In the past decade many companies, large and small, have attempted digital transformation under different names, with mixed results. Cloud Control, with more than 1400 successful cloud migrations in regulatory environments, recently analyzed what made for success or failure of these efforts.
These firms looked to embrace the cost savings, new open source application development tools, efficiencies, resiliency, redundancy and scalability offered by the cloud and modern technology offerings. These digital transformation programs were categorized as:
- Adoption of a Cloud Strategy: Private / Public / Hybrid
- Modernization of the legacy and monolithic applications
- Adoption of modern development paradigms: DevOps, Containerization, Kubernetes, Open Source
- AI, Robotics & Machine Learning
- Software Defined <Anything/Everything>
Why Does 70% Fail?
Some companies have been successful in this transformation journey, but the majority have failed (more than 70% failure – FORBES). It’s painful to see companies spending 5-100 Million dollars on these programs with a sub-optimal outcome.
Digital & Cloud transformation programs often fail or produce sub optimal results, especially when legacy applications are involved and/or regulatory controls are required.
The number of tool choices and methods available can create unnecessary complexity that derails the project; often not including Day Two production operational readiness. Successful cloud transformations have one thing in common, an experienced partner with tools, methodologies and knowledgeable resources that have been validated over many successful cloud deployments and digital transformation programs.
Our Connected Past
We are CloudControl, a company dedicated to presenting digital transformation out of the box. Together, our team have helped migrate thousands of complex and intricate legacy application workloads to the Cloud and helped modernize the IT infrastructure with full control and governance, spanning our time at major financial institutions and start-ups. We also have provided multiple start-ups a complete audit and regulatory ready CI/CD pipeline in days
A Shared Vision
Technologies are changing at a faster rate at all tiers of IT Infrastructure: compute, storage, network and application development/operation. Open Source has been a boon for the software development communities, but always present challenges in terms of adoption, support and vulnerabilities remain. Cloud providers have removed the boundaries for startup companies to stand-up their IT without any capital investment to enter a new market. Unfortunately, large companies who are still carrying a portfolio of legacy technologies assembled over the past 30+ years, are finding it hard to successfully execute an IT transformation to take advantage of the emerging technology and platform landscape while meeting their unique regulatory and audit control requirements.
We believe there is a better way to walk the Digital Transformation journey. It requires a framework and a control plane that is application focused, able to work across multiple technology stacks(for both legacy or cloud native) and support , infrastructure across local datacenters and cloud providers.
Digital Transformation Redefined
Cloud Control Solutions Inc. (“CCS”) AppZ (“AppZ”) is a framework consisting of proven software, framework and methodology to accelerate the digital transformation. We provide a control plane which can integrate with all enterprise tools and provide governance and control for building, deploying and monitoring application and infrastructure with least privileged access. Equally important, the framework can easily be deployed for applications residing in a hybrid environment; i.e., Legacy Data Centers, Private and Public Clouds; working across all of these environments for control and audit purposes. This proven approach is far from a lift and shift, as it can enhance applications to use key and secret management and allow legacy applications to take advantage of Cloud infrastructure via using containerized Docker and Kubernetes for added security, scalability and resilience.
Our Control Plane
The AppZ Control Plane design is to provide a single end point for control purposes that is accessible via dashboards, reports or Rest API. Given large firms have multiple CI/CD pipelines, a Control Plane should be based upon the following ten principles and have a uniform way of quickly accessing critical logs in real-time:
- Controlled Devops: Development details are traceable to Source Control Systems (i.e. GitHub) with user details, reasons for the changes and timestamps. With ‘everything as code’ in modern application development, it is imperative to enforce access and controls for infrastructure vs application, especially in highly regulated industries. AppZ has proven to be able to treat each layer of deployed software as immutable executables that are scanned for Cyber-Security best practices.
- Hands-Off Deployments: Infrastructure, Application or Configuration are deployed using a hands off approach with no manual intervention. If the client has multiple CI/CD pipelines, AppZ will integrate and present a single control plane to manage UAT and Production deployments with full audit and security controls across all pipelines.
- Separation of Duties: AppZ framework enforces separation of duties between Developers and Stack engineers/Infrastructure admins. OS/Middleware build and certification are separated from the application development process. This removes a tremendous amount of risks of all kinds: unverified open source, stability, malware etc., from the overall application deployment process. It also provides the basis for drift and DR sync monitoring post deployment. This allows Application teams to focus solely on application code to produce better quality code with more features in less time. This is a huge benefit for business units.
- Continuous Scan for Vulnerabilities: All Application Code and Open Source tools are scanned for vulnerabilities during build process. We also perform monitoring for vulnerabilities on pro-active basis. Client’s existing scanning tools can also be integrated with AppZ framework to perform these activities. Best practice calls for penetration tests to be performed prior to production deployment.
- Privileged Access Management: Our design goal is to maintain ‘No Privileged access on a permanent basis’ and allow only a very limited group of people to escalate their privilege to access Production systems, with approval, as per break-glass policy in place. Our best practice then automatically backs out work done during the Break Glass event and forces the changes to be audited and tracked via Git. An Integrated Dashboard compares users and systems with privileged access to HR systems and AD or LDAP permissions.
- Drift Management: Application or Configuration drift in a Production System is tracked and reported on a regular basis to identify changes 6(Break Glass or Malicious).
- Disaster Recovery: Production Infrastructure and Applications are stacked up in Active/Active mode across multiple data centers to meet Disaster Recovery (DR) requirements. Alternatively, the DR site can be deployed in Active/Passive mode with full automation and auditable details. Dashboards provide indication that DR is in sync; particularly important for legacy applications.
- Resource Utilization: Resource Consumption changes and spikes (CPU, Memory, Disk space etc.) for Infrastructure & Application are tracked and alerted on real time basis via a provided dashboard.
- Security Information and Event Management (SIEM): Security Information and Events are collected and alerted on real time basis. Data is aggregated and reported for audit and compliance purposes and is made available 9hrough dashboards and reports.
- Network As Computer: Control Plane enables Network as Computer with all the above controls in place. It does not matter whether you are operating in a legacy Data Center, Private, Public, Hybrid or Multi Cloud model that also continues to use a traditional Virtualized or HCI 10 infrastructure.
Today, we’re incredibly excited to share our vision, technology and company news. It’s been an exciting journey and we are excited to have multiple clients in Financial Services, Healthcare, Networking and Data Science. We’ve added many new wonderfully talented associates since the start of the year and will continue to build a world-class team who share the same vision and passion for controlled cloud enablement and digital transformation.
Cheers to your digital transformation journey!
About The Author
Head of Product, Cloud Control
Sanjeev has more than 20 years of experience in design, development and architecture of FinTech solutions at BNY Mellon and State Street. He is passionate about automating and reducing the challenges of overall IT implementation. He is a firm believer in IT becoming a utility with major Cloud vendors like AWS, Azure and Google providing the backbone with simple/standardized interfaces for secure and faster application development at reduced cost and complexity.