6 Core Competencies to Use and Provide Enterprise Cloud Services

There is a persistent (mainly vendor-driven) meme going around the world of IT that building and running a responsible, secure, available, enterprise-quality cloud is simple.

There is a persistent (mainly vendor-driven) meme going around the world of IT that building and running a responsible, secure, available, enterprise-quality cloud is simple. The theory seems to be that it just needs some server virtualization, adding automation, maybe dropping in some change control, and calling it done. Or that all you need to do is to logon to a public cloud provider, give them a credit card number, then click a button to migrate your workloads to the cloud.

You see it virtually everywhere you turn. It shows up in myopic discussions of ‘cloud lifecycle’ that conveniently ignore pre- and post-deployment activity like service planning, application design, security and compliance, and facilities management. It is the basis of posts that gush over benefits of cloud that only apply to new applications on mono-platform ecosystems. It is the premise for speeches advising you to ‘ring-fence’ any platform, technology, or application that does not fit the new cloudy ways.

So I thought it might be useful to review the CA Technologies approach to cloud. This is a more complete approach that outlines six essential capabilities required to address more than just the virtualization and automation of component infrastructures, more than just migration to a public cloud provider, and more than just a single-platform ‘ecosystem.’

6 Core Competencies to Use and Provide Enterprise Cloud Services

The CA Technologies approach is based on our Business Service Innovation (BSI) roadmap – a common set of guiding principles and disciplines that CA Technologies advocates to deliver any innovative business service. When applied to cloud computing, the BSI roadmap outlines six core competencies that enterprises and service providers alike should adopt to responsibly use or provide enterprise-grade cloud services.

Of course, it includes the core basics of delivering a cloud – such as virtualization and automation. However, it (appropriately) starts earlier in the process with essential elements of planning, modeling, and assembly of complex hybrid IT services before they are delivered. It also progresses forward to encompass ongoing security, assurance, and management for complex services after they are delivered.

As such, this approach forms the basis of a much more realistic cloud computing strategy than the idealistic and tactical ‘imagineeering’ that seems increasingly common elsewhere.

The six core competencies include:

  • Model and simulate cloud services before you invest. It is not enough to proclaim “To the cloud!” and declare victory. You need insight into your current service portfolio and your upcoming development projects. You need to know what cloud options you have, and what will actually help solve your problems. You need to know whether SaaS, PaaS, IaaS, private, public, or hybrid is the answer for any given service. You need to model, simulate, and test before you invest to ensure a smooth and cost-effective transition. Only then can you make objective and effective decisions on how, when, what, and why to move to cloud – the right services, the right way, the first time.

  • Assemble cloud services from internal & external sources. Cloud choice is often haphazard and ad hoc, resulting in unproductive, costly, insecure, duplicated, and non-compliant ‘rogue cloud.’ Instead, you should intentionally assemble the right cloud choices to create a functional hybrid service environment. This too must start with objective insight into current service definitions and requirements, available service offerings, and possible service providers. Only then can you evaluate cloud options and assemble the right combination of infrastructure resources and/or pre-built services, to deliver the complete cloud service that business needs.

  • Automate manual activity across diverse systems. Cloud computing assumes ‘on-demand self-service,’ so automation is essential to accelerate the complex interactions of virtualization, self-service, resource measurement, chargeback, and service delivery. Large enterprises especially must consider how to orchestrate complex services across cloud and traditional platforms; how to automate processes and workloads across public and private clouds, whether IaaS, PaaS, or SaaS; how to integrate element managers and fabrics like VCE Vblock, NetApp FlexPod, or Cisco UCS; and how to automatically manage non-IT resources like power, cooling, and facilities. Enterprise cloud needs unified orchestration capabilities that can automate manual activity across all these environments as one, not just one or two proprietary platforms.

  • Assure service performance across the IT value chain. It is not enough to build a cloud – the complete cloud lifecycle includes running cloud services to assure the availability, compliance, and experience that the business requires. This starts with the alignment of service levels and business service priorities, and extends to real-time, 24×7, service-aware performance monitoring for the entire business service. Moreover, in a complex world of hybrid IT, you need assurance across multiple service tiers; across physical infrastructure and non-x86 components; across elements of SaaS, PaaS, and IaaS; as well as across virtual, private, and public cloud boundaries.

  • Secure cloud with content-aware identity & access controls. Any cloud lifecycle ‘solution’ that does not include security is risky at best, downright dangerous at worst. Shifting boundaries of cloud make traditional perimeter protection less effective, so you need to adopt agile identity- and content-aware security, alongside traditional technologies such as data loss prevention and event monitoring. Automated controls will help to reduce risk by ensuring functional isolation and strict audit for data access, system provisioning, configuration changes, and other sensitive activities. And this security should not only support all your cloud services – on-premise, off-premise, public, private, IaaS, PaaS, SaaS, etc. – but should also integrate with traditional IT systems to ensure there are no gaps for the bad guys to walk through.

