The cloud is no longer optional: a cloud strategy for 2017
Every so often, a technology stops being an option and becomes a condition of competitiveness. In 2017, that technology is the cloud. The question I hear from executives is no longer "should we go to the cloud?" but "what do we move first, and how do we do it without slowing down the operation?".
In short: the cloud is not "someone else's server." It's an operating model that changes how an organization invests, scales, and competes. Migrating well isn't about moving everything at once, but about prioritizing by value and risk, governing cost from the start, and treating security as part of the design, not as a patch applied later.
Why is 2017 the point of no return for the cloud?
For years, the cloud was sold as a way to save on infrastructure. That narrative fell short. What really changes is speed: the ability to launch a new service in days instead of months, to scale for a demand spike without buying hardware, and to experiment without risking a capital investment.
Organizations already operating in the cloud aren't competing on a level playing field with those that aren't. They iterate faster, fail more cheaply, and learn sooner. In 2017, that difference in pace stopped being a marginal advantage and became a structural gap.
IaaS, PaaS, and SaaS: what they mean for your business
Three acronyms sum up the cloud models, and understanding them avoids costly decisions:
- IaaS (Infrastructure as a Service): you rent compute, storage, and networking. You still manage the operating systems and applications, but without buying or maintaining the hardware. It's the foundation for migrating existing workloads.
- PaaS (Platform as a Service): the provider also manages the operating system and runtime environments. Your team focuses on building applications, not patching servers. It accelerates development.
- SaaS (Software as a Service): you consume a ready-to-use application, with nothing to install or operate. Email, CRM, and collaboration tools are everyday examples.
The right strategy is almost never to choose just one. It's to combine all three according to the criticality and maturity of each workload.
The three myths that stall migration
"The cloud is more expensive." It can be, if you replicate in the cloud the same waste you had on-premise. Well governed —right-sizing resources, turning off what isn't in use, and choosing the right pricing model— the cloud converts capital expenditure (CAPEX) into operating expenditure (OPEX) and eliminates the excess capacity no one uses.
"The cloud is insecure." The major providers invest in security at a scale very few organizations can match. The real risk usually isn't in the cloud, but in how it's configured: poorly managed access, data exposed by mistake, and lack of governance. Cloud security is a shared responsibility.
"You have to migrate all or nothing." That's the most expensive mistake. Smart migration happens in waves: first what delivers value quickly and carries low risk, then the complex parts, and you keep on-premise whatever makes sense to keep.
How to prioritize what to move to the cloud
Not all workloads are the same. A simple method to sort them:
- Business value: what gets unlocked if this workload becomes more agile or scalable?
- Risk and criticality: what happens if it fails during migration? Are there regulatory or data-residency requirements?
- Technical effort: is it a modern, portable application, or a tightly coupled legacy system?
With those three axes you build a map of waves. The first wins build confidence and fund the next ones. This is where enterprise architecture stops being a luxury: it provides the blueprint that keeps you from migrating chaos to a more expensive place.
Security and governance: design, not patch
The shared-responsibility model is clear: the provider secures the cloud; you secure what you put in it. That means well-managed identity and access, encryption, segmentation, and continuous visibility. Cybersecurity is not a final phase of the cloud project: it's a design condition from day one.
The other front is cost governance. The cloud makes it easy to spend, and that's why it makes it easy to overspend. Setting budgets, tagging resources, and reviewing consumption with discipline avoids the surprise bill many organizations discover in the third month.
What should a board of directors measure?
The cloud is justified with indicators the business understands, not just technical metrics:
- Provisioning time: from weeks to minutes.
- Cost per workload: and its month-over-month trend.
- Availability: the real percentage of uptime.
- Delivery velocity: how many new initiatives are launched per quarter.
Frequently asked questions
What exactly is the cloud?
It's a model for consuming compute, storage, networking, and software over the internet, paying for what you use, without buying or operating the physical infrastructure that underpins it.
Is the public cloud safe for sensitive data?
Yes, as long as it's configured correctly. Providers offer robust controls; most incidents come from customer configuration errors, not from the platform. That's why governance and security must be designed from the start.
Should you migrate everything to the cloud?
Not necessarily. The soundest strategy is usually hybrid: move to the cloud what gains in agility and scale, and keep on-premise whatever has a technical, regulatory, or cost justification.
Where do you start?
With an assessment that classifies workloads by value, risk, and effort, and defines a wave-based migration plan with initial quick wins.
The first step
The cloud has stopped being a technology decision and become a business decision. The question isn't whether to migrate, but how to do it with a plan that protects the operation and controls cost. At SUMāTO we help organizations chart that path: from cloud strategy to managed operations.
If you're evaluating your cloud journey, let's talk in a 90-minute assessment and prioritize the highest-impact workloads together.
