Cloud maturity: how mature are you for the cloud?

Edited 10/27/2023

I want to describe an interesting issue that we are tackling first with the customers we are bringing to the cloud. Because before we can work with a customer, we need to have a good understanding of where their teams are mentally, process-wise and knowledge-wise. We are interested in the cloud maturity of the customer. What is it and how do we do it?

Before I pick an apple, I check to see if it's reddish on one side only. In the same way, we assess together with the customer (it's partly a self-assessment!) various aspects of their capabilities and operation.

What does a company have to be like to be considered a mature cloud company in all respects?

Do we have to worry about the process?

The maturity assessment method we use is largely based on evaluation of process maturity. And that's right. Because we're talking about IT services provided to the business, and in the operating model, these consist mainly of processes. Functioning processes. Please show us the paper buried deep in your document storage as the last thing.

There is a well-developed general methodology for assessing process maturity. Therefore, it is not difficult to determine it by assessing several parameters over the basic architectural, change and operational processes.

Do you feel now that the more procedural the customer, the more mature they are for us? Oh, no.

Do we have enough certified people?

I can hardly talk about cloud maturity when most of the crew hasn't touched the ball (i.e. the cloud). Even in 2021, it is still true that a significant number of IT operations professionals have touched it, but often only in the locker room, not on the field.

Surprisingly many companies have teams that are trying out cloud services out of their own enthusiasm, personal initiative or shadow IT. However, the lack of preparation does not allow them to learn how to operate the cloud properly and actually use it in practice.

On the other hand, we have encountered companies that have been forced by the situation to consume cloud services by leaps and bounds. There we find very good deep knowledge of often advanced services in people who somehow "haven't had time" for AZ-104k or some AWS Practicioner.

So do you feel that the more certifications in the team, the more cloud mature the company will be? Also no.

Do we have a sophisticated IT strategy?

The use of cloud services is usually a major IT outsourcing for which a company must be prepared. In addition, which fortunately customers, who are affected by more regulations than GDPR, are well aware of, the company must internally process quality analysis of the use of external cloud services in terms of regulatory, data and process compliance.

A detailed study of the current IT strategy documents and compliance analysis is one of the first steps we take in the maturity assessment. We are interested in how the company approaches cloud services, how it has treated its relationship with outsourcing, how it wants to treat different types of data, how he wants to set the rules of engagement and more.

It seems to you that a well-designed cloud IT strategy pointing to a mature customer? It doesn't have to be.

Do we have the tools we need?

Enough questions, even that's not enough. The pile of tools implemented left and right rather shows how much power individual teams have to inflate the budget. It has little to do with maturity.

So what's it like?

Let's go back to the opening paragraph on why we care about any cloud maturity at all: "We need to understand where customer teams are mentally, process-wise and knowledge-wise."

• The right mental setup = I have it figured out and experienced.
• Ideal process setup = I do it the same way, auditable, recordable.
• Correct knowledge settings = I use the tools optimally.

CHCI - that's the basic parameter. You have toxic individuals on your team talking about the dysfunctional, unreliable, expensive public cloud (which has been discussed in the previous article) or a bunch of people who want to have modern tools that eliminate all unnecessary routine? Those who want to work with the public cloud have the necessary mental setup. They will already adapt and learn the processes and knowledge with us.

Once the above three things are working, the customer is able to run business applications in the cloud. We're happy to help him with the difficult things

• about DevSecOps and automation in general,
• with safety,
• with advanced monitoring,
• reflecting regulatory changes in compliance,
• with the creation of cloud centre of excellence
• and with my personal favourite - continuous cost optimisation, preferably using self-optimized coded infrastructure.

And if those three settings don't work?

So we and the customer have a lot of work to do. But we're gonna walk the walk.

Now show me your maturity model!

OK, here it is. For convenience and some compatibility with other models, we use five stages of maturitythat we call:

Which one will you find yourself in?

Ad-hoc approach - Resistant

• Piloting, trying out the first e.g. test environment.
• He is delaying the move to the cloud because he understands that it is an investment with a long payback period.
• It expects a suitable business case in the application unit, which means a large investment in its own datacenter and easy launch in the public cloud.

Opportunistic approach - Explorer

• He has the first non-critical production workloads in the cloud.
• It tries to place suitable applications in the cloud that are, for example, at the end of their life cycle.
• Paired core ITSM processes to support cloud operations.
• They are trying to acquire adequate knowledge in teams.
• It is considering appropriate tools for monitoring its distributed infrastructure.

Repeatable Access - Player

• It operates in the cloud with clear operating principles.
• It also runs business-critical applications in the cloud.
• It has well set up monitoring, backup and high availability.
• It addresses security and compliance in the cloud.
• It has set up processes for budgeting and monitoring costs.

Controlled Access - Transformer

• They are changing their business thanks to IT.
• Applications are primarily hosted in the cloud, and when that's not possible, they seek a hybrid cloud.
• On-premise remains a zoo of applications before transformation or shutdown.
• It regularly innovates and uses new services.
• The cloud application lifecycle is driven by a DevOps approach.
• It manages and effectively manages its capacity.

Optimised access - Disruptor

• For him, the cloud is an essential IT tool for developing business potential.
• It has full automation within the DevSecOps mentality.
• Automates meta-processes for control, process monitoring and improvement.
• He has long-term experience in cost optimization.
• It uses the latest services and often works directly with the provider to develop them.

Cloud maturity: is the highest tier the best?

All maturity levels are correct if they are linked to the needs of the business. Not bad to be at the beginning. It is wrong to think that I am at the end and not have worked all the necessary steps. Not having a strategy, compliance, ITSM processes, tools, knowledge, a motivated team, sophisticated automation, exit scenarios, risk analysis, application criticality analysis, etc.

For us consultants, the most rewarding part of working with Explorer. And the biggest challenge is of course Disruptorwho knows how to trouble us well with his specific problems and deep knowledge of the subject.

Having defined what cloud maturity is for a customer may be an exercise, but it is a necessary start for us to make a positive change. We write more on this topic in the article What is your cloud maturity.