So I am a huge cycling fan and I am pretty much glued to the tour de France coverage most mornings. I consequently, just returned from a two day consulting session with a large bank in a cycling crazy country called South Africa. During the days, I had parallel conversations about cloud adoption as well as cycling. Most of the questions around this cloud adoption sessions focused on security, risk and compliance and what is the optimal balance of enabling agility and the mitigation of risk.
It got me thinking; what does a optimal vs. sub-optimal risk management strategy look like? And then I watched Phillipe Gilbert, from the Quickstep team during stage 16 of the Tour de France provide a text book example of assuming too much risk while descending the Col de Portet Aspet:
We’ve all been very scared, but @PhilippeGilbert is ok and will go back on the bike. 💪
Après une grosse frayeur, @PhilippeGilbert semble aller bien et va repartir. 💪#TDF2018 pic.twitter.com/Xtrjyw3QSf
— Le Tour de France (@LeTour) July 24, 2018
Gilbert was nearly 15 minutes up on the peleton with one other rider chasing. It was raining on and off on the route and Gilbert obviously prioritized increasing his lead over his safety. High risk lead to zero reward for Gilbert( he later abandoned the race with a broken patella).
How does this relate to an enterprise in the midst of their cloud journey? Well, if you as an organization, come in out of control in your cloud strategy, you can potentially crash or at worst, lose time on your competitors. Here are some areas where enterprises can misalign the ideas of acceptable risk:
- Exit strategy- most don’t have one and can’t accurately react if a provider becomes insolvent( not likely) or internal strategy changes
- Workload placement- moving a workload that requires considerable refactoring to a multi-tenant cloud and expecting great things
- Lack or a expense management strategy- there are several techniques to managed migration and on-going costs; use them!
- Not involving stakeholders & COE in decision making- cloud architects, despite being amazing, should not dictate the entire strategy.
At Gartner, we have some great research around cloud strategy and risk mitigation:
Three Best Practices to Prepare for Public Cloud IaaS Negotiations and Risk mitigation https://gtnr.it/2OdRFaa
Ensure Digital Business Resilience Through Better Risk Management Management Planning https://gtnr.it/2AaVs5a
A Public Cloud Risk Model:Accepting Cloud Risk is OK, Ignoring Cloud Risk is Tragic https://gtnr.it/2A9mSZr