Cloud strategy: a 2024 guide

The strategic cloud: how to craft a digital ecosystem for sustained innovation and growth.

Due to the major technical leaps in IT services, the cloud has swiftly moved from concept to necessity for companies of all sizes and across all industries. Eight out of ten MIT Technology Review survey respondents claim that cloud adoption brought innovation and cost savings to their businesses. But, a thorough selection of a cloud service provider (CSP) and cloud architecture will not necessarily translate into tangible business results. In order to fully capitalize on this technology, careful reassessment of existing operations, processes, and business culture may prove beneficial. With a well-planned cloud strategy and the proper execution, organizations can harness the cloud’s versatility to propel sustainable growth. The window of opportunity is increasingly wide open. Here’s how to seize it.

What is a cloud strategy?

A cloud strategy refers to a company’s plan for adopting and using cloud computing services and resources. It can include the following key elements: cloud adoption roadmap, cloud service model evaluation, cloud provider evaluation, cloud governance, and application modernization. Overall, a cloud strategy enables a company to adopt cloud computing in a systematic and well-governed manner. A cohesive cloud strategy aims to:

• Define the activities, roles, and responsibilities for accelerating the cloud adoption
• Provide an enterprise with a decision framework to evaluate opportunities in the cloud
• Establish a cloud implementation roadmap
• Determine the targets, measures, and key initiatives that drive continuous integration and delivery

It also opens up a range of questions, including:A sound cloud strategy recognizes that the cloud is not just an IT matter, but a broader business transformation. Fundamentally, the cloud empowers new ways of creating value and serving customers. And in this way, a strategy rooted in pragmatism and flexibility allows enterprises to adapt to new use cases and evolve in step with the cloud’s ever-expanding potential.

Why is it important to create a cloud strategy?

A thoughtful cloud strategy provides substantial strategic value that goes far beyond tactical benefits like a faster spin up of servers. It establishes an alignment between cloud objectives and the overarching business goals, and it enables enterprises to build cloud environments with the end goals in mind, rather than taking a piecemeal approach. As a 2022 Deloitte survey underlines, investments in cloud technology are yielding favorable results across key business objectives (see Fig. 1). Crucial areas of progress are greater efficiency and agility, expanding revenue, and optimized costs.Figure 1. The cloud has a substantially positive impact in different areas of business, according to the Deloitte report.

An effective cloud strategy imposes a dedication toward adoption paths, governance models, and financial management. Enterprises with mature cloud governance can balance innovation and risk, while well-architected strategies help manage the complexity of multi-cloud environments.

Without a cloud strategy, an organization may try to accommodate a multitude of choices that often conflict with each other and fail to guide the business towards achieving its important corporate goals. And in the absence of a cloud strategy, a firm will lack the appropriate focus on the key challenges that need to be solved.

How to set up a cloud strategy: a blueprint

In the subsequent paragraphs, you will discover a detailed step-by-step guide to create a cloud strategy. This is a basic outline of the cloud strategy activities, but the depth and the thoroughness of the analysis can be adjusted as per the needs of the organization.

1. Analyze the current state of business

At this stage in the analysis, it is necessary to capture the macro-context of the business. The main deliverable of a current business context analysis is to set up the business’ direction and define the cloud needs based on the strategy. No doubt, there may be gaps between the current capabilities and those required to fulfill the cloud-enablement of a business.

The tools and techniques that are useful for a business context analysis are:

• Brainstorming sessions involving both stakeholders, decision-makers, and IT specialists as a way to determine and evaluate the impact of a cloud adoption.
• A Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis applied to a cloud strategy assessment can be used to create a matrix of different cloud deployment models and how they serve the needs of the business. A SWOT analysis also helps evaluate the current information system [IS] and leverages its strengths and opportunities in order to overcome weaknesses and threats.
• Value chain analysis helps determine what the primary activities are that create the most value for the customer, and whether the cloud improves the effectiveness and efficiency of the processes.
• The PESTEL framework is another effective tool for identifying the external forces an organization faces, as shown in the image below.

2. Identify business objectives

Well-defined business objectives, with strategic and tactical variables, serve as a direction for the cloud strategy. They enable tangible business impact in the near term and continuous progress toward the desired future outcome. For example, companies investing heavily in a digital infrastructure usually want to achieve one or several of the following business objectives:

• Rapid releases of new services or products
• Cost reductions
• Greater operational excellence
• Acquisition or retention of new customers
• Upgrades in decision-making processes
• Honed competitive advantage

In addition, it is crucial to balance short-term wins with the long-term strategic vision at this stage. Let’s say, a company could aim to migrate its customer database to the cloud in the next six months in order to achieve near-term cost savings and availability. However, the long-term vision could be to fully tap into cloud analytics and AI services on that data so as to drive personalized customer experiences and increase sales.

