Wayne Williams

Cloud Pro

Are you facing pressure to make better decisions, faster? Are you uneasy about making too many gut-level business decisions? Are you being asked to have a data strategy and wondering how to compete in a data-driven world?

You are not alone. These are common themes emerging in today’s digital economy. Customers of all kinds – from consumers to enterprise businesses – have greater and greater choices than ever before. That means your customers are demanding more service, faster, and at a higher quality. How you decide to meet these needs is becoming very complex. You need to choose among many competing options. Increasingly, making these decisions by trusting your gut is a recipe for disaster.

These difficult decisions are not made any easier with the rise of SaaS. While it’s easy to get up and going with SaaS offerings to handle business productivity needs, with every new SaaS offering you use, you end up siloing your data even more. Every department, every business function, has multiple data silos that make holistic business analysis an uphill climb. How can you tie together customer satisfaction and operations data, if the data is in two different systems?

We know this is a common problem, because we hear it over and over again from our customers. We continue to hear about this problem, despite the relative maturity of “big data” systems. If big data has been a thing for at least two decades, why are we still struggling to make sense of it all? Our diagnosis is pretty simple:

• Data projects that lack a business goal will fail, and most data projects lack a clear business goal, such as 'increasing customer satisfaction'
• It's hard to find people to do the hard work of connecting systems and pulling data out

So, despite fantastic big data ecosystems being widely available, if you lack a clear business objective and you can’t assign people to roll up their sleeves and move data to where it needs to be, then unfortunately your data initiative will die on the vine.

Here’s what I recommend:

• Start with a business goal and never put it on the back burner. Listen for and capture business objectives from your team, and hang onto them tightly, while allowing flexibility when it comes to implementation details
• Implement DataOps best-practices. We recommend a serverless option, which would allow you to scale to dozens or hundreds of data sources painlessly
• Connect key data sources out-of-the-gate, such as Salesforce, logs and customer data, or whatever you have identified to support your business use-case
• Finally, make your analytics production-ready and share the good news around your organisation

These are a number of benefits to this approach. Where before you were trusting your gut, now you have real, relevant, current data to support your decision making. You’re not driving blind. Also, since you implemented a best-practices data catalog, you have a crystal-clear picture of how your data got to its end state. You are not questioning “Is this data real?” because you have clear traceability of data from source to metrics.

Also, your analysis gets better with more data sources. Now that you have a central data lake with easy-to-replicate patterns for bringing in new data, you can make your analyses even richer by adding more sources. Many of our customers enrich their data with a wide variety of internal sources, and even external sources like weather and macroeconomic data, to find new correlations and trends that were not possible before.

It’s also beneficial that you’re feeding a culture of DataOps. Word will get around that your team has the ability to drastically simplify data access and analysis because your DataOps foundation comes with commonsense access rules right out of the box. It is not a threat to give access to the right people – it will help your business operate. This tends to have a flywheel effect. Other departments get excited and want to add their data, analyses get better and richer, then even more people want to bring in their data.

To top it off, you are now AI-ready. If all the analytical benefits were not enough, you are now also ready for AI and ML. It’s just not possible to perform any kind of AI with messy data. With DataOps, you have solved two problems at once: you have action-ready business data, and you have cleared the path for repeatable AI projects.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

The potential of artificial intelligence (AI) revolutionising software is evident, from creating new data models to the improved insights gleamed from the data provided. If you’re a business intelligence (BI) vendor and you are not exploring AI or machine learning in some capacity, for instance, then there is a real danger of missing the boat.

But if you’re expecting AI software companies to eat up recurring revenues like their cloudy, SaaS-y predecessors, then think again.

Martin Casado and Matt Bornstein, of venture capital firm Andreessen Horowitz (a16z), argue that lower gross margins, scaling challenges and weaker defensive capabilities mean AI businesses are not going to resemble traditional software companies going forward. What’s more, the mix means AI companies will more closely resemble services-oriented businesses.

One key area of definition is around cloud infrastructure costs. While SaaS providers are among the many businesses who are likely to use a hyperscaler or other cloud provider, companies focusing on AI software will have much more complex – and subsequently expensive – demands, from training models, to inference, to the rich media being used.

Nascency is also a concern, a16z note. “We’ve had AI companies tell us that cloud operations can be more complex and costly than traditional approaches, particularly because there aren’t good tools to scale AI models globally,” Casado and Bornstein wrote. “As a result, some AI companies have to routinely transfer trained models across cloud regions – racking up big ingress and egress costs – to improve reliability, latency, and compliance.”

As a result, this chunk of cost could put an immediate stop to thoughts of gross margins in the 60%-80% range, with sights lowered to 30%-50%, with scaling ‘linear at best’, rather than supersized. But there are other reasons to consider.

The human factor is an important point to consider, a16z noted. Take the example of the largest social media companies hiring thousands of human moderators to help the AI-based systems. This is not to mention the continually iterative process of training models, securing new training data, and then feeding that back into the systems. The need for human intervention will decline going forwards, but Casado and Bornstein wrote that ‘it’s unlikely that humans will be cut out of the loop entirely.’

