In this Run and Reinvent podcast, I chat with Vinnie Lima from long-time BMC partner VVL Systems, who shares his insights and best practices into creation a cloud migration strategy. Below is a condensed transcript of the discussion.
Allison Cramer: Can you tell me the difference between Cloud First versus Cloud Smart?
Vinnie Lima: A lot of organizations and federal agencies, they took the first leap and say, “We must get the cloud.” “We will get the cloud.” And they established some policies to indicate we should first go to the Cloud no matter what. Well, that’s a great strategy. The challenge always becomes, are you organizationally ready? Is your organizational process aligned with that strategy? Is your culture, is your tooling, is your processes, is your training and skill set up to that task of going Cloud First? And what a lot of agencies and commercial sector found is that that leads to some introduced risks. For example, security, right? Enabling that rapid approach to the Cloud requires you to think about a couple key tenants to make sure you’re not introducing a risk to your organization.
Security is a big aspect that the Cloud First did not necessarily always take into account, as well as cost management, which is this big challenge. A lot of organizations jump into the Cloud. They enable their organizations to use the Cloud and then they get a bill. And then they have to determine how do I adjust that bill? Was it being utilized in a smart way?
That’s how I differentiate between Cloud First and Cloud Smart. Where Cloud Smart is really looking realistically around your culture, your tooling, your processes, and your knowledge – your personnel knowledge to go to the Cloud in a calculated way. Identifying applications that are further down the modernization roadmap that are good candidates. There are quick wins, as well as, creating a roadmap around governance. To make sure that as you introduce more workloads to the Cloud that they are sustainable, that you’re not going to have a shell shock around cost, or security, or cultural.
Allison: One of the things that always surprises me a little bit is that folks seem so focused on moving to the Cloud, but have not necessarily documented what they think that’s going to do for them, right?
Vinnie: In the example of USDA [a joint BMC/VVL client], our key success is to be able to demonstrate that a hybrid-cloud, multi-cloud strategy is functionally capable within a federal agency. So, there’s a lot of layers before you start talking about taking applications to the cloud, especially when dealing with USDA where you have to deal with a federate moderate and a FISMA High environment that has additional layers of complexity.
Our initial charter was to do a very agile methodology-based approach of delivering some key tenants of fundamental capabilities; some foundational services. So, not only connectivity, or texture, security, ATOs come into play, but also enabling to demonstrate that a service once delivered into the cloud, is manageable, is sustainable.
All of the operational aspects – the incident management, the change management, all of the ITIL processes, how do you monitor it, how do you patch it? Those are all things that in the USDA scenario were key tenants for us to go the cloud. Without that, they will not accept that cloud strategy. So, that was our first initiative, to start small, think about the key tenants that you have to deliver before any customer workloads – any workloads were going to the cloud.
Allison: Do you have a roadmap or just some suggested activities for people to go through as they try to figure out, “Okay, what would it make sense for me to move first?”
Vinnie: As what everybody says, there’s never a single right answer, but for most organizations that we’ve come across, and especially true for USDA, was really focus on your strategy around how you’re approaching cloud. Don’t let policy drive the risk. You want to be smart about going to the cloud, but you first really need to take a good 360-degree view on perspective for your organizational processes.
What is your culture like? How do they operate? How do you deliver services to your customers? Personnel skill set I think is a key challenge, as much as a lot of cloud vendors – they might not like me saying this, make it look easy. Cloud is really hard, right? Cloud is – to do it right requires you have the right people, the right training, the right skill set. And they have to pair that up with technology. So, looking at your current technology innovation and investment to determine where are their gaps to sustain this rapid pace of cloud?[At USDA,] we focused on quick wins. We focused on the Fail-Fast, Adapt-Fast methodology. We leveraged agile from the get-go. So, we were able to take requirements that popped up on a daily basis and be able to think and ask a couple things. Why are we doing this? Is it important to the mission? And if we build this, will they come, right? There’s a lot of cloud innovation out there, a lot of cloud initiatives that build some great ideas, but nobody consumes them. So, it’s important as you’re moving either creating a cloud environment, multi-cloud approach, or you’re moving applications to the cloud, you’ve really got to ask yourself why.
Allison: I like the way you couched in the quick wins around they might be quick wins, but they’re part of a long game, right?
Vinnie: It’s important that you set realistic goals, right? But at the same time, have visionary ideas, right? Having the visionary idea helps you build a roadmap, but you have to be realistic about what you can accomplish. There’s no right answer to how fast you can move. It’s going to be very culturally and very organizationally dependent.
Allison: What are some of the gotchas that you found in there of an easy way – or even some of the evaluations they should look at when they’re looking at the process to see if it will work or not?
Vinnie: The biggest challenge is understanding your current process in context to manual or interactive activities when you move to the cloud. Let’s say you’re talking about serverless computing. You’re talking about an AWS Lambda service. You’ll find very quickly that your current process, your on-prem traditional operations, will have a hard time scaling to maintain or sustain.
This is where some of the capabilities that BMC’s brought to market has been very helpful for us, especially dealing with USDA and their strategy. Talking about TrueSight Cloud Security where you can manage the variety of controls that have to be enforced in a regulated cloud environment, in that large scale, right? So, how do you track things like EBS volume encryption and many other things that are quick to grow out of control, especially when you’re doing a lot of DevOps capabilities such as CI/CD Pipeline where you’re introducing more and more really fast in the cloud environment?
How do you track security for that, right? And so, this is where the process reevaluation – it’s not necessarily replacing your current process, but think of it as the next modernization, the next phase in your process structure to how do you deal with these cloud resources that have a finite or very transitional state, right?
Patching’s another challenge, right? The old challenge around, well, if you’re powering off cloud instances to save on billing or to have a finite life span, how do you patch them, right? They are no longer operating as an on-prem environment where they’re on all the time. So, think about those things.
And then cost. I can’t emphasize costly capacity management. It’s very, very important to culturally to change the way people think around the process of provisioning a lifecycle manage because right-sizing is a real challenge when it comes to cloud.
BMC Helix Cloud Security
These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.
See an error or have a suggestion? Please let us know by emailing email@example.com.