A powerful and unique set of circumstances are combining in mid-2020 to make safe and rapid cloud adoption more urgent and easier than ever.
Dealing with the novel coronavirus
pandemic has pushed businesses to not only seek flexible IT hosting models,
but to accommodate flexible work, hasten applications’ transformation, and
improve overall security while doing so.
This next BriefingsDirect cloud
adoption best practices discussion examines how businesses plan to further use
cloud models to cut costs, manage operations remotely, and gain added capability
to scale their operations up and down.
To learn more about the latest
on-ramps to secure an agile cloud adoption, please welcome Anupam Sahai,
Vice President and Cloud Chief Technology Officer at Unisys, and Ryan
Vanderwerf, Partner Solutions Architect at Amazon
Web Services (AWS). The discussion is moderated by Dana Gardner,
Principal Analyst at Interarbor
Solutions.
Here are some excerpts:
Gardner:
Anupam, why is going to the public cloud an attractive option more now than
ever?
Sahai |
Sahai: There
are multiple driving factors leading to these tectonic shifts. One is that the
whole IT infrastructure is moving to the cloud for a variety of business and
technology reasons. And then, as a result, the entire application
infrastructure -- along with the underlying application services infrastructure
-- is also moving to the cloud.
The reason is very simple
because of what cloud brings to the table. It brings a lot of capabilities,
such as providing scalability in a cost-effective manner. It makes IT and
applications behave as a utility and obviates the need for every company to
host local infrastructure, which otherwise becomes a huge operations and
management challenge.
So, a number of business and
technological factors, along with the COVID-19 pandemic situation, which
essentially makes us work remotely, and having cloud-based services and
applications available as a utility makes them easy to consume and use.
Public cloud on everyone’s horizon
Gardner: Ryan,
have you seen in your practice over the past several months more willingness to
bring more apps into the public cloud? Are we seeing more migration to the
cloud?
Vanderwerf: We’ve
definitely had a huge uptick in migration. As people can’t be in an office,
things like workspaces and doing remote desktops, have also seen a huge
increase. People are trying to find ways to be elastic, cost-efficient, and
make sure they’re not spending too much money.
Vanderwerf |
Following up on what Anupam
said, the reasons people are moving in the cloud haven’t changed. They have
just been accelerated because they need agility and to speed-up access to the
resources they need. They need cost savings by not having to maintain data
centers by themselves.
By being more elastic, they
can provision only for what they’re using and not have stuff running and
costing money when you don’t need to. They can also deploy globally in minutes,
which is a big deal across many regions, and allows people to innovate faster.
And right now, there’s a need
to innovate faster, get more revenue, and cut costs – especially in times where
fluctuation in demand goes up and down. You have to be ready for it.
Gardner: Yes,
I recently spoke with a CIO who said that when the pandemic hit, they had to
adjust workloads and move many from a certain set of apps that they weren’t
going to be using as much to a whole other set that they were going to be using
a lot more. And if it weren’t for the cloud, they just never would have been
able to do that. So agility saved them a tremendous amount of hurt.
Anupam, why when we seek such
cloud agility do we also have to think about lower risk and better security?
Sahai: Risk
and security are critical because you’re talking about commercial,
mission-critical workloads that have potentially sensitive data. As we move to
the cloud, you should think three different trajectories. And some of this, of
course, is being accelerated because of the COVID-19 pandemic.
One of the cloud-migration
trajectories, as Ryan said earlier, is the need for elastic computing, cost
savings, performance, and efficiencies when building, deploying, and managing
applications. But as we move applications and infrastructure to the cloud,
there is a need to ensure that the infrastructure falls under what is called
the shared
responsibility model, where the cloud service provider protects and
secures infrastructure up to a certain level and then the customers have their
responsibility, a shared responsibility, to ensure that they’re protecting
their workloads, applications, and critical data. They also have to comply with
the regulations that those customers need to adhere to.
In such a shared
responsibility model, customers need to work very closely with the service
providers, such as AWS, to ensure they are taking care of all security and
compliance-related issues.
You know, security breaches in
the cloud -- while less than compared to on-premises-related deployments -- are
still pretty rampant. That’s because some of the cloud security hygiene-related
issues are still not being taking care of. That’s why solutions have to manage
security and compliance for both the infrastructure and the apps as they move
from on-premises to the cloud.
