The Year is 2030 — Your Enterprise IT is 100% in the Cloud

Travis Hodge, Peter Truman, & Eric Tan
Travis Hodge, Peter Truman, & Eric Tan

Peter Truman — Director, Global Technical Solutions Consulting, Coupa Software; and former CIO, Wilko (a $2B British-owned retail chain store)
Travis Hodge — CIO, Llamasoft (a Coupa Company)
Eric Tan — SVP, Technology, Coupa Software

Read time: 8 mins
Supplier Risk Management and Vendor Risk Management 100% in the Cloud

Adventures of 3 CIOs that have built a pure SaaS tech stack

The global pandemic has accelerated digital transformation for many companies, yet a majority of enterprises continue to run workloads on-premise. According to the CEO of IBM Arvind Krishna, only 20% of the world is running on the cloud.

In the initial days, it was all about startups, new workloads, point solutions. Now, production workloads and volume transactions are being processed through SaaS platforms. What will drive cloud for the next 10 years will be economies of scale. If you don’t move to the cloud, you won’t save money. The cloud also provides opportunities to deliver services and at a scale that were all but impractical with on-premise technologies.

How do you develop constructive, collaborative ways of delivering this information to the business executives that are paying for these services and administering them.

We interviewed 3 CIOs to get their perspective.

  • Peter Truman — Director, Global Technical Solutions Consulting, Coupa Software; and former CIO, Wilko (a $2B British-owned retail chain store)
  • Travis Hodge — CIO, Llamasoft (a Coupa Company)
  • Eric Tan — SVP, Technology, Coupa Software
1. How do you manage cloud based service providers? What are the key aspects of service management that are critical in a cloud-based delivery model? Can you contrast these with an on-premise or outsourced delivery model?

The most notable challenge running a cloud-first environment is being responsible for a centralized IT group where they do not control all the SaaS services being used across the organization. In an on-prem model, I can control aspects of infrastructure and application management where I have in-house people I’ve hired to be responsive and support.

In a cloud first world, there is a significant amount of dependency and trust that needs to exist through the entire technology supply chain of suppliers. Trust that the company will be around for the foreseeable future, trust when something breaks I can get reliable support, trust that they are keeping their end of the bargain to keep things secure.

Today in selecting a Cloud provider, CIO’s lean more towards reputable Cloud vendors that have proven to make right choices and invested in enterprise grade operations, security and development. Among things that I look for in a SaaS vendor include:

  • Responsiveness of support & engineering organization
  • Openness in sharing when things have gone wrong
  • Transparency in cost of billing and services
  • Dependability of product during upgrades
2. What are the critical skills that an IT team needs and do you see this as particularly different for an on-premise team such as would be found in any “legacy” IT department?

In the old days, the skills of the IT team were centered around having knowledge how to partition disks, tuning performance, connecting networks, etc for the applications you support. The benefit of a cloud-based model is a lot of the infrastructure management has been taken care of for you.

A strong technology team today must have strong skills in the following areas:

  • Ability to understand critical business process / data flows — Understanding the data sources, stewardship and governance has become very important — given how fast cloud providers come and go, how people within the organization come and go.
  • Measuring true ROI and value for money — Being able to account for the CFO which individual department is spending on IT across the organization. It was easier in an on-premise environment where all the spend had to go through IT. Not as easy when teams are circumventing IT and seeing more SaaS proliferation. Need more visibility.
  • Supplier risk management — Getting a better handle on the risk profile of each IT supplier. A lot of data is being shared with third party SaaS providers, and it has become increasingly to control granting of privilege access and sharing of data with third parties. Lastly, understanding accountability for data when a supplier is offboarded is often forgotten.
  • Security and compliance considerations — Ensuring functional teams understand and care about our compliance requirements — SOX, PCI, FedRAMP, etc. Ensuring we implement comprehensive vendor risk management and thus have an understanding of the risk of 4th and 5th suppliers that the SaaS vendor is working with.
3. Have you found staff development and change to be any different to an on-premise model? If so, how have you adapted your own leadership style to build a great team?

