This week we have a very special guest joining us for Lancom TV, Darryl Grauman, the VP of Cloud and Services at Westcon APAC.
In this episode we discuss the AFTER cloud factor.
The move from in house servers to cloud computing has meant a shift of responsibilities. In this 3 part mini series we take a closer look at what this change means for you.
Part 1: Procurement and management
Part 2: Security and cloud
Part 3: What should you look for in a reseller
Transcript
Part 1: Procurement and management
Hello, everyone. Welcome back, another episode of Lancom TV. I'm sitting here with Darryl. Darryl was the VP of Cloud and Services for Westcon APAC. Hello, Darryl.
Hey, thanks for having me.
No worries. My pleasure.
Pretty cool setup, you guys here. I'm actually really impressed.
Thank you.
Very, very, cool.
Thank you. So, as the title states, Darryl is a cloud computing man. So, he is fully embedded into the world of cloud computing. And I brought him today as a guest to talk to us about governance and cloud computing. Now, we all know that cloud is the way to go, many New Zealand businesses are already there, but, today we're going to address what should happen after you move to the cloud. Isn't it, Darryl? So, I've got a few questions for you, as usual.
Shoot.
I will fire away the first question. So with cloud computing coming on board there was a change in procurement, wasn't there?
Yeah, big one.
So, could you just talk us through that?
Okay. So, if you're kind of my age, you know, older, you remember back to the old days, where, you know, if somebody wanted some IT infrastructure, they use to prepare business case first.
Yes.
You know, you used to have to go to procurement, and would go negotiate with a couple of vendors, and trying to get a price, and had to go through a couple of sign-offs. And finally, you got your server after about six weeks of waiting. But, nowadays, one engineer has to push one button, all right, and straight away they can have a server deployed. So, we've effectively given our engineers delegated financial authority to go out and deploy a whole load of infrastructure into environments. So, the second that they deploy that infrastructure, and it can be 1 server, it could be 10 servers, it could be 100 servers.
That's right.
All right? You're getting charged for them. Whose deployed them? How many have been deployed? For what? How longer are they gonna be there? All of these things are up for grabs. And so, my question is this, who knows about it?
And that's what I was gonna question you about next. That's a very good time. So, what are cost in asset management and governance like? What does that look like in cloud computing day? Since the engineers took that function as we mentioned before.
Yeah. So, what it means is, is that there are some new things that have to come over and above the engineering practice. So it's about having the ability to see into the environment and understand, how many instances are there, how big the instances are, how long they've been running, what they're doing, how they're being built. And the key here is, is also not just to be able to see them, but also to be able to alert on them.
That's right.
So being able to set thresholds like, "I want to be paying $1000 a month, and if it looks like halfway through the month I'm gonna exceed this, I want my CFO to know, all right?"
To know, exactly.
Or, "If I've got 10 servers that are not being utilized more than X percentage, all right, I want my SDM to know about it, all right, because I'm paying for this." So, these are some of the policies that have to slowly start to come into play around governance, financial analytics, and alerting. Okay, it's still asset management but it's more.
It's getting that feasibility, right? Yeah, but also doing something about it.
Yes, yes.
So, I wanted to move on to a topic where most of us, I guess, are a bit concerned about now, right? So, cloud computing and security. I have migrated my computers to cloud. Is it secure? And what does compliance look like and security look like in cloud?
Okay.
Part 2: Security and cloud
These are some of the policies that have to slowly start to come into play around governance, financial analytics, and alerting. Okay. It's asset management, but it's more.
Yes. Yes.
Assets and governance and financials and all of that, but I want to move on to a topic where most of us are a bit concerned about now, right?
Yes.
So, cloud computing and security. I have migrated my computers to the cloud.
Okay.
Is it securer? And what does compliance look like and security look like in the cloud?
Okay. So, security, first of all, is the biggest hindrance, or the biggest blocker, to people actually moving to the cloud.
Moving to the cloud. I agree with you there.
