(c)iStock.com/Lisa-Blue

In 2014, Gartner introduced a new organisation model for enterprise IT called “bimodal IT.” In fact Gartner first started talking about this back in 2012 following the introduction of DevOps and agile development.   Now Gartner posits that IT organisations of the future will have two separate flavours: mode 1 is traditional IT, focused on stability and efficiency, while mode 2 is an experimental, agile IT organisation focused on time-to-market, rapid application evolution and, in particular, tight alignment with business units.

As Gartner so elegantly put it, bimodal IT is the difference between a marathon runner and a sprinter — both modes are deeply different but both are essential. To my mind mode 1 is all about making sure that IT works no matter what. In other words, the focus is on reliability.  Mode 2, on the other hand, is where IT can start to look at becoming more agile and provide applications in a faster more iterative way. Traditionally IT organisations have focused on building B2B applications that make sure the business just keeps running both internally and externally. The new mode of IT organisations is all about building ‘consumer-type, rich user experience’ innovative technology with agility never before seen.

Maintenance and development for mode 1 type solutions can be cumbersome and slow.  The procurement to production time can take anywhere between six to 18 months. With mode 2, not only is IT becoming more agile, users have the ability to self-provision; in most cases on the same day using self-service cloud management like we provide at iland.

So, the big question: will there be a time when organisations move all their IT to mode 2?

The answer is simple: Not, quite. Just as client-server technology never completely replaced the mainframe, the same applies to bimodal IT. Many mode 1 applications have their place, they work and would be cumbersome to change, requiring huge investment in both time and money.  Also, enterprises are slow to make decisions, they are not typically early adopters and they are very risk averse, so I don’t think we will have a complete sea change.  However what I do predict is that we will see more agile and faster capabilities coming into the IT operation and more and more uptake of mode 2 type projects as we witness more uptake of cloud.

“Shadow IT,” the practice of lines of business (LOB) freelancing their own IT with SaaS and public cloud, loses its traction in the context of bimodal IT. The IT department can now compete to bring shadow IT in-house, offering LOB the equivalent level of speed and economy but without violating security policies or abdicating control over corporate systems. A move of this kind can quiet the “IT is too slow” argument and restore confidence in the leadership and value of the CIO to the business.

Organisational realignment is needed to bring shadow IT inside, though. Bimodal IT makes it possible for stakeholders to work together more closely and dynamically than before. However, this change won’t just happen. Managers in all affected departments need to work out a plan to make the new model a reality. One approach is to modify the IT department/business relationship so it looks more like that of an actual technology company, with product managers and rededicated development teams that work long-term on internal “products” that are used by the business taking a DevOps approach.

This brings me onto DevOps which again is an “overused” term and, to my mind, is simply a new way of thinking about culture and processes within the organisation.  DevOps is about having a light bulb idea and turning this into revenue quickly, where IT works with the LOB to commercialise ideas through evaluation and putting community based feedback into production.  But in order to achieve this, you need a production line that can take the idea right through to delivery. DevOps, combined with agile development, enables developers and IT operations to work together collaboratively rather than in silos.  Now operational and development teams sit together in the same room and all take individual responsibility for bringing a new product or idea to market.  With DevOps, reporting lines and rules of responsibility are blurring.  As a result DevOps delivers the idea to dollar in a much faster lifecycle.

Bottom line, if you are moving application into the cloud or developing for the cloud, both DevOps and bimodal IT will help you achieve more agility, but you also need to look at working with a cloud service provider that can help you on that journey.  Not just from an infrastructure perspective, but also by making sure that you have 24/7 business continuity, enterprise grade SLAs, a secure environment, compliance tools and disaster recovery in place.  Let’s face it, there is no point developing applications that are cutting edge if those applications are not secure, stable and reliable.   My advice would be to look for a service provider that has the underlying technology as well as the services and approach to support to enable bimodal IT.

(c)iStock.com/Erik Khalitov

I was delighted to see so many folks attend our Tech Meet Up last week in London.  Not only was it a great networking opportunity, but we also hosted a stimulating panel that generated much discussion on the night.  Here I’ve captured a few takeaways.

