The LORENZ Life Sciences Group hosted a private cloud on its own server space. In addition, a proof of concept for the Amazon Web Services (AWS) public cloud already existed. LORENZ was aware of the potential of the public cloud to achieve business and IT-focused goals more quickly. On the business side, LORENZ expected the public cloud to enable them to expand services for customers and improve the customer experience. On the IT side, the increase of available cloud resources, the elimination of user restrictions and the harmonisation or simplification of the IT architecture were of central importance. Using a cloud provider also provided opportunities for autoscaling, shortening time-to-market for products in the cloud and cost flexibility, which were other attractive goals for LORENZ. However, there were numerous unanswered questions for LORENZ on the way to the public cloud:
This was also followed by the overarching cloud strategy away from architecture and technology:
Is one cloud provider enough, should back-ups continue to be maintained on-premises and does a contingency plan exist? What happens to existing infrastructure components? For LORENZ, it was also interesting to know which requirements have to be fulfilled in order to open up new markets and how the time frame for the changeover would be measured.
The central topics at LORENZ were strategy, IT security and compliance, architecture with a focus on the initial situation and objectives, and the operating model. They were divided into workstreams and worked on. The constructive atmosphere in the discussions allowed an open exchange and quick results. LORENZ’s key players took part – from developers to IT operations staff to COO Dr. Philipp Wiederhold.
Due to the geo-availability, the public cloud makes it easier to provide the infrastructure according to a defined standard in other countries, so that LORENZ can more easily open up new markets in the USA and the Pacific region, for example, when using the extensive cloud services.
Action Packs decided
As a result of the Cloud Baselining Workshops, Action Packs were decided. The central items were defining and implementing IT security measures, defining measures for the technical infrastructure, working out compliance requirements and ensuring data protection. The action packs were created as concepts: These included a security and a crypto concept, backup and disaster recovery, a user management concept and risk assessment. In addition, concepts for cloud change management, logging monitoring and cloud validation as well as data privacy were defined. All action packs contain subtasks that were handed over to the LORENZ developers.
The Cloud Baselining workshops resulted in a roadmap containing the rough planning for the following activities as well as an effort estimate, which LORENZ can use to take the strategic steps to move from the private to the public cloud.
One of the lessons learned for LORENZ was that operational activities need to be more strictly separated from further development. The programme also includes qualification, staff recruitment and the completion of internal work to bring products into the cloud.