In this issue
We are all multi-cloud now, so what?
QA with Matt Roberts new SASIT CEO
IBM hardware nearing end of support – There are options
Top takeaway messages from THINK 2019
Cloud computing challenges - 2019
GDPR nine months in, what has changed?
We are all multi-cloud now, so what?
If you think that a company using 500 different cloud services is ridiculous, then it might pay to check out what is actually the case at your company. International research suggests that the number of cloud services aligns with the number of employees as highlighted in the chart below: International Research findings from US company Blissfully.
The global nature of cloud suggests that New Zealand may not be that much different to the US in this regard.
The widespread use of cloud apps in a work environment might sound alarming, but it is not surprising when you consider how software adoption occurs in the age of cloud; it is dramatically different to the way in which the large on-premise suites of traditional enterprise software were implemented.
Many people now expect to try, buy and deploy an app in a few minutes or less, and without contacting any IT Department. Purchasing decisions are increasingly spreading throughout a company. Allowing non-IT departments and sometimes individuals to be in full control. In the world of productivity centred apps, employees can find and try useful apps in minutes.
We went through a stage where BYOD (Bring Your Own Device) became commonplace but now for many organisations this has evolved into bringing devices with a wide array of applications installed. And it’s not just personal productivity apps, teams are embracing the opportunity to test and adopt the tools they want quickly and easily, building complete customised technology stacks for their specific needs.
This new landscape makes IT's job all the more challenging because software governance including data security is crucial and needs to be managed. Company Directors face financial liabilities in the event of data security breaches and/or other IT mismanagement. On the other side of the coin, employee productivity is also crucial – walking the line between both is increasingly difficult.
What do we need to do?
If we accept that not just multi-cloud applications but also multi-cloud infrastructures are the world we now live in, how do we respond? We know multi-cloud environments can be complex, with many different provisions and service terms – most of which are non-negotiable. When working with multiple clouds, it's easy to waste money and not even realise it.
Arguably a good place to start is cost management. Whilst cloud environments typically provide low costs initially, moving cloud workloads and dealing with multiple cloud providers can be tricky, and potentially expensive over time. Often really important features like management, monitoring, and security will add cost, but they are necessary, and should to be added into the mix.
Whilst there are multi-cloud cost management software applications which ironically have their own cost; there are also some simple steps which can be taken:
- Take the time to compare the options. For example, in the cloud, elastic storage may be less expensive with one provider than another that might have cheaper CPU pricing. The availability of supporting services and tools also varies across providers.
- Don't try to do everything at once. Multi-cloud management should become a continuous, ongoing initiative and not a one-time activity.
- Have a plan. Every organisation will have a unique mix of workloads, some suited to on-premise, some private cloud, and some public cloud - solicit the assistance of a systems architect.
- Focus on security. Whilst clouds can be made extremely secure that doesn’t happen by default. The cloud provider is not responsible for the security or privacy of your data, you are.
- Use smart monitoring. Continuous monitoring is an effective way of ensuring that resources and money aren't being wasted in a multi-cloud environment. Public cloud platforms give the opportunity to scale up and down on demand, but this “availability/flexibility” only provides a cost benefit if the environment is managed effectively and costs for unused resources are avoided
- Engage skilled people and enable them with good tools. A multi-cloud environment can be incredibly powerful but if not managed well could easily become complex and costly.
In summary, multi-cloud is rapidly becoming the new normal, but it presents new challenges along with all the benefits. Using applications and infrastructure from different cloud vendors can become complicated but IT departments don’t really have choice; they either take responsibility for this new normal or find themselves irrelevant to the majority of users.
At SASIT we understand that multi-cloud environments require new management solutions to optimise performance, control costs and secure complicated mixes of applications and environments, regardless of whether they are inside a data center or in the cloud. We have consultants and managed service specialists that can assist you navigate the challenges and optimise the value the multi-cloud offers.
Importantly we can assist in what can be an even more complex world: A hybrid world where there is a mix of traditional infrastructure that needs to continue to be supported and with multi-cloud services. These environments will have their own processes, but benefit from being managed in a unified manner.