Once people have gotten over that. Now one of the questions is, is what happens when I'm there? How am I going to manage it? How do I understand what my security policies and everything looks like? I've got all these people looking at it. There are ways and there are tools and systems that can be deployed over the top of any cloud implementation, so that a Chief Risk Officer can actually have a complete view of compliance, across an entire cloud account or series of cloud accounts. They can dig down into what the resultant security policy is and get a graphical representation of it. And either the Chief Risk Officer or the IT Reseller, who is responsible for the environment, should be monitoring that on a daily basis.
Yes.
And they should be alerted to anything outside of policy. There are ways now that you can scan a cloud account, and put a policy over it, which is let's say a PCI compliance policy.
Yes.
And actually see how compliant you are with that policy, and work to remediate. And then set alerts if anything is deployed into that cloud account that is contravening policy.
Right.
So, all of these tools are there.
So, all of those things are there. It's just about having the right people play with them, I suppose.
Correct. And people who know what they are doing.
Exactly.
And it's about being proactive at the beginning. When you're planning a migration, great, but prepare the end state, alright?
Yes. Yes.
And prepare to know where you're going to land, and know you're going to be secure. At the end of the day, nobody wants to be another Equifax; nobody wants to get hacked, nobody wants their information out there, alright? And that's from an IT Reseller's perspective, as well as the end user customer.
Absolutely. Hands down. Neither of us, including the IT Reseller, wants to get hacked. So, we talked about the right people on the job, my question to you then is who should be looking after the governance pieces, right? There are different components we mentioned so far, who is the best person to look after those things?
Part 3: What should you look for in a reseller?
And it's about being proactive at the beginning. You know, when you're planning a migration, great, but prepare the end state, all right? And prepare to know where you're going to land and how you're gonna be secure.
So we talked about the right people on the job. My question to you then is, who should be looking after the governance pieces, right? There's different components we mentioned so far, and who is the best person to look after those things?
There are different roles in different organizations. So, you know, you've got an IT manager, or a finance manager, or a CFO that wants to actually see what the forecast on cloud computing looks like, all right? And they wanna be alerted if there's any type of overspend, all right? Then you've got the IT manager as well who, maybe, wants to see how many servers have I got? How much of this? How much storage am I using, that kind of thing. Then you've got your security and risk guys, all right, who need to see the security compliance piece. So, it's about being able to provide the right information to the right people at the right time, okay? And the best way to do it is to provide them with a dashboard that they can see, as well as the proactive alerting, all right, which they can get, you know, as and when needed. It's no use telling somebody that they've gotta dive into screeds of information to get what they're looking for. It needs to be right there in front of them.
An instant, isn't it? Yeah.
Instant, absolutely instant, yes..
We are wrapping up now, so my final question is, obviously, that works really well in mid-sized organizations and perhaps a bit larger organizations where you have all those internal resources to be looking after those different pieces and components of the cloud. But if you are working with a reseller that is taking care of that for you, what should you be looking for in that reseller? What should they be doing for you? What does a good reseller look like?
That's right. So, look, it's, kind of, like I said before, your reseller should have the ability to take you to the cloud, all right, to move you to the cloud.
To migrate you, yeah.
All right? But they should also understand what the end state looks like, all right? And they should also be able to go, "Well, okay, hold on a second, all right? This is what it's gonna look like in a year's time." You know, we've got one organization that put a business case to go to cloud and, using the right policies and processes, stayed over two years within 99.7% of their original business case...
Wow. That's interesting.
...because the right policies were there. So it's about understanding. So, you're gonna do a business case, you're gonna migrate, which is gonna go to the cloud, all right, you ask your IT reseller, "What does the end state look like? How are you gonna show me how much I'm spending? How are you gonna forecast my spend? How are you gonna show me how many assets I've got there? How am I gonna set up alerts that I know if there's gonna be overspend? "Show me how you're gonna keep my environment secure." These are the kinds of questions that you have to ask. Don't just ask about migration. Ask about the rest, all right?
Just look a bit forward.
Because you're stuck there for the next 10 years, all right? Make sure it's right, okay?
I love the advice.
Thanks.
Thank you so much for coming, Darryl. I appreciate it. I hope you guys also appreciated Darryl being here today as a guest and if you do have any questions about cloud computing, we would be more than happy to answer them. Feel free to get in touch. And we'll see you next time. Bye for now.
Thanks very much.
See ya.
See ya. Bye.