The cloud journey has been anything but identical for enterprises across industries. Whether cost considerations make public cloud an ideal choice, or security concerns propel decision makers to go with private cloud, every deployment story is unique.
Then there’s hybrid cloud and multi-cloud, where each also has its own sets of pros and cons. Given this predicament, how and where should business organisations still at the infancy stage of their cloud journey proceed?
This was the jump-off point for discussion among senior IT leaders during the roundtable entitled “Private Cloud — Best of All Worlds?” organised by Jicara Media, and hosted by Rackspace Technology and Dell Technologies.
According to Inho Hwang, Senior Solution Architect, South Asia at Rackspace Technology, they encounter two kinds of customers depending on the level of regulation enforced by industry and government bodies.
“If they are regulated by government bodies, and if the regulatory body has stringent or very clear guidelines in terms of what (data) could (and) could not be put out, it will be easier for (our) customers to decide what route to take,” Hwang said.
“But if there isn’t, for example, Bank Negara Malaysia, which until quite recently, never had very well-defined guidelines, (therefore) a lot of customers in Malaysia refrained from actually exploring the cloud. So the first strategy is on-prem, but over recent years, I think Bank Negara Malaysia has released new guidelines for cloud computing. And I think customers feel more comfortable to start exploring (the cloud),” he continued.
Then again, the cloud journey usually depends on which industry the organisation is from.
“Those applications that require a lot of traffic, that need to serve users globally, (clients) put them on the public cloud for public interfacing. For the critical database and applications, they’ll put it on-prem. Some customers will take this approach depending on which industry,” Hwang noted.
“Some customers will go full-blown cloud, for example, Netflix, because their applications are fully serving end users over (a) CDN network, which they don’t actually have so much tendency to put into their own on-prem,” he remarked.
Beginning the cloud journey
When it comes to data, enterprises of varying sizes and industries have unique needs, but even lines of business within an organisation can have different requirements. Therefore, a one-size-fits-all approach is a no-go.
One solution would be for IT to create a framework on how lines of business should manage their data, said Bernard L’Allier, Managing Director, South Asia at Rackspace Technology.
“Smart organisations – and particularly those with a budget – are doing their best to have IT create a framework that will allow lines of business to make their own plans, as long as they follow set corporate guidelines. It can be around golden images for virtual machines, or it can be around data protection rules that application vendors need to follow,” he explained.
“The key driver for cloud is less infrastructure on-prem versus infrastructure as a service. Almost every organisation is going to be using SaaS (software as a service) for large numbers of things that are non-critical but are important. If you’re using SaaS, then you’re hybrid by default. You have data going into all kinds of places, so you need that framework,” L’Allier added.
Meanwhile, as a lot of businesses adopt a cloud-first strategy, there are a few concerns pertaining to data governance, said Saravanan Krishnan, General Manager, Unstructured Data Solutions for Dell Technologies, APJ & Greater China.
“The question is why cloud-first, and why not data-first? Because a cloud-first strategy allows an organisation to look at options from a consumption perspective— time to market, agility, ease of operations, and so on. The challenge there sometimes is, are you skipping a few steps along the way, from a data governance point of view?” Krishnan said.
“When we talk about cybersecurity, a lot of times refer to a malicious attack happening, but do we adequately consider situations where organisations are in a position to recover from a malicious attack?” he added.
For heavily regulated industries, like healthcare, the flexibility to move data across platforms can be quite a challenge.
Such is the case for GE Healthcare, one of the organisations operating in the sector, given the sensitivity of patients’ medical data.
Apart from his job as Regional CISO for Asia-Pacific, Senior Director Leonard Ong also assists their clients in designing solutions that are compliant with government and industry requirements.
“We are a cloud-first organisation, so no one thinks about getting hardware. For internal apps, we always go to the cloud,” said Ong. “We are so decentralised that people can choose which CSP (cloud service provider) that they want. We are in the phase where we need to consolidate. But at the same time, we also need to diversify, because there are certain countries like China, where going with the top three global CSP is not the best option. You need to consider the local CSP.”
For Krishnan, having a global cloud strategy can be difficult, because the infrastructure maturity differs from country to country.
“Start with a data governance strategy. And then that also will evolve over time. For some organisations, they have a Data Protection Officer who looks at the entire governance framework, which will allow you to work with the security, infrastructure and applications teams, and say, ‘Okay, if this is the cyber resiliency framework, how do you want to execute upon this strategy?’ And (that strategy) would probably need to be reviewed on an annual basis,” he said.
“A lot of organisations are finding that if you have a central strategy, particularly around your data, then which cloud vendor you use for particular applications becomes much less about lock in and much more about convenience. That’s a complicated strategy to pull off, but it gives you a lot of flexibility as the world changes,” L’Allier added.
All bases covered
Although the appetite for cloud among enterprises is growing, many are still beset by security issues, hence the reliance on on-prem infrastructure.
However, that mindset may soon be changing.
“There’s a push from head office that we are going to move a lot of applications onto the cloud. But having said that, there are still a bunch of legacy systems that need to be on-prem. Because of the moratorium that’s been imposed by the government in Singapore, we are actually seeing issues in maintaining data centres. I foresee that the biggest challenge for me, I will see that TCO (total cost of ownership) will definitely go up because I need to maintain both cloud applications and legacy systems in on-prem data centres,” said Soh Chai Yee, Regional Head of Infrastructure and Data Centres, Commerzbank.
“One of the reasons why organisations move to the cloud is because they don’t have resources. But when you move them (data) back on-prem, you also consider the capacity to build skills. Security professionals are not easy to come by. Data science is a critical resource, then the question is, are you in a position to partner with organisations who can support you in that area? So it is quite a comprehensive thought process to have,” Krishnan observed.
To solve the talent crunch in cybersecurity and cloud computing, Ong supports investment in training and education.
“Although ultimately, those people may not stay with us forever, they will go to the industry. But if everyone thinks like this, then we have more and more cloud specialists and cybersecurity specialists, and then the whole industry gets better in elevating cloud and cybersecurity maturity,” Ong said.
According to Krishnan, the cloud landscape has changed so much in the last five years, and will continue to change because business needs, as well as data regulation, are also constantly evolving.
“Two years ago, we talked a lot about hybrid cloud. But today, the world is beyond that — it is multi-cloud. So what is multi-cloud? Where do I place the on-prem and off-prem workloads, on which hyperscaler, and at what costs? The other consideration really is, what data needs to sit where and why? Data affinity to applications is important, and our ability to be able to refactor legacy applications needs to be taken into account (by customers),” he said.
For Hwang, joint planning with their customers always helps determine the best direction to take on their cloud journey.
“No solution is perfect. There are always pros and cons. If you host your own private cloud, you can really maximise your investment, but obviously, you will lose out on scalability, elasticity, and agility. As a solution architect, when customers come to me, I tell them all these available solutions that we can offer, or that we can help to build and try to find the right balance,” he concluded.