Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

STKI summit CTO presentation 2019

673 views

Published on

CTO presentation from STKI summit. The road to cloud native -post virtualization, cloud platforms, cloud development, zero trust

Published in: Technology
  • Be the first to comment

STKI summit CTO presentation 2019

  1. 1. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph RE-DESIGNING IT AND NEW TECHNOLOGY INITIATIVES PINI COHEN
  2. 2. Copyright@STKI_2019 Do not remove source or attribution from ant slide or graph 2
  3. 3. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph IT mission & CIO mission • Create business value through technology • Strategic planning of business growth objectives • Ensuring the tech systems and procedures lead to outcomes in line with business goals 3 How would you reduce the gap and achieve your mission?
  4. 4. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph AND THE ANSWER IS – CLOUD NATIVE
  5. 5. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05What is Cloud Native IT? Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 5 5 5
  6. 6. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph CLOUD NATIVE TECHNICAL DEBT: T H E FA S T E R W E M O V E , T H E M O R E D E B T A N D I N T E R E S T W E A C C U M U L AT E 6
  7. 7. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Technical debt repair & avoidance: managerial & process ways Increase awareness Place "technical debt" executive C- level related (from OCIO or internal auditor) Keep backlog of debts + interest Set “quality first” policy for data entry Source: Accenture 7
  8. 8. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Technical debt repair & avoidance by selecting proper architecture: decoupling Decouple GUI from logics Decouple applications from the legacy infrastructure. Decouple the business process systems from one another. 8
  9. 9. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Other ways to repair & avoid technical debt • Cloud reduces technical debt • Infrastructure as Code (IaC) enables to remediate debt faster • Use of data governance tools (data debt) 9
  10. 10. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Place “reduce technical debt” as organization goal • Place “technical debt executive” (from C’ level or internal audit) • Set technical debt notification process Place “reduce technical debt” as organization goal Place “technical debt executive” (from OCIO or internal audit) Set technical debt notification process • Place “reduce technical debt” as organization goal • Place technical debt executive (“C” level related) • Vote for “Decouple”! 10
  11. 11. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05What is Cloud Native IT? Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 11 11 11
  12. 12. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Post-virtualization is a set of technologies that replace the core of IT infrastructure 12
  13. 13. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph IT compute Load 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% today tomorrow after tomorrow physical virtualized container serverless Total load (old + new) Source: STKI 13
  14. 14. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph IT compute load 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% today tomorrow after tomorrow physical virtualized container serverless New application load Source: STKI 14
  15. 15. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph The Cloud Platform will be the core of IT infrastructure 15
  16. 16. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph The core of “Cloud Platform” is: Containers & Kubernetes (prerequisite for this presentation) Microservices architecture (prerequisite for this presentation) Serverless (FaaS) & EDA (event driven) Servicemesh APaaS (“cloud native” in a box) 16
  17. 17. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph FaaS (Functions as a Service) & Serverless 17
  18. 18. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Event driven programming architecture (EDA) 18
  19. 19. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph The good, the bad and the evil of Serverless and EDA: Scale to zero (the real “pay as you go”) Easier & faster to the developer (no need to compile, build, etc.) Increase (cloud) vendor lock in Open-source projects (OpenFaas, Kubeless ) are emerging Expensive in high utilization and performance instability 19
  20. 20. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Containers vs. Serverless (FaaS) 20
  21. 21. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph IT should explore Serverless and EDA 21
  22. 22. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Service Mesh Architecture 22
  23. 23. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Servicemesh architecture: • The evolution of SOA, ESB and Rest • Enables to control how microservices interact • Tradeoff is increased latency • The next major features to expect from Servicemesh tools is Zero Trust enablement !! 23
  24. 24. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Integration team is now responsible for setting the tools of inter–application interfaces Integration team is now responsible for setting the tools of inter–application interfaces 24
  25. 25. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph APaaS “All in one” cloud platform tools: The highway to “Cloud Platform” 25
  26. 26. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph APaaS “all in one” native cloud tools: • The evolution and combination of IDE, DevOps and private cloud tools • Tradeoff between fast installation and operations and less control of technology stack • Different APaaS flavours: • For infraops • For development (CICD) 26