Explore how we built an advanced fleet management system for Intel. Success story

3. Assess the as-is IT architecture and cloud readiness

Once the business objectives are clear, companies conduct an assessment of their current IT architectures, systems, and processes. This analysis will reveal details on which workloads and data may be candidates for cloud migration based on business goals and technical feasibility. Key areas for consideration encompass:

• An inventory of current on-premise servers, software, databases, and infrastructure
• Interdependencies between legacy systems and data
• Compliance and regulatory requirements for different data sets
• The level of effort needed to refactor monolithic applications into cloud-native architectures
• An assessment of application latency needs while shifting from on-premises to the cloud
• An analysis of the current spending on data center colocation, hardware maintenance, and IT personnel
• Forecasting future infrastructure needs and growth

This research should determine which systems can simply be lifted and shifted to the cloud “as-is,” and which should be modernized, and which should stay on-premise. This whole process implies taking stock of the business applications and workloads currently running on the legacy infrastructure, as well as their interdependencies.

After that, a cloud team will categorize workloads based on characteristics like security, compliance, and other architectural requirements as a means to clarify suitability for cloud hosting. It is important to note that any legacy applications that are monolithic and tightly coupled may require significant effort to refactor them into cloud-native microservices. There are other useful migration strategies, including re-hosting (or “lift-and-shift”), re-platforming, re-factoring, and/or re-building systems optimized for the cloud.

A McFarlan IT portfolio grid is a convenient technique to help with defining the current, strategic, high potential, or key operational cloud support systems. It determines the strategic impact of IT applications, in our case cloud services, on the current vs. future industry competitiveness. All of the existing infrastructure in the company can be categorized as per the McFarlan IT portfolio grid.This framework groups applications into four quadrants – strategic, high potential (turnaround), key operational, and support. Strategic systems deliver a competitive advantage, like a customer portal. High-potential systems may enable future capabilities, like IoT platforms. Key operational systems run core business functions, like enterprise resource planning (ERP). Support systems provide infrastructure and services. Mapping current systems into this grid helps to highlight cloud migration priorities.

4. Opt for a cloud service provider (CSP)

The major players in the cloud industry offer excellent infrastructure, however they differ in strategic vision. For example, AWS dominates with the broadest IaaS/PaaS capabilities, but Google Cloud has cutting-edge Machine Learning (ML) capabilities, while Microsoft Azure tightly integrates with the Microsoft 365 ecosystem. In order to make the right decision, companies should choose their provider roadmaps through the lens of their own digital transformation plans. Essentially, maturing technologies like generative AI, blockchain, or quantum computing may guide the selection for future needs (see Fig. 2). Cultural fit is also crucial: some organizations may prefer Google’s engineering-first ethos vs. Microsoft’s enterprise sales approach. Cost factors, vendor lock-in risks, and technical skill alignment should also be evaluated.Many enterprises opt for multi-cloud. In fact, the use of multiple cloud platforms is so widespread that 85% of businesses adopt two or more clouds and a quarter uses five or more, the Wall Street Journal reports. In the multi-cloud scenario, the key is mapping providers to workloads based on both technical parameters and business fit. For example, a financial services company may want AWS for cloud-native apps, Microsoft for legacy .NET apps, and Google for AI. What’s more, architecting for portability prevents vendor lock-in. Our recommendation here is: think beyond the basic IaaS/PaaS features and balance the provider selection with long-term innovation, growth, and partnership opportunities.

5. Assess risks and challenges

When organizations adopt cloud computing, they can experience increased vulnerability due to overlapping trust boundaries between the organization and cloud providers. Whereas previously the organization had complete control over infrastructure and data, now reliance on the cloud provider creates shared risk (see Fig. 3). Cloud providers require extensive access in order to manage infrastructure and data, so securing strong access controls and monitoring is essential, a Deloitte report underlines.

Figure 3. Companies can forecast multiple challenges during cloud adoption, as per the Deloitte report.

Moreover, migration to the cloud can decrease operational governance control as organizations must adhere to policies set by cloud providers versus internal IT policies. Organizations have less visibility and control over factors like performance, availability, and security in the cloud versus on-premises. There are several ways companies can mitigate these risks and challenges, namely:

• Conduct thorough due diligence on potential cloud providers
• Implement strong identity and access management controls for cloud environments
• Utilize cloud security tools like cloud access security brokers to enforce security policies
• Architect applications as a means to take advantage of cloud-native security capabilities like firewalls, data separation, and access controls
• Establish backup and recovery procedures in case of outage or data loss
• Create governance procedures over cloud operations, cost optimization, compliance, and risk management
• Train staff on proper cloud security protocols so as to maintain vigilance

The migration of systems and data to the cloud can fundamentally change an organization’s security and compliance posture. Rather than an afterthought, risk and compliance considerations should become central pillars of the cloud strategy. In turn, it should be prescriptive of the tools and processes needed to maintain visibility and control, based on the sensitivity of systems and data.

