By Allan Brearley, Practice Lead at IT services and cloud consultancy ECS

Those of you with long memories will remember when the Sex Pistols burst onto the music scene with their first single, Anarchy in the UK. While punk rock has been confined to the annals of history, today many respected financial services firms are struggling to contain a different kind of anarchy within their business.

Cloud anarchy is taking hold in many large financial services firms because of the sheer accessibility and ease of consumption of cloud services.In their haste to increase business agility, support innovation, reduce time to market for new products and services and compete more effectively with born in the cloud challenger banks, many firms now find themselves exposed to an alarming number of piecemeal cloud adoption projects.On paper each project seems like a great idea but together they threaten to cause chaos.

Shadow IT projects are a particular concern. It’s not unusual for a department to become frustrated by the IT department’s seemingly slow progress and sign a contract for a SaaS offering without considering the impact this decision will have on the rest of the business.

Problems also arise when boards rush to embrace cloud without having defined a comprehensive vision and strategy that takes into account existing business processes, employees’ skills, company culture, and, of course, all the legacy IT infrastructure. While a cloud-first approach might begin well, the lack of an articulate company-wide vision and strategy means a loss of impetus is guaranteed.

The knock on effect of cloud chaos should not be underestimated

The anarchy resulting from this laissez-faireapproachis particularly problematic for heavily regulated industries.

Our experience helping large banks weighed down with legacy infrastructure move to the cloud reaffirms the view that setting out a comprehensive enterprise-wide road map at the outset in readiness for a controlled transition to running production workloads in the cloud pays dividends every time.  It also swerves the likelihood of stepping on virtual land mines that can set off explosions in areas such as corporate governance, purchasing, and IT service integration.

Take governance, for example, where a lack of clarity and visibility surrounding which cloud services are being consumed where, and whether appropriate controls and standards are being met,makes it hard to demonstrate that you are: mitigating risk, managing IT security appropriately, managing audits and suppliers effectively, and putting appropriate controls in place to ensure compliance with regulations around data sovereignty and privacy such as GDPR.  Plusfirms also need to demonstrate that they are managing material outsource risks effectively, in order to comply with FCA regulations.

The uncontrolled purchase and use of SaaS or PaaS services without the appropriate level of IT engagement throws up a whole raft of integration, visibility, security and support headaches that can impact not just internal systems but also your customers’ experiences – and could ultimately damage your firm’s reputation.

‘Technology snowflakes’ are another cause for concern.They indicate that the same problem is being solved in different ways by separate teams, leading to IT support inefficiencies and additional costs.

Financial services firms need to factor in other financial implications of cloud anarchy too. These include a fragmented procurement process, which will make it difficult to cut the best deal with providers, as well as questions over how those teams consuming their own cloud services manage their budgets in the context of consumption-based services (pay per use).

Thwarting cloud anarchy

With digital agendas now centre stage, a move to delivery practices such as DevOps is inevitable.  Part of managing cloud anarchy involves establishing the controls which seek to bring order to the landscape. These controls are often blamed for inhibiting innovation and agility, but they don’t have todo so.

By having the right controls embedded in the right places and using automation and self-service to allow the development community to consume pre-rolled, well defined (and safe) cloud environments, it is possible to land in the sweet spot of agility, innovation, speed and control.

Whether your organisation is struggling to contain cloud anarchy or has managed to avoid it so far, there’s still time to take control of the cloud journey.Choose to go it alone in-house if you have the appropriate expertise, or consider engaging a third-party cloud consulting team to work with you.

Either way, here are some recommended priorities, from planning through to delivery:

• Discovery
  Run a discovery workshop where key stakeholders get to assess the current internal landscape and discuss the opportunities that a move to the cloud will bring to the business. This will help everyone understand the cloud rationale and define the business case.
• Mobilisation
  The mobilisation phase prepares your business for a move to the cloud. This includes: a readiness assessment, which maps the maturity of your organisation’s processes, people, and technology capabilities; defining an outline cloud operating model;and business case development to establish baseline costs taking into account the various economic levers (e.g. opex vs capex, elasticity, rightsizing, on-demand environments and so on).
  It’s also important to agree on appropriate metrics to track at this stage, which can be used later to demonstrate success.
  Other tasks to undertake at this stage include one or more public cloud Proof of Value or Proof of Concept initiatives,along with an initial assessment of suitable application migration candidates.
• Assurance
  It’s sensible to combine industry good practices with your own in-house frameworks to provide assurance. Focus on defining and reviewing your cloud architecture, as well as undertaking a comprehensive review of the security, regulatory and migration considerations relating to your cloud deployment.
• Delivery
  Use an enterprise-grade cloud migration frame work that is proven to support large-scale migrations to avoid any wholly preventable glitches from occurring at this important stage. The framework needs to encompass the orchestration and de-risking of the migration of major and/or critical services in a controlled and predictable way.

“Don’t know what I want but I know how to get it”

Perhaps the Sex Pistols’ Johnny Rotten was half right when he screamed the immortal lines: “Don’t know what I want, but I know how to get it”.  In the enterprise cloud world, doing the up-front work to establish a clear cloud vision and strategy avoids the dangerous scenario of not knowing where you’re heading, how you’re going to get there, or even when you’ve arrived.

It’s also important to put in steps at this stage to ensure that everyone within the bank is pogoing to the same tune. This means creating a company culture that embraces the cloud in a structured way, ensuring that employees are fully engaged, and thatany skills gaps are plugged promptly.

With a clear cloud strategy underpinned by appropriate controls and employee buy-in, your business will have the tools it needs to innovate faster and reduce time to market for new products and services- ultimately boosting competitiveness. And any trace of cloud anarchy in your firm will have been mothballed – just like those Sex Pistols records.