Why You Should Invest in Managed Cloud Security Services

Cloud adoption throughout all industries has become incredibly pervasive in recent years. With cloud management as a relatively newer concept, business organizations may struggle to understand each aspect that is required to effectively run a cloud environment. One aspect that should be involved at every layer of the cloud is security, yet many organizations fail to implement a strong security system in their cloud until an attack happens and it is too late.

A cloud environment and the controls necessary to orchestrate a robust security and governance platform is not the same as your traditional on-premises environment.

The State of Cloud Security Today

As beneficial as the public cloud is for companies globally today, lack of security in the cloud can be a major issue. A report from Sophos indicated that iMost of these attacks are simply from misconfigurations of these organizations’ cloud security. Thus, the attacks can be prevented if configured and managed properly. Orca Security’s 2020 State of Public Cloud Security Report revealed that 80.7% of organizations have at least one neglected, internet-facing workload – meaning the OS is unsupported or unpatched. Attackers can use one small vulnerability as leverage to move across an organization, which is how most data breaches occur.

Managed cloud security services help lay a strong foundation for security in the cloud that is automated and continuous with 24/7 management. With constant management, threats and attacks are detected before they occur, and your business avoids the repercussions that come with security misconfigurations.

What are managed cloud security services?

Managed cloud security services provide security configurations, automation, 24/7 management, and reporting from an external cloud security provider. If an attack should occur, the result is downtime and the loss of money and data. Additionally, the lack of a well-rounded security system can lead to regulatory compliance challenges.

Monitoring and maintaining strong security requires continuous attention to be effective. Employing a managed security service gives businesses the protection they need while simultaneously providing IT departments with additional time to focus on other business concerns. Redirecting cybersecurity efforts to an external provider not only provides IT departments with flexibility, but also reduces costs compared to handling cybersecurity in house. Managing cybersecurity independently creates costs such as staffing, software licensing, hardware, implementation costs, and management costs. All the costs and management required for effective security can be overwhelming and managed security services takes the weight of maintaining the security of your data off your shoulders.

What are the benefits of using cloud security services?

Implementing strong cloud security may seem like an obvious choice for a business to make, but many businesses may not want to devote the time, resources, or money to building and maintaining a strong cybersecurity system. Investing your resources into cloud security is imperative for your business and pays off in the long run.

Five different benefits resulting from a strong cloud security system include:

  • Automation: Once your configurations have been set up, there is reduced reliance on human intervention. This minimizes time spent managing security while also reducing the risk for error.
  • Efficiency: Cloud services improve the security of your data and maintain regulatory compliance through timely patching and automated updates with less downtime.
  • Safety: Data is well-protected with cloud security due to 24/7 monitoring and real-time threat detection.
  • Proactive Defense: Threats are identified quickly and treated proactively in the cloud should an incident occur.
  • Cost-effective: The cloud requires a unique approach to security. While managed cloud security services can seem costly upfront, they prove to be worthwhile in the long run by utilizing expertise that may not be available in-house. Additionally, cloud security services will ensure the safety of your workloads and data, and prevent the costs associated with a data breach.

2nd Watch Managed Cloud Security

At 2nd Watch, we understand cloud security is important at every step of your cloud journey. 2nd Watch has a dedicated Managed Security Team that monitors your cloud environments 24/7/365, remediating vulnerabilities quickly. Rather than putting security on the backburner, we believe security is a pillar of business, and building it into the foundation of a company is important to meet evolving compliance needs in a cost-effective manner.

Companies just getting started in the cloud can rely on 2nd Watch to get security right for them the first time. Even for companies already established in the cloud, we can take an in-depth look at security and compliance maturity, existing capabilities, and growth trajectory to provide a prescriptive security roadmap. No matter where you are in your cloud journey, we ensure your security is well-integrated into your cloud environments.

