itSMF UK, profile picture
Uploaded byitSMF UK
PDF, PPTX849 views

Steve Chambers - Cloud for GrownUps ITSM17

The document discusses cloud computing, emphasizing the importance of understanding cloud adoption, security, finance, and operations for organizations. It highlights the shift from traditional IT to cloud models and stresses the need for accountability in cloud finance. The presentation also advocates for education and certification in cloud practices to enhance operational effectiveness and avoid common pitfalls.

Download as PDF, PPTX
Cloud for Grown Ups ITSMF UK 2017 steve@cloudsoft.io
Presentation Caveats • It’s wordy so it’s useful when read in PDF/Online without speaker. • AWS is used solely for examples because (a) they have the best guidance, (b) other wise I’d have to provide multiple examples and (c) this isn‘t a cloud-comparison presentation. • Other clouds are available but they are (way) behind AWS on these topics
Who is Stevie? Worked with small startups, public sector, international orgs and others on cloud adoption for the past few years.
Help Stevie stay calm • There’s a difference between the words ”premise” and “premises”. • Please don’t use the phrase “on-premise” to describe non-cloud private datacenters. • Please use “on-premises” or even “on-prem” • If you hear someone say “on-premise”, and there are lots of people doing it, then discount their cloud knowledge (sorry, but it’s true!)
We all know what a cloud is notnotnotnot, right? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: https://csrc.nist.gov/publications/detail/sp/800-145/final
Hands Up! • Where is your organization on the cloud adoption spectrum? Experimenting Some programs Business as usual • What is your involvement in cloud in your organization? None Plan to In up to my neck
What are Grown Ups for?
Grown Ups are for… 1. “To stop childrens getting squished!” 2. “To buy children things!” 3. “To tell children off when they are naughty!” Cloud Security Cloud Finance Cloud Operations
We’ve been here before with virtualization Virtualization circa 1998-present Market Leader: VMware People & Process: VMware Center of Excellence Programme: VMware Operations Framework Architecture: VCDX Cloud Computing circa 2006-present Market Leader: AWS People & Process: Cloud Center of Excellence Programme: Cloud Adoption Framework Architecture: Well Architected Framework
VMware Operational Framework 2006-2009
1. Cloud Security “Grown Ups are there to stop childrens getting squished!”
From #1 Barrier to #1 Driver 1. Perimeter walls and firewalls are false comfort blankets. 2. Cloud democratizes access to leading security methods for free. 1. Encryption 2. Identity and Access Management 3. Programmable and transparent controls – see CIS Benchmark 3. Hyperscale CSPs have better security – people, process, tech -- than us normal people. 4. You are in control and responsible for your security.
Regulatory 1. Cloud Services are not regulated (SEC regulates US companies, but not their service/product offerings). 2. You are responsible for compliance with your industry’s regulations 1. See London FCA https://www.fca.org.uk/publication/finalised- guidance/fg16-5.pdf 2. Dutch Finance Board “approve” use of AWS. 3. Business Associate Agreements with HIPAA clearly state responsibilities. 3. CSPs work with regulators (e.g. to provide access for investigations) and they voluntarily produce compliance
Example: AWS Compliance https://aws.amazon.com/compliance/
Availability • AWS S3 Cascading Failure in Feb 2017 • Check out the detailed AWS post-mortem: do you/other providers offer this transparency? https://aws.amazon.com/message/41926/ • You are responsible for availability. • Some AWS customers who provide services to others “shrugged their shoulders” and accepted the outage, they offered no additional protection to their customers.
Footguns Galore • S3 Buckets • You have to purposefully open them • Remember cloud is “broad network access” – it’s a feature, not a bug! • Use AWS Macie because, well, people • Takeaway • You get what you deserve if you let untrained and unchecked staff put company data in the cloud any way they like. • Use automation to “trust but verify”. AWS Trusted Advisor, AWS Config etc • Limit access to “raw console” and use tools like service catalogues to automagically create cloud resources.
