This past December, IT professionals from various industries joined leaders from Accudata’s cybersecurity and cloud teams at B&B Butchers for a panel focused on cloud maturity.
The panelists who were selected to participate gave insights from their extensive careers in IT on topics such as disaster recovery, multicloud use, and governance, as well as lessons learned from past projects.
Patrick Vardeman, Accudata CEO and moderator of the panel, opened the event with a message about what to expect from the discussion:
We know, from our experiences working with customers, that whether you’re planning on moving to the cloud or maybe you’re already in the cloud, there’s a lot of challenges. The security model is different, the cost model is different, the consumption model is different. In this panel, we’ll walk through our panelists’ experiences: what works, what doesn’t work, and things to look out for.
The first quarter of the discussion was geared toward disaster recovery. Patrick posed the question, “What challenges in your career have you faced when looking at the cloud as a disaster recovery solution?” Jeremy Manning, chief information officer with Gulf Capital Bank, spoke from his background in financial institutions on the challenges of getting government and regulatory entities to “embrace and acknowledge that [cloud] can meet the [bank’s] needs and/or be reliable and secure.”
The shift has moved, on the regulatory side, to really just look at that as saying, “Our expectations of you are to treat the third party that you’re dealing with for disaster recovery and resiliency no different than if you were doing it in-house.” So they’re holding me to the same standard as if I was deploying my own IT, my own infrastructure for DR, and they look at us to meet those same expectations.
Jovita Nsoh, director of strategy and innovation at Microsoft, talked about how cloud was easy to sell to customers because of its multiple uses and cost benefits:
It’s easy for service organizations like Accudata to go in and show the value of disaster recovery in the cloud by laying out the cost benefit. As a service provider and as a cloud vendor, we know very well that disaster recovery is very expensive. Not only that, but in the past, if you were hit with a disaster, you may never recover. It is business continuity and disaster recovery.
Multicloud was another big topic of the panel discussion. Panelists discussed the pros and cons of a multicloud infrastructure.
There was, if you remember around Christmas time last year, a gigantic outage with Netflix. That outage was with one particular cloud provider. Their DNS infrastructure was completely unavailable in a couple of the POPs on the east coast, which brought a lot of Netflix down, among a bunch of other things. Multicloud solutions will solve that problem. You will also have the ability to take a look at your global infrastructure in a different way, to make sure the resources are available with the lowest cost provider. You may, with good governance, find yourself thinking, “You know what? I’m with provider A, but this week, the commute with Microsoft is way cheaper. Let’s migrate over there.” If you decouple your solution to your service from the infrastructure, that becomes a lot easier for you to do.
You have a SaaS solution you wrote yourself, and you have used APIs from your cloud provider to write your SaaS solution. Now you’ve decided, “I want to go multicloud.” The problem you have is the APIs you have are specific to that cloud provider. Now you have to either figure out a way to rewrite the application or figure out a way to containerize it so you can actually start using multicloud. Once you get there, you have to start looking into global load balancers and caching engines. The complexity dramatically increases. So the question I always ask those who ask, “Do I want to go to multicloud?” is “What is the outage worth to you?” If the outage for an hour or two, or eight hours, is worth enough for the complexity, than do it. I can’t answer this question, no one on this panel can answer this question. Only the business owners can answer that question. If it’s not worth it, then it’s better and smarter to stick with that provider.
Fugro is multicloud. We use two of the largest cloud providers in the world. That brings a lot of challenges, and you would think, “Why would you end up there?” I think we’re a good case study because we’re a very decentralized business, which means each of our different entities could choose to run IT in a slightly different way as long as they were meeting all of our global governance. That led to having two cloud providers. Looking at it today, we have multiple petabytes of data in the cloud. If we want to shift from one provider to another, it’s almost impossible. It’s doable, but it’s a huge challenge. You can do things like put layers of abstraction in front of APIs so that you can switch between, say, Azure Blob storage and S3. It becomes more and more complex, so you do have to decide, is it worth it?
Ismael J. Carlo
The challenges and complexities that having multicloud brings are enormous. What you touch on costs, the whole cloud financial model, is kind of different… If you have AWS teams, you’re going to have an Azure team, maybe a Google Compute Engine team. You’re going to start looking for a unicorn. Not only that, but also think of your on-prem tools. When operations goes up, the cost goes up.
Jovita later spoke on the future of cloud from the provider perspective:
Today, as we mature more and more, the cloud is fast becoming the utility. If you think of “Who is supplying this electricity?” we don’t even know, and we don’t need to know. It could be coming from CenterPoint Energy, TXU, whatever. We don’t really care. At the end of the day, it’s just going to depend on the contractual relationships you have and the discounts that you get. Whether it’s being served from AWS, Azure, or Google, it’s going to be not much of a concern going forward. We are aware of that.
One of the final questions posed by Patrick was on lessons learned from previous migration projects. Charles had the following for people to keep in mind when it came to security:
You want to assume that the adversary is watching you as you’re building out your new infrastructure. It’s really easy to compromise an endpoint. If you look at some of the larger breaches, it doesn’t start with some back computer somewhere that nobody thought about, especially as you’re building out the new infrastructure. It really starts with the developer. Some developer who’s using the same bit of code or reusing credentials or something like that. That was the door that opened up to a breach that happened much, much later. You want to have that same level of governance that you have today, that same level of compliance that you have today, not after you get the cloud built but as you’re building the cloud. Every investment that you make, every hour that you build into that, has to be secured.
Not everybody’s goal for getting to the cloud is the same. If you better understand what the goals are, you can make sure that that migration is secure.
Click the video below to listen to the full hour-long cloud maturity panel discussion.