Putting together a strong defensive moat, as a16z calls it, is more difficult than it seems. SaaS companies can do so by owning the intellectual property generated by their work, such as the source code. Open source providers have, as the past year has shown, come into problems with their differentiated approach. Yet for AI companies, reference implementations are available from open source libraries, while a lot of the groundwork is conducted in academia. Ultimately, it comes down to who owns the data; in this instance, it is the customer, or in the public domain.

The future of enterprise software is a fascinating one with the emergence of various technologies. In 2018, venture capital fund Work-Bench explored how AI was being incorporated, again noting the roadblock between the academic work being undertaken and the business models being plugged into it. “Despite hopeful promise, startups racing to democratise AI are finding themselves stuck between open source and a cloud place,” the report noted.

While stressing caution, Casado and Bornstein are overall optimistic, so long as AI companies heed the warning signs. “Things like variable costs, scaling dynamics, and defensive moats are ultimately determined by markets – not individual companies,” they wrote. “The fact that we’re seeing unfamiliar patterns in the data suggests AI companies are truly something new.

“There are already a number of great companies who have built products with consistently strong performance.”

You can read the full a16z analysis here.

Editor's note: You can read more news on artificial intelligence, machine learning, deep learning and more at our industry-specific sister publication, AI News.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Keumars Afifi-Sabet

Sabina Weston

StackRox, a provider of cloud-native, container and Kubernetes security, warned in its previous report that the security implications for Kubernetes were beginning to spill over to adoption – and the release of its updated winter study have proved the company right.

The paper, the winter edition of its State of Container and Kubernetes Security Report, was put together alongside 451 Research and polled more than 500 industry professionals.

94% of those polled said they had experienced security incidents in their container environments during the previous 12 months. As is frequently the case with other cloud security snafus, human error – in this case misconfigured containers – can be found as a root cause, a trend which StackRox said was ‘alarmingly common.’

More than two thirds (69%) of those polled said they had experienced a misconfiguration incident; just over a quarter (27%) found a security incident during runtime, with a similar number (24%0 having a major vulnerability to remediate.

86% of respondents said they were running containerised applications in Kubernetes – the same number as in the spring survey. However, the way Kubernetes is being used is changing rapidly, as more organisations put trust in the hyperscalers managing their workloads. Just over a third (35%) of respondents said they manage Kubernetes directly today – down from 44% six months ago – with more respondents (37%) using Amazon EKS. More than one in five (21%) say they use Azure AKS and Google GKE, with both representing a significant increase from spring.

In a similar theme, maturation is increasing in terms of cloud-only environments. While hybrid deployments remain more popular – 46% compared to 40% for cloud-only – it represented a big drop from the 53% who cited it six months ago. For cloud-only, organisations remain predominantly trusting a single cloud, although multi-cloud deployments are becoming more popular.

The previous report, issued in July, gave more of a general warning on container security. Six months prior, two in three organisations said they had more than 10% of their applications containerised – yet two in five were concerned their container strategy did not sufficiently invest in security. This time around, only 28% of organisations polled said they had fewer than 10% of their containers running in production – down from 39% last time.

“One of the most consistent results we get on our own surveys of DevOps and cloud-native security technologies is how important security is for these environments,” said Fernando Montenegro, principal analyst at 451 Research. “It is interesting to see how this observation fits well with the StackRox study, highlighting the need for both engineering and security professionals to have visibility and properly deploy security controls and practices for container and Kubernetes environments.”

You can read the full report here (email required).

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Adopting cloud technologies has become a common strategy among organisations across all sectors taking the road towards digital transformation. The benefits are evident: businesses that maximise all that the cloud has to offer often see a significant improvement in productivity.

However, the journey is not without its stumbling blocks and organisations that fail to prepare will all too often end up taking one step forward, two steps back. Migrating to the cloud presents an array of security and implementation risks which must be resolved if the technology is to be truly taken advantage of. The implementation of any new technology often presents plenty of bugs which must be dealt with. Ignore these issues, and businesses will find themselves falling foul of hackers who will capitalise on any chinks in an organisation’s armour. 

So, as organisations transition to the cloud, they face a number of strategic challenges. To what extent should they adopt hybrid multi-cloud technology platforms? How do they keep data safe? And how can they foster a progressive culture that enables them to maintain IT security and drive productivity?

Laying the groundwork

Incorporating any new technology should, of course, be preceded by a well thought out strategy. But businesses striving to gain a competitive edge by speeding up their digital transformation can be tempted into taking shortcuts when migrating to a new technology, and the process can become plagued with mistakes.

Failure to put a robust strategy in place can lead to devastating problems further down the line – a costly error which we’ve seen organisations make far too many times. It’s been reported that in January 2020 alone, 1.5 billion records were breached, highlighting the worrying scale of cyber attacks and data breaches impacting on businesses that continue to operate with a weak IT security infrastructure in place. 