2. Cloud Finance “Grown Ups are there to buy children things!” (Grown Up: more likely to *stop* them buying things!)
Cloud Finance: The Missing Link • To succeed, you must be sophisticated: • Use tools and automated processes – cost explorers and forecasts • How do you know if you are getting value for money? • Make someone accountable – job spec and measurements • Stop people frittering money – limit their access • Create downward pressure on cloud resources and costs – turn stuff off • Set targets including rewards and punishments – cost saving leaderboard
Who’s job isn’t it? • Not Procurement? Should be involved in cloud sourcing/framework • Not Finance? Usually more interested in mechanics, reducing costs • Not Developers? Finance is Someone Else’s Problem (don’t see the bill) • Not Solution Architects? AWS make Cloud Costs part of Architecture • Not Management? It’s not a leadership activity (yes it is). • Common: • 1. Project Managers, people who deal with budgets. • 2. An oversight committee that provides checks, balances and enforcement.
Cloud Finance Complexity • Doing your sums: The AWS “Simple” Calculator • Terminology: Reserved Instances (that are neither reserved, nor instances) • Risk: If a user has “raw console access” then they might as well have access to the company bank account. • Hyperscale CSPs are less flexible and less forgiving than local suppliers. • Double Whammy: pay up front for “coupons”/Ris then use the wrong resources and additionally pay the On Demand price (400% of Ris).
Beware Multi-cloud • The last hurrah of the non-cloud vendor • Hybrid cloud is being turned inside out: it’s public cloud reaching into your premises/DC not you bursting into cloud (niche cases apply). • CSPs use different resource types, terminology, finance models: you might need to use an intermediary/MSP to have a consistent consumption model. • My advice? Be good at one cloud first.
3. Cloud Operations “Grown Ups are there to tell children off!”
When ITIL meets Cloud • Cloud is very ITIL-y, if that’s a thing. • Check out: AWS Managed Services – they do Change, Incident etc for some things • Cloud is programmable therefore integration-able to your current tools • Use higher-order services to reduce your process exposure (but beware lock-in) • Example: AWS Relational Database Service: no DBA required? Changes done by CSP! • Train your ITSMs in Cloud – acloud.guru, others available.
Shared Responsibility Model You do ITIL for these bits CSP takes care of these bits
Your Operational Responsibility • Security, reliability, performance efficiency, cost optimization, and operational • Use the AWS Well Architected Framework • Operational Excellence Pillar: • Best Practices: Operational Checklist, Proactive Plan, Security Checklist • Config Management: Resource Tracking, Documentation, Learnings, Immutable Infrastructure, Automated Change, CMDB • DevOps: Deployment Pipeline, Release, Incremental Change, Revertible Change, Risk Mitigation • Monitoring: Tools, Logs, Alarms, Triggers • Responses: Playbook, Root Cause Analysis, Automated Response • Escalation: Document, Provision, Functional Queues, Hierarchical, External,
4. Key Takeaways How to be a Cloud Grown Up
How to be a Cloud Grown Up • Teach the adults and kids about cloud and get them certified because that is one way to learn from others’ mistakes. But remember there is no compression algorithm for experience. • Give the kids a routine: build a Cloud Adoption Framework that goes from “Experimentation” through “Programmes” (e.g. migrating/building services in the cloud) to establishing a “Center of Excellence”. • Put an adult in charge of the money: Make someone accountable for cloud finance and get sophisticated. • Don’t do what you always did: Use higher-order cloud services instead of “renting VMs” where you can: let the CSP take the strain! • Humans are always the weak link, and some of my best friends are human. Get the robots to do it.
Final NotesFinal NotesFinal NotesFinal Notes • Don’t get squished. • Manage your budget. • Be kind but firm to your cloud children.

