The articles in Digital Director of Digital McKinsey McKinsey Practice McKinsey: Insights are written Publishing: Barr Seitz Publications by consultants from Digital McKinsey together with Editor: Josh Rosenfield Editor in Chief: Lucia Rahilly colleagues across the firm. Managing Editors: Executive Editors: The publication offers Michael T. Borruso, Michael T. Borruso, Allan Gold, readers insights on digital Venetia Simcock Bill Javetski, Mark Staples transformations and the people, processes, and technologies Art Direction and Design: Copyright © 2018 McKinsey & that are critical to their success. Nicole Esquerre, Julie Schwade Company. All rights reserved.
Articles appearing in Digital Data Visualization: This publication is not intended McKinsey: Insights also appear Richard Johnson, Jonathon to be used as the basis for on McKinsey.com. If you Rivait trading in the shares of any would like to receive email company or for undertaking alerts when new digital Editorial Production: any other complex or significant articles are posted, register Elizabeth Brown, Heather financial transaction without at McKinsey.com. Byer, Roger Draper, Gwyn consulting appropriate Herbein, Pamela Norton, Katya professional advisers. To learn more about Digital Petriwsky, Charmaine Rice, McKinsey, please visit John C. Sanchez, Dana Sand, No part of this publication may mckinsey.com/business- Katie Turner, Sneha Vats, Pooja be copied or redistributed functions/digital-mckinsey/ Yadav, Belinda Yu in any form without the prior our-insights. To send written consent of McKinsey comments or request copies, Cover Photo: & Company. email us: digital_mckinsey_ © Erik Isakson/Getty Images [email protected]. Table of contents
Introduction 3
Creating value with the cloud
Features 4 12
The progressive cloud: A new Cloud adoption to accelerate approach to migration IT modernization
20 26
Reimagining software services for Making a secure transition to the cloud and the digital world the public cloud
39
Learning from leaders in cloud- infrastructure adoption
Creating value with the cloud
Once a technological curiosity, the cloud providers’ security resources and determine has become integral to modernizing the IT how to adapt their own cybersecurity pract- environment and enabling the digital trans- ices to balance speed and protection. formation of companies large and small. Cloud-based computing and storage platforms Perhaps most important, companies will need offer manifold advantages over conventional to reorganize their operations so they can on-premise systems, from lower operating take full advantage of what the cloud can do. costs to better compatibility with the working Some companies might choose to establish styles of digital enterprises. But a large-scale dedicated cloud-migration teams to set up move to the cloud isn’t a matter of merely cloud platforms and remediate applications “lifting and shifting” applications and data from or data assets so they function properly in the on-premises services to cloud platforms. It’s a cloud. Others will entrust the migration work complex endeavor that requires companies to to existing teams. Either way, all IT specialists, build new capabilities. from application developers to infrastructure teams, will have to learn the effective use One often-overlooked capability is planning the of cloud-based services. Such a learning cloud transition. IT leaders need to weigh the program should cover technical skills as well pros and cons of migrating each application as agile methods, which enable teams to build or data asset. This often requires extensive and deploy cloud applications quickly. dialogue with both cloud-services providers and software vendors so that companies can Being smart about the use of cloud platforms understand how their offerings are likely to and services can make the difference between evolve. Another key area of focus is managing gaining a competitive edge and falling behind cybersecurity during and after the transition. rivals. With this volume, we hope to help you Companies should take stock of cloud-service capture the value that the cloud can unlock.
Andrea Del Miglio Will Forrest Partner, Milan Senior partner, Chicago
3 Erikona/Getty Images
The progressive cloud: A new approach to migration
Mark Gu, Krish Krishnakanthan, Anand Mohanrangan, and Brent Smolinski
Migrating applications and data to public-cloud platforms can be tricky. Companies can ease the transition with hybrid-cloud configurations that progressively combine private- and public- cloud features.
Moving processing workloads into the public last year have migrated less than 10 percent of their cloud has helped leading companies lower their workloads to the public cloud. operating costs and build modern IT environments capable of rapid, integrated, and highly automated There are, however, ways to ease the transition development and operations. But for large companies to the public cloud. By progressively blending with complex IT architectures, moving applications public-cloud and private-cloud solutions into and data to public-cloud platforms involves hybrid-cloud configurations, companies can working through a formidable set of technology, quickly take advantage of sophisticated cloud security, operational, and financial issues. Those services and even move sensitive applications complications go a long way toward explaining the into the public cloud without disrupting their IT limited uptake of public-cloud platforms: some architectures and operations. Three practices 60 percent of companies surveyed by McKinsey are essential to implementing progressive cloud
4 Digital McKinsey: Insights December 2018 models. Companies must first estimate the costs of To work around these trade-offs and bring public- operating a hybrid configuration. Next, they should cloud capabilities together with private-cloud devise a manageable sequence in which to migrate security, companies can take a progressive approach applications and storage to the cloud. With those to combining private-cloud and public-cloud priorities in mind, they should set up a dedicated services. Such hybrid-cloud systems come in three unit to migrate applications and storage using agile primary variants (Exhibit 1): practices and streamline operations with automated services. In this article, we provide a closer look at A private-front or backhauling topology routes these three practices and how leading companies all traffic through private data centers and have used them to accelerate the movement of their deploys applications partly or completely in the workloads into the public cloud. public cloud so that a company can apply internal cybersecurity controls and still take advantage of The best of two worlds: The public-cloud services. progressive cloud Cloud platforms come in two main varieties, public A public-front topology also places applications and private, both of which have pros and cons. in the public cloud but allows users to access Public-cloud platforms give companies easy access them directly, with CSP-provided cybersecurity to a broad range of services, from basic storage and controls applied by default. Data are stored in a networking to innovative offerings like advanced private cloud with additional security controls. analytics, machine learning, and virtual-reality development. And their menus of services expand A public-cloud or cleansheet topology places all the time. Enterprises can easily take advantage both applications and data in the public cloud. of these cutting-edge services without having Enterprises apply cybersecurity controls from to develop their own or source them from other third-party services. vendors. However, enterprises can be apprehensive about placing sensitive information and proprietary As companies develop more sophisticated applications in the shared data centers that power cybersecurity controls and cloud capabilities, they public-cloud platforms. can shift applications from a private cloud into a hybrid cloud with a private-front topology, then Private-cloud platforms can be equipped with some into a public-front topology, and eventually into of the same automation features as public-cloud a cleansheet topology. For example, an insurance platforms (for example, one-click provisioning of company used a private-front topology to move some servers and automated scripting of architecture sensitive applications into the public cloud without patterns), so companies can rapidly deploy new having to overhaul its cybersecurity controls. Doing capabilities. Companies can also outfit private-cloud this allowed the company to migrate an additional platforms with security controls of their choosing 25 percent of its workloads into the public cloud, and thereby protect their critical applications and where it could use additional services while data. On the other hand, public-cloud platforms maintaining security controls. have more capabilities than private-cloud platforms: cloud-service providers (CSPs) invest heavily in Three essential practices for deploying developing new services, and third-party vendors progressive cloud systems tend to launch new services in the public cloud before Since progressive cloud systems rely on some introducing private-cloud versions. elements of public-cloud platforms, businesses
The progressive cloud: A new approach to migration 5 E HIBIT Progressive cloud systems come in three primary variants.