6. Set up data privacy, sovereignty, and governance

As organizations move data and workloads to the cloud, it is crucial to have robust data governance policies and procedures so as to maintain privacy, security, and regulatory compliance. A key consideration is upholding data sovereignty, which is the principle that an organization retains ownership of its data even when stored on third-party infrastructure. In order to adequately address this, companies can follow these actions:

• Review current data privacy laws and regulations that apply to the organization, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and industry-specific rules. Grasp the full scope of any compliance requirements.
• Classify data types and sensitivity levels. Identify which data sets contain personal information, financial data, intellectual property, or other sensitive information that requires extra precautions.
• Implement access controls and encryption to protect data at rest and in transit. Control access through identity management and multi-factor authentication. Encrypt data on cloud servers and when transmitting over networks.
• Establish clear jurisdiction over data. Address data sovereignty requirements to guarantee that sensitive data is stored in allowed geographic locations as per regulations.
• Define data retention policies that align with compliance obligations. Create schedules for data disposal after retention periods expire.

In this context, a distributed data sovereignty model can significantly augment cloud data governance. It implies storing data across dispersed cloud regions and zones, and uses proprietary data formats to add an extra layer of privacy and Intellectual Property (IP) protection. This distributed approach reduces dependency on any single vendor, making data migration easier. This advantage results in greater organizational control, security, and sovereignty over data in third-party cloud environments.

7. Focus on cloud security and cybersecurity

The key elements of any cloud strategy definitely include cloud security and cybersecurity. With infrastructure, data, and applications residing on shared public cloud platforms, traditional perimeter defenses are no longer sufficient. Instead, organizations should enact tight access controls and data protection measures. Here are several tips for that:

• Centralized identity and access management form the basis that enables just-in-time and least-privileged access. Multi-factor authentication adds critical user verification, while permissions are limited through role-based access controls.
• Data protection tools like encryption, tokenization, and rights management should be applied according to classification levels. Workloads should be shifted to the public cloud only after rigorous security reviews. Immutable infrastructure patterns make cloud assets more defensible.
• Cloud-native approaches like DevSecOps and infrastructure as code (IaC) allow security to permeate application design and delivery pipelines. Continual configuration monitoring and analytics help identify misconfigurations early on.
• Mature incident response plans encompass cloud-based analysis and workflows to quickly contain compromises. Disaster recovery provisions specifically focus on restoring cloud data and workloads from backups.
• Ongoing cloud security posture management and compliance auditing validate that configurations match leading practices, policies are enforced, and regulatory standards are met.

Zero trust embodies another crucial way to improve an organization’s security. It has emerged as a leading security model for the cloud. Unlike legacy perimeter-based defenses, this approach assumes all users and workloads could be potentially compromised. It mandates continuous verification of identities and validation of device health before granting the least privileged access to resources. This is made through micro-segmentation, granular per-session permissions, and analytics-driven monitoring of user activity and anomalies. With the zero trust principle of “never trust, always verify,” organizations can minimize attack surfaces and contain threats that evade the perimeter.

8. Drive sustainability with the cloud

The integration of Environmental, Social, and Governance (ESG) principles into cloud computing strategies has become a critical consideration for enterprises. This trend reflects a broader recognition of the potential of cloud technologies to drive positive environmental outcomes. In fact, the majority of respondents in the MIT Technology review study use cloud computing as a means to adhere to their ESG principles. Here’s a detailed outlook of the way companies prioritize their cloud-based resources for greater environmental outcomes:Figure 4. Companies use cloud computing in order to achieve their ESG goals, according to the MIT Technology Review Insights survey, 2023.

Interestingly enough, according to a report by the World Economic Forum, cloud computing, along with other technologies such as AI and highly networked facilities with 5G, can generate up to 8% of greenhouse gas (GHG) reductions by 2050. This reduction stems from the efficiency gains and resource optimization enabled by the cloud infrastructure, as well as the increasing use of renewable energy sources to power data centers.

Meanwhile, the cloud provides powerful capabilities for companies to track progress on ESG goals across massive amounts of data. For environmental metrics like emissions, energy, water use, and waste, IoT sensors embedded in facilities, vehicles, and equipment can transmit data to the cloud in real time. Cloud analytics tools can then correlate the sensor data, identify trends and anomalies, and generate sustainability reports to demonstrate environmental performance improvements.

