Application Portfolio Management - One Method, Many Possibilities

Many IT organizations struggle to keep their application data up to date. Investing in this practice may seem difficult to justify, feeling more like “IT for IT” rather than driving tangible business value. But those who see past this misconception may find a significant (and valuable) reward.

For starters, Application Portfolio Management (APM), is a well established framework for managing the lifecycle of software applications and services. When done correctly, APM goes beyond the basics of managing application inventory, creating a visible link to capabilities, and metrics that illustrate value to the business.

When combined with appropriate details (such as contract details, version/road map information, financial information etc), the APM framework can be used to rank and score applications to assess which ones should be Tolerated, Invested (in), Migrated or Eliminated. (TIME analysis – Gartner).

To be sure when our clients get to this stage in their APM journey they see significant value, in the form of:

  • optimized (and reduced) application spend
  • reduction in application redundancy
  • improvements in ability to manage the application portfolio
  • avoiding regret spend by not investing in end-of-life applications
  • closing spend leakage issues (e.g. overpaying for licenses, spend on obsolete software)
  • free up valuable resources to invest in new capabilities (CIO’s report that up to 80% of their budget are spent managing / maintaining current state)

While valuable, this is the only the beginning of the potential. Once you are sitting on that gold mine of application and service information, it can be leveraged and extended to anchor and support IT budget, planning and strategy. In fact, almost all significant IT change efforts whether they are functional model changes, business planning & engagement, outsourcing/co-sourcing, data center strategies, or the adoption of new platforms and technology, by necessity have to start with a thorough understanding of the current application landscape.

Recently, cloud readiness and migration has become a hot topic. We have seen many examples of clients eager to take advantage of what cloud providers have to offer – with good reason – but without a solid understanding of their current application inventory, and the ability to appropriately map those applications to the right cloud migration strategy, they end up frustrated and some even abandon the journey, missing out on the many significant advantages of moving to the cloud. This step is so critical to the success of any cloud adoption strategy, that universally, cloud providers recommend that an APM initiative occur prior to starting. Yet many organizations bypass this step, thinking they will save cost and that staff can figure it out along the way. While it is inevitable that issues will arise with any major change, there are some simple (not easy…simple) but effective tactics that can be taken to minimize surprises and set your cloud journey up for success. The following steps are taken from Beniva’s cloud readiness framework (illustrated below), and make-up the “Evaluate” phase.

1) Execute an APM process, but go beyond TIME quadrant analysis. By consolidating data and mapping your inventory to business capabilities, application cost & complexity is easily understood. While valuable, the TIME quadrant only supplies information related to managing the application or service lifecycle. Use the base of the APM information captured and extend it to include details of the application and service architecture, data & integration complexity and user experience. By extending the base data to include these elements, a matrix can be created that enables effective decision making and change planning. This can be accomplished through an effective enterprise architecture practice.

2) Ensure your current data center footprint is understood. Once you have the application inventory, this step should be easier. To finish the job, there are several automation tools that can save significant manual effort and resources. In addition to inventory, its important to ensure your current data center contracts are well understood and recent / planned major hardware investments are known.

3) Ensure the current state of cyber-security (architecture and policy) and network infrastructure are understood. This cannot be over-stated. Cyber-security and Network architecture simply cannot be an afterthought with any cloud strategy. Its not only policies, but existing tools, capabilities, capacity and utilization need to be understood. Moving data, services and processes back and forth in the cloud has different implications than moving it within the walls of your organization. By including this analysis early in planning, architecturally significant risks can be mitigated. Moreover, by having cyber-security folks involved early on, they can be a part of the solution rather than getting into the types of debates that chew up a lot of time and resources and create resentment (single vs. multi-tenant anyone?). This step also allows planning for any new tools or capabilities that must be implemented ahead of the journey – potentially smoothing the waters once the program starts.

Another area that has the potential to cause major heartburn is network – specifically bandwidth. Dropping hundreds or even thousands of users onto the cloud can place a choke hold on your network. Proper understanding of current state utilization and planning for future loads and peaks will go a long way to reducing surprises and business impact.

4) Create your cloud readiness plans based on the good information you now have. Creating a matrix that identifies a fit-for-purpose approach to cloud migration, you can clearly plan our your project, know where you will achieve ROI and mitigate risk. Depending on your business and complexity, you might group them like this:

  • Category 1 – Small: Lift & Shift. Light, low complexity applications. These applications do not require change (or very minor change) to operate effectively in the cloud. They also do not warrant investment in rearchitecting to gain cloud efficiency. This category is a great starting point for the cloud journey, relatively low risk, does not require mass adoption of cloud tools and allows teams to start the journey efficiently. However, ROI may be limited with the lift and shift approach, making the business case harder to prove. Agile delivery is required to ensure applications are migrated efficiently with feedback and learning incorporated. The key with “lift and shift” is to build capability to leverage what we’ll call the cloud “thermostat”; that is turning computing power up or down, off or on, depending on usage needs.
  • Category 2 – Medium: Optimize Design. These applications have some complexity (custom interactions, data integration, security etc) and require low-moderate architecture change to work effectively in a cloud computing environment. They can be optimized by adopting additional cloud tools and practices (in doing so, the target moves from pure IaaS – Infrastructure as a Service, to PaaS – Platform as a Service, as these applications start “moving up the stack”). Once migrated, these applications may require adoption of continuous delivery capabilities within the operations and/or delivery teams. While project costs may be higher, return is also higher, making the business case more palatable. Before starting on category 2’s, it is important to understand the current state architecture of each application and the foundational security, network (bandwidth), data integration and consumption needs.
  • Category 3 – Large: Re-architect For Cloud. These are the most intensive applications. These applications will often require full re-architecting of major components to be optimized for the cloud. Additionally, IT capabilities should be in place to automate processes, manage usage, and execute DevOps practices. This can be thought of as exploitation of full PaaS capabilities available through the cloud and adds a new element to the business case that moves it beyond reducing data center costs.
  • Category 4 – SaaS (software as a service) candidates. What about when you don’t need to move to new infrastructure? It may make sense to move to a SaaS version of the software or service. The key is understanding the expected user experience and core security and data management requirements for each SaaS application. A SaaS readiness framework that includes a basic requirements checklist can help streamline this process.

To recap, a robust Application Portfolio Management process can be leveraged for many purposes – including planning for the cloud, as illustrated above. By starting with a bit of upfront information gathering and planning, you can effectively mitigate risk and evolve to the cloud in a responsible, secure manner – enabling your organization to then take advantage of the multitude of competitive digital advantages available through cloud computing. Let’s talk.