Cloud Computing & Governance with Darryl Grauman

This week we have a very special guest joining us for Lancom TV, Darryl Grauman, the VP of Cloud and Services at Westcon APAC.
In this episode we discuss the AFTER cloud factor.
The move from in house servers to cloud computing has meant a shift of responsibilities. In this 3 part mini series we take a closer look at what this change means for you.


 

Part 1: Procurement and management

 


Part 2: Security and cloud

 

 

Part 3: What should you look for in a reseller

 

 

 


Transcript


Part 1: Procurement and management

Priscila

Hello, everyone. Welcome back, another episode of Lancom TV. I'm sitting here with Darryl. Darryl was the VP of Cloud and Services for Westcon APAC. Hello, Darryl.

Darryl

Hey, thanks for having me.

Priscila

No worries. My pleasure.

Darryl

Pretty cool setup, you guys here. I'm actually really impressed.

Priscila

Thank you.

Darryl

Very, very, cool.

Priscila

Thank you. So, as the title states, Darryl is a cloud computing man. So, he is fully embedded into the world of cloud computing. And I brought him today as a guest to talk to us about governance and cloud computing. Now, we all know that cloud is the way to go, many New Zealand businesses are already there, but, today we're going to address what should happen after you move to the cloud. Isn't it, Darryl? So, I've got a few questions for you, as usual.

Darryl

Shoot.

Priscila

I will fire away the first question. So with cloud computing coming on board there was a change in procurement, wasn't there?

Darryl

Yeah, big one.

Priscila

So, could you just talk us through that?

Darryl

Okay. So, if you're kind of my age, you know, older, you remember back to the old days, where, you know, if somebody wanted some IT infrastructure, they use to prepare business case first.

Priscila

Yes.

Darryl

You know, you used to have to go to procurement, and would go negotiate with a couple of vendors, and trying to get a price, and had to go through a couple of sign-offs. And finally, you got your server after about six weeks of waiting. But, nowadays, one engineer has to push one button, all right, and straight away they can have a server deployed. So, we've effectively given our engineers delegated financial authority to go out and deploy a whole load of infrastructure into environments. So, the second that they deploy that infrastructure, and it can be 1 server, it could be 10 servers, it could be 100 servers.

Priscila

That's right.

Darryl

All right? You're getting charged for them. Whose deployed them? How many have been deployed? For what? How longer are they gonna be there? All of these things are up for grabs. And so, my question is this, who knows about it?

Priscila

And that's what I was gonna question you about next. That's a very good time. So, what are cost in asset management and governance like? What does that look like in cloud computing day? Since the engineers took that function as we mentioned before.

Darryl

Yeah. So, what it means is, is that there are some new things that have to come over and above the engineering practice. So it's about having the ability to see into the environment and understand, how many instances are there, how big the instances are, how long they've been running, what they're doing, how they're being built. And the key here is, is also not just to be able to see them, but also to be able to alert on them.

Priscila

That's right.

Darryl

So being able to set thresholds like, "I want to be paying $1000 a month, and if it looks like halfway through the month I'm gonna exceed this, I want my CFO to know, all right?"

Priscila

To know, exactly.

Darryl

Or, "If I've got 10 servers that are not being utilized more than X percentage, all right, I want my SDM to know about it, all right, because I'm paying for this." So, these are some of the policies that have to slowly start to come into play around governance, financial analytics, and alerting. Okay, it's still asset management but it's more.

Priscila

It's getting that feasibility, right? Yeah, but also doing something about it.

Darryl

Yes, yes.

Priscila

So, I wanted to move on to a topic where most of us, I guess, are a bit concerned about now, right? So, cloud computing and security. I have migrated my computers to cloud. Is it secure? And what does compliance look like and security look like in cloud?

Waruna

Okay.


Part 2: Security and cloud

Priscila

These are some of the policies that have to slowly start to come into play around governance, financial analytics, and alerting. Okay. It's asset management, but it's more.

Darryl

Yes. Yes.

Priscila

Assets and governance and financials and all of that, but I want to move on to a topic where most of us are a bit concerned about now, right?

Darryl

Yes.

Priscila

So, cloud computing and security. I have migrated my computers to the cloud.

Darryl

Okay.

Priscila

Is it securer? And what does compliance look like and security look like in the cloud?

Darryl

Okay. So, security, first of all, is the biggest hindrance, or the biggest blocker, to people actually moving to the cloud.

Priscila

Moving to the cloud. I agree with you there.

