December 5, 2016
Andrew Rouchotas is the CEO of Cartika, an innovator of IaaS, Cloud and Managed Service solutions. We recently asked for his insight on how business owners should be using cloud services to manage their IT assets. Here's what the had to say:
What are the most common concerns business owners today have about managing their IT assets
Business owners and financial officers have different concerns than IT departments when it comes to technology. Their issues are broader and at higher levels. They include aligning IT to support the corporate business needs, hardware lifecycle management, escalating capital expenditures and managing tax implications. For some organizations, there may be concerns around compliance (HIPAA, SOX, PCI as examples). The penalties for infringement can be damaging and developing the expertise in-house is often a challenge.
Another obstacle is a general resistance to operational streamlining by IT staff worried about job security. Staff can become protective of the old model and that generally doesn't serve the best interests of the company or customers. Business leaders need to convince their IT managers that their real value won't come from the old paradigm, but by focusing on how IT applications impact core business goals like productivity, innovation and customer support.
What considerations should companies be making when searching for cloud-based supports for IT functions?
Companies moving to an Infrastructure-as-a-Service (IaaS) cloud environment must consider how the core security and operational aspects of IT will be managed. Outside of pure infrastructure, there other essentials to think about such as managed backups, antivirus, malicious attack prevention, managed firewalls and integration with other systems - just to name a few. Many companies don't think about IaaS holistically, and that is risky.
A company should also understand the level of support they will receive from their cloud provider. Will it be proactive or reactive? Reactive support means your services could be malfunctioning for hours or even days before someone notices. A reliable proactive approach, in contrast, provides 24/7 monitoring of your virtual machines, network and hardware. This catches problems as soon they develop rather than letting them fester.
What do you see are the most common mistakes or biggest oversights they make when searching for and buying cloud-based vendor support?
Most companies don't buy vendor support. They assume their IT staff will (and can) take care of everything themselves. For large enterprises, this may well be the case. Even then, some choose to outsource parts or all of the management so they can focus on other priorities.
When deciding on vendor support programs, companies need to ensure they know exactly what they will get and what's excluded. People may assume 24/7 management and support are in place, But, they're typically not unless explicitly purchased. The same goes for monitoring at the VM level, available SysAdmin or DBA services, data backups (not just snapshots) and many other on-going processes. We go to great lengths to break out and contrast our IaaS Services and Support because this is critical information to know and the devil is in the details.
Organizations also make mistakes around regulatory compliance. A customer will read the vendor's generic Business Associate agreement and think they're covered. But they fail to read the fine print in the "Customer Responsibility" section. A provider will usually offer only piecemeal compliance for physical and virtual security, leaving the rest of the accountability at the client's doorstep.
What do business owners need to know about backups in the cloud? Is it set it and forget it?
Business owners should always have data backups and recovery top-of-mind. Few however actually grasp their importance until after a disaster, after the damage has been done. When in the cloud, backups are definitely not "set it and forget it." With cloud-based backups, there is a wide variance between offerings. You need to ensure the provider has the proper data safeguards, proven process and trained staff in place to ensure full and accurate recoverability. Otherwise, a single mistake or disgruntled employee could literally put your business in a tailspin. Large organizations, in particular, may need multiple security layers and explicit contracts in place above and beyond the usual standards.
A true managed data backup solution is not a common offering and should be something business owners look for. Typical "included" backups and snapshots may be fine for some applications, but they can also fall drastically short depending on your recovery point and time objectives. Be diligent in assessing the service providers' abilities and processes, and make sure the solution fits your needs.
How has cloud security evolved since you've been writing about it? What are the hot-button topics surround cloud security today?
For most people, the subject of cloud security is misunderstood at best. Research shows that companies are becoming less concerned about cloud security than they were in the early days of IaaS - and for a number of good reasons. But the reality is, we all need to focus on security at all times, regardless of where the infrastructure resides.
Depending on the tools the provider uses and how the system is managed, even a simple cloud development environment can be vulnerable. The "bad neighbor" problem of the old shared hosting model still persists. Indeed, cloud environments remain a breeding ground for hacker activity. Hackers can scan IP blocks and find hundreds if not thousands of vulnerable VMs. They can then target these to spread viruses, launch DDoS attacks, or worse.
Despite these potential dangers, many cloud providers only provide bare-bones protection by default. While that is often as good, or better than some smaller IT departments can provide, the customer must recognize their own vulnerabilities and take measures to protect themselves.
How can companies with limited technical support on staff get good IT guidance? What are the best resources available to them?
If a company is looking for general information, there are numerous resources on the web - specifically in vendor blogs, IT analyst content, IT groups and industry publications. However, if they are looking to move to IaaS, they should talk with vendors. During initial discussions, a good MSP can quickly assess and explain where the shortfalls will have impact. This will help the company get a clear picture of what important managed services they might need, and those they don't.
Having this conversation is a good start, and it will help narrow down the search for MSPs who best meet the criteria. Sometimes that means selecting a service that patches the gaps in your existing IT staff and team. Other times it could mean purchasing end-to-end coverage.
In general, large public cloud providers are more focussed on selling enterprise, self-managed IaaS. Small-mid sized MSPs tend to specialize more in management and support services. Carefully evaluate managed IaaS providers. Carefully examine each provider's support and management offering and select one that can provide you the total level of service and support you require.
To what do you attribute the growth of Infrastructure-as-a-Service (IaaS)? What do you predict the future of IaaS will look like?
Two of the key drivers in IaaS growth simply come down to significant cost savings and flexibility. The business, financial and technical logic behind renting out computing infrastructure is just so clear that it can't be ignored.
Managing, securing and delivering data is no longer the job of a "techie" tending a few servers in a dusty basement closet. Data is too vital now for that and privacy regulations have become complex. Mastering those elements in the current cloud hosting landscape requires specialized IT staff providing comprehensive, 24/7 coverage, including management of disaster recovery protocols, data backups, and so on.
Looking ahead, I see everyone using infrastructure as a pure utility. Much like electricity, you "flip the switch" and the infrastructure turns on. IaaS is becoming a layer of abstraction, separated from the management and support of the actual services running on it. The "cloud giants" are clamoring for the pure infrastructure business and not very keen on providing higher value for their customers. They are obviously focused and making mountains of money in the process. In contrast, providers who proactively anticipate client needs for cloud management and security will play an increasingly critical role in the future of IaaS.
What are some of the trends or headlines in Cloud computing you're following right now? Why?
There are a number of highly publicized trends we follow that all impact how data is created, distributed and used. Big Data, the Internet-of-Things, Artificial Intelligence and Virtual Reality are dominant ones at the moment, and they will all have future implications for businesses, including ours. We monitor these as they evolve because we want to understand how they will affect customer IT needs moving forward and how we will support those demands. That way we can try to get ahead of the curve as we think about our future services.
At a more granular level, we carefully follow and participate in the automation of IaaS functionality, integration, on-going management and support services. We'll soon have the ability to back up and recover from any cloud to any other. We'll be able to layer our management platform onto infrastructure anywhere, and that's exciting. Using platforms such as Amazon and Google, along with our own, we'll be effectively providing "IT Management-as-a-Service."