The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]
1. DIGITAL TRANSFORMATION IN THE CLOUD: WHAT THEY
DON’T ALWAYS TELL YOU
ITCAMP – ONLINE COMMUNITY MEETUP
JULY 9TH, 2020
2. Co-founder @ ITCamp & ITCamp Community
Cloud and Datacenter Management MVP (Microsoft)
Certified Ethical Hacker (EC-Council)
Certified Security Professional (CQURE)
Contact: tudy.tel
TUDOR DAMIAN
3. The Pitfalls of Digital Transformation
Digital Transformation trends, mistakes and solutions
Why the Cloud?
Defining a strategy to move to the Cloud
I’m there, now what?
Governance & Security in the Cloud
Example: MCRA
What’s next?
Key takeaways & next steps
OBJECTIVES
8. Over 70% of all Digital Transformation
initiatives do not reach their goals
Yearly spending estimates: $1.2 - $1.3 trillion
Digital Transformation doesn’t fail because
of a shortage of “tech”
Most digital technologies provide possibilities for
efficiency gains
If people lack the right mindset to change and if
current organizational practices are flawed, DT
will only magnify those flaws
THE PITFALLS OF DIGITAL TRANSFORMATION
https://blogs.wsj.com/riskandcompliance/2018/12/05/businesses-predict-digital-transformation-to-be-biggest-risk-factors-in-2019/
https://www.forbes.com/sites/forbestechcouncil/2018/03/13/why-digital-transformations-fail-closing-the-900-billion-hole-in-enterprise-strategy/#4f74e9207b8b
https://www.forbes.com/sites/forbesinsights/2019/07/20/think-going-to-the-moon-was-tough-50-years-ago-try-digitally-transforming-a-corporation-because-72-of-us-are-failing-at-it/
Failed
72%
Successful
28%
Digital Transformation
initiatives (2019, Forbes)
9. #1 – The Changing Customer Experience
Solution: Assess your current presence and find ways to improve the level of enjoyment of each
customer’s experience (measure your CSAT)
#2 – Employee Pushback
Solution: Build customer service, employee training and company culture around your customers’
needs
#3 – Omnichannel Adaptation
Solution: Adopting a robust customer engagement system
#4 – Failing or Poor Analytics
Solution: AI, Big Data, Machine Learning
#5 – Lagging, Legacy Business Models
Solution: Find ways to innovate and ditch your old systems and processes
THE CHALLENGES OF DIGITAL TRANSFORMATION
10. #6 – The “Starting Blind” Challenge
Solution: Identify where the company is in the transformation journey and what is needed before
starting (collect user & customer data)
#7 – Short-Term View
Solution: Go beyond 3-6 months planning, but also plan for project fatigue
#8 – Culture Change
Solution: Leaders must be intentional in building a digital culture, including changing legacy
technology and structures that hinder transformation
#9 – Aligning Business and IT
Solution: Balance business needs, new technology and retraining people
#10 – The Data Challenge
Solution: Infrastructure (AI, Cloud, Machine Learning), Information Management & Governance are key
THE CHALLENGES OF DIGITAL TRANSFORMATION
11. Evolving Technology
Books, music, shopping, banking, education, insurance, transportation – they’ve already transformed
right in front of our eyes; and it’s mostly about data
Accessing resources is more important than owning or creating resources
Sharing content, resources & intellectual property is more effective than accumulating them
Decentralizing, distributing, and copying is more powerful than stockpiling originals
Connectivity and flow of data is the starting point for innovation and socializing
Evolving People
Start with engagement – put people at the center of your DT (employees, partners, customers)
Once you understand who your business serves, you’ll be able to easily transform things
Evolving Processes
Don’t rush to try new tech without considering the broader organizational strategy
Tools expansion without a strategy rarely aligns with business needs
WHAT IS THERE TO DO?
13. 28.2% CAGR from
2017 to 20205
80% of CIOs
migrating their datacenters
CLOUD MIGRATION WILL CONTINUE TO GROW
COMPANIES ARE ALREADY IN THE CLOUD
time required
to manage apps by 80% time
to deploy a new app by 50%
Top 2
14. Cost control: Utility services cost less even though they cost more
Higher cost per unit time than leasing or upfront purchase
Zero cost when not used
Efficiency & scalability: on-demand is better than prediction
Forecasting is estimative, often wrong, sometimes impossible
Better to be able to scale up or down “immediately” depending on demand
Workloads: address odd workload patterns
On-and-off, growing fast, unpredictable bursting, predictable bursting
Innovation: access to technology not available on-premises
Making use of some Cloud-native solutions (e.g. AI, ML, Analytics, DBs, storage)
Consolidating platforms, technologies, expertise
Starting up: new company, startup, spinoff, new market, etc.
Security & compliance: GDPR, data protection, data classification, etc.