More Related Content

PDF
Daniel Breston - DevOps metrics that matter
byitSMF UK
 
PDF
Andrew Shepherd - Rethink the service desk role to change its image forever
byitSMF UK
 
PDF
Neil Forshaw - Service managing cloud services perception vs reality v0
byitSMF UK
 
PPTX
Mathew Burrows - Maximising value and building trust in your digital supply c...
byitSMF UK
 
PDF
Matt Hoey - DevOps and the three ways of transition
byitSMF UK
 
PDF
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
byitSMF UK
 
PDF
Phil Green - We're migrating to the cloud - Who needs service management
byitSMF UK
 
PDF
Steve Tuppen - Digital Service Management
byitSMF UK
 
Daniel Breston - DevOps metrics that matter
byitSMF UK
 
Andrew Shepherd - Rethink the service desk role to change its image forever
byitSMF UK
 
Neil Forshaw - Service managing cloud services perception vs reality v0
byitSMF UK
 
Mathew Burrows - Maximising value and building trust in your digital supply c...
byitSMF UK
 
Matt Hoey - DevOps and the three ways of transition
byitSMF UK
 
John Mcdermott - Gold sponsor session: Hybrid - IT needs hybrid good practice
byitSMF UK
 
Phil Green - We're migrating to the cloud - Who needs service management
byitSMF UK
 
Steve Tuppen - Digital Service Management
byitSMF UK
 

What's hot

PDF
Tony Price - Will IT4IT Survive
byitSMF UK
 
PDF
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
byitSMF UK
 
PDF
Craig Johnson - Transforming service management into multi-modal and DevOps.
byitSMF UK
 
PDF
Agile IT Service Management
byIan Jones
 
PDF
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
byitSMF UK
 
PDF
Antony Oxley - Has the digital age left service level management in the dust?
byitSMF UK
 
PDF
Jon Terry - The lean toolkit: Practical practices for continuous improvement
byitSMF UK
 
PDF
ITIL4 – 26.11.2020
byitSMF Belgium
 
PDF
Kevin Holland - Rethinking service levels to suit DevOps and Agile environments
byitSMF UK
 
PDF
Agile Service Management: An introduction - Bas Blanken
byTOPdesk
 
PDF
ITIL4 and ServiceNow
byITSM Academy, Inc.
 
PPTX
Soa Lessons learned
byCharles Wade
 
PDF
Kamu: reconciling DevOps and ITSM/ITIL
byRob England
 
PDF
What is Agile Service Management? Why Is it Important? ITSM Academy Webinar
byITSM Academy, Inc.
 
PDF
Next-Generation IT Service Management: Changing the Future of IT
byEnterprise Management Associates
 
PDF
ITIL and DevOps can be friends
byJan-Joost Bouwman
 
PPTX
ITIL and DevOps at War in the Enterprise - DevOpsDays Amsterdam 2014
byJan-Joost Bouwman
 
PDF
Agile and ITIL Continuous Delivery
byMartin Jackson
 
PDF
Putting the Pro in Process Design with Donna Knapp - an ITSM Academy Webinar
byITSM Academy, Inc.
 
PPTX
IT Pro Webinar Series: Agile Service Management Automation with Service Manag...
byCireson
 
Tony Price - Will IT4IT Survive
byitSMF UK
 
Elina Pirjanti - Considerin using your ITSM tools beyond IT? Do your homework...
byitSMF UK
 
Craig Johnson - Transforming service management into multi-modal and DevOps.
byitSMF UK
 
Agile IT Service Management
byIan Jones
 
Ivor Macfarlane - Will we ever learn? People, perception and involvement matter
byitSMF UK
 
Antony Oxley - Has the digital age left service level management in the dust?
byitSMF UK
 
Jon Terry - The lean toolkit: Practical practices for continuous improvement
byitSMF UK
 
ITIL4 – 26.11.2020
byitSMF Belgium
 
Kevin Holland - Rethinking service levels to suit DevOps and Agile environments
byitSMF UK
 
Agile Service Management: An introduction - Bas Blanken
byTOPdesk
 
ITIL4 and ServiceNow
byITSM Academy, Inc.
 
Soa Lessons learned
byCharles Wade
 
Kamu: reconciling DevOps and ITSM/ITIL
byRob England
 
What is Agile Service Management? Why Is it Important? ITSM Academy Webinar
byITSM Academy, Inc.
 
Next-Generation IT Service Management: Changing the Future of IT
byEnterprise Management Associates
 
ITIL and DevOps can be friends
byJan-Joost Bouwman
 
ITIL and DevOps at War in the Enterprise - DevOpsDays Amsterdam 2014
byJan-Joost Bouwman
 
Agile and ITIL Continuous Delivery
byMartin Jackson
 
Putting the Pro in Process Design with Donna Knapp - an ITSM Academy Webinar
byITSM Academy, Inc.
 
