The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud. Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.

1. DIGITAL TRANSFORMATION IN THE CLOUD: WHAT THEY
DON’T ALWAYS TELL YOU
ITCAMP – ONLINE COMMUNITY MEETUP
JULY 9TH, 2020

2.  Co-founder @ ITCamp & ITCamp Community
 Cloud and Datacenter Management MVP (Microsoft)
 Certified Ethical Hacker (EC-Council)
 Certified Security Professional (CQURE)
 Contact: tudy.tel
TUDOR DAMIAN

3.  The Pitfalls of Digital Transformation
 Digital Transformation trends, mistakes and solutions
 Why the Cloud?
 Defining a strategy to move to the Cloud
 I’m there, now what?
 Governance & Security in the Cloud
 Example: MCRA
 What’s next?
 Key takeaways & next steps
OBJECTIVES

4. (THE MIRAGE OF) DIGITAL TRANSFORMATION

6. Step 1
Perform Digital Transformation
Step 2
Profit
HOW COMPANIES VIEW DIGITAL TRANSFORMATION

7. Step 1
Perform Digital
Transformation
Step 2
???
Step 3
Profit
HOW DIGITAL TRANSFORMATION REALLY WORKS
The main focus should be on what you do here

8.  Over 70% of all Digital Transformation
initiatives do not reach their goals
 Yearly spending estimates: $1.2 - $1.3 trillion
 Digital Transformation doesn’t fail because
of a shortage of “tech”
 Most digital technologies provide possibilities for
efficiency gains
 If people lack the right mindset to change and if
current organizational practices are flawed, DT
will only magnify those flaws
THE PITFALLS OF DIGITAL TRANSFORMATION
https://blogs.wsj.com/riskandcompliance/2018/12/05/businesses-predict-digital-transformation-to-be-biggest-risk-factors-in-2019/
https://www.forbes.com/sites/forbestechcouncil/2018/03/13/why-digital-transformations-fail-closing-the-900-billion-hole-in-enterprise-strategy/#4f74e9207b8b
https://www.forbes.com/sites/forbesinsights/2019/07/20/think-going-to-the-moon-was-tough-50-years-ago-try-digitally-transforming-a-corporation-because-72-of-us-are-failing-at-it/
Failed
72%
Successful
28%
Digital Transformation
initiatives (2019, Forbes)

9.  #1 – The Changing Customer Experience
 Solution: Assess your current presence and find ways to improve the level of enjoyment of each
customer’s experience (measure your CSAT)
 #2 – Employee Pushback
 Solution: Build customer service, employee training and company culture around your customers’
needs
 #3 – Omnichannel Adaptation
 Solution: Adopting a robust customer engagement system
 #4 – Failing or Poor Analytics
 Solution: AI, Big Data, Machine Learning
 #5 – Lagging, Legacy Business Models
 Solution: Find ways to innovate and ditch your old systems and processes
THE CHALLENGES OF DIGITAL TRANSFORMATION

10.  #6 – The “Starting Blind” Challenge
 Solution: Identify where the company is in the transformation journey and what is needed before
starting (collect user & customer data)
 #7 – Short-Term View
 Solution: Go beyond 3-6 months planning, but also plan for project fatigue
 #8 – Culture Change
 Solution: Leaders must be intentional in building a digital culture, including changing legacy
technology and structures that hinder transformation
 #9 – Aligning Business and IT
 Solution: Balance business needs, new technology and retraining people
 #10 – The Data Challenge
 Solution: Infrastructure (AI, Cloud, Machine Learning), Information Management & Governance are key
THE CHALLENGES OF DIGITAL TRANSFORMATION

11.  Evolving Technology
 Books, music, shopping, banking, education, insurance, transportation – they’ve already transformed
right in front of our eyes; and it’s mostly about data
 Accessing resources is more important than owning or creating resources
 Sharing content, resources & intellectual property is more effective than accumulating them
 Decentralizing, distributing, and copying is more powerful than stockpiling originals
 Connectivity and flow of data is the starting point for innovation and socializing
 Evolving People
 Start with engagement – put people at the center of your DT (employees, partners, customers)
 Once you understand who your business serves, you’ll be able to easily transform things
 Evolving Processes
 Don’t rush to try new tech without considering the broader organizational strategy
 Tools expansion without a strategy rarely aligns with business needs
WHAT IS THERE TO DO?

12. SO, WHY THE CLOUD?

13. 28.2% CAGR from
2017 to 20205
80% of CIOs
migrating their datacenters
CLOUD MIGRATION WILL CONTINUE TO GROW
COMPANIES ARE ALREADY IN THE CLOUD
time required
to manage apps by 80% time
to deploy a new app by 50%
Top 2

14.  Cost control: Utility services cost less even though they cost more
 Higher cost per unit time than leasing or upfront purchase
 Zero cost when not used
 Efficiency & scalability: on-demand is better than prediction
 Forecasting is estimative, often wrong, sometimes impossible
 Better to be able to scale up or down “immediately” depending on demand
 Workloads: address odd workload patterns
 On-and-off, growing fast, unpredictable bursting, predictable bursting
 Innovation: access to technology not available on-premises
 Making use of some Cloud-native solutions (e.g. AI, ML, Analytics, DBs, storage)
 Consolidating platforms, technologies, expertise
 Starting up: new company, startup, spinoff, new market, etc.
 Security & compliance: GDPR, data protection, data classification, etc.
WHY THE CLOUD? (EXAMPLES)