At 2nd Watch we are with you from beginning to end, monitoring your security even after implementation. At a glance, our end-to-end services include:

  • Security Review: Ensures the proper safeguards are utilized for your multi-cloud environments with a single point of contact for your security needs. Our security assessment and remediation offering can reveal how your cloud security posture stacks up to industry standards such as CIS, GDPR, CCPA, HIPAA, NIST, PCI DSS, and SOC 2.
  • Environment Monitoring: 24/7/365 multi-cloud monitoring protects against the most recent vulnerabilities.
  • Threat Analysis: Managed Reliability Operations Center (ROC) proactively analyzes and remediates potential threats.
  • Issue Resolution: Identified issues are quickly resolved providing enterprise class and proactive defense.

Other solutions we provide include:

Security should be integrated into every layer of your public cloud infrastructure. We can help you achieve that through our comprehensive suite of security services and a team of experts that cares about your success in the cloud. To learn more about our managed cloud security services, visit our Cloud, Compliance, Security, & Business Continuity page or talk to someone directly through our Contact Us page.

-Tessa Foley, Marketing

Managed Cloud Service: Optimize, Reduce Costs, and Efficiently Achieve your Business Goals

Cloud adoption is becoming more popular across all industries, as it has proven to be reliable, efficient, and more secure as a software service. As cloud adoption increases, companies are faced with the issue of managing these new environments and their operations, ultimately impacting day-to-day business operations. Not only are IT professionals faced with the challenge of juggling their everyday work activities with managing their company’s cloud platforms but must do so in an timely, cost-efficient manner. Often, this requires hiring and training additional IT people—resources that are getting more and more difficult to find.

This is where a managed cloud service provider, like 2nd Watch, comes in.

What is a Managed Cloud Service Provider?

Managing your cloud operations on your own can seem like a daunting, tedious task that distracts from strategic business goals. A cloud managed service provider (MSP) monitors and maintains your cloud environments relieving IT from the day-to-day cloud operations, ensuring your business operates efficiently. This is not to say IT professionals are incapable of performing these responsibilities, but rather, outsourcing allows the IT professionals within your company to concentrate on the strategic operations of the business. In other words, you do what you do best, and the service provider takes care of the rest.

The alternative to an MSP is hiring and developing within your company the expertise necessary to keep up with the rapidly evolving cloud environment and cloud native technologies. Doing it yourself factors in a hiring process, training, and payroll costs. While possible, maintaining your cloud environments internally might not be the most feasible option in the long run. Additionally, a private cloud environment can be costly and requires your applications are handled internally. Migrating to the public cloud or adopting hybrid cloud model allows companies flexibility, as they allow a service provider either partial or full control of their network infrastructure.

What are Managed Cloud Services?

Managed cloud services are the IT functions you give your service provider to handle, while still allowing you to handle the functions you want. Some examples of the management that service providers offer include:

  • Managed cloud database: A managed database puts some of your company’s most valuable assets and information into the hands of a complete team of experienced Database Administrators (DBAs). DBAs are available 24/7/365 to perform tasks such as database health monitoring, database user management, capacity planning and management, etc.
  • Managed cloud security services: The public cloud has many benefits, but with it also comes security risks. Security management is another important MSP service to consider for your business. A cloud managed service provider can prevent and detect security threats before they occur, while fully optimizing the benefits provided by a cloud environment.
  • Managed cloud optimization: The cloud can be costly, but only as costly as you allow it to be. An MSP can optimize cloud spend through consulting, implementation, tools, reporting services, and remediation.
  • Managed governance & compliance: Without proper governance, your organization can be exposed to security vulnerabilities. Should a disaster occur within your business, such as a cyberattack on a data center, MSPs offer disaster recovery services to minimize recovery downtime and data loss. A managed governance and compliance service with 2nd Watch helps your Chief Security and Compliance Officers maintain visibility and control over your public cloud environment to help achieve on-going, continuous compliance.

At 2nd Watch, our foundational services include a fully managed cloud environment with 24/7/365 support and industry leading SLAs. Our foundational services address the key needs to better manage spend, utilization, and operations.

What are the Benefits of a Cloud Managed Service Provider?

Using a Cloud Managed Service Provider comes with many benefits if you choose the right one.

