Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SDI18 A Practical Guide to Cloud for Grown Ups

550 views

Published on

Why is cloud security, finance and operations the poor relation? While the techies are focused on containers and pipelines, who's watching for baddies, counting the pennies and keeping the lights on?

Finance, Security and Operations are all Somebody Else's Problem. Well I think they should be the concern of someone responsible to the business. To customers. And that is, I think, a new role called the Cloud Service Delivery Manager: and it's where ITSM Professionals get a chance to do something meaningful with cloud, the biggest megatrend in IT today.

Published in: Business
  • Be the first to comment

  • Be the first to like this

SDI18 A Practical Guide to Cloud for Grown Ups

  1. 1. A Practical Guide to CloudFor Grown Ups Steve Chambers Chief Operating Officer steve@cloudsoft.io @ukcloudpro https://cloudsoft.io #SDI18
  2. 2. © Cloudsoft Corporation 2018 2@ukcloudpro #SDI18 Contents Why a CSDM? Cloud Finance Cloud Security Cloud Operations
  3. 3. © Cloudsoft Corporation 2018 3@ukcloudpro #SDI18 Why Cloud is a thing and ITSM Pros should care UK Business Cloud Driver Threat/Challenge/Opportunity to ITSM Regulation Can you demonstrate your control of services, applications and data in the cloud? Move to cloud Can you migrate your business services into the cloud? Can you deploy net-new services into the cloud? Move away from inhouse IT Can you attract the top cloud talent required to succeed? Competitive threat The fast eat the slow, getting things done the old way is a risk Business model threat How do you test new services quickly? Unhappy customers Uptimes are shamed by Hyperscale CSPs, scaling is a problem Source: TechMarket View
  4. 4. © Cloudsoft Corporation 2018 4@ukcloudpro #SDI18 The benefits of well executed cloud services What are four things that every business service needs?
  5. 5. © Cloudsoft Corporation 2018 5@ukcloudpro #SDI18 Top 5 Cloud Challenges by Maturity Place Beginner Intermediate Advanced #1 Security Managing costs Managing costs #2 Lack of resources/expertise Security Security #3 Managing costs Lack of resources/expertise Compliance #4 Governance/control Governance/control Governance/control #5 Compliance Compliance Lack of resources/expertise Source: Rightscale State of Cloud Report 2018
  6. 6. © Cloudsoft Corporation 2018 6@ukcloudpro #SDI18 Top 5 Cloud Challenges by Maturity Place Beginner Intermediate Advanced #1 Security Managing costs Managing costs #2 Lack of resources/expertise Security Security #3 Managing costs Lack of resources/expertise Compliance #4 Governance/control Governance/control Governance/control #5 Compliance Compliance Lack of resources/expertise Source: Rightscale State of Cloud Report 2018 Familiar to ITSM?
  7. 7. © Cloudsoft Corporation 2018 7@ukcloudpro #SDI18 Top 5 Cloud Challenges by Maturity Place Beginner Intermediate Advanced #1 Security Managing costs Managing costs #2 Lack of resources/expertise Security Security #3 Managing costs Lack of resources/expertise Compliance #4 Governance/control Governance/control Governance/control #5 Compliance Compliance Lack of resources/expertise Familiar to ITSM? New to ITSM? Source: Rightscale State of Cloud Report 2018
  8. 8. © Cloudsoft Corporation 2018 8@ukcloudpro #SDI18 Top 5 Cloud Challenges by Maturity Place Beginner Intermediate Advanced #1 Security Managing costs Managing costs #2 Lack of resources/expertise Security Security #3 Managing costs Lack of resources/expertise Compliance #4 Governance/control Governance/control Governance/control #5 Compliance Compliance Lack of resources/expertise Opportunity for the new model Cloud Service Delivery Manager Source: Rightscale State of Cloud Report 2018
  9. 9. © Cloudsoft Corporation 2018 9@ukcloudpro #SDI18 Top 5 cloud initiatives by maturity Place Beginner Intermediate Advanced #1 Move workloads to cloud Optimise workloads/costs Optimise workloads/costs #2 Optimise workloads/costs Move workloads to cloud Implement automated policies #3 Cloud First strategy Better financial reporting Better financial reporting #4 Better financial reporting Implement automated policies Move workloads to cloud #5 Implement automated policies Cloud First strategy Expand use of containers Source: Rightscale State of Cloud Report 2018
  10. 10. © Cloudsoft Corporation 2018 10@ukcloudpro #SDI18 Top 5 cloud initiatives by maturity Place Beginner Intermediate Advanced #1 Move services to cloud Optimise services/costs Optimise services/costs #2 Optimise services/costs Move services to cloud Implement automated policies #3 Cloud First service strategy Better financial reporting Better financial reporting #4 Better financial reporting Implement automated policies Move services to cloud #5 Implement automated policies Cloud First service strategy Expand use of containers Source: Rightscale State of Cloud Report 2018 Opportunity for the new model Cloud Service Delivery Manager
  11. 11. © Cloudsoft Corporation 2018 11@ukcloudpro #SDI18 What a CSDM needs to know about Cloud Migration Retain (leave as is) Retire (decommission) Rehost (lift and shift) Refactor (rewrite - cloud native!) Repurchase (replace with SaaS) 5%10% 40% 30% 10% 5% Replatform (lift and reshape) Agility Statistics: Amazon