9. Implement a cloud roadmap and see results

With clear business objectives, an architectural assessment, and provider selection, companies can map out an end-to-end implementation plan for their cloud migration. This approach covers the phased rollout of projects to achieve the target business outcomes. A successful cloud implementation requires detailed project planning and appropriate resourcing. Furthermore, companies should define new organizational structures, staffing models, and work processes to manage a new cloud operating model.

Cross-functional collaboration between business and technical teams is crucial for aligning priorities and objectives. Comprehensive project planning should outline realistic timeframes, budgets, resources, training, and change management that are required at each step. Moreover, a detailed communication strategy is vital to keep all stakeholders informed of progress and any changing needs. Regular training sessions should equip employees with cloud skills as adoption accelerates. With detailed and phased planning, IT professionals can successfully orchestrate cloud migration journeys.

Measuring return on investment (ROI) and value realized through cloud adoption can be challenging, but it is critical for businesses. Interestingly, 82% of companies from the MIT Technology review study agree that they evaluate their cloud technology investments (see Fig. 5). According to McKinsey, on average, a company embracing cloud technology today has the potential to attain a 180% ROI in terms of business benefits. However, only a minority are coming close to such gains.Figure 5. The majority of organizations track their cloud adoption-related progress, MIT Technology review reports. 

Some of the quantifiable metrics include cost savings from retiring on-premises infrastructure and reduced data center overhead, improved staff productivity and velocity of new product or feature delivery, revenue gains from faster time-to-market, or decreased system downtime. Monitoring these metrics before and after cloud migration will show operational gains.

Surveys gathering customer and employee feedback on satisfaction pre- and post-adoption can also quantify value. Detailed tracking of cloud spending versus capital expenses and operating costs avoided provides the fundamentals for a ROI analysis. Organizations should take an in-depth approach across both hard data and anecdotal evidence to build a complete picture of cloud benefits. The establishment of clear ROI measurement frameworks prior to the cloud adoption helps the process, as well.

10. Keep a close eye on new opportunities

In order to maintain a competitive advantage, companies should closely monitor the rapid innovation within cloud services. This means paying attention to cloud offerings across Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) offerings. In doing this, businesses can identify features that will drive their digital transformation of processes, data analytics, customer experiences, and product development. For instance, they can run proof of concepts (PoC) on high-potential services and integrate the most promising with internal systems through cloud APIs to increase automation and efficiency. Equipped with the latest cloud innovations, organizations can achieve key competitive advantages.

The cloud also facilitates the collection, normalization, and sharing of the vast data sets required to train and improve AI models. With 5G and fiber, the cloud plays a pivotal role in providing the core network infrastructure and services that power ultra-fast speeds and low latency connectivity. The global scale of leading cloud providers matches the wide geographical distribution required for 5G networks. For edge computing, the major public clouds offer distributed services to deploy workloads locally and coordinate them with cloud data centers.

How do you select a cloud deployment model?

At this point, we’d like to go back to one of the most vital choices along the cloud journey: how to decide on the deployment model. Typically, organizations can pick the deployment model or combination of models that offer the right balance of control, flexibility, and costs for their workloads and objectives. Among the primary deployment models in cloud computing are public, private, hybrid, and multi-cloud environments. Each of them presents unique advantages and considerations, as shown in the table below:The selection of the right cloud model should be based on a careful evaluation of factors around security, performance, costs, and technical capabilities. For organizations with highly sensitive data or regulated workloads, a private or hybrid model may be preferred to keep tighter control over data and meet compliance requirements. The private cloud also brings data closer to end users for improved latency.

The public cloud offers nearly unlimited scalability and automation, but less control and configurability. Its pay-as-you-go model reduces upfront costs, but there may be data security concerns in the shared multi-tenant environment. The hybrid cloud provides a balance where critical workloads stay on-premises while additional capacity shifts to the public cloud as needed; the downside is the added complexity of linking both environments.

Understanding the factors around scalability needs, control, costs, workload profiles and in-house expertise helps determine if a single model or a combination makes the most sense when migrating applications to the cloud. There is no one-size-fits-all approach, rather it requires careful analysis of both technical and business requirements.

Key takeaways and recommendations

A thoughtful strategy, coupled with gradual execution, is the right way to get to the cloud. It allows organizations to test cloud workloads, address system integration challenges, and strengthen organizational competencies. With the right strategy and vision in place, companies can migrate legacy systems, create new cloud-native apps, and transform operations.

Advance your cloud maturity with Avenga. Find the expertise necessary to drive innovation: contact us.