BeyondID CEO & Co-Founder, Arun Shrestha, answers questions about cloud 3.0.
Q1: How do you define cloud 3.0 and where does ‘cloud native’/microservices/kubernetes/multi-cloud fit into that?
While Cloud 1.0 and Cloud 2.0 served as the foundation for World Wide Web and Social & Mobile respectively, Cloud 3.0 provides the foundation for a dramatic shift in how we work and serve our customers today and how we will work and serve our customers in the future. Cloud 3.0 (a.k.a – the third wave of cloud computing) gives companies the flexibility to digitally transform themselves, be more agile and secure, and provide better connectedness from any device around the globe. Never has this adaptability been more critical than in the past 16 months of the global pandemic, especially in key industries like healthcare, retail, telecommunications, and financial services, which represent major pillars of our society. Companies were suddenly faced with their workforce remotely accessing systems and data from a variety of devices and customers spending more time online than ever before. Telemedicine, online shopping, video conferencing and online banking became a new normal. This became possible with Cloud 3.0 because thousands of cloud service providers offered microservices that are relatively easy to weave in, creating a modern app ecosystem with limitless possibilities. This compute anywhere, decentralized, scale-and-adapt approach is one of the advantages of Cloud 3.0. It also gives organizations the ability to manage identities and access to digital assets safely and securely.
Subsets of Cloud 3.0 – cloud natives apps, microservices, Kubernetes, multi-cloud – let companies optimize the use and delivery of a limitless number of applications and services, which can be built and deployed at a record pace. For example, microservices are easier to build and deploy, more scalable, faster to get into the market and more cloud-ready than traditional applications. And multi-cloud gives companies the option to optimize their computing resources while avoiding downtime and data loss. In today’s cloud-based, non-stop global business environment, these applications and services provide additional flexibility in the cloud while maximizing business value.
Q2: What makes this new era of cloud challenging for organizations in a way that the initial waves of adoptions were not?
If companies had been taking a more modest approach to their cloud initiatives prior to 2020, COVID-19 changed everything. 2020 was a record-breaking year for cloud platforms, applications, and service providers. Organizations had to adapt quickly to remote working, and consumers spent far more time online, accelerating the shift to cloud services. Unlike the first couple waves, for many organizations, the cloud is now an integral part of an overall corporate strategy. For example, eCommerce is commerce, telemedicine is becoming the preferred option in healthcare, video conferencing has replaced in-person meetings, and online banking is a normal way of banking. This new era of cloud has created opportunities for new business models by challenging the status quo of the old business models. Fast forward a few more years, the phenomenon has the potential for displacing many incumbent Fortune 500s. Embrace the new business models afforded by Cloud 3.0 or face the reality of going out of business. It has forever changed IT infrastructures and the way companies manage their business, from application development to ops to customer engagement.
With that comes a set of new challenges.
1) Cloud 3.0 Mindset: How does an organization transform itself to reflect a Cloud 3.0 mindset? While many companies understand the need to make the transition, putting the right strategy and execution in place can be difficult given existing legacy systems, processes already in place, and cultural changes.
2) Migrate to Cloud 3.0: How do you manage the complexities of cloud migration? Moving to the cloud greatly reduces the reliance on legacy systems and platforms but it does not eliminate them. Applications and services can be developed quickly using best-of-breed offerings but managing it all adds a different kind of complexity to your operations. And while cloud migration can deliver significant value to the business, getting to the end goal where those benefits are fully realized takes time, in some cases years.
3) Secure Cloud 3.0: How do you keep your business secure? Migrating to the cloud presents new security challenges and those are amplified by external controls over an organization’s digital assets and the potential for mismanagement of those assets. Not only is there an increase in the number of potential access points, but the number of systems, platforms and applications have expanded too far greater numbers than when everything was managed on-prem. Add to that the need for better customer experiences and giving your workforce access to digital assets from any location and device and security becomes the central focal point from which everything else must flow.
Q3: What role do consultancies/VARs, etc. play in the cloud 3.0 era that perhaps they haven’t before?
Consultancies – especially managed service providers – were once viewed as IT vendors, providing additional services to the corporate IT department. They were often selected based on the lowest cost and projects were limited in scope and timing. MSPs were added support when IT departments needed it most.
There are thousands of SaaS offerings in the Cloud 3.0 era – many SaaS or Clouds exist for every service you can imagine. Most SaaS apps are offered as microservices where functions available through these apps can be exploited via Application Programming Interfaces (APIs). The vast SaaS options mean that an infinite number of apps can be built and deployed in a record time at a fraction of the cost compared to building them from the ground up. While that is good news, the bad news is that the complexity of discovering, designing, migrating, integrating, deploying, and managing these apps has grown significantly. All SaaS apps are not created equal and without experts who are well experienced in any collection of these apps, the undertaking of these initiatives become highly challenging. The role of consultancies/VARs has never been as critical as in the cloud 3.0 era. Companies need to select and partner with the right consultancies/VARs to help them navigate the complexity.
As a result, today, the role of a managed services provider has changed considerably. MSPs are now strategic advisors to CIOs and CISOs, helping to drive the initiatives that are required to migrate and manage the move to the cloud. The expertise needed to deliver on these objectives is particularly well-suited to services providers as they can hire experts in key areas that are far more knowledgeable and cost-efficient than the company trying to hire the talent themselves.
