Michael Bird: Hello and welcome to Explain IT, brought to you by Softcat. This is a show for IT professionals that aims to simplify the complex and often over complicated bits of enterprise IT without compromising on detail. I'm host Michael Bird and over the next 20 or so minutes I'll be challenging our panel of experts to take a different area of the IT ecosystem and, of course, Explain IT. This week we're getting to the bottom of cloud. What exactly it is, why organisations should care about it and some things that an organisation might need to consider before taking the plunge. So with me today to help discuss all things cloud is Dean Gardner, Softcat’s chief technologist for cloud, Helen Gidney, Softcat’s technical design team leader and Craig Lodzinski, Softcat’s chief technologist for developing technologies.
So, first question Dean, what is cloud? Is it just marketing spiel for putting all my stuff in someone else's data centre?
Dean Gardner: So it can be, because ultimately the cloud sits in a global data centre footprint for those hyperscale providers, the likes of Amazon and Microsoft and Google and recently Alibaba. You can put IBM cloud in there as well. So they're investing heavily in infrastructure that sits in data centres just like organisations invested themselves in their own data centres, so it is, to a point, but ultimately organisations are looking to consume services, and we're talking infrastructure as a service, platform as a service, software as a service, to take away some of the headaches of actually running a data centre. So that's what cloud ultimately provides, and I'm talking the public cloud market, and obviously organisations can still build their own private clouds, but that's when you look at automating and orchestrating and giving that self service capability, but on infrastructure you're still running that would sit in either your datacentre or a colo data centre. So yes, partly, it is infrastructure that's running in someone else's data centre or a data centre but it's the stuff you put on top of that that makes it essentially a cloud platform.
Craig Lodzinski: I think it started off, if you look at the origin of the cloud providers, all the big three started off with providing VMs, whether that’s EC2, Azure VMs, Google Cloud Platform VMs, that was where they started off and that's probably where that accusation, that conception of ‘well it’s just the same infrastructure running in someone else's data centre’, now you're talking well in excess of 150 services on both AWS and Azure, slightly fewer on Google Cloud platform, got some differentiated ones, then specialist cloud platforms from IBM and Oracle, and those more niche players.
Michael Bird: When you say services do you mean, I can go up to the AWS ‘shop’, for want of a better word, and I can say ‘I want a mail server and I want a database server.’ Is that what it means? So they offer lots of different things from that perspective?
Craig Lodzinski: Yes sure if you take, for example, a database that you mentioned you could build your own virtual machine and install the software and run that in the way that you’ve traditionally done, and we’ve done even before the advent of hypervisors and virtual machines, but you can also run a partly managed service, so being able to be provided with a pre install instance of that software that you run it on, or you can have fully managed instances as well.
Michael Bird: So from the sounds of it this is not about trying to save money as an organisation, this is about trying to do more with less. Is that right?
Helen Gidney: I think it really depends on what you're trying to do. I think traditionally, when you buy infrastructure on-site, on-premise, you will consume everything that is there; you don't think about right-sizing or making the most of what you have there to keep your workloads as efficient as possible with their resources. So when you're looking to move stuff to the cloud you could save money because you can right-size it, you can make sure the resources that that workload is using are the most efficient.
Michael Bird: Because when you buy traditional infrastructure you tend to have a lot of space because you think, ‘I might need a bit more power because I don't quite know how much I'm going to need’ or ‘I might need a bit more storage space cos I don't know how much I’m going to need’.
Helen Gidney: Yeah and you typically oversize it for growth, future progression so you give yourself extra space and extra resource just in case, I guess, which is a lot easier when you're buying traditional infrastructure because you are constrained by specific hardware, specific server boxes will only take a certain amount of memory and CPU and certain storage areas will only take a certain amount of disk and things like that.
Dean Gardner: It's a continual review when you're going and consuming services, especially when you're developing new services, you get to the point where you have to have an end state. So if you're developing new services and that's where we were saying there’s actually quite good cost efficiency, so if you're not using virtual machines in the traditional sense, that you would have done on-premise and just using services such as Lambda functions or using serverless from Microsoft, as an example, there's efficiencies to be had with using those ‘as a service’ models that they provide and that just comes down to what the application’s doing. So there is cost efficiencies to be had, based on the portfolio of services that are available.
Michael Bird: Craig do you have anything to add on that?
