Business leaders around the world are asking their teams the same question: “Are we using the cloud effectively?” This dilemma often comes with anxiety: “Are we spending too much money on cloud computing?” Given the statistics — 82% of survey respondents in a 2023 Statista study cited managing cloud spend as a major challenge — it's a legitimate concern.
Concerns about security, governance, and lack of resources and expertise also top the list of concerns among survey participants. Cloud maturity models are a useful tool to address these concerns, solidify an organizational cloud strategy and confidently move forward with cloud adoption with a plan.
Cloud Maturity Models (or CMMs) are frameworks for assessing an organization's readiness for cloud adoption at both the aggregate and individual service levels. It helps an organization evaluate how effectively it is using cloud services and resources and how cloud services and security can be improved.
Why move to the cloud?
Organizations face increasing pressure to move to the cloud in a world of real-time metrics, microservices, and APIs, all of which benefit from the flexibility and scalability of cloud computing. Examining cloud capabilities and maturity is a key component of this digital transformation, and cloud adoption represents a huge upside. McKinsey believes it presents a $3 trillion opportunity, and nearly all responding cloud leaders (99%) see the cloud as the cornerstone of their digital strategy, according to a Deloitte study.
A successful cloud strategy requires a comprehensive assessment of cloud maturity. This assessment is used to identify actions—such as upgrading legacy technology and adjusting organizational workflows—that the organization needs to take to fully realize the benefits of the cloud and identify current inefficiencies. CMMs are a great tool for this evaluation.
There are many risk management models (CMM) in play and organizations must decide what is best for their business needs. A good starting point for many organizations is to engage in a three-stage cloud maturity assessment using the following models: Cloud Adoption Maturity Model, Cloud Security Maturity Model, and Cloud Native Maturity Model.
Cloud adoption maturity model
This maturity model helps measure an organization's overall cloud maturity. It identifies the internal technologies and knowledge an organization has, the fit of its culture to embrace managed services, the expertise of the DevOps team, the initiatives it can begin to move to the cloud, and more. Progress at these levels is linear, so the organization must complete one stage before moving on to the next.
Legacy: Organizations at the beginning of their journey will not have any cloud-ready applications or workloads, cloud services, or cloud infrastructure. Ad hoc: Next is ad hoc maturity, which likely means that the organization has begun its journey through cloud technologies such as Infrastructure as a Service (IaaS), which is the lowest level of resource control in the cloud. IaaS customers receive compute, network, and storage resources on-demand over the Internet and on a pay-as-you-go pricing basis. Repeatable: Organizations at this stage are starting to make more investments in the cloud. This may include establishing a Cloud Center of Excellence (CCoE) and examining the scalability of initial cloud investments. Most importantly, the organization has now created repeatable processes for moving applications, workflows, and data to the cloud. Improved: Cloud environments now operate efficiently and each new use case follows the same foundation established by the enterprise. Advanced Cloud: An organization now has most, if not all, of its workflows in the cloud. Everything runs smoothly and efficiently and all stakeholders understand the potential of the cloud in achieving business goals.
Cloud Security Maturity Model
Improving security is critical for any organization moving to the cloud. The cloud can be more secure than on-premises data centers, thanks to the strong policies and positions used by cloud providers. Prioritizing cloud security is important because public cloud breaches often take months to correct and can have serious financial and reputational consequences.
Cloud security represents a partnership between the cloud service provider (CSP) and the customer. Cloud service providers (CSPs) offer certifications about the security inherent in their offerings, but customers who build in the cloud can present misconfigurations or other issues when building on cloud infrastructure. Therefore, telecommunications service providers and customers must work together to create and maintain secure environments.
The Cloud Security Alliance, of which IBM® is a member, has a widely adopted Cloud Security Maturity Model (CSMM). The model provides a good foundation for organizations looking to better embed security into their cloud environments.
Organizations may not want or need to adopt the entire model, but they can use any components that make sense. The model's five stages revolve around the level of security automation in an organization.
No automation: Security professionals manually identify and address incidents and issues through dashboards. Simple SecOps: This phase involves some Infrastructure as Code (IaC) deployment and standardization on some accounts. Manually executed scripts: This phase involves more federated and multi-factor authentication (MFA), although most of the automation is still done manually. Guardrails: Includes a larger library of automation that expands to include multi-account guardrails, which are high-level governance policies for the cloud environment. Automation is everywhere: This is when everything is integrated into IaC and MFA and the use of federation is widespread.
