are not shown below.
Strategy Rationalization
1 |
Establish Scope, and Approach |
|
2 |
Understand Strategic Vision |
|
3 |
Identify and Prioritize Capabilities |
|
Cloud Valuation
4 |
Profile Capabilities
|
|
5 |
Recommend Deployment Patterns
|
|
Business Transformation Planning
6 |
Define and Prioritize Opportunities
|
|
7 |
Understand Strategic Vision |
|
Models
With respect to models, there are many out there readily available. Since we are starting with business value we want to make sure we continue to do so and ensure there is a bridge from strategy to implementation.
Given the top down nature you will want to pull from models that lend to our approach. When selecting models, take a step back and ensure you fully understand the scope of what you want to accomplish then select the most appropriate models from the many sources at your disposal such as: analysts, standards bodies, industry bodies or internal reference models.
For example, CSP integrates SABSA to ensure that CSP has a classification scheme to capture business requirements along with the identification, classification and management of risk. The SABSA method focuses on the area of security while CSP extends this for cloud computing. CSP incorporates a similar structure to SABSA and utilized the SABSA matrix as a stellar example of using question-based analysis in IT decision-making. By using the business requirements as the “red thread” through the analysis, SABSA and CSP are both able to ensure that the business objectives are being met. In the case of CSP, the business should be the driving force behind the cloud transformation.
A common issue I see when selecting models are that a model is selected either based on preference or it is good enough. Don’t do that. Make sure you have a fit for purpose model. If you don’t you may not get an accurate output.
Below are a good set of models that can be used when rationalizing strategy:
- Strategy maps
- Business canvas
- Hosen strategy
- Net Present Value (NPV)
- Business Scenarios
- SWOT
- Porters Five Forces Analysis
- Motivation Model
Tools
Now let’s talk about the tools. These will allow us to automate the method along with helping align, measure, quantify and qualify our work.
The tools below will help
- Charter – Template to authorize the project and define scope, stakeholders and timeline
- Enterprise Capability Assessment – Enterprise level 1 capability analysis to segment a customer’s portfolio for the discovery of cloud opportunities.
- Business Heat Map – Graphical view of an organization based on business capabilities and cloud attributes like risk, value, fit and readiness
- Capability Prioritization – Further refinement of each business capability with respect to cloud risk, fit and readiness
- Capability Profiling – Rollup dashboard of a given capability to determine the level of value and risk it provides in the context of cloud.
- Cloud Pattern Valuation – Robust metric driven analysis tool used to determine which cloud service and deployment models should be used for a solution.
- Cloud Pattern Matching – Graphical tool to connect service and deployment models with business or technical capabilities.
- Portfolio Analysis – A tool to plot cloud opportunities to a grid based on Business Priority, Value, Risk and Effort to aid in the roadmapping.
- Cloud Opportunity Dashboard – A dashboard that provides a complete rollup of the Cloud Valuation assessments into one sheet to support decision making.
- Cloud Taxonomy –This taxonomy provides a way of rationalizing cloud specific cloud implementation decisions.
- Cloud Risk Framework – A risk reference model that identifies the key aspects of cloud risk to be assessed.
- Cloud Risk Method – Process for applying a risk classification to a potential cloud solution.
- CSP Project Planning – Examples of a defined project engagement, with timelines, milestones, activities and deliverables.
A good example of a tool leveraged in CSP is The Capability Planning Tool. It analyses Business and IT capabilities under seven areas that fall under four assessment drivers: architectural fit, value, risk, and readiness:
- Architectural Fit: Adoption and Complexity
- Value: Cost and Strategic Alignment
- Risk: Significance and Regulations, Standards, and Policies
- Readiness: Organizational Readiness and Technical Readiness
For all capabilities, the EA will ask the customer for the enterprise’s score in each topic area. For example, for the business capability, Claims Management, the EA will ask for the capability’s level of adoption based on the following criteria: 5-Enterprise-Proven, 4-Tested, 3-Industry-Proven, 2-Emerging, and 1-Not Available.
This assessment is intended to capture a range from 1 to 5 for each topic area under these assessment drivers. The end result is a rolled-up dashboard with the scores of architectural fit, value, risk, readiness, and an overall score for each capability. The final results presented in the dashboard will allow the EA to determine the high-priority capabilities with the customer.
Conclusion
The Cloud Strategy & Planning (CSP) guidance helps establish a common context for cloud computing among all business and IT stakeholders. Furthermore, it allows companies to define an actionable cloud opportunity plan for qualified & validated cloud opportunities to be architected for a specific service and deployment model.
The CSP guidance has 3 phases and 7 activities which give an overall structure to the approach. These allow the client to assess and identify the current maturity level of their competences, to find out which of these are best suited for cloud migration, and to evaluate and better understand the opportunities for cloud solutions in the organization. This assessment will ultimately lead to a business transformation roadmap that is aligned with the enterprise’s technology and business objectives.
A few key points:
- Focus on Maximizing Business Value – Leverage a business top down process of analysis and refinement, describing business capabilities to matched cloud technologies is essential
- Capability Driven – Respect both the business and IT dimensions of an organization
- Balance Value and Risk - Identify cloud opportunities while also rationalizing the potential challenges
- Leverage Industry Best Practices – Amplify value of proven methods, models and tools to reduce risk of a poorly planned and executed strategy.