These specialized skills mean service providers, and more importantly, the people they bring to an organization’s digital transformation, are crucial to its success. Chris Barbin, founder of Tercera (full disclosure: Tercera is an investor in BeyondID), said, “We hear so much about technology and products, but I believe it’s the people who will lead this wave — the individuals and people-based services firms that are building on and creating these digital experiences and putting them to use in the real world.” Companies who utilize these cloud service providers and their technical talent will be ahead of the game in the long run.
Q4: What recommendations do you have for organizations that already are in the cloud, to take advantage of Cloud 3.0?
Cloud 3.0 gives organizations a considerable amount of flexibility in managing their IT infrastructures whether it’s digital assets, systems, applications, or security. Determining the best approach for optimizing each of those components in the cloud is key to ensuring a successful outcome against the company’s business objectives.
And while application development in the cloud can truly be a sprint, managing and growing your cloud environment is a marathon. As companies advance the use of cloud services across the business, they need a clear strategy and plan for how to get there. This will help prioritize ongoing cloud initiatives and where resources should be allocated to deliver optimum results.
Organizations also need to keep the security of their cloud environment at the top of their priority list. With rapid application development, employees working remotely (and on different devices) and customers expecting a great experience, there are points of vulnerability in those systems that will only continue to grow. Unfortunately, cyberattacks are a daily occurrence, disrupting businesses large and small. Cybersecurity should be the cornerstone for an organization’s evolving cloud strategy.
The top three recommended actions are:
- Adopt modular mindset powered by microservices over monolithic architecture: Build applications as a collection of small autonomous services developed for a business domain as a loosely coupled best-of-breed service collection. Adopt a modular approach that functions in a stateless architecture design – each service may provide a handful of functions.
- Integrate and Manage: Have a clear plan and approach for integrating and managing a whole host of existing and new assets and providers. Create an up-front integration plan to ensure that the existing assets work well with the new service providers including automated provisioning of these services to ensure that endpoints, events, and fine-grained access controls are consistently provisioned and de-provisioned.
- Design with security from day one: Adopt mature secure-by-design cloud principles from day one, which means 1) securing your cloud by segmenting serverless workloads with granular account-level segmentation and limiting exposure, 2) reweighing authentication for workloads by using modern identity protocols and short-lived tokens to mitigate credential exposure, 3) deploying robust perimeter security around people and machine through a single and secure access gateway backed by adaptive access management, and 4) conducting continuous risk assessment and applying modern governance frameworks for service provisioning and de-provisioning using an embedded DevSecOps pipeline.
Q5: For organizations that still aren’t in the cloud (does that exist?) or hybrid type organizations – what is the cloud 3.0 opportunity and how should they proceed?
Believe it or not, yes, there are still companies that have not migrated to the cloud! Cloud migration requires companies to think and execute differently and this journey can be difficult to initiate and even more difficult to navigate at times. Cloud 3.0 provides every business the opportunity to accelerate its digital transformation. Businesses that are going to embrace and leverage Cloud 3.0 have the opportunity to thrive and grow exponentially. Businesses need to commit to Cloud 3.0 not only as a technology refresh but as a core foundation to their future growth and continuous success. Successful cloud migration and digital transformation require that companies follow a proven methodology that includes the following steps:
Hire a Managed Services Provider
This effort can happen in conjunction with the business assessment mentioned below, but it’s a critical step to a successful cloud migration strategy. Most companies don’t fully understand all the complexities involved and hiring a team of experts to help guide your organization will help save time and costs over the long run. A strong partner can help you perform the right assessment, develop a sound cloud migration strategy and deliver the results you’re expecting.
Conduct a Business Assessment
Your organization needs to determine what it hopes to accomplish from a migration to the cloud, such as achieving greater flexibility, lowering IT costs or improving security. Once you have clearly defined objectives, a thorough assessment of your current business situation is conducted – what should be migrated to the cloud, what does the current infrastructure look like, what is the budget, what resources are needed to make this transition, and how will we keep it secure.
Develop a Strategic Plan
A successful cloud migration strategy will define all the key elements for the migration and how they will be implemented, including the type of cloud environment and cloud provider, what cloud components are needed, how they will be migrated, who is responsible and the timetable for execution, among others.
Execute the Plan
With everything defined, it’s time to implement the plan. This includes backing up all the digital assets and servers, setting up and securing the cloud environment, migrating those assets to the cloud and then testing and tuning that environment to make sure it’s working as designed.
Manage the New Cloud Environment
Getting your new cloud environment up and running is a great start but it’s just the beginning. First and foremost, your new environment needs to be secure and managing identities and access to your data in the cloud is essential. These security requirements are no different than on-prem, but the implementation approach can be different. Corporate governance and compliance practices must also be kept current and while capacity demands are easier to manage in the cloud, the reliability of the infrastructure is as critical as ever. And of course, there’s the standard monitoring and maintenance required for any system: optimizing the servers, managing data, and backups, and training employees.
While every cloud journey is unique, it will contain similar challenges, actions and results. Therefore, it is vital to work with a proven methodology as well as a reliable team with deep subject matter expertise in the cloud who have performed many successful cloud transformation projects.