IT Pro Webinar Series: Agile Service Management Automation with Service Manag...
byCireson
 

Similar to Steve Chambers - Cloud for GrownUps ITSM17

PDF
Key considerations when adopting cloud: expectations vs hurdles
byScalr
 
PDF
Cloud security: Accelerating cloud adoption
byDell World
 
PDF
Cloud security lessons learned and audit
byMarc Vael
 
PPT
Cloudsourcing2013
byCliff Ashcroft
 
PPTX
Cloud Computing Overview
byDoug Allen
 
PDF
The Cloud Imperative – What, Why, When and How
byInside Analysis
 
PPTX
AZ-900 Microsoft Azure Fundamentals.pptx
byKARMANJAYVERMA1
 
PDF
CloudCamp London 3 - SymetrIQ - Phil Huber
byChris Purrington
 
PPTX
AZ-900 Microsoft Azure Fundamentals.pptx
byKarmanjay Verma
 
PPTX
Shared responsibility - a model for good cloud security
byAndy Powell
 
PDF
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
PDF
Security & Privacy in Cloud Computing
byJohn D. Johnson
 
PDF
RightScale Webinar: Operationalize Your Enterprise AWS Usage Through an IT Ve...
byRightScale
 
PPTX
Cloud for-startup
byKesava Reddy
 
PPTX
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
byChris Dagdigian
 
PDF
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
byikanow
 
PPT
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
byMark Hinkle
 
PDF
Adopting Multi-Cloud Services with Confidence
byKevin Hakanson
 
PDF
110307 cloud security requirements gourley
byGovCloud Network
 
PPTX
Greg Dixon - 2011 ScanSource POS & Barcoding Partner Conference
byScanSource, Inc.
 
Key considerations when adopting cloud: expectations vs hurdles
byScalr
 
Cloud security: Accelerating cloud adoption
byDell World
 
Cloud security lessons learned and audit
byMarc Vael
 
Cloudsourcing2013
byCliff Ashcroft
 
Cloud Computing Overview
byDoug Allen
 
The Cloud Imperative – What, Why, When and How
byInside Analysis
 
AZ-900 Microsoft Azure Fundamentals.pptx
byKARMANJAYVERMA1
 
CloudCamp London 3 - SymetrIQ - Phil Huber
byChris Purrington
 
AZ-900 Microsoft Azure Fundamentals.pptx
byKarmanjay Verma
 
Shared responsibility - a model for good cloud security
byAndy Powell
 
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
Security & Privacy in Cloud Computing
byJohn D. Johnson
 
RightScale Webinar: Operationalize Your Enterprise AWS Usage Through an IT Ve...
byRightScale
 
Cloud for-startup
byKesava Reddy
 
Cloud Sobriety for Life Science IT Leadership (2018 Edition)
byChris Dagdigian
 
Dr. Michael Valivullah, NASS/USDA - Cloud Computing
byikanow
 
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
byMark Hinkle
 
Adopting Multi-Cloud Services with Confidence
byKevin Hakanson
 
110307 cloud security requirements gourley
byGovCloud Network
 
Greg Dixon - 2011 ScanSource POS & Barcoding Partner Conference
byScanSource, Inc.
 

More from itSMF UK

PDF
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
byitSMF UK
 
PPTX
Gary Gamp: The 21st Century Service Manager
byitSMF UK
 
PPTX
Martin Huddleston: No Service Management, No Security
byitSMF UK
 
PPTX
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
byitSMF UK
 
PPTX
Chris Bryan: Continuous Service Improvement in a SIAM Environment
byitSMF UK
 
PPTX
Johann Diaz: The New Management of Service – Joining Up the Enterprise
byitSMF UK
 
PPTX
David D'Agostino and Tony Price: Kicking the KPI Habit
byitSMF UK
 
PPTX
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
byitSMF UK
 
PPTX
Simone Jo Moore: Machine Humanity
byitSMF UK
 
PPTX
Hayley Butler and Spenser Arnold: Agile Service Management
byitSMF UK
 
PPTX
Network Rail: Intelligent Infrastructure
byitSMF UK
 
PPTX
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
byitSMF UK
 
PPTX
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
byitSMF UK
 
PPTX
Owen Appleton: FitSM
byitSMF UK
 
PPTX
Andrew Vermes: Major Incident Management
byitSMF UK
 
PPTX
Dave Wheable: Can We Manage the Future
byitSMF UK
 
PPTX
Stuart Howitt: Honey, I Shrunk the Incident
byitSMF UK
 
PPTX
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
byitSMF UK
 
PPTX
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
byitSMF UK
 
PPTX
Alice Doyne: Service Design Meets Service
byitSMF UK
 
Nicola Reeves and John McDermott: Value Creation in a Hybrid World
byitSMF UK
 
Gary Gamp: The 21st Century Service Manager
byitSMF UK
 
Martin Huddleston: No Service Management, No Security
byitSMF UK
 
Rebecca Ulyatt: People Power – Crack the Code, One Conversation at a Time
byitSMF UK
 