Gardner: Ryan,
shared responsibility in practice can be complex when it’s hard to know where
one party’s responsibility begins and ends. It cuts across people, process, and
even culture.
When doing cloud migrations,
how should we make sure there are no cracks for things to fall through? How do
we make sure that we segue from on-premises to cloud in a way that the security
issues are maintained throughout?
Stay safe with best-practices
Vanderwerf:
Anupam is exactly right about the shared responsibility model. AWS manages and
controls the components from the host operating system and virtualization layer
down to physically securing the facilities. But it is up to AWS customers to
build secure applications and manage their hygiene.
We have programs to help
customers make sure they’re using those best practices. We have a
well-architected program. It’s available on the AWS Management Console, and we have
several lenses if you’re doing specific things like serverless,
Internet of things (IoT), or analytics, for example.
Solutions
architects can help the customer review all of their best practices and
do a deep-dive examination with their teams to raise any flags that
people might not be aware of and help find solutions.
Things like that have to be
focused toward the business, but solutions architects can help the customer
review all of their best practices and do a deep-dive examination with their
teams to raise any flags that people might not be aware of and help them find
solutions to remedy them.
We also have an AWS Technical
Baseline Review that we do for partners. In it we make sure that partners
are also following best practices around security and make sure that the
correct things are in place for a good experience for their customers as well.
Gardner: Anupam, how do we ensure security-as-a-culture from the beginning and throughout the lifecycle of an application, regardless of where it’s hosted or resides? DevSecOps has become part of what people are grappling with. Does the security posture need to be continuous?
Sahai:
That’s a very critical point. But first I want to double-click on what Ryan
mentioned about the shared responsibility model. If you look at the overall
challenges that customers face in migrating or moving to the cloud, there is
certainly the security and compliance part of it that we mentioned.
There is also the cost
governance issue and making sure it’s a well-architected framework
architecture. The AWS
Well-Architected Framework (WAF), for example, is supported by Unisys.
Additionally, there are a number of ongoing issues around optimization, cost governance, security, compliance governance, and optimization of workloads that are critical for our customers. Unisys does a Cloud Success Barometer study every year and, and what we find is very interesting.
One thing is clear, about 90
percent of organizations are transitioned to the cloud. So no surprise there.
But in the journey to the cloud what we also found is that 60 percent of the
organizations are unable to move to the cloud, or hold on to their cloud
migrations, because of some of these unexpected roadblocks. And so that’s where
partners like Unisys and AWS are coming together to offer visibility and
solutions to address them. Those challenges remain, and, of course, we are able
to help address them.
Coming back to the DevSecOps
question, let’s take a step back and understand why DevOps came into being. It was
basically because of the migration to the cloud that we had the need to break
down the silos between development and operations to deploy
infrastructure-as-code. That’s why DevOps essentially brings about faster,
shorter development cycles; faster deployment, faster innovation.
Studies have shown that DevOps
leads to at least 60 percent faster innovation and turnaround time compared to
traditional approaches, not to mention the cost savings and the IT headcount
savings when you merge the dev and ops organizations.
As
DevOps goes mainstream, and as cloud-centric applications are becoming
mainstream, there is a need to inject security into the DevOps cycle.
Having DevSecOps is key.
But as DevOps goes mainstream,
and as cloud-centric applications are becoming mainstream, there is a need to
inject security into the DevOps cycle. So, having DevSecOps is key. You want to
enable developers, operations, and security professionals to work together on
yet another silo, to break them down and merge with the DevOps team.
But we also need to provide
tools that are amenable to the DevOps processes, continuous
integration/continuous delivery (CI/CD) tools that enable the speed and agility
needed for DevOps, but also injecting security -- without slowing them down. It
is a challenge, and that’s why the all-new field of DevSecOps enables security
and compliance injection into the DevOps cycle. It is very, very critical.
Gardner:
Right, you want to have security but without giving up agility and speed. How
have Unisys and AWS come together to ease and reduce the risk of cloud adoption
while greasing the skids to the on-ramps to cloud adoption?
Smart support on the cloud journey
Sahai:
Unisys in December 2019 announced
CloudForte capabilities with the AWS cloud. A number of capabilities
were announced that help customers adopt cloud without worrying about
security and compliance.
CloudForte today provides a
comprehensive solution to help
customers manage their customer cloud journeys, whether it’s greenfield or
brownfield; and there is hybrid cloud support, of course, for the AWS cloud
along with multi-cloud support from a deployment perspective.
