Doubts, uncertainties, and coping strategies in cloud adoption

As Indonesia embraces digital transformation, enterprises in Southeast Asia’s largest economy are eager to make full use of the cloud. At a recent roundtable in Jakarta organized by Jicara Media in partnership with Kemp and Wowrack, senior executives from organisations across Indonesia discussed their thoughts on the cloud.

The event was hosted by Henry Kay, Solutions Architect, Kemp, and Rudy Setiawan, CEO of Wowrack APAC, and moderated by Rahul Joshi, Head of Content, Jicara Media. During the course of the roundtable, participants revealed that they were eager to leverage the full suite of cloud services available in the market, but were sometimes unable to do so due to regulatory and technical challenges. They then shared their digital transformation hopes and wishlists to deal with challenges such as migration and security.

The Biggest Obstacle to Cloud Adoption

For many participants, regulatory hurdles represented the biggest obstacle to cloud adoption. Financial institutions, in particular, expressed that they were eager but unable to move to the cloud because of current restrictions; most enterprises are waiting for new regulations from the government that will allow them to digitally transform.

Johar Shodiq, Data Architecture and Governance Head at PT Bank BTPN Tbk, suggested that there hasn’t been a green light over whether enterprises can move data into the cloud, in terms of government regulation. “I believe later on, when OJK (Financial Services Authority) gives the green light, I think everyone, especially banks and financial institutions, will rush to utilise the cloud,” he said.

Hansen Setiady, IT Head of life insurance company Asuransi Ciputra Indonesia (Ciputra Life), added, “Due to compliance and regulatory restrictions, we’re only able to adopt certain kinds of cloud features. But if we cannot use the full functions, there’s no point adopting the cloud. It’s a dilemma for us.”

For some companies in the communications industry, the problem is not stringent regulations but the absence of them altogether, resulting in uncertainty over the future.

David Bumi, Director of PT Aplika Business, which deals in voice communications, explained that the main concern on everyone’s minds was still the government’s lack of clarity when it comes to regulations. “Right now it’s free for all. There are still no government regulations. Right now all communication is going to the cloud, but then the regulations are still from 1989,” he said.

A Debate over Migration Strategies

The participants emphasised the importance of assessing an organisation’s needs, and coming up with a cloud migration strategy suitable for the organisation. Two opposing strategies were posited: a phase-by-phase approach, in which non-critical systems are moved to the cloud first, and a ‘Big Bang’ approach, which entails migrating all systems at once.

Henry Kay recommended a phase-by-phase approach. He said, “For the ‘Big Bang’ approach, I would say that no matter how much assessment you’ve done, the core base infrastructure, the core base servers, networks, all the devices, are different from the data center itself. In one instance in which such an approach was adopted, close to 40% of mission critical applications faced issues, such as legacy applications that couldn’t adapt to cloud infrastructure.”

He continued, “One thing I’ve seen is that a lot of production data doesn’t contain the types of formats that the application needs to see. So when you do testing, you might have complete success. However, when you migrate over, the actual production data comes in, and it might not coincide with the testing data. So proper assessment will be very important.”

Scalability vs Cost

One major concern expressed by most participants is the scalability of the cloud, especially in relation to the cost.

Ngampooz, a startup developing apps for the higher education industry, even chose to use a physical server to begin with, instead of the cloud, because it was more cost-efficient at the time.

Hansen Setiady concurred. “For financial services, we need to have heavy security, and other features, from day one. But having all those features right on day one is actually very costly, and to scale up and down is not as easy as it looks, considering that many of the life insurance applications are monolithic and not modular. And when it comes to cloud adoption, the variables that come into play are numerous. It’s not just the time, you have to put in the human resources, you have to put in the expertise, even the bandwidth. Any collaboration between one cloud to another cloud, or even how your own data center connects to the cloud, requires cost and capacity.”

Johar Shodiq, argued, “The cost of investment will probably be higher, but if we’re talking about not only cost of investment, but cost of operations over a period, we need to make a comparison, between non-cloud and cloud solutions. In my view, cloud reduces Total Cost of Ownership (TCO), because we don’t have to be concerned about infrastructure or operations.”

Rudy Setiawan suggested a way to mitigate costs and achieve scalability. “You don’t need to choose purely 100% cloud, you can go 50% on the cloud, or, for anything that spikes, you go to the cloud. But anything on the processing side, whether it’s doing data analytics or big data or even AI, you can do it on-premise.”

Untangling Security Issues

As always, security remained a concern with the cloud, and participants suggested that the biggest vulnerabilities might lie in applications, not infrastructure.

Rudy Setiawan, said, “The challenge that we have now is actually application testing. There are a lot of loopholes in applications. In the past 3 months, we have dealt with a lot of servers getting hacked. Not from the infrastructure or the system, but mostly from the application side. So that’s why we tend to work closely with application developers. Even if we use firewalls, if it comes back to the application, it’s a way in for any kind of security breach. So our priority is to ask, ‘how did you test your application? Did you do a security audit on your application?’”

Eriyan Tedjokoesoemo, IS Governance Lead at Manulife, cited an example, “We have one application provided by a vendor, and it was cloud-based. We had so many requirements for security reasons: for example, application security scanning, source code scanning, and so on. Even though the application was their copyright, we needed to ensure that it was secure for us. Because the data itself, for Manulife, is still on-premise.”

One method of dealing with security, said Rudy, is to implement a white hat hacker solution. He explained, “We hire a hacker to try and hack the application or the system itself. We try to secure ourselves as much as we can and let the white hacker do the hacking. It will take maybe 2 or 3 weeks. It’s about making sure testing is done correctly – what’s the result, and if it’s a bad result, how can we fix it? Whether it’s multisite or a single cloud, or on-premise, we should test all.”

Johar Shodiq suggested breaking cloud security down into three levels – Infrastructure as a Service, Application as a Service, and Platform as a Service. He added, “Then, when making this kind of differentiation, we can talk about 3 kinds of different security requirements accordingly. We should consider it the perspective of what kind of service we want to acquire.”

The Future of the cloud

All participants agreed that cloud adoption, whether private or public, is here to stay and that new technologies will work hand-in-hand with the cloud to deliver better performance.

Hidayat Tan, VP, Business Development & Partnership at Whee, concluded the event with his vision of the future, saying, “I believe complexity of the cloud will be answered with managed services. We really think that the future is going to be in the cloud as well as in edge computing. So as your phone gets more computational power, application architecture will shift into flattening out between the cloud and edge computing. How the paradigm is going to change is what I’m waiting for. You can do more AI/ML stuff now more than ever.”