  27. 27. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph When implementing “All in one” APaaS platforms the development is in the center 27 What about traditional infrastructure?
  28. 28. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Business process, Data Application = code Cloud platform: Containers , Serverless Basic infrastructure What is basic infrastructure? How is it built and maintained? 28
  29. 29. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What is basic infrastructure: • Bare metal • HCI • Networks • Virtual Machines • Object storage • Public / hybrid cloud • Cloud on prem • Openstack 29
  30. 30. Copyright@STKI_2019 Do not remove source or attribution from ant slide or graph How is it built? Build with IaC “Infrastructure as Code”: • Puppet • Chef • Ansible • Terraforms 30
  31. 31. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph IaC maturity model IaC benefits to the end user: • Reduce cycle times • Reduce human errors • Reduce cost • Provides visibility Source :ThoughtWorkshttps://www.slideshare.net/garystafford/infrastructure-as-code-maturity-model 31
  32. 32. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Infrastructure should embrace IaC and set IaC metrics 32
  33. 33. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05What is Cloud Native IT? Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 33 33 33
  34. 34. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What is Low Code? • Create application software through graphical user interfaces and configuration instead of traditional computer programming • The new “4GL” • Low Code vs. No Code platforms 34
  35. 35. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph >10x improvement Typical Low Code presentation by vendor 35
  36. 36. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Potential Low Code benefits • Reduce IT backlog and boost organization usage of technology • Enables legacy developers be part of latest technology applications • Reduces risk since apps are developed faster with less effort • Smoother operations and visibility of production applications 36
  37. 37. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • IT should investigate Low Code platforms for its benefits and limitations • Departmental & limited time use applications are natural fit for Low Code exploration 37
  38. 38. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph DevOps 01 02 03 04 05 Deploy & implement Define requirements based on customer metrics Design system & test outcomes with customer metricsAgile development & test with outcome metrics JOB TO BE DONE DESIGN PRODUCT PROTOTYPE & TEST DEVELOP THE PRODUCT FRUITION Outcome-Driven Development®Product strategy Problem definition Product prototype Deploy ment Maintain Implementation & Training TIM Methodology®Define market/ product strategy based on unmet needs Agile development alone (without management support and LoB full involvement) can’t bring the real change that the organization needs this will be explained during the session on “organizational & IT initiatives” 38
  39. 39. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What architects do? Draw lines that separate things Draw lines that connect things Describe the whole landscape Strong IT architecture team is needed for TIM® implementation IT needs to act faster – must see the whole landscape Visibility of dependencies is a crucial Backwards compatibility and API documentation is crucial However, architecture team must be agile and not hold back the organization 39
  40. 40. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Enhance (build) your ArchitectCTO team • Define Architecture vs. CTO roles • Define SLA for ArchitectureCTO team 40
  41. 41. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What stops cloud native development? • Process is not done right (skip DT, skip LEANprototype, aim for features instead of goals, etc.) • InfraOpsSec stops the cloud platform • Business is not part of the dev process • Outdated budgeting yearly plan and evolution from “projects” to “products”(explained during “organizational & IT initiatives”) • Midrange managers jeopardize the move 41
  42. 42. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Agile teams work independently during sprint cycle Source of graphics: SAP STKI modifications The “Team” 42
  43. 43. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Managers in TIM (Agile): completely change their role (discussed later in “organizational and IT employee initiative” 43
  44. 44. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Please take a deep breath and adapt • Adopt TIM® and remove barriers • Everybody in development should expect big change in processes and responsibility especially mid-managers. 44
  45. 45. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05What is Cloud Native IT? Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 45 45 45
  46. 46. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph DevOps speeds up software development and operational deployments 46
  47. 47. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph DevOps benefits are: business agility and a responsive technology function • Faster delivery of features • More stable operating environments • Improved communication and collaboration • More time to innovate (rather than fix/maintain) 47
  48. 48. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph “DevOps & Sons” DevSecOps CloudOps GitOps AIOps DataOps MLOps NoOps 48