WHY THE CLOUD? (EXAMPLES)
15. Identity & Data
Data Classification & Labeling, Data Protection
Monitoring & Response
Geography
Multi-geo deployments & GDPR
Latency
Financials
OPEX vs CAPEX
Understand cloud business models (e.g. PAYG vs CSP vs EA vs MCA)
Understand constants and variables in Cloud consumption
Apply relevant tools for cost visualization, control and budgeting
Governance
Cloud subscriptions will get very messy very quickly without proper governance
Locks, Groups, Tags, Policies, Auditing & Monitoring – it all has little value unless properly understood and employed
Process
This is not a walk in the park, it’s a lengthy and rather complex project
COMMON CLOUD CHALLENGES
16. THE MICROSOFT CLOUD ADOPTION FRAMEWORK
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/
17. Analysis
• Review existing
application
architecture
• Map with Azure
features
Application
Migration
• Implement changes
• Convert to Azure roles
• Application already
working in a VM;
upload this VM to
Azure as a .vhd
• Build a VM in Azure,
then install app inside
VM
Data Migration
• Move non-relational
data to Azure Table,
Blob, Queue, etc.
• Move relational data
to Azure SQL DB
• Data already in VM:
upload this VM to
Azure as a .vhd
• Build a VM in azure;
either upload data in a
.vhd file or migrate
data using DB
management tools
Optimization and
Testing
• Identify and resolve
bottlenecks
• Functional testing
• Performance testing
Operation and
Management
• Monitor app
performance
• Manage data recovery
plan
AZURE MIGRATION STRATEGY: TRADITIONAL APP
20. Governance, Risk Management & Compliance (GRC) are three facets that
help to ensure that an organization meets its objectives
Goals:
Keeping risk at acceptable levels
Maintaining availability to systems and services
Complying with relevant laws and regulations
Protecting customer and internal data
GRC – ARE YOU DOING IT TODAY?
Governance, Risk management & Compliance
21. Regulatory compliance (e.g. PCI-DSS, HIPAA, CDSA, MPAA, etc.)
Data governance (e.g. DLP, encrypting PII, geo location, etc.)
Financial governance (e.g. CAPEX vs OPEX, prediction, cost centers, etc.)
Change management (e.g. DevOps, user & organization readiness, etc.)
Business & market changes and challenges
ITIL, COBIT & the Cloud
Strategy, Design, Transition, Operation & Improvement
Ensure clear ownership & responsibilities
Better manage IT investments
Identify & handle IT risk
GRC – ITEMS IN FOCUS
Governance, Risk management & Compliance
22. UNDERSTANDING CLOUD SECURITY CONTROLS
What does the Cloud do for me? What do I still need to do?
On-premises IaaS PaaS SaaS
1. Security Strategy, Governance, and Operationalization: Provide clear vision, standards and guidance for the company
2. Administrative Control: Defend against loss of control of your Cloud services and on-premises systems
3. Data: Identify and protect your most important information assets
4. User Identity and Device Security: Strengthen protection for accounts and devices
5. Application Security: Ensure application code is resilient to attacks
6. Network: Ensure connectivity, isolation, and visibility into anomalous attacks
7. OS and Middleware: Protect integrity of (virtual) hosts
8. On-prem / private
environments: Secure
the foundation
23. 3rd and 4th party risk
Customers: responsible for implementing security in the cloud application
SaaS providers: responsible for the security in the cloud
Cloud service providers: responsible for the security of the cloud
Analyze costs and benefits of Cloud migration
Operational consistency
Information visibility
Advanced threats
CLOUD SECURITY & COMPLIANCE CHALLENGES
24. Understanding your business challenge
Data-centric threat defense
Proactive risk management
Continuous security & compliance
Resolving your business challenge
Secure the Data, not the Cloud
Manage risk proactively, including doing an initial
assessment
Implement foundational security, with compliance as
a by-product
BUILDING A CLOUD-READY SECURITY STRATEGY
25. KEEP IN MIND, IT CAN GET VERY COMPLEX
E x a m p l e : T h e M i c r o s o f t C y b e r s e c u r i t y R e f e r e n c e A r c h i t e c t u r e
26. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
Office 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
27. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
Office 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
29. So, we’ve (briefly) discussed:
The challenges and pitfalls of Digital Transformation initiatives
Why look at the Cloud in your DT strategy?
How to approach a Cloud Strategy initiative
GRC (Governance, Risk Management & Compliance) in the Cloud
First steps:
Don’t do Digital Transformation for the sake of doing it, do it because you’ve identified a real business need
that can be addressed
Remember: it’s rarely about tech, it’s more often about company culture, processes, and people’s mindset
Ensure you have a clear Cloud Strategy (including Security & Governance)
Discover what you’ve got and where you’re starting from
Don’t forget, you’re mostly just extending your practices to the Cloud
Consider all the details – culture shift, onboarding, identity, geography, financials, monitoring, operations, etc.
SUMMARY