ExploreVM Podcast - Episode 4: Bridging the Security Gap with Edward Haletky

When corporate data is lost, or worse, stolen by hackers, it can have disastrous results on a company's reputation and potentially lead to the closure of the business. With security breaches becoming more and more high profile, why do so many sys admins put security on the back burner? Conversely, why are security admins seemingly so hard to work with when all the engineer wants to do is get the project done. In this episode, we will take a look at bridging the gap between security and operations.


Listen to "ExploreVM Podcast" on Spreaker.

To Contact Edward:

Twitter

https://twitter.com/Texiwill

Blogs & Links

https://www.virtualizationpractice.com/
https://www.astroarch.com/blog
https://www.virtualizationpractice.com/download/38744/ 
https://www.virtualizationpractice.com/podcasts/

If you'd like to join the conversation about the show's topic, have any show ideas, or would like to be a guest, reach out to me on Twitter (@ExploreVM), Email, or on Facebook.

Clash of the Clouds - Datacenter Madness

I had the honor of being part of Actual Tech Media's Datacenter Madness webinar series. The series was also sponsored by Nutanix and Intel. As part of the Nutanix Technology Champions program, I was asked by Angelo Luciani if I wanted to participate. I had to jump at the chance to participate in my first webinar after many years speaking live at VMUG events. My segment of the 4 part webinar was a discussion on On Premises versus Hosted Datacenter deployments. Below are the notes from my answers, as well as some of the links to the studies I mentioned in the webinar.

 

On premises vs. Hosted Deployments

Speakers: Stephen Foskett and Paul Woodward, Jr.

Are IT teams playing a home or away game? We’ll explore whether

cloud will be a logical extension to on-prem data centers as it is in

personal devices (iPhone to iCloud and Android to Gdrive) with

seamless cloud extensions, or if organizations move to a cloud-first

world where most of their workloads sit in either a hosted private or the public cloud.

(This first comparison isn’t on-prem versus public, but on-prem versus hosted [both being private]. We can extend it to be public too, but that is part two.)

How much non-IT sanctioned application activity do you think is taking place in the typical enterprise?

• 2013 study - 200 businesses
• 7 of 10 organizations utilizing unsanctioned cloud services
• 71% utilize something like Gmail or Dropbox to get work done despite it not being approved by IT
• 77% predicted an increase in their use of cloud services
• 2015 Gartner study said they anticipated 35% of IT expenditure to be on shadow IT services
• 2015 Brocade survey - 83% of CIOs report seeing some sort of unauthorized IT services in use

https://www.forbes.com/sites/joemckendrick/2013/01/31/seven-out-of-10-cloud-applications-not-sanctioned-by-it-departments-is-this-a-bad-thing/#57c0d6a751d7

http://www.zdnet.com/article/93-of-corporate-users-will-install-a-non-sanctioned-app-within-the-next-6-months/

http://www.itproportal.com/2015/11/20/why-shutting-down-shadow-it-stifles-innovation/

http://converge.xyz/2016-the-state-of-shadow-it/

http://www.itp.net/603235-unauthorised-cloud-adoption-growing-issue-for-cios

Are companies really trying to get out of the data center business or are they just seeking more efficient ways to operate these environments?

• The bottom line rules us all, it is to operate in a more cost efficient way
• Same 2013 study - top answer for cloud migration was due to cost reduction
• 2015 Brocade survey - 90% of those CIOs surveyed had adopted some piece of cloud computing / As a Service offering

What role do cloud service providers play versus the public cloud providers?

• Smaller, more localized
• In some cases, you can actually tour these facilities
• Better working relationship with the provider

Allude to the concept of managed services and infrastructure hosting / collocation.

• Managed services is a great example, I worked for a managed services provider that offered a private cloud service.
• Many small/medium sized businesses can offload some, if not all of their infrastructure to those sites
• No need to keep up with hardware maintenance, patching, and updates

Who do you think enterprise IT pros and risk managers trust more – local IT security experts or vendors or cloud service providers security staff?

• Working for a vendor, we see a lot of companies reaching out to us for our expertise
• It takes time to build that trust relationship
• With local experts, they generally know the risk profile of the local community, and have a better feel for risk tolerance of an individual organization that they know personally.
• It depends on the enterprise - does the org trust IT and see value in their IT?
• If, so I would assume that they would trust their local IT more, and use the vendor to keep them in check
• Otherwise, if they don't trust IT, they would definitely trust the vendor more
• As I work for a vendor, we do see a lot of organizations coming to us for our expertise. That being said, it varies greatly from business to business. Some businesses have lost trust in their local IT departments, and with many high profile hacking cases in the news lately, some companies still do not trust a provider to protect their data

How do the economics play out for on-prem deployment versus service providers versus cloud

• What does your company value more - OpEx reduction or CapEx reduction
• Going to the cloud means you're investing less in hardware up front
• Cloud is also just leasing space, your cost remains the same or goes up versus a one time purchase

If you'd like to join in the conversation, or be a guest on my podcast, reach out to me on Twitter  or email me!