  49. 49. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph The final cut: NoOps NoOps is the next logical progression of DevOps The complete process is automated via “cloud platform” tools Development team do not need to communicate with system administrators anymore 49
  50. 50. Copyright@STKI_2019 Do not remove source or attribution from ant slide or graph • OCIO should co-manage DevOps (along with Dev and Infra/Ops) • Work visibility is step #1 • Testing automation is step #2 50
  51. 51. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Things developers are doing with DevOps & Cloud Platforms: Set and update security policy Add/reduce compute power Add/reduce storage capacity Set and update backup policy Set and update monitoring policy Set and update clusterrestart configuration Define and activate deployment tactics 51
  52. 52. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph The balance between dev. and ops. is changing 52
  53. 53. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph “Total Commitment” • I want my team to serve the business - be able to do everything they need to do: • write, ship and support their code • deploy a build • monitor production find and fix production problems • I want my team to take ownership • I want everyone else to get the hell out of the way Based on: https://stackify.com/what-is-devops/ “You build it - You run it” 53
  54. 54. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Development (the team) is part of every incident 54
  55. 55. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Development (the team) is looking at their monitoring / business console 55
  56. 56. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Teams (“developers”) should take more end to end (production) responsibility 56
  57. 57. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What will happen to infrastructure & operations? Things developers are doing with DevOps & cloud native platforms: Set and update security policy Add/reduce compute power Add/reduce storage capacity Set and update backup policy Set and update monitoring policy Set and update clusterrestart configuration Define and activate deployment tactics 57
  58. 58. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What will happen to infrastructure & operations? Infrastructure will have to adopt and to become the “new kid”: To be the “DevOps” and take responsibility for CICD To be the “cloud platform” For the same workload, Infrastructureops head count will be reduced : 90% reduction if 100% public cloud 30% for cloud native on prem Not today 58
  59. 59. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Please take a deep breath and adapt • Become “DevOps” and take responsibility for CI/CD • Become the “Cloud Platform” owner 59
  60. 60. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05What is Cloud Native IT? Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 60 60 60
  61. 61. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Yesterday :the organization had perimeters Inside= safe Outside=not safe 61
  62. 62. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Today :the organization has no perimeters “Never trust – Always verify”* Forrester-The Zero Trust eXtended (ZTX) Ecosystem 62
  63. 63. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph First zero trust implication: decentralize everything Inside= safe Outside=not safe IBM Datapower F5 Checkpoint 63
  64. 64. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Every protection is edge protection 64
  65. 65. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should we verify? • The device • The user • The network • What is transferred (data, docs, web) • Role-based access control (process, port, protocol) – provide the minimal access 65
  66. 66. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Network nano segmentation (IP-protocol-port-process) vs. SDP software defined perimeter 66 “Feb 12, 2019 - Symantec said on Tuesday that it's acquiring Luminate Security…”
  67. 67. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph 67 SDP architecture example: Cyxtera 2 Controller checks context, passes Live Entitlement to client 3 Using SPA, client uploads Live Entitlement, which gateway uses to discover applications matching the user’s context 5 Continuously monitors for any context changes, adapts Segment of One accordingly 1 Using Single-Packet Authorization, client makes access request to controller 4 Dynamic Segment of One network is built for this session CONTROLLER GATEWAY CLIENT APPLICATION IDENTITY PROVIDER APPLICATION APPLICATION 67
  68. 68. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Zero Trust SDP via Servicemesh: set the role based access level in servicemesh? 68
  69. 69. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Implement cyber security solutions that are based on edge protection • Explore Zero Trust SDP solutions while understanding the current north-south, east-west solutions gap 69
  70. 70. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph s Cloud native operations Cloud Native Development PROJECT E V E R Y C O O L S T A R T S H E R E Technical, process and data debt payment 01 02 03 04 06 05 What is Cloud Native IT?Post virtualization infrastructure Zero Trust security Cloud Native as R&D lab 70 70 70
  71. 71. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Technology is the core of differentiation in each organization All organizations are “Technology Companies” All organizations should invest in technology R&D!! 71