In summary, most modern organisations have become multi-cloud and many also hybrid cloud. The ever-increasing availability of new cloud-based infrastructure, platforms, and applications will continue to fuel cloud adoption in all its forms. As highlighted, this situation can also be problematic however, IT Departments have little choice other than to respond positively and responsibility in order to deliver great user experiences whilst providing essential IT governance.
Q&A with Matt Roberts – SASIT’s new CEO
We are pleased to announce that Matt Roberts has been appointed Group CEO effective 1st April 2019. Current CEO, Phil Martin, remains in the role until the end of March. We took the time to ask Matt some questions about his plans for the year ahead.
What is your vision for the company?
“Over the last 10 years or so we have been predominantly infrastructure focused, but the company will make the transition to being more business outcomes focused. Our purpose has been to assist our customers develop, integrate, and manage mission critical systems. Increasingly those systems are either hybrid or cloud-based, so for us to remain relevant we must develop expertise that is aligned to those environments. Going forward we will be delivering a broader range of services for our customers including services designed to achieve business outcomes not just services to optimise technology performance”
“The opportunity that lies ahead for SASIT is enormous and, for me personally, the opportunity to lead this next phase is humbling and incredibly energising. I will be focused on continuing to evolve the business taking advantage of the availability of new capability, and making that available for the benefit of our customers.”
Where do you see the company in five years/what does success look like?
“A natural consequence of introducing new offerings will be growth, particularly growth in our Professional Services business. I also anticipate significant growth in customer numbers in Australia. As you know we have been successful in Australia but only on a relatively small scale. In five years’ time, I expect a significantly higher proportion of our revenue will come from Australia.”
Will the company strategy change – if so how?
“The current strategy has been successful to date, however, to maintain our customer relevancy, we must continue to adapt our business in alignment with market changes. Our service offerings will continue to broaden and grow beyond the traditional IBM solutions – at an increasing rate. There will be a greater focus on implementing new tools, systems, and approaches that enable us to more effectively compete in the growth markets of cloud management, enable more efficiencies and support the hybrid environments that are increasingly being delivered as part of the solutions we are designing for our customers.”
What is your view of the MSP market in Australia and New Zealand?
"I believe that the MSP market is evolving at a faster rate, with increased demand for transparent delivery of services that will drive substantial changes including the move to adaptive and flexible operations. Our availability focus will expand to include innovation and development, as well as the traditional mission critical systems. To better meet the needs of our customers in both countries we will be placing more focus on automation and self-service."
What are your biggest challenges?
“Introducing new offerings and changing the positioning of the company whilst maintaining focus on operating and supporting existing systems will be a big challenge for sure. The needs of our customers increasingly span a wide spectrum, ranging from modernising legacy systems, maintaining existing systems, to introducing new innovative systems, so talent acquisition and skills development to cover this wide spectrum of services will also present challenges, whilst not losing the customer intimacy that enables us to understand the intricacies of specific customer environments.”
“Realigning the business with the changing market to ensure that we not only remain relevant but that we use our experience and our expertise to deliver the best possible outcomes for our customers is one of my top priorities. Specifically, we will be implementing automated processes and new tools to drive quality improvements. The volume and variety of technologies becoming available can be overwhelming. We will place greater emphasis on consulting with our customers and assisting them by presenting tailored solutions that reduce complexity.
IBM hardware nearing end of support? There are options
The reliability of IBM AS400’s, and subsequently of IBM POWER Systems, is legendary. Particularly those running the IBM i operating system. One unfortunate by-product of this extremely reliable machine is that many have gone past retirement age and still remain active in the field. After all, why upgrade if the machine still runs very reliably, and provides great performance?
There is one compelling answer to this question: Because the machine can no longer be covered by an IBM hardware maintenance agreement. Sure, it may have run reliably for years but in the event of an unexpected failure, your business could be at risk. Most organisations seek the peace-of-mind that comes from a guaranteed repair or replacement service.
Machines around seven years plus are now entering the end of manufacturer supported life phase. Acquiring new replacement hardware is a simple choice for many, however, for some organisations it’s not as straight forward as that.
Legacy application code in some cases has not been updated to be compatible with later versions of the operating systm and older operating systems typically don’t work on new hardware platforms.