  • Manage hybrid cloud service according to business needs. It is not enough to build, buy, or use a cloud and call it good; it is not even enough to go just one level higher than the element infrastructure, and look at so-called ‘IT services’ in isolation. Instead, you need a top-down approach that values and manages business service outcomes – user productivity, return on assets, carbon production, legal and contractual compliance, energy utilization, resourcing costs, innovation and ideation, cycle time acceleration, performance, and more. You must also continually revisit IT and business service delivery, automating and orchestrating as much as possible to keep removing inefficiencies and manual intervention.

Make no mistake. If all you are doing is virtualizing and automating a corner of your data center with one proprietary platform, then you are destined to create yet another costly and complex silo of duplicated resources and wasted money. If all you are doing is taking existing infrastructure tools and equipping them with people, you are destined to suffer the ever-increasing cost of an army of consultants. If all you are doing is collecting data from an uncontrolled and unplanned ‘cloud of clouds,’ then you aren’t fixing the problem, you are making it worse.

And if you are adopting cloud computing without planning, without security, without assurance, then your cloud – and perhaps your business – is destined to fail spectacularly.

Because ‘the cloud’ is complex, overly simple approaches will not work. IT needs to manage the entire cloud, from end to end – starting with initial service analysis, planning and modeling; through intentional assembly of components and services; automation and orchestration of complex processes; assurance for performance and reliability; security and compliance for data and identity; to business-focused management of the whole business service.

Hopefully this helps give an idea of the reality of how to get to cloud computing – and how CA Technologies can help with everything from modeling to securing and managing your cloud.

At CA Technologies, we have a lot of best practice advice and material on using and providing cloud computing services, across the entire BSI value roadmap – including brochures, presentations, whitepapers, etc., from both CA employees (like myself) and from independent industry experts including research analysts, journalists, and independent consultants. If you want to find more in-depth content on this topic, check out CA.com/cloud for a wealth of detailed material. We can always connect directly with our strategy and technology experts for a great in-depth conversation, too.

Finally, as always, I would love to hear your thoughts on this practical model for cloud. Please go ahead and hit me up, either in the comments below, or on Twitter!

Written by

Andi Mann

CA Leadership

Andi is VP of Strategic Solutions at CA Technologies and an expert across cloud, mainframe,…

Published in

View this topic
  • James Holland

    This is great. Hooray for Disney’s imagineers!

    become a new brand in the share market research with its accurate research. Proven
    itself always right whether market is bull or bear. Last week all paid clients
    booked handsome profit in NIFTY, BANKINIFTY & STOCKS. Now for the coming
    week we expect more correction can come in NIFTY as the IRAQ issue is getting
    more tense, If it happens more then you will see a sharp fall in all world marketNSE BSE, STOCK TIPSbecause as we know all world run on
    crude & most of the crude comes from IRAQ. So be ready for a sharp fall so
    sell will be the best strategy for next week also. Traders can make a sell
    position in NIFTY around 7600-7650 with stoploss 7750 for the target of
    7300-7200.One can also make a sell call NIFTY 50 stocks as per NIFTY levels. You
    can also take our two days free trial to check our accuracy. For further updates
    you can visit our website. http://goo.gl/sMgZ7n



  • king lear

    testing comment functionality, please do not publish this

  • Love the personal pic 🙂

    • CAHighlight

      Thank you!

  • Plutora Inc

    This is a good case study. 2.3 sec’s off a login transaction is big.

  • While the analysts were hyping DevOps, I posted the oversight of not including security as part of that discussion as you are highlighting here. Instead of just talking DevOps, it should be DOS (what’s old is new again 🙂 – DevOpsSec. As a previous AppDev person, it’s the app, who’s using it, why and where rather than the device and having the service available.

    As you rightly point, out Security should be baked into the solution.

    Nice Post and Timely!


    • CAHighlight

      Thank you for your feedback Michele. Agreed – security cannot be overlooked. Appreciate your input!

  • Mitesh

    I would love a printed copy

  • Lars Johansson

    I love the idea of BYOID! This makes me choose if I am almost anonymous (with my Hotmail Nicname) or official with identity from an official organisation. My Identity Provider will attach identity with right level of LoA according to the need of the Service provider.

    • CAHighlight

      Thank you for your comment. BYOID has tangible benefits for end users and relying parties but it also has to be weighed in the balance with potential risks and liability concerns. It will be interesting to see how BYOID plays out in the enterprise.