Some of these benefits include, but are not limited to: 

  • Cost savings: MSPs have experts that know how to efficiently utilize the cloud, so you get the most out of your resources while reducing cloud computing costs.
  • Increased data security: MSPs ensure proper safeguards are utilized while proactively monitoring and preventing potential threats to your security.
  • Increased employee production: With less time spent managing the cloud, your IT managers can focus on the strategic business operations.
  • 24/7/365 management: Not only do MSPs take care of cloud management for you but do so 100% of the time.
  • Overall business improvement: When your cloud infrastructure is managed by a trusted cloud advisor, they can optimize your environments while simultaneously allowing time for you to focus on core business operations. They can also recommend cloud native solutions to further support the business agility required to compete.

Why Our Cloud Management Platform?

With cloud adoption increasing in popularity, choosing a managed cloud service provider to help with this process can be overwhelming. While there are many options, choosing one you can trust is important to the success of your business. 2nd Watch provides multi-cloud management across AWS, Azure, and GCP, and has a special emphasis of putting our customers before the cloud. Additionally, we use industry standard, cloud native tooling to prevent platform lock in.

The solutions we create at 2nd Watch are tailored to your business needs, creating a large and lasting impact on our clients. For example:

  • On average, 2nd Watch saves customers 41% more than if they managed the cloud themselves (based on customer data)
  • Customers experience increased efficiency in launching applications, adding an average 240 hours of productivity per year for your business
  • On average, we save customers 21% more than our competitors

Next Steps

2nd Watch helps customers at every step in their cloud journey, whether that’s cloud adoption or optimizing your current cloud environment to reduce costs. We can effectively manage your cloud, so you don’t have to. Contact us to get the most out of your cloud environment with a managed cloud service provider you can trust.

-Tessa Foley, Marketing

Cloud Center of Excellence: 3 Foundational Areas with 4 Phases of Maturity

A cloud center of excellence (CCoE) is essential for successful, efficient, and effective cloud implementation across your organization. Although the strategies look different for each business, there are three areas of focus, and four phases of maturity within those areas, that are important markers for any CCoE.

1. Financial Management

As you move to the public cloud and begin accessing the innovation and agility offered, it comes with the potential for budget overruns. Without proper planning and inclusion of financial leaders, you may find you’re not only paying for datacenters, but you’re also racking up large, and growing, public cloud bills. Financial management needs to be centrally governed, but extremely deliberate because it touches hundreds of thousands of places across your organization.

You may think involving finance will be painful but brining all stakeholders to the table equally has proven highly effective. Over the last five years, there’s been a revolution in how finance can effectively engage in cloud and infrastructure management. This emerging model, guided by the CCoE, enables organizations to justify leveraging the cloud, not only based on agility and innovation, but also cost. Increasingly, organizations are achieving both better economics and gaining the ability to do things in the cloud that cannot be done inside datacenters.

2. Operations

To harness the power and scale possible in the cloud, you need to put standards and best practices in place. These often start around configuration – tagging policies, reference architectures, workloads, virtual machines, storage, and performance characteristics. Standardization is a prerequisite to repeatability and is the driving force behind gaining the best ROI from the cloud.

Today, we’re actually seeing that traditional application of the cloud does not yield the best economic benefits available. For decades, we accepted an architectural model where the operating system was central to the way we built, deployed, and managed applications. However, when you look beyond the operating system, whether it’s containers or the rich array of platform services available, you start to see new opportunities that aren’t available inside datacenters.

When you’re not consuming the capital expenditure for the infrastructure you have available to you, and you’re only consuming it when you need it, you can really start to unlock the power of the cloud. There are many more workloads available to take advantage of as well. The more you start to build cloud native, or cloud centric architecture, the more potential you have to maximize financial benefits.

3. Cloud Security and Compliance

Cloud speed is fast. Much faster than what’s possible in datacenters. Avoid a potentially fatal breach,  data disruption, or noncompliance penalty with strict security and compliance practices. You should be confident in the tools you implement throughout your organization, especially where the cloud is being managed day to day and changes are being driven. With each change and new instance, make sure you’re following the CCoE recommendations with respect to industry, state, and federal compliance regulations.