Cloud native maturity models
The first two maturity models indicate the overall readiness of the organization; The Cloud Native Maturity Model (CNMM) is used to evaluate an organization's ability to build cloud-native applications (whether built internally or through open source tools) and workloads. According to Deloitte, 87% of cloud leaders are adopting cloud native development.
As with other models, business leaders must first understand their business goals before diving into this model. These objectives will help determine the necessary stage of maturity for the organization. Business leaders also need to look at their existing enterprise applications and determine the most appropriate cloud migration strategy.
Most “lift-and-shift” applications can run in a cloud environment but may not reap the full benefits of the cloud. Mature cloud organizations often decide that it is more efficient to build cloud-native applications for their most important tools and services.
The Cloud Native Computing Foundation has put forward its own model.
Level 1 – Construction: The organization is in the pre-production phase on a single Proof of Concept (POC) application and currently has limited regulatory support. Business leaders understand the benefits of cloud native, and despite being new to the technology, team members have a basic technical understanding. Level 2 – Operationalization: Teams invest in training and new skills and SMEs emerge within the organization. A DevOps practice is currently being developed, which brings together cloud engineers and developer groups. With this organizational change, new teams are defined, Agile project groups are created and feedback and testing loops are created. Level 3 – Scale: A cloud-native strategy is now the preferred approach. Efficiency is growing, there is increased stakeholder engagement, and the primary focus is becoming cloud native. The organization began implementing shift-left policies and effectively trained all employees on security initiatives. This level is often characterized by a high degree of centralization and a clear definition of responsibilities, but bottlenecks appear in the process and speed may decrease. Level 4 – Optimization: At Level 4, the cloud is the default infrastructure for all services. There is total commitment from leadership and the focus of the team is very much around cloud cost optimization. The organization explores areas that need improvement and processes that can be made more efficient. Cloud expertise and responsibilities move from developers to all employees through self-service tools. Multiple clusters have adopted Kubernetes to deploy and manage containerized applications. With a strong and well-established platform, the decentralization process can begin in earnest. Level 5 – Optimize: At this stage, the company has complete confidence in the technology team and employees are onboarded company-wide to the cloud-native environment. Service ownership is created and distributed to self-sustaining teams. DevOps and DevSecOps are ready to go, highly skilled and fully developed. Teams are comfortable with experimentation and are adept at using data to make informed business decisions. Accurate data practices enhance improvement efforts and enable the organization to further adopt FinOps practices. Operations are running smoothly, the objectives set in the initial phase have been achieved, and the organization has a flexible platform that suits its needs.
What is best for my organization?
An organization's cloud maturity level determines what and to what degree it will benefit from moving to the cloud. Not every organization will reach, or want to reach, the highest level of maturity in any or all of the three models discussed here. However, organizations will likely find it difficult to compete without a certain level of cloud maturity, given that 70% of workloads will be in the cloud by 2024, according to Gartner.
The more mature an organization's cloud infrastructure, security, and cloud-native application posture, the more useful the cloud becomes. By thoroughly examining current cloud capabilities and developing a plan to improve maturity going forward, an organization can increase the efficiency of its cloud spending and maximize cloud benefits.
Develop cloud maturity with IBM
Cloud migration with IBM® Instana® Observability helps set organizations up for success at every stage of the migration process (planning, migrating, and operating) to ensure applications and infrastructure run smoothly and efficiently. From setting performance baselines and right-sizing infrastructure to identifying bottlenecks and monitoring the end-user experience, Instana provides many solutions that help organizations create more mature cloud environments and operations.
However, migrating applications, infrastructure and services to the cloud is not enough to drive successful digital transformation. Organizations need an effective cloud monitoring strategy that uses powerful tools to track key performance metrics — such as response time, resource utilization, and error rates — to identify potential issues that may impact cloud resources and application performance.
Instana provides comprehensive, real-time visibility into the overall health of cloud environments. It enables IT teams to proactively monitor and manage cloud resources across multiple platforms, such as AWS, Microsoft Azure, and Google Cloud Platform.
The IBM Turbonomic® platform proactively optimizes the delivery of compute, storage, and network resources across the stack to avoid over-provisioning and increase ROI. Whether your organization is pursuing a cloud-first, hybrid cloud, or multi-cloud strategy, Turbonomic's AI-powered automation can help contain costs while maintaining performance through automatic and continuous cloud optimization.
Discover IBM Instana Observability Discover IBM Turbonomic
Was the article helpful?!
Yesno