Staff development is different, in an on-premise model you saw employees grow through learning at a slower pace. With the cloud model you move much more quickly to progressing staff to be more impactful to the business.

Staff that previously could only focus on end-user computing is enabled by SaaS platforms to help solve business problems through the use of automated workflow: think about tools like Microsoft Flow, Power Automate, or tools like Workato automating daily work away.

My teams had to change from managing the technology themselves to managing a service; this is quite a mindset shift for many staff. A real challenge is helping staff to develop a service mentality. I found this to be a gradual change process that comes with continually explaining and communicating the rationale and benefits of a cloud approach.

4. When selecting a cloud-based service, what are the critical areas to look for from an IT perspective (assuming functional / business fit is good) and how do different factors influence your (or team’s) decision making process during that selection?

One of the most important factors that is missed is how fast is the tool being improved, if the tool is stagnant and not being improved then your ROI stays the same as you originally figured it. However, if the tool is being expanded at a quicker rate than its stagnant partners then you may be able to revise that ROI after you have purchased the product which only helps CIOs, CTOs, and technology leaders sell their next need for more budget.

Another factor is time-to-implement, like the above if you can have a very fast implementation then your time to start your ROI is quicker than if you have a multi-month implementation cycle.

Integrations are another factor to consider, if this new product can integrate to other products then your service portfolio will be more seamless and provide your customers, being internal or external, with a better overall experience.

Willingness of the provider to be a partner is another factor that I see as important, if the software provider is giving really great rates and extending those terms for an extended period of time then we capitalize on that, especially if you have a rapidly growing company.

The ability to deliver a service that delivers the non-functional capabilities (availability, security, reliability and all the other “-ities”) is really important from an IT perspective. This requires real discipline from the IT team to look into the service rather than how the technology is built. When we consume a service, we shouldn’t really care how it is built, but should care deeply about how it delivers the services we need. As with staff development, that requires a change in mindset and approach in evaluating vendors.

5. What are the top 5 things that keep you awake at night? And how do these compare with a typical on-premise delivery technology services list?

Five things that keep me awake: 

  • Internet Outages 
  • Service availability 
  • Shadow IT 
  • Budget
  • You cannot end this without mentioning the annual Amazon East outage.

The Internet outage is becoming less of a problem these days with most staff having the ability to work from home if the office gets hit with a multi-fiber cut, however in other countries things like this will send devastation as speeds of residential Internet do not reach the fat pipes that staff are used to using at the offices.

Service outages are common these days and even staff are more willing to accept outages as long as they are notified about them, having a good procedure/platform to notify staff is crucial.

Shadow IT is a problem as no one can fix the security risks associated with platforms that they don’t know about, anyone wielding a credit card or the ability to expense services with no one questioning it has now poked a hole in your very secure environment that was purpose-built.

Budgets are tight these days, heads of IT are going to fail if they cannot look at business goals and tie their projects back to them, best case scenario you get someone outside of IT to champion the need for the business.

Lastly, Amazon East, well we all know that even if you put your services in another region a blow to Amazon East will send the rest of Amazon Web Services for a ride through the lack of service or the onslaught of people moving their services from US-East to say US-West.

The surprising omission from this list is security. When I previously looked after a largely on-premise IT environment, security was number one in the list that kept me awake at night (and sometimes woke me up!) Cloud providers are not 100% perfect, but security is so critical to their business that the measures put in place are generally much more robust than any internal security policy and controls that I have ever seen.


We all agree that cloud based services are the future, if not already here. We have all been able to deliver services with reliability and availability that would have been cost prohibitive in an on-premise environment. The costs of providing these services have reduced and we can spend more time on value adding projects and services. IT team dynamics and shape have evolved to delivering business value rather than simply keeping the lights on. Our teams are now part of the business, not the techies sitting in a cave supporting the business. They are the business.