Accelerating your journey to the public cloud | KPMG Perspectives

In today's fast-paced world, businesses are embracing various cloud solutions to meet their needs. Companies are opting for infrastructure-as-a-service (IaaS) to transfer their old applications to the cloud, software-as-a-service (SaaS) for better and more advanced application options, and innovative features like containers and microservices to create new cloud-based applications. This trend is not limited to any specific industry, as enterprises from various sectors are all jumping on the bandwagon. In the near future, it's expected that applications hosted in traditional data centers will become the minority rather than the norm.

Although public clouds relieve the IT department of the burden of managing and maintaining compute, network, and storage resources, they do not relieve the business from the risks and obligations that come with migrating or upgrading enterprise applications. If anything, as the adoption of cloud technology grows and speeds up, it presents a variety of new difficulties for the business to face.

The problems arise when implementing cloud usage throughout the entire company, including applications used in various departments such as the front-, middle-, and back-office. This poses several difficulties for CTOs, CIOs, business leaders, and controls teams. Effectively overseeing the widespread use of cloud technology requires various important elements in order to minimize potential risks. It is also important for organizations to understand their shared responsibilities with the cloud service providers.

In recent times, there has been a noticeable rise in the use of cloud technology in the Philippines. Numerous companies, regardless of their size, are migrating their applications and services to the cloud in order to take advantage of its advantages such as flexibility, cost-effectiveness, and ease of access.

With the surge in cloud usage, it becomes increasingly important to prioritize governance and compliance. It is essential for companies in the Philippines to develop efficient rules and actions that align cloud adoption with industry standards, security needs, and acceptable usage policies.

According to Gilbert Trinchera, a Technology Consulting Partner at KPMG in the Philippines, the country is making progress in accepting digitalization. This is mainly due to the government's emphasis on digital transformation and the business sector's desire to expand their operations, improve customer interaction, and boost productivity. When it comes to successfully adopting or transitioning to the cloud, it is essential to carefully select reliable partners and prioritize factors such as security, cost flexibility, availability, and expertise.

Proper management is essential for implementing cloud technology. A carefully planned process of management can ensure that your adoption of cloud services is in accordance with the established standards for acceptable usage within your organization. This process can also facilitate the training of engineers and provide transparency for stakeholders, thereby maintaining their trust in the migration program and expediting the adoption process. Experts at KPMG believe that establishing a Cloud Center of Excellence (CCoE) is crucial for effective management. Through effective leadership, the CCoE can facilitate consensus on which cloud services to utilize, determine how technology will be implemented and supported, and establish strategies for managing costs.

A successful Cloud Center of Excellence (CCoE) has the ability to unite your current enterprise policies, processes, and people involved, but it is necessary to update these components for a cloud-based model. This update applies to both moving traditional workloads to the cloud (through Infrastructure-as-a-Service) and transforming them into cloud-native applications (leveraging serverless, containers, microservices, etc.). Entrusting the CCoE with the responsibility of supervising the modernization of these processes is a crucial initial step towards aligning your entire organization on the path to the cloud. It is also important for the CCoE to incorporate shared responsibilities with various lines of business instead of operating on a completely centralized approach.

Define a common understanding of what it means to be successful. Implementing a cloud adoption program can have different impacts on various people involved. Before deploying the first application into a public cloud, all stakeholders should agree on a shared definition of success. It is crucial to create measurable definitions in order to assess the program's achievement of desired outcomes. To evaluate progress, establish a starting point by analyzing the existing technology setup. Success can be determined by factors such as the availability and reliability of applications, the efficiency of business processes, the speed of implementing new application features, and the overall customer experience. The Cloud Center of Excellence (CCoE) should coordinate stakeholder involvement and make sure that each group brings their requirements, expectations, and priorities into the decision-making process around cloud adoption. With a clearly understood definition of success, the technical implementation is likely to proceed more smoothly.

Taking the time to adjust to new security trends and features in cloud security. Involve the departments responsible for security and risk early and regularly. It is crucial to involve teams focusing on security, risk, and compliance at the beginning stages of implementing cloud technology to address concerns like safeguarding data, implementing controls, ensuring auditability, and managing identity and access. Delaying engagement with the security team may lead to resistance and delays in transitioning workloads to the cloud. Adapting to new security patterns and cloud security features can be a time-consuming process for your organization. Early and consistent engagement is essential to meet your deadlines. By using policy as code (PaC), you can build trust among your risk and security teams regarding the provisioning and maintenance of new cloud services while complying with compliance requirements. PaC helps enforce recommended security practices and compliance requirements without impeding development speed. This approach also fosters consistency and compliance within a DevSecOps mode of operation (development, security, and operations).

Ensure the proper handling. The correct management of your applications requires a thorough plan and a progressive timeline. This timeline should outline the strategic hosting location for each application and should be in line with the company's requirements, technological strategy, policies for adopting cloud services, and any limitations or rules for acceptable use. Take into consideration whether the application will be discontinued, stay where it is, be transferred as is, undergo modernization, or follow another path to the cloud. Before transferring any workloads, it is important to carefully analyze and determine the disposition of each application, including understanding the dependencies within the overall business ecosystem.

© 2023 KPMG International Ltd. is a privately-owned English company with limited liability. R.G. Manabat & Co., a partnership based in the Philippines, is a member of a worldwide network of independent member firms associated with KPMG International Ltd. All copyrights reserved.

Contact [email protected] or go to www.home.kpmg/ph.

The information provided in this blog is solely for informational purposes and should not be taken as expert advice for any particular matter or individual. The opinions and perspectives shared in this article are solely those of the writer and may not necessarily reflect those of BusinessMirror, KPMG International, or KPMG in the Philippines.