The solution combines
production services that enable three primary use cases: Cloud migration, as we
talked about, and apps migration using DevSecOps. We’ve codified that in terms
of best practices, reference architecture, and well-architected principles, and
we have wrapped that in advisory services and deployment services as well.
The third use case is around
cloud posture management, which is understanding and optimizing existing
deployments, including hybrid cloud deployments, to ensure you’re managing
costs, managing security and compliance, and also taking care of any other
IT-related issues around governance of resources to make sure that you migrate
to the cloud in a smart and secure manner.
Gardner: Ryan,
why did AWS get on-board with CloudForte? What was it about it that was
attractive to you in helping your customers?
Vanderwerf:
We
are all about finding solutions that help our customers and enabling our
partners to help their customers. With the shared responsibility model,
that’s on the customer, and CloudForte has really good risk management
and a
portfolio of applications and services to help people get ahold of that
responsibility themselves.
Instead of customers trying to
go on their own -- or just following general best practices – Unisys also has
the tooling in place to help customers. That’s pretty important because with
DevSecOps, people suffer from a lack of business agility, security agility, and
face the risks around change to their businesses. People fear that.
With
the shared responsibility model, that's on the customer, and CloudForte
has really good risk management and a portfolio of apps and services to
help people get ahold of that responsibility themselves.
These tools have really helped
customers manage that journey. We have a good feeling about being secure and
being compliant, and the dashboards they have inside of it are very
informative, as a matter of fact.
Gardner: Of
course, Unisys has been around
for quite a while. They have had a very large and consistent installed base
over the years. Are the tooling, services, and value in CloudForte bringing in
a different class of organization, or different parts of organizations, into
AWS?
Vanderwerf: I
think so, especially in the enterprise area where they have a lot of things to
wrangle on the journey to the cloud -- and it’s not easy. When you’re migrating
as much as you can to a cloud setting – seeking to keep control over assets and
making sure there are no rogue things running -- it’s a lot for an enterprise
IT manager to handle. And so, the more tools they have in their tool-belt to
manage that is way better than them trying to cook up their own stuff.
Gardner: Anupam, did you have a certain type of organization, or part of an organization, in mind when you crafted CloudForte for AWS?
Sahai: Let’s
take a step back and understand the kind of services we offer. Our services are
tailored and applicable for both enterprises and the public sector. We offer
advisory services to begin with, which essentially allows us to pass-through
products. You have the CloudForte
Navigator product, which allows us to assess the current posture of the
customer and understand the application capabilities the customer has, whether
it needs a transformation, and, of course, this is all driven by business
outcomes that the customers desires.
Second, through CloudForte we bring best practices, reference architectures, and blueprints for the various customer journeys that I mentioned earlier. Greenfield or brownfield opportunities, whatever the stage of adoption, we have created a template to help with the specific migration and customer journey.
Once customers are able and
ready to get on-boarded, we enable DevSecOps using CI/CD tools, best practices,
and tools to ensure the customers use a well-architected framework. We also
have a set of accelerators provided by Unisys that enable customers to get
on-boarded with guardrails provided. So, in short, the security
policies, compliance policies, organizational framework, and the organizational
architectures are all reflected in the deployment.
Then, once it's up and
running, we manage and operate the hybrid cloud security and compliance posture
to ensure that any deviations, any drifts, are monitored and remediated to
ensure they are continuously having an acceptable posture.
Finally, we also have AIOps
capabilities, which include AI-enabled
outcomes that the customer is looking for. We use artificial intelligence
and machine learning (AI/ML) technologies to optimize the resources. We drive
cost savings through resource optimization. We also have an instant management
capability to bring down costs dramatically using some those analytics and AIOps
capabilities.
So our objective is to drive digital
transformation for customers using a combination of products and services
that CloudForte has, and working in close conjunction with what AWS offers, so
that we create a compelling offering that’s complementary to each other, but
very compelling from a business outcomes perspective.
Gardner: The
way you describe them, it sounds like these services would be applicable to almost
any organization, regardless of where they are on their journey to the cloud.
Tell us about some of the secret sauce under the hood. The Unisys
Stealth technology, in particular, is unique in how it maintains cloud
security.
Stealth solutions for hybrid security
Sahai: The
Unisys Stealth technology is very compelling, especially in the hybrid cloud
security sense. As we discussed earlier, the shared responsibility model
requires customers to take care of and share the responsibility to make sure
that workloads in the cloud infrastructure are compliant and secure.
