“Every company, regardless of size is doing something in the Cloud!”
With that spot on proclamation from Auxis Technology Leader and moderator, Alvaro Prieto, The Auxis CIO Breakfast Roundtable on How to Maximize your Cloud, was officially off and running.
Last month, over 40 people gathered at the Westin Hotel in Fort Lauderdale, Florida, to listen to an esteemed panel of cloud and cloud security experts on the myriad ways in which to strengthen security within an organization and boost cost efficiencies.
The panel consisted of:
Moderated by Auxis Senior Managing Director Alvaro Prieto
Moderated by Auxis Senior Managing Director Alvaro Prieto
Current cloud computing trends
To level set expectations, Mr. Prieto delved into what were some of the key cloud computing trends that he and the Auxis team were seeing. For example, the majority of companies today are pursuing multi-cloud strategies and yet the fastest growing area of cloud computing are public clouds, with the fastest growing segment being SaaS solutions.
The biggest cloud challenges regardless of maturity levels for all IT organizations are:
- Cloud governance
- Cloud security
- Cloud Costs
Mr. Prieto went to say that a lot of companies make the mistake of moving everything to the cloud and once they do that, the costs escalate and can spiral out of control pretty quickly. He sees a lot of waste in the cloud in the sense that after a company has lifted and shifted their cloud operations, they don’t have the time, resources or money to scale or manage the effort. He pointed out that the amount of cloud spend that is wasted every year amounts to over $10 Billion.
To that point, cost issues in the cloud have plagued so many organizations so frequently that the Auxis team has created a new solution to try and mitigate the waste. Instead of the traditional IT Help Desk, a “Financial Desk” has been created to monitor cloud spend.
To begin the discussion Mr. Prieto talked about how unique cloud journeys are, and how they all differ depending on where a company is in their cloud transformation initiatives. What were the experiences of each panelist and how did they differ? Chanse Rivera of bluegreen Vacations mentioned that his organization was one of the trends that Mr. Prieto had mentioned earlier, in which his company had gone all in on the cloud and then had to pull back because of the spiraling costs.
The learning curve for his cloud journey involved not only himself and his team but also the executives in the company who quickly realized a new awareness of not only how important security was, but also on the value of a spend analysis on what’s being spent and what’s being utilized. This quote said it best: “Cloud providers need to get a haircut or risk losing business.”
To the point about spending on the cloud, Chris Harrison of Campus Management mentioned that they have a finance team that monitors their cloud spend as well as their customers. His over-arching point being that, “the cloud is a never-ending game that you have to always keep your eye on.”
He went on to say that, “in the cloud space, you’re constantly learning because it’s constantly changing. His biggest priority though and what turned into a perfect segue to the next topic was, security.
Mr. Prieto then deftly touched on some of the more notable cloud security trends that are currently playing out at the enterprise level. Primarily and most importantly is that senior executives are finally paying attention to cloud security. He went on to say that the attention security has gained is largely due to an increase in the costs of security breaches, as well as major events around ransomware and GDPR.
The additional attention that cloud security is finally getting he added, is because security products are finally moving to the cloud and becoming more agile, meaning that cloud security is no longer an after-thought. It’s front and center in boardroom discussions finally.
The importance of security
When the panel was asked what they thought of the value and importance of security, Matt Fryer of Alert Logic, said it best, “bake it in, don’t bolt it on.” His point being that when you bake security in at the beginning of any initiative, you can mitigate risk later.
“Security shouldn’t be an afterthought, it should be fundamental to your architecture,” he went on to say.
Wes Gruver of AWS said the key to security was training your people. Elaborating on that point, he stated that, “if you don’t start out thinking about security, you’re already behind the curve.”
Mr. Gruver went on to bring up an alarming statistic that an average company could have 500 potential data breaches every day. How do you get ahead of that he asked? “Train your people, from the C-Suite on down.”
So how does cloud security or security in general become a mindset? Mr. Harrison from Campus Management says that it starts with the DevOps team. He stated that, “Accountability and ownership falls on and starts with them.” He also added that extensive training needs to be part of the mix. “Data and your customers’ data is the most important aspect of your company, make security your utmost priority.”
Mr. Rivera of bluegreen Vacations, said that the budget discussions around security have actually gotten easier. He said, “Executives now expect a security discussion.”
Mr. Gruver quipped,” developers focus on change and security people don’t want to change a thing.” His advice? Bake security in at the developer level and make sure that it doesn’t become a road block.
And finally Mr. Fryer added this. “Training is the key, help people understand the risk and the exposure.” The more that you can train and explain to the developers and the decision makers on what the facts are and what the risks are, the more that you can mitigate everything.
In conclusion, it might be best summed up by what the panel cumulatively said. Deploying cloud computing in an enterprise infrastructure brings significant security concerns. Those concerns need to be broached early and often.
The successful implementation of cloud computing in an enterprise requires not only proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures, but also a continuous amount of learning and training and understanding of the costs involved.