15.  Identity & Data
 Data Classification & Labeling, Data Protection
 Monitoring & Response
 Geography
 Multi-geo deployments & GDPR
 Latency
 Financials
 OPEX vs CAPEX
 Understand cloud business models (e.g. PAYG vs CSP vs EA vs MCA)
 Understand constants and variables in Cloud consumption
 Apply relevant tools for cost visualization, control and budgeting
 Governance
 Cloud subscriptions will get very messy very quickly without proper governance
 Locks, Groups, Tags, Policies, Auditing & Monitoring – it all has little value unless properly understood and employed
 Process
 This is not a walk in the park, it’s a lengthy and rather complex project
COMMON CLOUD CHALLENGES

16. THE MICROSOFT CLOUD ADOPTION FRAMEWORK
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/

17. Analysis
• Review existing
application
architecture
• Map with Azure
features
Application
Migration
• Implement changes
• Convert to Azure roles
• Application already
working in a VM;
upload this VM to
Azure as a .vhd
• Build a VM in Azure,
then install app inside
VM
Data Migration
• Move non-relational
data to Azure Table,
Blob, Queue, etc.
• Move relational data
to Azure SQL DB
• Data already in VM:
upload this VM to
Azure as a .vhd
• Build a VM in azure;
either upload data in a
.vhd file or migrate
data using DB
management tools
Optimization and
Testing
• Identify and resolve
bottlenecks
• Functional testing
• Performance testing
Operation and
Management
• Monitor app
performance
• Manage data recovery
plan
AZURE MIGRATION STRATEGY: TRADITIONAL APP

18. RESPONSIBILITY ZONES IN THE CLOUD

19. THE SECURITY & COMPLIANCE TALK

20.  Governance, Risk Management & Compliance (GRC) are three facets that
help to ensure that an organization meets its objectives
 Goals:
 Keeping risk at acceptable levels
 Maintaining availability to systems and services
 Complying with relevant laws and regulations
 Protecting customer and internal data
GRC – ARE YOU DOING IT TODAY?
Governance, Risk management & Compliance

21.  Regulatory compliance (e.g. PCI-DSS, HIPAA, CDSA, MPAA, etc.)
 Data governance (e.g. DLP, encrypting PII, geo location, etc.)
 Financial governance (e.g. CAPEX vs OPEX, prediction, cost centers, etc.)
 Change management (e.g. DevOps, user & organization readiness, etc.)
 Business & market changes and challenges
 ITIL, COBIT & the Cloud
 Strategy, Design, Transition, Operation & Improvement
 Ensure clear ownership & responsibilities
 Better manage IT investments
 Identify & handle IT risk
GRC – ITEMS IN FOCUS
Governance, Risk management & Compliance

22. UNDERSTANDING CLOUD SECURITY CONTROLS
What does the Cloud do for me? What do I still need to do?
On-premises IaaS PaaS SaaS
1. Security Strategy, Governance, and Operationalization: Provide clear vision, standards and guidance for the company
2. Administrative Control: Defend against loss of control of your Cloud services and on-premises systems
3. Data: Identify and protect your most important information assets
4. User Identity and Device Security: Strengthen protection for accounts and devices
5. Application Security: Ensure application code is resilient to attacks
6. Network: Ensure connectivity, isolation, and visibility into anomalous attacks
7. OS and Middleware: Protect integrity of (virtual) hosts
8. On-prem / private
environments: Secure
the foundation

23.  3rd and 4th party risk
 Customers: responsible for implementing security in the cloud application
 SaaS providers: responsible for the security in the cloud
 Cloud service providers: responsible for the security of the cloud
 Analyze costs and benefits of Cloud migration
 Operational consistency
 Information visibility
 Advanced threats
CLOUD SECURITY & COMPLIANCE CHALLENGES

24.  Understanding your business challenge
 Data-centric threat defense
 Proactive risk management
 Continuous security & compliance
 Resolving your business challenge
 Secure the Data, not the Cloud
 Manage risk proactively, including doing an initial
assessment
 Implement foundational security, with compliance as
a by-product
BUILDING A CLOUD-READY SECURITY STRATEGY

25. KEEP IN MIND, IT CAN GET VERY COMPLEX
E x a m p l e : T h e M i c r o s o f t C y b e r s e c u r i t y R e f e r e n c e A r c h i t e c t u r e

26. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
Office 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery

27. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
Office 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery

28. WRAPPING UP

29.  So, we’ve (briefly) discussed:
 The challenges and pitfalls of Digital Transformation initiatives
 Why look at the Cloud in your DT strategy?
 How to approach a Cloud Strategy initiative
 GRC (Governance, Risk Management & Compliance) in the Cloud
 First steps:
 Don’t do Digital Transformation for the sake of doing it, do it because you’ve identified a real business need
that can be addressed
 Remember: it’s rarely about tech, it’s more often about company culture, processes, and people’s mindset
 Ensure you have a clear Cloud Strategy (including Security & Governance)
 Discover what you’ve got and where you’re starting from
 Don’t forget, you’re mostly just extending your practices to the Cloud
 Consider all the details – culture shift, onboarding, identity, geography, financials, monitoring, operations, etc.
SUMMARY

30. Q & A