Craig Lodzinski: There's definitely some issues that customers experience in the push to production because we've seen the inflection point in getting into public cloud has largely been driven by the developer community and it makes a lot of sense because they are not infrastructure guys and therefore if they're consuming on a utility model, they don't really have to worry about managing the underlying infrastructure, so when they get it right and you start to push these big applications out to production in, potentially, a huge scale fashion we’ve seen with guys like Uber and Netflix, there's really an issue that the costs can spiral out of control very quickly. If you take propositions in my area, in big data, something like Azure HDInsight, that's a hosted version of the hortonworks data platform, to spin that up is a 45 minute job and you can start getting access to a Jupiter notebook and it's four, five, six pounds an hour for a whole cluster. To build that cluster based on servers and storage and networking to instantiate that software is a monthly, quarterly, huge lead time compared to the rapid time you can use by spinning it up in Azure or AWS but actually if you leave that cluster running for 12, 18, 24 months, the typical life cycle of an on-premises infrastructure and you fully utilise that, the cost modelling becomes very different. So I think understanding, and what we do an awful lot of work with customers to help them understand is, how the pricing models affect their consumption and how they can consume resources in a really more efficient manner and make the most of their investment in the same way that we've always helped them out with licensing and on-premises hardware in the traditional sense, before the emergence of hyperscale public cloud.
Michael Bird: So Helen, why does it matter? Do you think an organisation needs to worry or bother about it?
Helen Gidney: Not worry, but I think it's definitely something to think about. You see a lot of companies that have seen cloud when it came out and thought, ‘this is the next best thing, this is definitely something we want to do’ and have shifted all of their workloads from on-prem into cloud and then found out there's a lot of, not complications, but things to think about; management, spiralling costs, it's very easy to spin up, so if you give a lot of people access to it you can spiral out of control very quickly.
Michael Bird: So you’re saying people maybe have a tendency to jump straight into it without really thinking about the longer term or the implications of it?
Helen Gidney: Yeah, definitely. I think customers that are very innovative and at the forefront saw cloud as a real cutting-edge piece and something that could help them get advantage over their competitors, to help them innovate quicker, develop apps quicker, things like that. So they went, ‘Yep, let's do this, let's go all in,’ and sometimes that's not the best thing for certain customers. Some customers it might be great, other customers the hybrid approach might be better and some customers prefer to leave it all on-prem, so it's just having that mixed set up.
Dean Gardner: And I think that's a fair comment because developers drove, essentially, a lot of the cloud usage in the early release of public cloud platforms. AWS were the drivers and the main innovators and so the developer market, which is now growing and has been growing, used cloud as a target because it was the least point of resistance. Traditional IT and most organisations that sit out there; businesses that are, essentially, going bust or continue to struggle in the markets, you can correlate that back to the way, potentially, how technology works for them as well. And so a lot of those organisations do still sit in their own data centres, they are still sitting on legacy application models and using hypervisors, so VMware and these technologies, which is great, but they're not changing the way the applications are running and that's what cloud has been able to facilitate; the ability to think differently about workloads and applications. You still need the infrastructure, as I say, these public cloud providers do that, but they make it a lot easier because they put the service wrap on top to allow you to develop better and quicker, as Helen’s just said. And it's being able to take a lot of those older applications that don't maybe work in those ways or use those services to be able to transition them into using those services. We have seen organisations just move VMs from on-premise to cloud and that's what we’re highlighting as being a potential problem, is all those cost efficiencies that come with developing new applications that were promised three or four years ago, organisations took that as if they could move their VMs and still get the cost efficiencies, and it's not cost efficient to move 200, 100, 50 VMs straight from where you are on-premise to a cloud platform because of the way you have to buy those resources and I think that's where it's been a challenge and a misconception in the market for a lot of organisations that have gone and done that and realised that actually, you need to be thinking differently about the applications and developing as opposed to actually moving VMs from A to B.
Michael Bird: So it's about rethinking how, as an organisation, you consume IT. It's not like saying, ‘Ok everything's on-premise, let's just drag and drop it and put it into a data centre,’ it’s about saying, ‘Ok we use this application, do we need to use it? Or do we need to use it differently? Or do we need to do something different?’.
Dean Gardner: Absolutely. And developers have driven usage of cloud because developers develop something from ground up, in most cases. And when you give them a toolbox, good developers, they'll create something that fails, it doesn't work, but essentially it’ll get to a point where it does work and provides a value. And if you look at a lot of the start-up companies, the likes of Uber, Deliveroo, there's a whole raft of internet-based start-up companies, there's no way they're going to go and buy infrastructure, put it in a data centre and say, ‘Let's build a cloud,’ they're looking to provide an application that provides a service for a need, a requirement. And big business is starting to now think in those ways. And the only way they can really do that and create the efficiencies and be able to do that is by using, in most cases, public cloud or create a public cloud equivalent in a private cloud sense, if they want to retain control of data and governance.