Darryl

Once people have gotten over that. Now one of the questions is, is what happens when I'm there? How am I going to manage it? How do I understand what my security policies and everything looks like? I've got all these people looking at it. There are ways and there are tools and systems that can be deployed over the top of any cloud implementation, so that a Chief Risk Officer can actually have a complete view of compliance, across an entire cloud account or series of cloud accounts. They can dig down into what the resultant security policy is and get a graphical representation of it. And either the Chief Risk Officer or the IT Reseller, who is responsible for the environment, should be monitoring that on a daily basis.

Priscila

Yes.

Darryl

And they should be alerted to anything outside of policy. There are ways now that you can scan a cloud account, and put a policy over it, which is let's say a PCI compliance policy.

Priscila

Yes.

Darryl

And actually see how compliant you are with that policy, and work to remediate. And then set alerts if anything is deployed into that cloud account that is contravening policy.

Priscila

Right.

Darryl

So, all of these tools are there.

Priscila

So, all of those things are there. It's just about having the right people play with them, I suppose.

Darryl

Correct. And people who know what they are doing.

Priscila

Exactly.

Darryl

And it's about being proactive at the beginning. When you're planning a migration, great, but prepare the end state, alright?

Priscila

Yes. Yes.

Darryl

And prepare to know where you're going to land, and know you're going to be secure. At the end of the day, nobody wants to be another Equifax; nobody wants to get hacked, nobody wants their information out there, alright? And that's from an IT Reseller's perspective, as well as the end user customer.

Priscila

Absolutely. Hands down. Neither of us, including the IT Reseller, wants to get hacked. So, we talked about the right people on the job, my question to you then is who should be looking after the governance pieces, right? There are different components we mentioned so far, who is the best person to look after those things?


Part 3: What should you look for in a reseller?

Darryl

And it's about being proactive at the beginning. You know, when you're planning a migration, great, but prepare the end state, all right? And prepare to know where you're going to land and how you're gonna be secure.

Priscila

So we talked about the right people on the job. My question to you then is, who should be looking after the governance pieces, right? There's different components we mentioned so far, and who is the best person to look after those things?

Darryl

There are different roles in different organizations. So, you know, you've got an IT manager, or a finance manager, or a CFO that wants to actually see what the forecast on cloud computing looks like, all right? And they wanna be alerted if there's any type of overspend, all right? Then you've got the IT manager as well who, maybe, wants to see how many servers have I got? How much of this? How much storage am I using, that kind of thing. Then you've got your security and risk guys, all right, who need to see the security compliance piece. So, it's about being able to provide the right information to the right people at the right time, okay? And the best way to do it is to provide them with a dashboard that they can see, as well as the proactive alerting, all right, which they can get, you know, as and when needed. It's no use telling somebody that they've gotta dive into screeds of information to get what they're looking for. It needs to be right there in front of them.

Priscila

An instant, isn't it? Yeah.

Darryl

Instant, absolutely instant, yes..

Priscila

We are wrapping up now, so my final question is, obviously, that works really well in mid-sized organizations and perhaps a bit larger organizations where you have all those internal resources to be looking after those different pieces and components of the cloud. But if you are working with a reseller that is taking care of that for you, what should you be looking for in that reseller? What should they be doing for you? What does a good reseller look like?

Darryl

That's right. So, look, it's, kind of, like I said before, your reseller should have the ability to take you to the cloud, all right, to move you to the cloud.

Priscila

To migrate you, yeah.

Darryl

All right? But they should also understand what the end state looks like, all right? And they should also be able to go, "Well, okay, hold on a second, all right? This is what it's gonna look like in a year's time." You know, we've got one organization that put a business case to go to cloud and, using the right policies and processes, stayed over two years within 99.7% of their original business case...

Priscila

Wow. That's interesting.

Darryl

...because the right policies were there. So it's about understanding. So, you're gonna do a business case, you're gonna migrate, which is gonna go to the cloud, all right, you ask your IT reseller, "What does the end state look like? How are you gonna show me how much I'm spending? How are you gonna forecast my spend? How are you gonna show me how many assets I've got there? How am I gonna set up alerts that I know if there's gonna be overspend? "Show me how you're gonna keep my environment secure." These are the kinds of questions that you have to ask. Don't just ask about migration. Ask about the rest, all right?

Priscila

Just look a bit forward.

Darryl

Because you're stuck there for the next 10 years, all right? Make sure it's right, okay?

Priscila

I love the advice.

Darryl

Thanks.

Priscila

Thank you so much for coming, Darryl. I appreciate it. I hope you guys also appreciated Darryl being here today as a guest and if you do have any questions about cloud computing, we would be more than happy to answer them. Feel free to get in touch. And we'll see you next time. Bye for now.

Darryl

Thanks very much.

Priscila

See ya.

Darryl

See ya. Bye.

 

We help businesses like yours.

See what our clients have to say about their experience with us

Learn more