4. Phase Cloud Maturity Model

CloudHealth put forward a cloud maturity model based on patterns observed in over 10,000 customer interactions in the cloud. Like a traditional maturity model, the bottom left represents immaturity in the cloud, and the upper right signifies high maturity. Within each of the three foundational areas – financial management, operations, and security and compliance – an organization needs to scale and mature through the following four phases.

Phase 1: Visibility

Maturity starts at the most basic level by gaining visibility into your current architecture. Visibility gives you the connective tissue necessary to make smart decisions – although it doesn’t actually make those decisions obvious to you. First, know what you’re running, why you’re running it, and the cost. Then, analyze how it aligns with your organization from a business perspective.

Phase 2: Optimization

The goal here is all around optimization within each of the three areas. In regards to financial management and operations, you need to size a workload appropriately to support demand, but without going over capacity. In the case of security, optimization is proactively monitoring all of the hundreds of thousands of changes that occur across the organization each day. The strategy and tools you use to optimize must be in accordance with the best practices in your standards and policies.

Phase 3: Governance and Automation

In this phase you’re moving away from just pushing out dashboards, notification alerts, or reports to stakeholders. Now, it’s about strategically monitoring for the ideal state of workloads and applications in your business services. How do you automate the outcomes you want? The goal is to keep it in the optimum state all the time, or nearly all the time, without manual tasks and the risks of human error.

Phase 4: Business Integration

This is the ultimate state where the cloud gets integrated with your enterprise dashboards and service catalogue, and everything is connected across the organization. You’re no longer focused on the destination of the cloud. Instead, the cloud is just part of how you transact business.

As you move through each phase, establish measurements of cloud maturity using KPIs and simple metrics. Enlist the help of a partner like 2nd Watch that can provide expertise, automation, and software so you can achieve better business outcomes regardless of your cloud goals. Contact Us to understand how our cloud optimization services are maximizing returns.

-Chris Garvey, EVP of Product

Building Your Cloud Center of Excellence

You’ve migrated to the cloud and are using cloud services within your own team, but how do you scale that across the organization? A Cloud Center of Excellence (CCoE) is the best way to scale your usage of the cloud across multiple teams, especially when navigating organizational complexity.

What is a CCoE?

A Cloud Center of Excellence, or CCoE, is a group of cross functional business leaders who collaboratively drive the best practices and standards that govern the cloud implementation strategy across their organization – developed in response to changes in the cloud. Pre-cloud, all of our infrastructure, usage, and deployments of applications were controlled by central IT. Typically, the IT department both made the infrastructure and applications available and had control over management. Now, in the post-cloud world, management in large enterprises is occurring in hundreds or thousands of places across the organization – rather than solely in central IT. Today’s cloud moves at a pace much faster than what we saw inside traditional datacenters, and that speed requires a new governance.

This seismic shift in responsibility and business-wide impact has brought both agility and innovation across organizations, but it can also introduce a fair amount of risk. A CCoE is a way to manage that risk with clear strategy development, governance, and buy-in from the top down. Utilizing stakeholders from finance and operations, architecture and security, a CCoE does not dictate or control cloud implementation, but uses best practices and standards throughout the organization to make cloud management more effective.

Getting started with a CCoE

First and foremost, a CCoE cannot start without recognizing the need for it. If you’re scaling in the public cloud, and you do not require and reinforce best practices and standards, you will hit a wall. Without a CCoE, there will be a tipping point at which that easy agility and innovation you received leveraging the public cloud suddenly turns against you. A CCoE is not a discretionary mechanism, it’s actually a prerequisite to scaling in the cloud successfully.

Once you know the significance and meaning of your CCoE, you can adapt it to the needs of your business and the state of your maturity. You need a clear understanding of both how you’re currently using the cloud, as well as how you want to use it going forward.