Michael Bird: So cloud then, is it an all-or-nothing thing? Do you need to chuck everything in the cloud? Can you keep some stuff on-premise? Is there a middle ground? How does it work?
Craig Lodzinski: Fundamentally, and I think what we’ve discussed already is that cloud is another form of consuming IT. And there's no singular right or wrong way to do it. There are companies such as Wish and other born-in-the-cloud cloud native start-ups that haven't got any heritage or legacy IT footprint, any traditional model that they need to have to migrate over or these kind of barriers to entry to stop them going all-in on hyperscale cloud. And for those organisations it’s worked very well for them, particularly these big online organisations. But also you have to bear in mind if you look at, for example, a traditional retailer, a lot of them are using products such as old school mainframe stuff, think items that just, either can’t, or it’s not economically viable to move into the cloud and evaluating the right technological fit for them is exactly the same job in the cloud as it has been previously in IT buying cycles when you're buying on-premises infrastructure or any other product. It's just a different consumption model. So, certainly the vast majority of organisations that we deal with are going hybrid, and that's something that's borne out by, not only the traditional IT vendors such as HPE with their message around hybrid cloud, Dell, EMC, and other traditional vendors, but also Amazon Web Services have options to bring some of their products down into the fog, as it's called, which is cloud closer to the ground, we’re seeing in the VMware cloud and AWS partnership, so that's combining the two big forces in on-premises and hyperscale cloud. Microsoft with their Azure stack products and certainly the wind seems to be blowing towards that hybrid world and making sure that customers are making the right decisions to place their investments in where is appropriate to drive business value.
Michael Bird: So you mentioned hybrid cloud, just explain how that works.
Craig Lodzinski: There’s a numerous set of definitions that underpin that, in the same way that cloud can be used in a lot of different ways, but, fundamentally what we refer to, typically, as hybrid cloud is having a on-premises infrastructure presence and a public cloud presence but significantly one that is connected between the two. So having the ability to communicate between those two sites to potentially move workloads over.
Michael Bird: So, security in the cloud. Is there anything additional that organisations need to consider with putting workloads in the cloud? Or having anything cloud perspective within their organisation?
Dean Gardner: In an architectural sense, so if you’re moving certain services to any of the public cloud platforms, they basically give you more tools to be able to microsegment your estate. So actually, historically, you’d put two firewalls in to a data centre, you might have two in another data centre, and all the traffic comes through those firewalls. You have things like DMZs and obviously all your web services sit in a DMZ, and that's a standard on-premise data centre model. When you look at the applications themselves, or the workloads, when you're looking to move those to a cloud platform you can just architect it so it's secured by design, almost. So there’s things like, in Azure you have network security groups and you can put web services in those. You can put separate network security groups for your databases and applications, so what that means is these security groups are, essentially, mini islands themselves and you only open up the port between the security groups based on the actual traffic that's required for those actual applications to talk on. And actually that's different to what happened on-premise where, historically, you have maybe a VLAN and you have your production VLAN, so all the computers in that production VLAN talk to each other and if they go out, they go out via the firewall, so you almost have this model where everything comes in and out via a firewall whereas that’s slightly different in cloud, you can architect it where that application is architected from day one to be secure and any anomaly outside of the particular traffic that's being used across the application gets flagged up as an anomaly so you can actually manage your security better. That’s not to say you don’t still need firewalls in cloud, but you’d look at web application firewalls, so use it for acceleration, you can use it for load balancing – and all these other bits and pieces. It just so happens it's there to terminate traffic. So it's slightly different in terms of how you can architect. Some people, when they deploy into cloud, don't follow those rules. We recommend that they do because it's important that you can secure workloads by design when you deploy in cloud and they give you the ability to do that and the functions to do that.
Michael Bird: So is cloud more or less secure than just keeping everything on-premise?
Craig Lodzinski: I think the big security flaws we’ve seen in public cloud have come from users and customers of public cloud not understanding their responsibility. I think we've all spoken about the different forms of cloud and software as a service, platform as a service, infrastructure as a service and you may have seen the idea of ‘pizzas’ as the difference between these, and we'll try to find link to those in the show notes. That some customers don't understand the demarcation level between what their responsibility is for security. If you're running, even if it's an infrastructure as a service, which is the lowest tier of management, typically, in a public cloud environment, yes, you don't have to patch your servers, you don't have to update the BIOS on the hardware because that's being dealt with by the public cloud provider, but you still have to secure your applications and architect correctly. So I think it's really important that organisations understand how to secure things in the cloud and also how to secure their data and their workloads on-premises and there's a lot of different ways of doing that and understanding how data and how workloads are moving around is important, irrespective of where they are.