The panel included Jeremy Bowman, Director of IT Operations at iland customer Fusion Business Solutions, and Peter Godden, Vice President EMEA for Zerto, one of our key partners. Discussion centred on the many reasons companies are increasingly turning to cloud, and in particular, what drove Fusion’s cloud adoption and strategy.

Jeremy talked about the fact that Fusion had initially considered building its own infrastructure versus outsourcing. Fusion however needed an agile, stable, fast and secure cloud and its internal set-up couldn’t match iland’s offering. Jeremy explained that when he was looking at cloud infrastructure, iland’s speed was critically important to the ongoing running of its operation. Security was also an important factor.

We also talked about the confusion around hybrid cloud in particular. It is hard to capture the real definition as hybrid means different things to different organisations, but in essence it is about moving from an on premise application to an outsourced service. You can then make more services available as required, ensuring users have the right access to the right data, while making sure it’s secure and stable.

Mobility and flexibility are key when moving to the cloud, and CIOs struggle with the idea of moving all services to a cloud-based system

Quocirca analyst, Bob Tarzey, asked whether we thought there would be a time when we will see everything in the cloud.  Jeremy feels that it entirely depends on the customer and whether they are happy with a complete move of their services and whether they feel their data is secure in the cloud.Peter’s perspective is that mobility and flexibility are key when moving to the cloud and that CIOs struggle with the idea of moving all services to a cloud-based system, which could be stalling cloud adoption.

A term that I’m finding is now being used more frequently is ‘bimodal IT’. One mode is about moving existing applications to the cloud and the other is where developers are designing new apps for the cloud. In the future I see a lot more developers designing apps for the cloud using microservices to help applications run at scale rather than moving existing apps to the cloud.

In summing up, we all agreed that cloud adoption will only accelerate. That said, organisations still see the cloud as storage in data centres in a rack somewhere else.  Once we get over this mind-set we can start thinking about bimodal IT and designing apps for the cloud. Cloud users are slowly changing as we move to a mobile workforce. Therefore the challenge will be around making sure cloud fits the user, and with new technologies, this is easier to do today.

Special thanks to Peter and Jeremy for making the discussion so interesting.  Our next event is sponsored by London Technology Week and is taking place on June 16 at 18.00 at the Soho Hotel in London.  I do hope you can make it.

(c)iStock.com/pixonaut

The pace of businesses migrating to the cloud is accelerating.  In the UK in particular there certainly seems to be a larger and faster adoption of cloud services.  In fact, I recently read a new survey from the Cloud Industry Forum that stated that more than eight out of ten UK companies currently store some or all of their data in the cloud.  Published in May this year, the research found that 84 per cent of firms have now adopted one or more cloud services – that’s up from 78 per cent in June 2014 and an increase of 75 percent since 2010. 

These statistics don’t surprise me at all. With increased cloud adoption we are also seeing an acceleration of take up of Disaster Recovery as a Service (DRaaS).  Whether safeguarding against human error, cyberattacks, small scale events or even big natural disasters, companies are now turning to DRaaS as a way to avoid serious risk without breaking the bank. 

With DRaaS, not only is disaster recovery much more affordable but it is an effective way to carry on working despite a disaster.  For example, take the recent Holborn fire incident in London where around 5,000 workers were evacuated from the area when the underground fire broke out in the Kingsway area sparked by an electrical fault.  London’s Chamber of Commerce estimated that overall around £40 million was lost in revenue as a result of the blaze. Businesses using cloud based platforms and DRaaS however were able to carry on working.  

Another high profile example is when Nirvanix cloud service customers were left virtually stranded when the company closed shop in 2013. More than 1,000 customers were given just a two weeks to migrate (or, alternatively, destroy) an estimated 40 petabytes of data out of several data centres.  Rather than look at the Nirvanix situation and hit the panic button on your own cloud project, you can easily safeguard against this scenario with DRaaS and affectively avoid the threat of cloud evaporation altogether.

DRaaS allows organisations to recover if their cloud service fails. With more and more organisations moving to cloud, disaster recovery has to be a key consideration to protect data and keep applications secure. Today, Gartner estimates the size of the DRaaS market to be approximately $1.3 billion, with a related compound annual growth rate of 30%. By 2018, Gartner estimates that the size of the DRaaS market will exceed that of the market for more traditional subscription-based disaster recovery services.

