Transforming IT for cloud success

As CIO Neil Holden moved his company, Halfords Group, further into the cloud, he sought to do more than simply “lift-and-shift” IT operations.

Rather, Holden — like most CIOs — wanted his increasing use of cloud to enable and shape the company’s transformation agenda. To succeed in that objective, he knew he had to transform not just the tech stack but his own IT department as well.

“You definitely have to look at your own IT [department] structure with any kind of cloud adoption,” he says. “IT has to operate very differently now not just because of cloud but because of what cloud means to the business.”

So Holden, who has been CIO at Halfords — the UK’s largest retailer of motoring and cycling products and services — since 2017, developed a strategy to reorganize his tech team. He did that as he was devising the company’s overall cloud strategy, seeing that as the best way to ensure his staff could seize on the capabilities that the cloud provides and the business opportunities that the cloud could enable.

“You have to have the right organization to achieve that, because if you’re just going to stick your stuff in the cloud, you’re not going to leverage those investments [to their fullest],” he says.

CIOs along with researchers, consultants, and advisors agree that IT must change itself, how it works and how it organizes its workers, if it wants to gain the most benefits out of cloud computing.

Otherwise, they say, IT simply moves the location of its servers from its own data centers to someone else’s — and risks missing out on the innovation, transformation, and speed to market that cloud adoption enables.

“You can’t take your same skills and teams from on-prem to the cloud. That’s where you’re going to fail,” says Sushant Tripathi, vice president and North American lead for cloud transformation at Tata Consultancy Services. Instead, CIOs need to retrain and reorganize IT to take advantage of all the bells and whistles that cloud offers, he says.

Here, four IT leaders detail how they have taken action on this front.

Leaving behind linear processes

Holden’s reorganization focused in part on eliminating linear software development, a linear project process and the department team structure that accommodated that linear approach to getting work done.

“We changed our structure entirely,” he says.

Previously, Halford’s IT function was conventionally organized with a structure made up of separate teams for business analysis, solutions design, infrastructure, and so on. Under that organization, work moved from one team to the next down the line.

“Someone would talk to the business, hand off the requirements to the design team, and that’s then handed over to delivery and infrastructure teams,” he says, explaining that the teams worked independently and created agreements between themselves that hashed out each team’s deliverables and timelines. “Now all that [work] happens within an agile circle with iterative delivery, so the linear process has all been crushed together.”

Here’s how he did it: Holden hired cloud architects, who brought cloud integration experience and training to the agile methodology Holden embraced. He also trained existing staffers in cloud skills and the agile method. And he hired agile coaches to work with his IT team. Then he broke up those distinct, independent teams and created Scrum teams staffed by product owners, business analysts, solution architects, front-end developers, back-end developers, and testers.

The new Scrum teams worked iteratively instead of in a linear mode to speed up the delivery of new capabilities and features, allowing IT — and the business as a whole — to capitalize on the company’s cloud investments.

“A big part of this change wasn’t just cloud but changing the hearts and minds of people. So we put a huge amount of effort into training,” Holden says, adding that he orchestrated a nearly clean cut-over to this new structure in late 2021.

Holden says he sees the value of this reorganization in his team’s ability to more quickly. He calculated that one project, created and deployed in 42 days by his revamped IT team, would have taken the old IT department 152 days to complete.

Cores and chapters to unlock cloud talent

Arizona State University CIO Lev Gonick has similarly reconfigured his IT team to better seize on the opportunities cloud provides.

That reconfiguring didn’t happen right away, Gonick says. ASU started its cloud journey a decade ago with experiments, before becoming more strategic and aggressive about cloud adoption when Gonick became CIO in 2017. ASU now has about 85% of its workloads in the cloud.

Gonick says his team had to change if it was going to be agile enough to keep pace with business needs and scale as the university grows. Gonick’s solution was to “fundamentally flatten the organization.”

“It was a high-stakes gamble on my part,” he says, noting that he decided to make the changes during the early part of the pandemic. “What we did instead of having vertically oriented teams, we created series of ‘cores,’ which is the language of large software development shops.”

Gonick says these cores represent “rapidly reconfigurable pools of talent” with each one focused on five specific areas. He says the majority of the teams and their work is organized around five cores, which are professional development communities around a common practice. There are four technical cores: engineering, service delivery, product and programs, and data and analytics; the fifth core is related to learning experience.

Managers in the product and programs core bring the right combination of talent together to work in chapters, which Gonick likens to work groups; for example, there are 30 engineering chapters.

“The reason we did this is to make sure we’re aligned to what the cloud affords us the opportunity to do,” he says, adding that this organizational structure lets IT professionals stretch and exercise their talent by working on diverse projects “rather than be in a salt mine and work day in and day out with the same set of tools.”