Michael Bird: So what steps would an organisation need to take to start looking at cloud seriously?
Dean Gardner: It's led with a discovery phase. Simple as that really. Organisations, they want to go and do something different and we want to discover what they're trying to do as a business, what they're trying to do with their existing IT, what they’re doing with their spend, and we basically just go into a bit more detail around what that is, overall and then we start defining where cloud, potentially, or hybrid cloud or even on-premise, potentially, is suitable for what they’re doing around workloads, specifically.
Michael Bird: So the first stage is the discovery. So practically, how does that look to a customer?
Dean Gardner: So typically you’d want someone with experience who’s done cloud transformation, or even data centre transformation, I might add, but also someone has got understanding of the business itself or can understand how a business functions, because what you're trying to do is to take that information along with some of the technical challenges that particular organisation has and then just try and create a roadmap for the next steps and it's typically broken down into application workload specifically, focusing on applications and how they can run and how they can run in future. So you’ll start having, basically different conversations with the customer and not just telling them what you’ve got today and what can happen next, it’s actually going into the application specific areas and looking at the independences of those applications because only then can you help the customer decide whether those applications can run.
Michael Bird: So we've done the discovery phase with a bit of an assessment. What's the next thing a customer would do?
Dean Gardner: So you would work to understand the data that you'd collected. You focus specifically on the applications and then you can determine what can happen with those applications next. Whether that means you look to transform those applications into using certain services and to do them better, or it could be that you just want to move stuff to another platform or a cloud platform where you can then do it better or you can create efficiencies around that, but it depends if you want to transform the application itself. As we said, you can just lift and shift what you have and then optimise it accordingly. You’d be surprised, most people over provision on-premise with their estate, virtual machines specifically, so even by doing that assessment, what organisations will find that they can create efficiencies probably instantly by just right-sizing workloads. But then you just look at the applications and see if it's actually worthwhile using things that are slightly different.
Michael Bird: So once you finish this process, you should then have the blueprint for what you're going to do next. So this is the design element.
Dean Gardner: But I think you should at least know where things are best placed at that point, but it’s fluid. It's not like you do it and then you stop, it's a continual effort. So even if you transition or transform the particular application that's been pulled out from that assessment phase, because we're not say going to do everything – there’s going to be some complexity there – that is a challenge to change. So you can do certain things that allow you to use cloud in the right way for the specific workload and then you can migrate or transition database or services are available in the cloud platforms to do so but you need to operate that, you need to make sure it's efficient, you need to make sure it's optimised, but that's a continual process and you should continually assess the estate to see where it’s suitable to change certain things. And I think that organisations are so busy doing business as usual because that's what they're trained to do, that's what they've been doing for years, and it's just being a bit more proactive with what's happening within the organisation and the applications that are being used. And that's a continual effort.
Michael Bird: So that's the design phase. What's the next thing an organisation needs to do?
Dean Gardner: Well I kinda went through some of that just now. So you transition and you migrate it into, or deploy it into the cloud platform and then, from that point on, the fourth step is an operate, so you need to run it and the fifth stage of that is the innovation around it, so there’s five stages as we call it. So discovery, design, deliver, operate, innovate that's our five stages of transformation.
Michael Bird: So what do we expect to see in the future then?
Craig Lodzinski: So I think one of the really interesting things that's come out of public cloud space is, traditionally we saw it starting off as an infrastructure as a service place, so being able to move your existing data centre workloads, but actually now a lot of the cloud providers are providing some really innovative services that customers and developers can latch onto. So I think we've seen some interesting innovation points from the public cloud providers, so Google are providing TensorFlow, TPU processing units for machine learning and AI as an available service within Google Cloud Platform, Amazon Web Services have products such as Lex and Polly recognition and Microsoft have similar things through their cognitive suite of tools and these are taking some really interesting research points in fields like machine learning, artificial intelligence, natural language processing, neural networks that's really going to enable organisations to build some very very interesting platforms that, even five years ago would be the preserve of computer science researchers at probably 20 or 30 big universities globally.
Dean Gardner: It’s allowing businesses, actually, to become a bit more experimental with how they attack their markets and I think this is where we have many conversations with people who run data centres and, as I say, if you’re a business that does movies or if you’re a business that sells clothes, you don't want to be running IT, as such, but what you want to be doing is using IT as an enabler to do some of the stuff that's been mentioned there, because that's what separates you from, potentially, the competition.