In doing that, you also need to set appropriate expectations. Over time, what you need and expect from a CCoE will change. Based on size, market, goals, compliance regulations, stakeholder input, etc., the job of a CCoE is to manage cloud implementation while avoiding risk. The key to a successful CCoE is balancing providing agility, innovation, and all the potential benefits of the cloud in a way that does not adversely impact your team’s ability to get things done. Even though the CCoE is driving strategy from the top, your employees need the freedom to make day-to-day management decisions, provision what they need and want, and use the agility provided by the cloud to be creative. It’s a fluid process much different from the rigid infrastructure planning of rack and stack used a decade ago.

Create an ongoing process with returns by partnering with a company who knows what you need not only today, but in the future. The right partner will provide the products, people and services that enable you to be successful. With all the complexity going on in the cloud, it’s extremely difficult to navigate and scale without an experienced expert.

2nd Watch Cloud Advisory Services include a Cloud Readiness Assessment to evaluate your current IT estate, as well as a Cloud Migration Cost Assessment that estimates costs across various cloud providers. As a trusted advisor, we’re here to answer key questions, define strategy, manage change, and provide impartial advice on a wide range of issues critical to successful cloud modernization. Contact Us to see how we can make your CCoE an organizational success.

-Chris Garvey, EVP of Product

Top 10 Cloud Optimization Best Practices

Cloud optimization is a continuous process specific to a company’s goals, but there are some staple best practices all optimization projects should follow. Here are our top 10.

1. Begin with the end in mind.

Business leaders and stakeholders throughout the organization should know exactly what they’re trying to achieve with a cloud optimization project. Additionally, this goal should be revisited on a regular basis to make sure you remain on track to achievement. Create measures to gauge success at different points and follow the agreed upon order of operations to complete the process.

2. Create structure around governance and responsibility.

Overprovisioning is one of the most common issues adding unnecessary costs to your bottom line. Implement specific and regulated structure around governance and responsibility for all teams involved in optimization to control any unnecessary provisioning. Check in regularly to make sure teams are following the structure and you only have the tools you need and are actively using.

3. Get all the data you need.

Cloud optimization is a data-driven exercise. To be successful, you need insight into a range of data pieces. Not only do you need to identify what data you need and be able to get it, but you also need to know what data you’re missing and figure out how to get it. Collaborate with internal teams to make sure essential data isn’t siloed or already being collected. Additionally, regularly clean and validate data to ensure reliability for data-based decision making.

4. Implement tagging practices.

To best utilize the data you have, organizing and maintaining it with strict tagging practices in necessary. Implement a system that works from more than just a technical standpoint. You can also use tagging to launch instances, control your auto parking methodology, or in scheduling. Tagging helps you understand the data and see what is driving spend. Whether it’s an environment tag, owner tag, or application tag, tagging provides clarity into spend, which is the         key to optimization.

5. Gain visibility into spend.

Tagging is one way to see where your spend is going, but it’s not the only way required. Manage accounts regularly to make sure inactive accounts aren’t continuing to be billed. Set up an internal mechanism to review with your app teams and hold them accountable. It can be as simple as a dashboard with tagging grading, as long as it lets the data speak for itself.

6. Hire the right technical expertise.

Get more out of your optimization with the right technical expertise on your internal team. Savvy technicians should work alongside the business teams to drive the goals of optimization throughout the process. Without collaboration between these departments, you risk moving in differing directions with multiple end goals in mind. For example, one team might be acting with performance or a technical aspect in mind without realizing the implication on optimization. Partnering with optimization experts can also keep teams aligned and moving toward the same goal.

7. Select the right tools and stick with them.

Tools are a part of the optimization process, but they can’t solve problems alone. Additionally, there are an abundance of tools to choose from, many of which have similar functionality and outcomes. Find the right tools for your goals, facilitate adoption, and give them the time and data necessary to produce results. Don’t get distracted by every new, shiny tool available and the “tool champions” fighting for one over another. Avoid the costs of overprovisioning by checking usage regularly and maintaining the governance structure established throughout your teams.