And we have a number of tools
in that regard. One is the CloudForte Cloud
Compliance Director solution, which allows you to assess and manage your
security and compliance posture for the cloud infrastructure. So it’s a cloud
security posture management solution.
Then we also have the Stealth
solution, essentially a zero
trust, micro-segmentation
capability that leverages the identity, or the user roles, in an organization
to establish a community that’s trusted and is capable of doing certain
actions. It creates communities of interest that allow and secure through a
combination of micro-segmentation and identity management.
Think of that as a policy management and enforcement solution that essentially manipulates the OS native stacks to enforce policies and rules that otherwise are very hard to manage.
If you take Stealth and marry
that with CloudForte compliance, some of the accelerators, and Navigator,
you have a comprehensive Unisys solution for hybrid cloud security, both
on-premises and in the AWS cloud infrastructure and workloads environment.
Gardner: Ryan,
it sounds like zero trust and micro-segmentation augment the many services that
AWS already provides around identity and policy management. Do you agree that
the zero trust and micro-segmentation aspects of something like Stealth
dovetail very well with AWS services?
Vanderwerf: Oh,
yes, absolutely. And in addition to that, we have a lot of other security tools
like AWS WAF, AWS Shield, Security
Hub, Macie, IAM Access Analyzer
and Inspector. And I am sure under the hood they are using some of these
services directly.
The more power you have the
better. And it’s tough to manage. Some people are just getting into cloud and
they have challenges. It’s not always technical, sometimes it's just
communications issues at a company or lack of sponsorship or resource
allocation or undefined key performance indicators (KPI). So all these things,
or even just timing, those are all important for a security situation.
Gardner: All
those spinning parts, those services, that’s where the professional services
come in so that organizations don’t have to feel like they are doing it alone.
How does the professional services and technical support fit into helping
organizations go about these cloud journeys?
Sahai:
Unisys is trusted by our customers to get things right. So we say that we do
cloud correctly, and we do cloud right, and that includes a combination of
trusted advisory services. That means everything from identifying legacy
assets, to billing, and to governance, and then using a combination of products
and services to help customers transform as they move to the cloud.
Our
cloud-trained people and expertise speeds up the migrations, gives
visibility, and provides operational improvements. Thereby we are able
to do cloud right and in a secure fashion by establishing security
practices, trust through security and compliance, and AIOps.
Our cloud-trained people and
expertise speeds up the migrations, gives visibility, and provides operational
improvements. Thereby we are able to do the cloud right and in a secure fashion
by establishing security practices, establishing trust through a combination of
micro-segmentation, security, and compliance ops, AIOps, and that certainly is
the combination of products and services that we offer today.
And our customers tell us we
are rated very highly, 95 percent-plus in terms of customer satisfaction. It’s
a testament to the fact that our professional services -- along with our
products – complements the AWS services and products that customers need to
deliver their business outcomes.
Gardner:
Anupam, do you have any examples of organizations that leveraged both AWS and
Unisys CloudForte? What have they been doing and what did they get from it?
Student success supported
Sahai: I
have a number of examples where a combination of CloudForte and AWS deployments
are happening. One is right here where I live in the San Francisco Bay Area.
The business challenge they faced was to enhance the student learning
experience and deliver technology services critical to student success and
graduation initiatives. And given the COVID-19 scenario, you can understand why
cloud becomes an important factor in that.
Unisys cloud and
infrastructure services, using CloudForte, helped them deploy a hybrid cloud
model with AWS. We had Ansible for
automation, ServiceNow for IT service
management (ITSM), AIOps, and we deployed a logarithm and a portfolio of
tools and services.
They were then able to
accelerate their capability to offer critical administrative services, such as
student scheduling and registration, to about half-a-million students and
52,000 faculty and staff members across 23 campuses. It delivered 30 percent
better performance while realizing about 33 percent cost savings and 40 percent
growth in usage of these services. So, great outcomes, great cost savings, and
you are talking about reduction of about $4.5 million in computed storage costs
and about $3 million in cost avoidance.
So this is an example of a
customer who leveraged the power of the AWS Cloud and the CloudForte products
and services to deliver these business outcomes, which is a win-win situation
for us. So that’s one example.
Gardner: Ryan,
what do you expect for the next level of cloud adoption benefits? Is the AIOps
something that we are going to be doubling-down on? Or are there other
services? How do you see the future of cloud adoption improving?