Michael Bird: So putting yourself in the shoes of an organisation, do you think in, say, five, 10 years time, actually everything will be in the cloud and there'll be no need for anything on-premise because those services will be so mature?
Craig Lodzinski: On that space, I think there's definitely going to be this emergence of hybrid as the default IT operating model, but also there's something I'm going to unashamedly steal, but attribute to Werner Vogels who is the CTO of Amazon Web Services, which he spoke about at re:Invent a couple years ago when they launched Greengrass which is a fog computing service which is aligned to their IOT. And there's fundamentally three laws you have to deal with when deciding whether the public cloud is appropriate. So first of all you have the laws of physics in that data centres are going to be located further away, typically, from your end user or your device that you're connecting out, and that's going to induce latency into the system. We still have to traverse networks to be able to get back to these public cloud data centres. So, for sure, if you have very latency sensitive applications, you have real-time computing needs, things like augmented reality processing, that’s something that is very difficult to process in the cloud because you're dealing with something that needs to be responsive to the human eye and to human interaction. You have the law of economics, in that certain workloads will still be cheaper to run yourselves and certain organisations that have really deep embedded IT skills and have taken on things like white box hardware and big investments into open source. It probably doesn't make sense to throw away all of that existing investment and that's part of that discovery phase that Dean spoke about in how other organisations define these cloud propositions. And finally is the law of the land and we’ve seen a lot of different organisations and different nations have different rules around where data can be located, where services can be located. We’ve spoken about GDPR previously on the podcast with some of our colleagues and there's still both countries and organisations are working out how they feel about handing over data and services to these hyperscale players. Whether those fears are founded or unfounded is more of philosophical question perhaps, but we’re seeing organisations, for example, in the grocery retail space refusing to use Amazon Web Services unless there's a very unique proposition that they have. And the reason for this is that Amazon Web Services is very much a competitor of theirs. They purchased Whole Foods last year, they’ve opened their Amazon Go shop in Seattle and plan to move that out even more. And for them it's seen as a defined risk to actually to move products into the cloud, so I think we're still going to see the proliferation of this hybrid model for a while, largely along the line of those three laws that I've stolen from Werner Vogels.
Michael Bird: So to summarise?
Dean Gardner: So organisations are going hybrid cloud or they’re going to cloud. Start-up organisations are going to be using cloud and there's going to be cloud sprawl for all this going to be a lot of cloud stuff happening all over the place and I just think it's a case of understanding what you're doing as a business, applications you have, just determining where best for them to run. And there's an element of intelligence and my point is, there is a cloud intelligence piece that has to happen across all of this and it's a continual evolving market and world, in that regard.
Craig Lodzinski: Yeah absolutely. I think that continuous evolution that you just mentioned, Dean, is really important, in terms of the summary. Cloud is accelerating at a huge factor, at a rate of knots compared with what we've seen traditionally, and I think organisations really need to be aware of what cloud means to them, what it can do for their business, both from a potential opportunities basis, and we’ve seen from some of the emergent technologies we spoke about earlier and these really deep AI machine learning, really innovative services. But also what potential threats it offers to the business model, because if an organisation doesn't understand cloud, odds are their competitors probably do. There's a real arms race in this, not only between the different public cloud providers to capture this emerging and hugely lucrative market - multiple billions of dollars globally a year - but also for other organisations to adopt cloud as their innovation engine and something that can really deliver value to their customers, so I think it's really important to understand what cloud means in the context of your individual organisation and what it means and what it holds for you in the future.
Helen Gidney: I think if there's one thing we do take from the summaries and all the questions we’ve asked there then it's companies definitely need to be thinking about cloud, but thinking about it carefully and thinking about it in the context of their business and the security and any potential threats and pitfalls that can be around cloud so it's not something to shy away from or hide from, it’s definitely something to embrace and to allow you as a business to innovate, but just doing it in a sensible, careful way.
Michael Bird: So Dean, Helen and Craig, thank you so much for your time, it's been absolutely fascinating talking to you all about cloud. Listeners, if there's anything in this show that has piqued your interest, or if you'd like to talk to someone at Softcat about anything we've talked about in this episode, or any of the previous episodes, please do check out the show notes. We're going to put some of the stuff that we talked about today as well as some ways to get in touch, if you'd like to do so. Please also make sure you click subscribe wherever you get your podcast and you can also download any of the previous episodes from Explain IT season one. So you've been listening to Explain IT from Softcat. Thanks for listening and goodbye.