  72. 72. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Enterprise Organizations should allocate at least 0.5% from IT investment budget to R&D 72
  73. 73. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Summary #1: What are the “Cloud Native” benefits (CEO level)? Better business productivity – react fast to business needs (faster development with TIM® & Low Code, using limitless cloud resources, deploy faster with DevOps) Reduce cost (open source based, public cloud potential savings, more automation – less manual work, programming is more efficient) Reduce technical debt (automation in changes patches, public cloud constantly updates, microservices enable granular debt payment) Improved availability, increased security (immutable code & infrastructure is self healing, less human errors because automation, automatic scale up – applications will not overload, DevOps enables faster roll-back, zero trust cyber security) Enable faster business partnerships and regulations compliance (Open API standards and API management tools, zero trust enables faster co-operation) 73
  74. 74. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph • Place “reduce technical debt” as organization goal • Place “technical debt executive” (from OCIO or internal audit) • Set technical debt notification process • Enhance (build) your ArchitectCTO team • Define SLA for ArchitectureCTO team • Embrace Microservices architecture • Backwards compatibility and API documentation is crucial • OCIO should manage DevOps (with Dev and Operationsinfra) • DevOps: work visibility is step #1 • DevOps: Testing automation is step #2 • IT should explore Serverless and EDA • Integration team is now responsible for setting the tools of inter–application interfaces • When implementing “All in one” APaaS platforms the development is in the center • InfraOps should be responsible for DevOps processes enablement and cloud native tools (APaaS) • Implement cyber security solutions that are based on edge protection • Explore Zero Trust SDP solutions while understanding the current north-south, east-west solutions gap • Enterprise Organizations should allocate at least 0.5% from IT budget to r&d 74
  75. 75. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Cloud Native 75 Pini Cohen STKI CTO pini@stki.info
  76. 76. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph APPENDIX: WHAT SHOULD CTO EXPLORE? T E C H N O L O G I E S A R E D I V I D E D T O “ B U S I N E S S R E L A T E D ” A N D “ I T R E L A T E D ” 76
  77. 77. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should CTO explore? • Open API standards opens up the organization for easier business partner enrolment Name = “Moshe Cohen-Levi” FullName = “Moshe Cohen-Levi” 77
  78. 78. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore? Mobile payment technologies 78
  79. 79. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore? VRAR 79
  80. 80. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore? Quantum computing 80
  81. 81. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore (internal IT proposes): ? Quantum computing "Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now" said Arvind Krishna, director of IBM Research. 81
  82. 82. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore? 5G based solutions 82
  83. 83. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore (internal IT proposes): DRaaS as a public cloud starter 83
  84. 84. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore (internal IT proposes) ? Cloud on prem solutions • Have the cake and eat it, too 84
  85. 85. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Public on prem differentiation & Trade-offs • Pay as you go or pay up front. What type of commitment? • Work disconnected? • HW by vendor or by partner? • Variety of services available? • Cost for network egress? 85
  86. 86. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph What should the CTO explore (internal IT proposes) ? Platform offering Same-Day home delivery Subscribing Notification service Account opening Load request Ask to transfer money Credit allocation Clearing/SettlementCash management Trade finance Trust and securities Inventory management Payments document managementidentity BI WCM MonitoringData store Vendor A Customer Engagement Transaction/Core services Data Services Infrastructure services Vendor B Payment calculation AI/ML 86
  87. 87. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Platforms solutions benefits: • Software/SaaS platform comes with all business needs (engagement processes + transaction processes ++) • Processes are integrated and enable single source of truth (unified data) without process conflicts • Define custom business processes (configuration, code, 3rd party = “market”) • The platform's constant update reduces the technical debt • Business might need to change processes (high management attention) 87
  88. 88. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph STKI: Business platforms will dominate the market 88
  89. 89. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Technical debt repair & avoidance: technical • Static code analysis tools give metrics for technical debt (code complexity, etc.) • It enables to identify hot spots (debt+commits) and provide warning lights 89
  90. 90. Copyright@STKI_2019 Do not remove source or attribution from any slide or graph Functional Programming • Rather than changing data they take in, functions in functional programming take in data as input and produce new values as output. Always. Source: https://medium.freecodecamp.org/learning-the-fundamentals-of-functional-programming-425c9fd901c6 90

×