Chris Bryan: Continuous Service Improvement in a SIAM Environment
byitSMF UK
 
Johann Diaz: The New Management of Service – Joining Up the Enterprise
byitSMF UK
 
David D'Agostino and Tony Price: Kicking the KPI Habit
byitSMF UK
 
Peter Hubbard: Don't Get Stuck in a Silo – Going Digital isn't Transformation
byitSMF UK
 
Simone Jo Moore: Machine Humanity
byitSMF UK
 
Hayley Butler and Spenser Arnold: Agile Service Management
byitSMF UK
 
Network Rail: Intelligent Infrastructure
byitSMF UK
 
Clare McAleese: Verism at Vocalink Mastercard... Our Journey so Far
byitSMF UK
 
Lynda Cooper: ISO/IEC 20000 - The Launch of the Revised Standard
byitSMF UK
 
Owen Appleton: FitSM
byitSMF UK
 
Andrew Vermes: Major Incident Management
byitSMF UK
 
Dave Wheable: Can We Manage the Future
byitSMF UK
 
Stuart Howitt: Honey, I Shrunk the Incident
byitSMF UK
 
Akshay Anand: The Future is Built on ITIL – Get Ready for ITIL 4
byitSMF UK
 
Sanjeev NC: 5 Game Techniques to Immediately Apply in Your Service Desk
byitSMF UK
 
Alice Doyne: Service Design Meets Service
byitSMF UK
 

Recently uploaded

PPT
2- Evidence-Based .ppt2- Evidence-Based Practice(1)
bys3ads3eed
 
PPTX
technology.pptx presentation les biens de l ia
bycooljoueur
 
PDF
Daily Chartist Stock Recommendations - 24 September 2025.pdf
bySantokun1
 
PDF
NCE_Reviewer NATIONAL COMPETITIVE EXAMINATION
bykajitekazxz
 
PPTX
Title Lorem Ipsum xxxxxxxxxxxxxxxxxxxxxx
bydrsfzafar85
 
PPTX
COA Chap 1.pptxCOA Chap 1.pptxCOA Chap 1.pptxCOA Chap 1.pptx
byMAHERMOHAMED27
 
PPTX
1Module-1-Introduction to DBMSDATABMS.pptx
byankgarg0010
 
PDF
Quando la data visualization tradisce - 2025-09-23
byAlessandra Bilardi
 
PDF
2025 HeroConfSD JoshuaSlodki - Making Looker Studio Work for You
byJoshua Slodki
 
PPTX
Unit-Three.pptx a comprehensive description of travel
bygauravsinghsomensi
 
PPTX
Data Fundamentals Walkthrough Presentation.pptx
byMuhammadDickyAthalla1
 
PPTX
To Have and Have Not–How to Bridge the Gap in Opportunities_WISE.pptx
byStatsCommunications
 
PDF
Real Time IoT Data Processing with InfluxDB 3 & Node-RED
bySuyash Joshi
 
PPTX
Presentation of Key Performance during the MBR to highlight the team’s
byOmran
 
PPTX
Terraform_AWS_S3_StaticWebsite.pptx ....
bykumarprashant24952
 
PPTX
DIGITAL MARKETING_24020141314_Yug Vaibhav Verma.pptx
byyugvaibhav
 
PPTX
data analysis course for system develmen
byAhmedHusseinElmi
 
PPTX
Gurkanwar(1)_24020141110_AI in Digital Marketing.pptx
byyugvaibhav
 
PPTX
date analytics chart template,help you to quickly build reports
byLordgerLiu1
 
PPTX
Project Based Learning Presentation template.pptx
byjerint743
 
2- Evidence-Based .ppt2- Evidence-Based Practice(1)
bys3ads3eed
 
technology.pptx presentation les biens de l ia
bycooljoueur
 
Daily Chartist Stock Recommendations - 24 September 2025.pdf
bySantokun1
 
NCE_Reviewer NATIONAL COMPETITIVE EXAMINATION
bykajitekazxz
 
Title Lorem Ipsum xxxxxxxxxxxxxxxxxxxxxx
bydrsfzafar85
 
COA Chap 1.pptxCOA Chap 1.pptxCOA Chap 1.pptxCOA Chap 1.pptx
byMAHERMOHAMED27
 
1Module-1-Introduction to DBMSDATABMS.pptx
byankgarg0010
 
Quando la data visualization tradisce - 2025-09-23
byAlessandra Bilardi
 
2025 HeroConfSD JoshuaSlodki - Making Looker Studio Work for You
byJoshua Slodki
 
Unit-Three.pptx a comprehensive description of travel
bygauravsinghsomensi
 
Data Fundamentals Walkthrough Presentation.pptx
byMuhammadDickyAthalla1
 
To Have and Have Not–How to Bridge the Gap in Opportunities_WISE.pptx
byStatsCommunications
 