The oldest OS version supported on a POWER7 is V6R1 and the oldest OS version supported on a POWER8 is V7R1. A full breakdown of the end-of-support status by machine type is shown in the table below:
The implication of hardware/software constraints is that some organisations find themselves “stuck” running on old hardware that is going out of support. It is a vulnerable position to be in, so what are the options when your hardware can no longer be covered by a maintenance agreement?
- Implement a completely new technology stack – effectively a “rip-and-replace” outcome – usually an expensive investment.
- Update the hardware platform and validate that both the applications(s) and the OS are compatible. Required Capital/or lease
- Migrate the application to Infrastructure as a Service. Typically provided as a Private Cloud service. This option provides not only the infrastructure, but also the managed services in support – to provide a more complete, and ongoing solution to the problem.
The top takeaway messages from Think 2019
IBM Think 2019 was held in San Francisco earlier this month, a USD$50 million event attended by over 35,000 people from around the world including representation from SASIT.
It came as no surprise that IBM’s Chief Executive, President, and Chairman, Ginni Rometty, placed emphasis on IBM’s cloud initiatives including doubling down on AI (Artificial Intelligence). Back in 2013, IBM was dealt a harsh lesson when the CIA selected AWS ahead of IBM for a very large cloud deployment. However, since that time, IBM has invested heavily to avoid joining the bench of 2nd trier cloud providers such as HPE, EMC, VMware, and Cisco.
Ginni framed the cloud market in terms of Chapter One and Chapter Two. Chapter One was dominated by AWS, but represented only about 20% of the workload opportunity, and was largely about moving new and customer-facing applications to the cloud. Chapter Two is about the hard stuff such as applying the cloud operating model to mission-critical applications, managing hybrid clouds, maturing information architectures and embedding AI. According to Ginni Chapter Two is a trillion dollar opportunity for IBM and it wants to be No. 1.
Whether IBM can become No. 1 in Chapter Two remains to be seen, but the company is very serious about achieving that goal as many recent announcements have highlighted.
Perhaps the most high profile announcement (last year) was when IBM spent USD$34 billion acquiring open-source software leader Red Hat Inc. This move underscored the importance that IBM is placing on open source, Kubernetes, containers, microservices, and developers. All important components in Chapter Two.
Chapter Two is also predicated on large volumes of relevant data. Ginni pointed out “there can’t be AI without IA (Information Architecture) which is because companies need a business platform to connect of all their digital systems and manage their AI apps. At Think 2019 Ginni announced a new offering, called Watson Anywhere, designed to help businesses deploy Watson AI wherever their data resides. Regardless of public, private, on-prem, or cloud vendor. Previously, if organisations wanted Watson, they could only get it on IBM’s cloud.
Unlike AWS, many of IBM’s announcements are predicated on a world where core business applications are spread across multiple clouds. That appears to be a safe assumption to the extent that IBM’s research has identified that around 90 % of US enterprises currently use multiple clouds.
In Chapter Two, businesses need the ability to move applications and data between clouds efficiently and securely. In her keynote, Ginni unveiled a host of new cloud offerings designed to bring about a fast and secure path to Hybrid Cloud. With the support of IBM, SASIT is currently engaged in assessing how we will incorporate these new offerings into our managed services value proposition.
In summary, IBM’s plans are firmly focused on Digital + AI + Cloud underpinned by trust and responsible stewardship. IBM is combining these elements to compete in the next chapter of technology industry growth. Matt Roberts commented “It was great to attend Big Blue’s premier client and Business Partner conference. It’s pleasing to see IBM referencing trust and responsible stewardship as these are core values at SASIT, and Chapter Two aligns with our company in terms of strategies and new capabilities. I’m energised by what I heard from IBM at Think, it is clear to me how we can utilise many of IBM’s new offerings to make a significant difference for our customers in New Zealand and Australia”.
Cloud computing challenges - 2019
As cloud adoption increases, and multi-cloud and hybrid cloud become more commonplace, IT departments are faced with a new set of challenges. Among these challenges are cost control, consistent governance, and managing applications and data across increasingly complex architectures.
Before exploring these challenges in more detail, it is worth stepping back and considering what needs we are looking to meet.