The growing uptake of DRaaS is also reflected in the fact that Gartner has just released its first ever Magic Quadrant covering DRaaS. What I was particularly delighted about was that iland was named a Challenger in this new report for our ability to execute and completeness of vision.

Gartner defines Disaster Recovery as a Service (DRaaS) as an offering in which the service provider manages virtual machine (VM) replication and, optionally, physical machine (PM) replication from the production data centre into the cloud, VM/PM activation inside the cloud and recovery exercising within the cloud. In the Magic Quadrant Gartner analysts evaluated 14 service providers offering DRaaS based on the criteria of ‘ability to execute’ and ‘completeness of vision. iland’s DRaaS enables IT workloads to be replicated from virtual or physical environments to a global high-availability cloud infrastructure. With a decade of disaster recovery expertise, we go beyond simple backup to ensure that all key workloads are protected – and the disaster recovery process is tuned to our customers’ business priorities and compliance needs.

Unlike any other provider however, we enable customers to easily, efficiently execute failovers and tests via our proven Enterprise Cloud Services Portal and mobile application – a single interface that can also be used to manage any iland cloud resources around the globe.

The new Gartner Magic Quadrant highlights the fact that the market is maturing.  As the march to cloud continues, DRaaS is becoming increasingly attractive to both large organisations and small, and looks set to become a preferred choice to avoid risk and protect against any kind of cloud evaporation.

(c)iStock.com/maxkabakov

The cloud has been central to the business workings of organisations. Reliance on the cloud as a central storage tool highlights the importance of security. With important data and documents and sensitive information stored away on the cloud, there is too much at stake. Intense effort and investment needs to be put into making sure cloud providers are providing these five main security features:

Standards based integration with identity management providers

Forming an integrated identity is crucial as it has become a key enabler, both to provision and de-provision access to company resources and data.  Having an identity solution for their management tools that allows fast and easy integration with existing processes used by the customer helps facilitate this. This is done through a standards-based mechanism such as Security Assertion Markup Language (SAML) 2.0, OAuth 2.0 with OpenID Connect.

Another benefit is the complete control over password complexity rules, expiration and the ability to require various forms of multi-factor authentication. In addition to standards-based integration, the service should also provide an easy-to-use, stand-alone multi-factor authentication (MFA) mechanism for those customers who don’t already have an existing identity management solution. This encourages the customer to implement strong authentication measures which can help prevent malicious actors from being able to take over control of their accounts.

Securing specific API cells

Allowing for the integration flexibility is something business users have come to expect from cloud providers, and many cloud providers regularly provide application programming interfaces (APIs) that allow customers to integrate management of their cloud service into 3rd party management platforms or their own internally built applications.

This flexibility enables business customers to mould cloud services around their unique business needs, customising workflows or integrating cloud automations into their existing corporate or customer-facing applications. This enhances business agility, and competitive advantage, as well as provides valuable business capabilities for customers.

However, this also opens businesses up to risk as it introduces additional attack surface that must be properly protected.  To safeguard against possible attacks, service providers should give customers API authentication mechanisms that are resistant to replay or man-in-the middle attacks and can be used to provide cryptographic validation of the API messages being sent. These authentication mechanisms should ensure that API commands can only be issued by properly authenticated endpoints, and that each message is authentic and hasn’t been tampered with using cryptographically sound techniques.

Multi-tier user management and billing

As businesses become increasingly complex, their needs become increasingly intricate as well. Cloud providers need to constantly evolve their services to match the expectations of their customers, especially in providing a flexible account structure that allows easy rollup of billing and usage information at the top level. All this while enforcing complete segregation of networks and hosts at the sub-account level.

The most important thing though is customer control – the customer should have complete control over which sub-accounts must be completely isolated, even from the parent account, and which sub-accounts are allowed to exchange data freely. This allows the segregation of production and development/QA, or perhaps meets a regulatory requirement that two different business units are prohibited from being able to share data between their systems.

Logging and reporting

Intricate services and functionalities are typically the focus of many cloud providers, and often, in their haste to meet customer expectation, they marginalise seemingly mundane tasks like collecting logging from the cloud environment and reporting.

While not a main focus of cloud providers, at a minimum, service providers should be able to provide detailed logging of all management actions performed through the provider’s user interface or through API calls. Access to this logging data should be provided both in the user interface as a reporting function, and in a real-time publish/subscribe method so it can easily be consumed by the customer’s existing log management system.

