1. How has your IT operating model in cloud changed during the last five years?
As a security company, we have been thoughtfully embracing cloud over the past five years. For me the big shift is going from “Why cloud” to “Why not cloud” in everything we do. We’re not only helping our customers by delivering solutions with a cloud-first orientation, as a company we’re also embracing the many opportunities that come with using cloud technology.
However, the introduction of cloud in any organization does require changes in the operating model in several areas. In infrastructure management, there needs to be a shift from racking, stacking, and building to designing, monitoring and optimizing for effective performance and cost management in the cloud. Identity and access control is also a crucial element for protecting company information, and this needs to be integrated and tightly managed with the corporate IAM policy for data protection and other compliance reasons. Capabilities like single sign-on become paramount to avoid multiple user ID and password scenarios. This is both a user experience issue and potential security threat, as users may record ID and passwords which could be easily compromised. Finally, every cloud vendor has varying levels of sophistication and access when it comes to security. Depending on the classification of the application/infrastructure, the security architecture needs to enforce the same rigor, level, and appropriate monitoring.
As the leading cyber security company, Forcepoint understands that there are inherent and important security issues that come with embracing the cloud. When considering cloud opportunities, security is first and foremost for us in its adoption and implementation. By definition, the cloud should enable more agility and speed. However, if designed incorrectly the cloud can become multiple islands of applications and infrastructure with very little information sharing. This suppresses business effectiveness significantly. Having a conceptual integration and information architecture is the key for a successful cloud implementation.
In addition, not having a hybrid security architecture can stifle notably the agility and outcome in the cloud. Many assume the cloud in and of itself is safe, and additional security is unnecessary. The analogy I use is, being in AWS is like having a house in a gated community. Just being in a gated community doesn’t guarantee security from burglars. It’s crucial to design appropriate security and access controls in the cloud which meet company security objectives and standards.
Shifting to the cloud is both a blessing and curse in some ways. As an IT person, you lose access to some granular details; however it frees bandwidth to do more valuable things, like focusing on availability, monitoring, and performance.
It’s said “You are only as strong as the weakest link in the chain.” With regard to availability, if the service you offer sources from multiple clouds or vendors, then understanding the dependency and ensuring the SLA requirements meet the SLO promise for the service you offer to the business is compulsory. Monitoring requires clearly understanding what the vendor and what you are responsible for in the stack. For example, Salesforce offers certain levels of service assurance on SFDC objects; however any extensions or services built-on the Force.com platform are not monitored automatically in the SFDC console. Lastly, if your service requires any SLO based on performance, make sure you have an agreement with the cloud provider. In many cases, deeper access to the cloud vendor stack isn’t a given, so be cautious before making any promise on performance based SLA. However, I do strongly encourage setting an SLO for performance, working closely with the cloud vendor, and monitoring them to ensure superior experience for the users.
"Having a conceptual integration and information architecture is the key for a successful cloud implementation"
I am very excited about deep learning and artificial intelligence. We have generated 10 times more data in the last year compared to the last decade. This will accelerate with IoT and complex, experiential, virtual systems. This poses a challenge for data processing and rapid intelligence gathering. Systems need to quickly classify and process data (e.g.: fog computing vs. cloud computing), and determine its life expectancy.
This complexity also demands greater security sophistication. The focus needs to move from perimeter to data. In most cases data is influenced by humans, so good security strategy needs to have data and humans as core elements.
It’s hard to distinguish any more where I don’t have technology in my life today. Alexa wakes me up in the morning, Siri takes my to-do list on the drive to work, my Apple watch alerts me to the steps I need to take to reach my daily quota, Touch ID unlocks my home alarm and Nest drops the room heat in my bedroom, reminding me it is time to go to bed. I feel in some ways technology is integrated in every step of my life.
On the professional side, speed is the name of the game for winning. In my opinion, there is very little distinction between IT and business today. Successful companies treat IT as business and drive an integrated roadmap between IT and business goals to meet growth objectives.