8. Make sure your tools are working.

Never assume a tool or a process you’ve put in place is working. In fact, it’s better to assume it’s not working and consistently check its efficiency. This regular practice of confirming the tools you have are both useful and being used will help you avoid overprovisioning and unnecessary spending. For tools to be effective and serve their purpose, you need enough visibility to determine how the tool is contributing to your overall end goal.

9. Empower someone to drive the process.

The number one call to action for anyone diving into optimization is to appoint a leader. Without someone specific, qualified, and active in managing the project with each stakeholder and team involved, you won’t accomplish your goals. Empower this leader internally to gain the respect and attention necessary for employees to understand the importance of continuous optimization and contribute on their part.

10. Partner with experts.

Finding the right partner to help you optimize efficiently and effectively will make the process easier at every turn. Bringing in an external driver who has the know-how and experience to consult on strategy through implementation, management, and replication is a smart move with fast results.

2nd Watch takes a holistic approach to cloud optimization with a team of experienced data scientists and architects who help you maximize performance and returns on your cloud assets. Are you ready to start saving? Let us help you define your optimization strategy to meet your business needs and maximize your results. Contact Us to take the next step in your cloud journey.

-Willy Sennott, Optimization Practice Manager

Ten Years In: Enterprise DevOps Evolves

DevOps has undergone significant changes since the trend began more than a decade ago. No longer limited to a grassroots movement among ‘cowboy’ developers, DevOps has become synonymous with enterprise software releases. In our Voice of the Enterprise: DevOps, Workloads and Key Projects 2020 survey, we found that 90% of companies that had deployed applications to production in the last year had adopted DevOps across some teams (55%) or entirely across the IT organization (40%). Another 9% were in discovery phases or PoC with their DevOps implementation, leaving only a tiny fraction of respondents reporting no adoption of DevOps.

What is DevOps

DevOps is driven by the need for faster releases, more efficient IT operations and flexibility to respond to changes in the market, whether technical such as the advent of cloud-native technologies, or other, such as the Covid-19 pandemic.

Still, one of the biggest drivers of the trend and a primary reason DevOps has become part and parcel of enterprise software development and deployment is adoption from the top-down. IT management and executive leadership are increasingly interested and involved in DevOps deployments, often because it is a critical part of cloud migration, digital transformation and other key initiatives.

Most organizations also report that their DevOps implementation is managed or sanctioned by the organization, in line with the departure from shadowy IT DevOps deployments of 5 or 10 years ago toward approved deployments that meet policy, security and compliance requirements.

Another significant change in DevOps is the growing role of business objectives and outcomes. Organizations are measuring and proving their DevOps success not only using technical metrics such as quality (47%) and application performance (44%), but also business metrics such as customer satisfaction (also 44%), according to our VotE DevOps study.

We also see line-of-business managers among important stakeholders in DevOps beyond developers and IT operators. The increased focus and priority on business also often translates to a different view on DevOps and IT operations in general. While IT administration has traditionally been a budget spending item with a focus on total cost of ownership (TCO), today’s enterprises are increasingly viewing DevOps and IT ops as a competitive advantage that will bring return on investment (ROI).

DevOps Stakeholder Spread

Another significant aspect of DevOps today is the stakeholder spread. Our surveys have consistently highlighted how security, leadership, traditional IT administrators and business/product managers play an increasingly important role in DevOps, in addition to software developers and IT operations teams. As DevOps spreads to more teams and applications within an organization, it is more likely to pull in these and other key stakeholders, including finance or compliance, among others.

We also see additional people and teams, such as those in sales and marketing or human relations, becoming more integral to enterprise DevOps as the trend continues to evolve.

The prominence of security among primary DevOps stakeholders is indicative of the rapidly evolving DevSecOps trend, whereby security elements are integrated into DevOps workflows.

Our data highlights how a growing number of DevOps releases include security elements, with 64% of companies indicating they do include security elements in 2020, compare to 53% in 2019. DevSecOps is being driven mainly by changing attitudes among software developers, who are increasingly less likely to think the security will slow them down and more likely to tie security to quality, which is something they care about.