User expectations continue to rise at much the same rate as technological advancements occur. The need for a more functional set of applications; the need for better user interfaces, the need for systems access regardless of location, the need for smarter applications and tools that automate and produce more insightful information, and in the case of customers and partners, the need for seamless integration.
Obviously IT Departments have a responsibility to counsel and educate users about issues of complexity, cost, governance, affordability, security, and priorities, etc; however they also have a responsibility to ensure that the company remains competitive and attractive to customers and employees so sitting on your hands or simply maintaining the status quo, is not a viable option for the long term.
As highlighted in the multi-cloud article, most organisations are using more cloud applications and clouds services, many setting up multi-cloud environments but that activity typically doesn't mean that traditional, on-premises systems are going away. Often those on-premise systems remain, resulting in more complex hybrid environments. These environments mean that the management of data, applications and the associated processes become more complex. Given the widespread nature of increased IT complexity, it is not surprising to see, in response, a flood of providers producing new software and announcing new services. Specifically, over the last couple of years, we have seen the introduction of cloud management platforms capable of centralising, monitoring, providing resource management, and cost management, across multiple environments.
Data integration across multiple environments is increasingly important but often complex and not easy to achieve. This circumstance is driving the uptake of integration software from providers such as MuleSoft, CA, and IBM. IT Departments have the challenge of deciding what data needs to be synchronised across environments, as well as how that is best achieved.
Need for greater governance
Governance increasingly needs to encompass cost management as well as risk management related to security and wider operations With cloud environments, there is the potential to consume vast amounts of chargeable IT resource, without realising that you have done so.
Cost reduction is often cited as a reason why a company migrated systems to cloud, and cost savings are “possible”, however, anecdotal evidence suggests many companies experience cloud provider bills that are considerably more than they were expecting. The reason is, that it is easy to overlook cost items as cloud pricing is often complex and differs considerably when compared to traditional IT pricing models.
In summary, IT Departments are being challenged to become more effective at managing multi-cloud and hybrid environments if they are to meet the expectations of their users and ensure their companies remain competitive in a rapidly changing world.
GDPR nine months in – what has changed?
The European Union’s General Data Protection Regulations (GDPR) came into effect in May last year and for most New Zealand organisations nothing much has changed. That situation however, should not result in complacency. GDPR covers ALL companies who process the personal data of those in the EU, regardless of where the company is located. New Zealand organisations are at risk if they process data relating to EU customers, and any online business has that potential.
Compliance regulations are stringent and penalties for a breach are serious for both data controllers and processors. Companies must use clear language to obtain authorisation from an individual to use their data.
Companies must also notify individuals that their data was potentially compromised within 72 hours of realising a data breach occurred; data processors are also required to notify their customers “without undue delay.”
Since May last year, over 60,000 data breaches have been reported, but so far fewer than 100 fines have been issued by regulators.
The number of fines issued may not be large but the size of some fines certainly is. In January Google was fined 44 million pounds for falling foul of the new regulations. Two privacy rights groups successfully claimed that Google didn’t have sufficient legal basis to process user data for ad personalisation. Google announced that it intends to appeal the fine.
Other fines have been issued for offenses such as storing passwords in plain text, unauthorised access to patient records, and even filming in a public space.
Fines can be up to 4% of the world wide annual revenue of the prior financial year, which could mean a considerable amount of money. The regulators use the following 10 criteria to determine the amount of a fine. This is a useful framework to use in the event of needing to deal with a data breach of interest to regulators:
- Nature of infringement: number of people affected, damaged they suffered, duration of the infringement, and purpose of processing
- Intention: whether the infringement is intentional or negligent
- Mitigation: actions taken to mitigate damage to data subjects\
- Preventative measures: how much technical and organisational preparation the company had previously implemented to prevent non-compliance
- History: past relevant infringements, which may be interpreted to include infringements under the Data Protection Directive and not just the GDPR, and past administrative corrective actions under the GDPR, from warnings to bans on processing and fines
- Co-operation: how co-operative the company has been with the supervisory authority to remedy the infringement
- Data type: what types of data the infringement impacts
- Notification: whether the infringement was proactively reported to the supervisory authority by the company itself or a third party
- Certification: whether the company had qualified under approved certifications or adhered to approved codes of conduct
- Other: other aggravating or mitigating factors may include financial impact on the company from the infringement