The future is integrated
Vanderwerf: It’s
making sure everything is able to integrate. Like, for example, with a hybrid
cloud situation we now have AWS
Outposts. Now people can run a rack of servers in their data center and
be connected directly to the cloud.
Some things don’t make sense always
to go to cloud. Perhaps machinery running analytics, for example, has very low
latency requirements. You could still write native applications to work with
the cloud in AWS and run those apps locally.
Also, AIOps is huge because so
many people are doing AI/ML in their workloads, from deciding security posture
threats, to finding whether machines are breaking down. There are so many
options in data analytics and then wrangling all these things together with
data lakes. Definitely, the future is about better integrating all of these
things.
AI/MLOps is really popular now
because there are so many data scientists and people integrating ML into
things. They need some sort of organizational structure to keep that organized,
just like CI/CD did for DevOps. And all of those areas continue to grow. At
AWS, we have 175-plus services, and they are always coming up with new ones
every day. I don’t see that slowing down anytime soon.
Gardner:
Anupam, for your future outlook, to this point that Ryan raised about
integration, how do you see organizations like Unisys helping to manage the
still growing complexity around the adoption and operations in the cloud and
hybrid cloud environments?
Sahai: Yes,
that is a huge challenge. As Ryan mentioned, hybrid cloud is here to stay. Not
everything will move to the cloud. And while cloud migration trends will
continue, there will be some core set of apps that will be staying on-premises.
So leveraging AWS Outposts, as he said, to help with the hybrid cloud journeys
will be important. And Unisys offers hybrid cloud and multi-cloud offerings
that we are certainly committed to.
Security
and compliance issues are not going away, unfortunately. Cloud breaches
are out there. And so there is a need to actively manage and be
proactive about managing your security and compliance posture. Customers
are going to work with AWS and Unisys to fortify both their defense and
offense proactively.
The other thing is that
security and compliance issues are not going away, unfortunately. Cloud
breaches are out there. And so there is a need to actively manage and be
proactive about managing your security and compliance posture. And so that’s
another area that I think our customers are going to be working together with
AWS and Unisys to help them fortify not just their defenses, but also the
offense -- to be proactive in dealing with these threats and breaches and
preventing them.
The third area is around
AIOps, and this whole notion of AI-enabled CloudForte, and we see AI and ML to be
prorating every path of the customer journey. Not just in AIOps, which is the
operations and management piece, which is a critical part of what we do, but AI
in enabling the customer journeys in terms of predicting.
So let’s say a customer is
trying to move to the cloud, we want to be able to use predictions to predict
what their customer journey would look like if they move to the cloud and to be
proactive about predicting and remediating issues that might come up.
And, of course, AI is fueled
by the data revolution -- the data lakes, the data buses -- that we have today
to transport data seamlessly across applications, across hybrid cloud
infrastructures, and to tie all of this together. You have the app migration,
the CI/CD, and the DevSecOps capabilities that are part of the CloudForte
advisory and product services.
We are enabling customers to move to the cloud without compromising speed, agility, and security and compliance, whether they are moving infrastructure to the cloud, using infrastructure as code, or moving applications to the cloud using applications as code by leveraging the micro-services infrastructure, the cloud native infrastructure that AWS provides -- and Kubernetes included.
We have support for a lot of
these capabilities today, and we will continue to evolve them to make sure no
matter where the customer is in their customer journey to the cloud -- whatever
the stage of evolution -- we have a compelling set of production services that customers
can use to get to the cloud and stay there with the help of Unisys and AWS.
You may also be interested in:
- How modern operational services leads to more self-managing, self-healing, and self-optimizing for IT
- HPE Pointnext’s Nine-Step Plan for enterprises to attain the new business normal
- As containers go mainstream, IT culture should pivot to end-to-end DevSecOps
- AI-first approach to infrastructure design extends analytics to more high-value use cases
- How Intility uses HPE Primera intelligent storage to move to 100 percent data uptime
- As hybrid IT complexity ramps up, operators look to data-driven automation tools
- Cerner’s lifesaving sepsis control solution shows the potential of bringing more AI-enabled IoT to the healthcare edge
- How containers are the new basic currency for pay as you go hybrid IT
- HPE strategist Mark Linesch on the surging role of containers in advancing the hybrid IT estate
- How the Catalyst UK program seeds the next generations of HPC, AI, and supercomputing