Real Time IoT Data Processing with InfluxDB 3 & Node-RED
bySuyash Joshi
 
Presentation of Key Performance during the MBR to highlight the team’s
byOmran
 
Terraform_AWS_S3_StaticWebsite.pptx ....
bykumarprashant24952
 
DIGITAL MARKETING_24020141314_Yug Vaibhav Verma.pptx
byyugvaibhav
 
data analysis course for system develmen
byAhmedHusseinElmi
 
Gurkanwar(1)_24020141110_AI in Digital Marketing.pptx
byyugvaibhav
 
date analytics chart template,help you to quickly build reports
byLordgerLiu1
 
Project Based Learning Presentation template.pptx
byjerint743
 

Steve Chambers - Cloud for GrownUps ITSM17

  • 1.
  • 2.
    Presentation Caveats • It’swordy so it’s useful when read in PDF/Online without speaker. • AWS is used solely for examples because (a) they have the best guidance, (b) other wise I’d have to provide multiple examples and (c) this isn‘t a cloud-comparison presentation. • Other clouds are available but they are (way) behind AWS on these topics
  • 3.
    Who is Stevie? Workedwith small startups, public sector, international orgs and others on cloud adoption for the past few years.
  • 4.
    Help Stevie staycalm • There’s a difference between the words ”premise” and “premises”. • Please don’t use the phrase “on-premise” to describe non-cloud private datacenters. • Please use “on-premises” or even “on-prem” • If you hear someone say “on-premise”, and there are lots of people doing it, then discount their cloud knowledge (sorry, but it’s true!)
  • 5.
    We all knowwhat a cloud is notnotnotnot, right? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Source: https://csrc.nist.gov/publications/detail/sp/800-145/final
  • 6.
    Hands Up! • Whereis your organization on the cloud adoption spectrum? Experimenting Some programs Business as usual • What is your involvement in cloud in your organization? None Plan to In up to my neck
  • 7.
  • 8.
    Grown Ups arefor… 1. “To stop childrens getting squished!” 2. “To buy children things!” 3. “To tell children off when they are naughty!” Cloud Security Cloud Finance Cloud Operations
  • 9.
    We’ve been herebefore with virtualization Virtualization circa 1998-present Market Leader: VMware People & Process: VMware Center of Excellence Programme: VMware Operations Framework Architecture: VCDX Cloud Computing circa 2006-present Market Leader: AWS People & Process: Cloud Center of Excellence Programme: Cloud Adoption Framework Architecture: Well Architected Framework
  • 10.
  • 11.
    1. Cloud Security “GrownUps are there to stop childrens getting squished!”
  • 12.
    From #1 Barrierto #1 Driver 1. Perimeter walls and firewalls are false comfort blankets. 2. Cloud democratizes access to leading security methods for free. 1. Encryption 2. Identity and Access Management 3. Programmable and transparent controls – see CIS Benchmark 3. Hyperscale CSPs have better security – people, process, tech -- than us normal people. 4. You are in control and responsible for your security.
  • 13.
    Regulatory 1. Cloud Servicesare not regulated (SEC regulates US companies, but not their service/product offerings). 2. You are responsible for compliance with your industry’s regulations 1. See London FCA https://www.fca.org.uk/publication/finalised- guidance/fg16-5.pdf 2. Dutch Finance Board “approve” use of AWS. 3. Business Associate Agreements with HIPAA clearly state responsibilities. 3. CSPs work with regulators (e.g. to provide access for investigations) and they voluntarily produce compliance
  • 14.
    Example: AWS Compliancehttps://aws.amazon.com/compliance/
  • 15.
    Availability • AWS S3Cascading Failure in Feb 2017 • Check out the detailed AWS post-mortem: do you/other providers offer this transparency? https://aws.amazon.com/message/41926/ • You are responsible for availability. • Some AWS customers who provide services to others “shrugged their shoulders” and accepted the outage, they offered no additional protection to their customers.
  • 16.
    Footguns Galore • S3Buckets • You have to purposefully open them • Remember cloud is “broad network access” – it’s a feature, not a bug! • Use AWS Macie because, well, people • Takeaway • You get what you deserve if you let untrained and unchecked staff put company data in the cloud any way they like. • Use automation to “trust but verify”. AWS Trusted Advisor, AWS Config etc • Limit access to “raw console” and use tools like service catalogues to automagically create cloud resources.