  12. 12. © Cloudsoft Corporation 2018 12@ukcloudpro #SDI18 The CSDM Call To Action 1. Get involved in your cloud programs - cloud is about delivering services NOT technology. 2. Think of cloud as wiring together cloud services to build business services. 3. Don’t let cloud finance, security or operations fall thru the cracks: AS A SERVICE OWNER BEWARE S.E.P. SYNDROME (Somebody Else’s Problem)
  13. 13. © Cloudsoft Corporation 2018 13@ukcloudpro #SDI18 How to interpret the following slides The following slides form a framework to enable the CSDM to: a) Research what needs to be done (resources indicated) b) Form a plan on how to engage internal cloud/app/ops/sec/$$ teams c) Maybe create a Cloud Center of Excellence d) Define the CSDM roles and responsibilities and interactions (RACI) Key Findings from Cloud Leaders: Why a Cloud Center of Excellence Matters
  14. 14. © Cloudsoft Corporation 2018 14@ukcloudpro #SDI18 A Practical Guide to Cloud Finance 1. There’s no hiding in the cloud: this is a shock to non-cloudies 2. Don’t be mislead by faulty, non-cloud “Terrible Cost of Ownership” models 3. The cost opportunity? Link costs to consumption and know the true cost of delivering each individual service (and therefore profit). Make resources cost effective Match supply to demand Expenditure awareness Continuous Optimisation
  15. 15. © Cloudsoft Corporation 2018 15@ukcloudpro #SDI18 Recommended Resources for Cloud Finance Doc: AWS Cost Optimisation Pillar Framework: AWS Well Architected Framework OSS Tool: Cloud Custodian by Capital One
  16. 16. © Cloudsoft Corporation 2018 16@ukcloudpro #SDI18 A Practical Guide to Cloud Security 1. Security is better in the cloud: it’s a reason to do cloud! 2. It’s an opportunity to add top quality security credentials and differentiate your service. 3. Good security in the cloud is linked to agility and operations, it’s not a standalone thing. Identity & Access Mgmt Detective Controls Multiple Protection Layers Data Protection
  17. 17. © Cloudsoft Corporation 2018 17@ukcloudpro #SDI18 Recommended Resources for Cloud Security Doc: AWS Security Pillar Frameworks: AWS Well Architected Framework, CIS Security Benchmark Tools: OSS Prowler, AWS Guard, Trusted Advisor etc Community: Cloud Security Alliance
  18. 18. © Cloudsoft Corporation 2018 18@ukcloudpro #SDI18 A Practical Guide to Cloud Operations 1. Cloud-based services should be glued together by the CSDM. 2. Cloud Ops is highly automated, highly visible: doing it badly will incur technical debt and create fragile services. 3. Lift-and-shift migration to cloud brings non-cloud operations with it: BAD Operations as Code Two-way door Changes Continuous Development Anticipate Failure
  19. 19. © Cloudsoft Corporation 2018 19@ukcloudpro #SDI18 Mapping Cloud to ITIL 1. Monitoring & Incident 2. Config & Change 3. Asset Management 4. Release & Provisioning 5. Patch Management 6. Security & Access Management 7. Backup & Restore Takeaway? ALL OF ITSM/ITIL APPLIES TO CLOUD Cloud a better fit than on- premises, non-cloud, low-level infrastructure-led “platforms”
  20. 20. © Cloudsoft Corporation 2018 20@ukcloudpro #SDI18 Monitoring & Incident Management in the Cloud
  21. 21. © Cloudsoft Corporation 2018 21@ukcloudpro #SDI18 Configuration & Change in the Cloud Source: AWS Config (cloud service) ✓ Continuous monitoring ✓ Continuous assessment ✓ Change management ✓ Ops troubleshooting
  22. 22. © Cloudsoft Corporation 2018 22@ukcloudpro #SDI18 Asset Management in the Cloud CSDM should know how to: - Instance/Resource metadata - Custom resource tagging - Cost allocation tagging - Resource tagging strategy - Integration with ITAM - Tracking ephemeral services - Containers - Functions-as-a-Service (Lambda)
  23. 23. © Cloudsoft Corporation 2018 23@ukcloudpro #SDI18 Release / Provisioning in the Cloud Examples of things to do - Use a Pipeline - Whole env deploys - Blue/green deploys - Separate app/data release - Be relaxed and happy
  24. 24. © Cloudsoft Corporation 2018 24@ukcloudpro #SDI18 Patch Management in the Cloud - Never log into an instance? - Immutable instances - Patch the template not the deployed instances - Rolling patches - No hosts to patch :) - Meltdown & Spectre Slideshare: https://www.slideshare.net/AmazonWebServices/monitoring-and-alerting
  25. 25. © Cloudsoft Corporation 2018 25@ukcloudpro #SDI18 Security and Access Management in the Cloud
  26. 26. © Cloudsoft Corporation 2018 26@ukcloudpro #SDI18 Backup and Restore in the Cloud Is this? - On-premises → Cloud? - Cloud → On-premises? - Cloud → (same?) Cloud? - Cloud → (different?) Cloud? Huge array of solutions depending on this answer. Use classic risk management and BCDR methods coupled with cloud knowledge. Do you do? - Backup and Restore? - Pilot light? - Warm standby? - Multi-AZ? - Multi-Region? - Multi-Cloud / Premises?
  27. 27. © Cloudsoft Corporation 2018 27@ukcloudpro #SDI18 Recommended Resources for Cloud Operations Docs: AWS Operational Excellence, Event Management, Asset Management, Ops Checklist Framework: AWS Well Architected Framework
  28. 28. © Cloudsoft Corporation 2018 28@ukcloudpro #SDI18 BONUS: AWS Cloud Adoption Framework Source: AWS Cloud Adoption Framework (CAF)
  29. 29. © Cloudsoft Corporation 2018 29@ukcloudpro #SDI18 Questions Steve Chambers Chief Operating Officer steve@cloudsoft.io @ukcloudpro https://cloudsoft.io
  30. 30. A Practical Guide to CloudFor Grown Ups Steve Chambers Chief Operating Officer steve@cloudsoft.io @ukcloudpro https://cloudsoft.io

×