He adds: “It’s really about unleashing human talent. This is my own personal view here, but most enterprise technical teams are steeped in hierarchical organizations that suffocate way too much of the talent. Most [professionals] have a breadth of knowledge that they rarely have a chance to explore, share, and build. But this affords our teams the opportunities to grow as a professional community and to be highly engaged — not only between themselves but with the business.”

Centralizing teams for cloud success

Like ASU, Liberty Mutual Insurance has been on its cloud journey for the past decade, starting off with experimentation before going all-in six years ago for its ability to “give us speed to market, drive costs down, and give us flexibility in turning on and off capabilities,” says Monica Caldas, who became Liberty Mutual’s executive vice president and global CIO in January after serving in two other executive IT roles at the company since 2018.

Throughout Liberty Mutual’s cloud journey, IT leadership has focused on developing the talent and skills needed to move from an on-premises environment to one that’s mostly in the cloud, Caldas says. “It became a large-scale transformation [in which] everyone had a part to play.”

As part of that, Liberty Mutual’s infrastructure team needed to be reshaped, as it no longer needed to maintain the same expanse of hardware that it had managed over the years. Instead, the infrastructure team was transformed into a centralized digital services unit with a global mandate focused on cloud capabilities to be leveraged across the company.

Caldas says infrastructure professionals previously had been focused on working with and supporting the company’s business units, “but they didn’t have one single set of strategies with one roadmap on where they were going.”

Under the new structure, where the new digital services team has a global mandate, they are creating repeatable processes that the entire company can easily access and use, which “generates that flywheel on the speed of delivery,” Caldas says.

Moreover, the digital services team, because it is centralized, does this more efficiently, saving costs she says. And the team is able to do so more effectively, as team members are able to hone their skills, refine processes, and thus deliver high quality results.

“Our Global Digital Services [GDS] team is a centralized function that ensures critical business applications are always available. With over 70% of Liberty Mutual’s application and infrastructure footprint operating in the public cloud, GDS has oversight of the company’s global cloud and DevOps architecture and operations, helping the company work faster,” Caldas says.

Other IT teams then focus on delivering solutions for business needs.

“We have technology teams who are also focused on driving outcomes for our core business units with a mission of delivering differentiating capabilities in service of our customers, agents, clients and partners,” Caldas explains.

On a similar note, Liberty Mutual IT leaders have also created a centralized cybersecurity and operational resilience team focused a global mandate to ensure “secure, stable systems.”

Caldas adds: “Today, we are aligned as a global organization oriented around a single set of strategies, roadmaps, and vision statements about where we are going. Everything is digital-first for our customers, agents, clients, and partners, and our cloud journey brings it full circle in terms of how we use technology as a competitive enabler.”

Consolidating teams for better security operations

For Brad Stone, CIO of Booz Allen Hamilton, cloud enables the speedy delivery of needed capabilities and supports business innovation and transformation.

“We have organized ourselves to make sure that we can capitalize on that,” he says.

That includes how he has approached his security strategy, an area Stone believed needed to be transformed to ensure Booz Allen achieved the successes it sought from its cloud investments.

“You’ve got to set a strong foundation between your cybersecurity and your IT operations teams,” he says, stressing that consistent security operations across the enterprise helps identify and reduce risks.

Stone, who also oversees security, says security operations at Booz Allen had previously been structured under three infrastructure-based units: one supporting on-premises infrastructure, another supporting cloud, and a third supporting the company’s software-as-a-service platforms.

Despite all three teams reporting up a single leader, each team optimized for itself, resulting in individual stovepipes and technology inefficiencies, Stone says. Moreover, the differences between each stovepipe also meant more work for security teams trying to manage and mitigate risks. In fact, it fostered “a legacy mindset” as well as a fragmented approach with security thinking it needed certain tools for on-prem and others for SaaS and still others for commercial cloud.

“We struggled with commonality, common visibility, and we just had too much churn,” Stone says. So he collapsed the three infrastructure teams into one integrated infrastructure and compute team, so “it was not on-prem versus cloud” but instead “made it more of a team sport” — with workers from each of the original three teams being cross-trained to break down the silos and work as a cohesive unit capable of supporting all flavors of infrastructure that exist at Booz Allen.

That work took about eight months, happening in 2021 and into 2022, Stone says, adding that the integrated infrastructure and compute team has enabled Stone to modernize security operations to better suit the company’s mixed technical environment.

“Our security team could better integrate,” he says. So instead of security operations addressing availability, reliability, and confidentiality requirements for each individual stovepipe, it could address that triad across the entire infrastructure landscape. That makes security both more effective and more efficient.”

To illustrate this, Stone offers the following example: “Let’s say you have a critical vulnerability for an open source piece of software. When you have your different infrastructure run separately and you’ve created some stovepipes between them, you have a harder time responding at the speed of the threat, to discovering and remediating,” he says.

But by collapsing all three into an integrated infrastructure team, security is able to use common tools, a single IT service management solution and one configuration management database across the whole — upping the ability to discover and respond to security issues in a timely manner.