  • 17.
    2. Cloud Finance “GrownUps are there to buy children things!” (Grown Up: more likely to *stop* them buying things!)
  • 18.
    Cloud Finance: TheMissing Link • To succeed, you must be sophisticated: • Use tools and automated processes – cost explorers and forecasts • How do you know if you are getting value for money? • Make someone accountable – job spec and measurements • Stop people frittering money – limit their access • Create downward pressure on cloud resources and costs – turn stuff off • Set targets including rewards and punishments – cost saving leaderboard
  • 19.
    Who’s job isn’tit? • Not Procurement? Should be involved in cloud sourcing/framework • Not Finance? Usually more interested in mechanics, reducing costs • Not Developers? Finance is Someone Else’s Problem (don’t see the bill) • Not Solution Architects? AWS make Cloud Costs part of Architecture • Not Management? It’s not a leadership activity (yes it is). • Common: • 1. Project Managers, people who deal with budgets. • 2. An oversight committee that provides checks, balances and enforcement.
  • 20.
    Cloud Finance Complexity •Doing your sums: The AWS “Simple” Calculator • Terminology: Reserved Instances (that are neither reserved, nor instances) • Risk: If a user has “raw console access” then they might as well have access to the company bank account. • Hyperscale CSPs are less flexible and less forgiving than local suppliers. • Double Whammy: pay up front for “coupons”/Ris then use the wrong resources and additionally pay the On Demand price (400% of Ris).
  • 21.
    Beware Multi-cloud • Thelast hurrah of the non-cloud vendor • Hybrid cloud is being turned inside out: it’s public cloud reaching into your premises/DC not you bursting into cloud (niche cases apply). • CSPs use different resource types, terminology, finance models: you might need to use an intermediary/MSP to have a consistent consumption model. • My advice? Be good at one cloud first.
  • 22.
    3. Cloud Operations “GrownUps are there to tell children off!”
  • 23.
    When ITIL meetsCloud • Cloud is very ITIL-y, if that’s a thing. • Check out: AWS Managed Services – they do Change, Incident etc for some things • Cloud is programmable therefore integration-able to your current tools • Use higher-order services to reduce your process exposure (but beware lock-in) • Example: AWS Relational Database Service: no DBA required? Changes done by CSP! • Train your ITSMs in Cloud – acloud.guru, others available.
  • 24.
    Shared Responsibility Model Youdo ITIL for these bits CSP takes care of these bits
  • 25.
    Your Operational Responsibility •Security, reliability, performance efficiency, cost optimization, and operational • Use the AWS Well Architected Framework • Operational Excellence Pillar: • Best Practices: Operational Checklist, Proactive Plan, Security Checklist • Config Management: Resource Tracking, Documentation, Learnings, Immutable Infrastructure, Automated Change, CMDB • DevOps: Deployment Pipeline, Release, Incremental Change, Revertible Change, Risk Mitigation • Monitoring: Tools, Logs, Alarms, Triggers • Responses: Playbook, Root Cause Analysis, Automated Response • Escalation: Document, Provision, Functional Queues, Hierarchical, External,
  • 26.
    4. Key Takeaways Howto be a Cloud Grown Up
  • 27.
    How to bea Cloud Grown Up • Teach the adults and kids about cloud and get them certified because that is one way to learn from others’ mistakes. But remember there is no compression algorithm for experience. • Give the kids a routine: build a Cloud Adoption Framework that goes from “Experimentation” through “Programmes” (e.g. migrating/building services in the cloud) to establishing a “Center of Excellence”. • Put an adult in charge of the money: Make someone accountable for cloud finance and get sophisticated. • Don’t do what you always did: Use higher-order cloud services instead of “renting VMs” where you can: let the CSP take the strain! • Humans are always the weak link, and some of my best friends are human. Get the robots to do it.
  • 28.
    Final NotesFinal NotesFinalNotesFinal Notes • Don’t get squished. • Manage your budget. • Be kind but firm to your cloud children.