BP’s global IT division has completed a u-turn on its hybrid cloud strategy, deciding to bite the bullet and move all its workloads into the public cloud.
The oil and gas giant started to tinker around the edges of cloud computing back in 2013, when it moved bp.com to public cloud hosting.
At the time, according to BP’s director of shared services architecture Paul Schuster, the data centre modernisation strategy at the highly regulated corporation involved the sort of hybrid cloud model popular with risk-sensitive organisations.
“It envisaged a mixture of both public and private cloud but with a thin service integration layer over the top where we could run controls,” he told the AWS re:Invent summit in Las Vegas.
But the more the shared services team looked into its infrastructure options, the less appealing the hybrid approach became.
“Private cloud was looking very similar to our on-premise and our managed hosting products. It didn’t feel evergreen and consumption based,” Schuster said.
At the same time, the business grew “increasingly uncomfortable” with the skills and expertise its incumbent IT outsourcers had in the area.
“We were informed buyers, and we found we were leading our outsourced partner and asking questions they hadn’t thought about. We came to the conclusion that if we were going to do the transformation we were going to have to do it ourselves,” he said.
This period of technology soul searching has moved what was formerly a "1990s-type" outsourced IT shop stuck in the client server era to one with fully funded cloud transformation program, currently migrating its first two tiers of applications to AWS.
Schuster said BP was on track to cut 45 percent out of its annual hosting spend once the four-year migration is complete.
But he admits the move has not been without risk.
“Getting to cloud is really difficult for us,” he said.
“Bits of BP are financially regulated. We operate in locations where we are subject to data sovereignty. We run national critical infrastructure, so cyber security and operational integrity are really important.
“We needed to assure ourselves that we have the right controls around cloud consumption."
BP has teamed up with AWS partner Cloudreach to “pre-bake” security and authority frameworks into an automated cloud provisioning service designed to give internal application owners “one-click” compliance when they request new AWS environments.
Cloudreach’s Adam Temple said a ServiceNow portal enables the automatic resource provisioning process it has built for BP, which makes sure all the necessary checks are done before AWS resources are spun up for a business user.
Cloudreach has also built the oil company a Splunk-based event monitoring platform and an automated pipleline for generating custom machine images - pre-hardened and encrypted by default - to BP customers.
BP is now gearing up to switch off the first of its four major data centres - in Houston, Texas - and migrate or decommission the first 1000 of its 3000 line-of-business applications.
Any applications that it can’t get rid of or move to AWS are likely to end up in a co-located data centre somewhere in the future.
Paris Cowan travelled to AWS Re:Invent as a guest of Amazon Web Services.