The size of the organisation is immaterial. Attackers have become so sophisticated that no business can claim to be 100% safe. Retail has become one of the most targeted industry sectors, enticing cyber criminals with a rich pool of data where it's all too easy to identify individuals and their payment information. Moreover, what makes this scenario more complex is that retail is undergoing one of the greatest transformations it has experienced in decades. It’s never been more critical for organisations moving to the cloud to develop a robust and secure cloud strategy. 

Security by design

Regardless of size, all businesses need to appreciate that, despite their best efforts, their IT systems will never be entirely secure. As hackers and their methods evolve, organisations will need to stay one step ahead by constantly evaluating and improving security measures. This is only possible if organisations take a ‘security by design’ approach, instead of ‘by addition’. Retrofitting cybersecurity into systems is no longer a sufficient or effective way to operate and will hit an organisation’s back pocket just as hard as it hits its technology infrastructure. 

Since cybersecurity is mission critical, it stands to reason that businesses need to give it the attention, care and resource that it warrants. This means clarifying the separation of layers and functions. In the case of WAN environments, the desired outcome is that they reinforce one another instead of masking blind spots or creating joints that are a point of weakness where threats can infiltrate essential systems. 

Culture: The glue that holds a security strategy together

The concept of a physical office or workspace as a perimeter to be protected is increasingly a thing of the past. Most organisations have capabilities to operate virtually and staff can now work from almost anywhere. And, while the cloud is mostly responsible for enabling these productivity benefits, it creates security threats too.

The reality is that human error is at the root of nearly one in five of data breaches; and whilst almost 75% of attacks are perpetrated from outside an organisation, more than one in four involved insiders. Employees are often the weakest links, and hackers are more than aware of this fact. Educating all colleagues, and not just senior management, about cybersecurity is therefore vital.

Nurturing a security culture across an entire organisation is paramount – if executed effectively, it will transform security from a one-time event and the responsibility of an IT team into being a positive part of the firm’s day to day operations and culture.

Just as organisations need to continuously evaluate the cybersecurity infrastructure in place, they also need to make employee education an ongoing priority. Helping employees to understand the implications of a cybersecurity attack will also highlight the importance of continuous diligence; after all, an organisation’s security will only ever be as strong as its weakest link.

It is only through unifying technology, culture and employees that an organisation’s critical data can remain safe. Succeed at this, and organisations will lay the right foundations in order to confidently explore all the advantages that the cloud has to offer.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Bobby Hellard

Google Cloud’s shopping list shows no signs of abating, with the company announcing the acquisition of Cornerstone Technology, a mainframe specialist.

The 30-year-old provider, based in the Netherlands, has an overall remit of ‘helping customers protect and improve their investments in essential legacy enterprise applications’, in Cornerstone’s own words. Cornerstone uses automation to break down programs, turn them into services, and then make them cloud-native.

This includes COBOL, which to the potential surprise of many is still used by many enterprises. A recent study from Micro Focus, the language’s arbiter, noted that for more than two thirds of businesses polled, COBOL app modernisation was a preferred strategy to replacement and retirement.

“As the industry increasingly builds applications as a set of services, many customers want to break their mainframe monolith programs into either Java monoliths or Java microservices,” wrote Howard Weale, Google Cloud director of transformation practice in a blog post. “This approach to application modernisation is at the heart of the Cornerstone toolset.”

Google Cloud made a spree of acquisitions in 2019 under the leadership of CEO Thomas Kurian. The standout deal was for business intelligence platform Looker in June, valued as a $2.6 billion all-cash transaction. Other deals were for data migration service provider Alooma in February, storage firm Elastifile in July, and VMware workload runner CloudSimple in November.

The acquisition of Cornerstone will, as the name suggests, form a significant chunk of Google’s ‘mainframe-to-Google-Cloud-Platform’ offerings.

“For decades, companies have relied on a mainframe architecture to run their mission-critical workloads, but it often holds developers back from taking advantage of new technologies that enable them to innovate more quickly,” explained Weale. “Cloud computing presents the opportunity to modernise your applications and your infrastructure, resulting in better capabilities and allocation of your resources so your organisation can focus on your core business.”

The obvious target for this acquisition is IBM, whose mainframe business remains significantly profitable. At the same time the Cornerstone acquisition dropped, this reporter received a separate communique from IBM which touted the company as a top three cloud vendor ‘far ahead’ of Google.

IBM cites Google’s eventual disclosure of its cloud revenues – $2.6bn for the most recent quarter, compared with IBM’s reported $6.8bn – as key. Yet measuring an apples-to-apples comparison across all services remains tricky. For cloud infrastructure services alone, according to figures from Synergy Research earlier this month, Google holds 8% of the market, compared with 6% for IBM.

Financial terms of the Cornerstone acquisition were not disclosed.

Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.