For those customers who don’t already have a well-developed log management and alerting mechanism, it would be ideal for the service to have an integrated add-on capability to perform log management and alerting within the customer’s cloud environment.

Patch management

Staying relevant with patches is extremely important for service providers, and they typically update their templates used to create new machines to stay up to speed.

Once a virtual machine is launched, however, the responsibility to patch the system falls to the customer. This creates a gap in expertise, where customers fail to take the cloud environment into consideration for their patch management tools, creating a window of opportunity for attackers.

To mitigate against this potential risk, customers should look for a cloud service provider that offers an easy, integrated option that provides patch and vulnerability management for the customer environment. This would include regular (monthly) OS and application patching, along with vulnerability scans run at a frequency as required by the customer, and a dashboard where the customer can view up-to-date statistics on security vulnerabilities while trending the environment over time.

Picture credit: PennyLamKK/Flickr

Inspired by the approach of independent developers, marketers want to be able to get their apps and other online properties, such as campaign microsites or new web products, live as quickly as possible. The same applies to other disciplines such as HR, logistics or sales. These business users bypass the IT department altogether and ­– armed with a credit card – go straight to the developers, buy some cloud instances, and away they go.

This has become known as shadow IT, where IT applications, devices and systems are purchased and used within the organisation, without the IT department’s knowledge or approval.

These buyers might think that shadow IT is a good thing. It means they can do it themselves and get around bothersome procurement channels. Cloud computing provides a cost-effective channel for those who want to get something up, prove the concept, grow it as demand increases or take it down if it doesn’t work.

The issue is that this provides a number of risks to the enterprise, in the form of data security, privacy, systems reliability and disaster recovery, to name but a few. The Heartbleed Open SSL bug is an example of how a security flaw can impact organisations and is a reminder of the importance of having an IT ecosystem that is managed properly in the open and not in the shadows.

The prevalence of cloud doesn’t have to mean that shadow IT takes hold: IT and various business departments, such as marketing, can work together effectively.

IT and various business departments can work together effectively to innovative and empower users

IT needs to think of itself as an enabler, not a barrier to innovation. It’s critical that there is a risk management capability in place to ensure that IT is compliant with the required policies, but there also needs to be an acceptance that users want to move quickly and innovate without feeling held back.

While cloud arguably gives departments too much rope, this doesn’t have to be the case. There are three aspects to cloud that IT can embrace for their own benefit to take cloud out of the shadows.

1.  Agility fosters collaboration

Cloud inherently has appeal to marketers and other business users because they can scale up and down according to demand. But this agility can be interpreted as a threat to IT, which wants to maintain a degree of control. Again, it doesn’t’ have to be like this. We’re big advocates of DevOps, which encourages and agile IT approach and fosters collaboration between different disciplines. It’s not just a question of having the right tools or systems in place, but the right culture.

2.  Governance doesn’t evaporate into the cloud

IT, quite rightly, wants to ensure that risk in minimised with any IT roll-out Ensuring that customer data is kept securely and is stored according to the home country’s data laws is just one example of an area of concern. For example, when Marketing shops for cloud instances for its new advertising campaign app on the open market, chances are things like customer data compliance go out of the window.

Does cloud give IT departments too much rope? It doesn’t have to be the case

We need to accept that this is the way the business wants to work and provide the tools for them to do it. IT can offer its own cloud store environment that takes compliance issues such as data protection, DR and security into account. Again, this positions IT as the trusted advisor.

3.  IT can help avoid the ‘hidden costs of cloud’

Headline prices aren’t the full story – there are often hidden costs in the fine print.  For example, it takes a trained eye to spot the implications for moving data around in the cloud. Ingress of data might be free, but extracting it can be costly. Similarly, ramp-up costs can add up, especially when seemingly minor decisions upfront turn into unnecessary ongoing expense. Selecting the wrong storage model or the wrong server price level, for example, can affect operational budgets long term.

Casting a light on the shadows

IT leaders have the expertise to act as the broker to provide users across the business –marketing, HR, finance and operations and others – with the ability to develop the applications they want, but in a secure and cost effective way. Cloud technology can provide the platform, IT leaders have the experience – I think that’s a powerful combination.