DevOps Software Security

Software security vendors have also worked to make security tooling such as API firewalls, vulnerability scanning and software composition analysis (SCA) more integrated and automated so they really don’t slow down developers. Finally, the frequency of high-profile security incidents and breaches remind everyone of the need to reduce risk as much as possible.

Another change in DevOps is an increasing awareness and appreciation of not just technology challenges, but also cultural aspects. Our data indicates top cultural challenges of DevOps include overcoming resistance to change, competing/conflicting priorities and resources, promoting communication and demonstrating equity of benefits/costs.

By aligning objectives, priorities and desired outcomes, teams can better address these cultural challenges to succeed and spread their DevOps implementations. This is also where we’ve seen cross-discipline experience – in development, in IT operations, in security, etc. – can be integral to addressing cultural issues.

If you haven’t yet begun your own DevOps Transformation, 2nd Watch takes an interesting approach you can consider. Their DevOps Transformation process begins with a complete assessment and strategy measuring your current software development and operational maturity, using the CALMS model, and developing a strategy for where and how to apply DevOps approaches

Jay Lyman, Senior Research Analyst, Cloud Native and Applied Infrastructure & DevOps at 451 Research, part of S&P Global Market Intelligence

3 Productivity-Killing Data Problems and How to Solve Them

With the typical enterprise using over 1,000 Software as a Service applications (source: Kleiner Perkins), each with its own private database, it’s no wonder people complain their data is siloed. Picture a thousand little silos, all locked up!

Number of cloud applications used per enterprise, by industry vertical

Then, imagine you start building a dashboard out of all those data silos. You’re squinting at it and wondering, can I trust this dashboard? You placate yourself because at least you have data to look at, but this creates more questions for which data doesn’t yet exist.

If you’re in a competitive industry, and we all are, you need to take your data analysis to the next level. You’re either gaining competitive advantage over your competition or being left behind.

As a business leader, you need data to support your decisions. These three data complexities are at the core of every leader’s difficulties with gaining business advantages from data:

  1. Siloed data
  2. Untrustworthy data
  3. No data

 

  1. Siloed data

Do you have trouble seeing your data at all? Are you mentally scanning your systems and realizing just how many different databases you have? A recent customer of ours was collecting reams of data from their industrial operations but couldn’t derive the data’s value due to the siloed nature of their datacenter database. The data couldn’t reach any dashboard in any meaningful way. It is a common problem. With enterprise data doubling every few years, it takes modern tools and strategies to keep up with it.

For our customer, we started with defining the business purpose of their industrial data – to predict demand in the coming months so they didn’t have a shortfall. That business purpose, which had team buy-in at multiple corporate levels, drove the entire engagement. It allowed us to keep the technology simple and focused on the outcome.

One month into the engagement, they had clean, trustworthy, valuable data in a dashboard. Their data was unlocked from the database and published.

Siloed data takes some elbow grease to access, but it becomes a lot easier if you have a goal in mind for the data. It cuts through noise and helps you make decisions more easily if you know where you are going.

  1. Untrustworthy data

Do you have trouble trusting your data? You have a dashboard, yet you’re pretty sure the data is wrong, or lots of it is missing. You can’t take action on it, because you hesitate to trust it. Data trustworthiness is a prerequisite for making your data action oriented. But, most data has problems – missing values, invalid dates, duplicate values, and meaningless entries. If you don’t trust the numbers, you’re better off without the data.

Data is there for you to take action on, so you should be able to trust it. One key strategy is to not bog down your team with maintaining systems, but rather use simple, maintainable, cloud-based systems that use modern tools to make your dashboard real.

  1. No data

Often you don’t even have the data you need to make a decision. “No data” comes in many forms:

  • You don’t track it. For example, you’re an ecommerce company that wants to understand how email campaigns can help your sales, but you don’t have a customer email list.
  • You track it but you can’t access it. For example, you start collecting emails from customers, but your email SaaS system doesn’t let you export your emails. Your data is so “siloed” that it effectively doesn’t exist for analysis.
  • You track it but need to do some calculations before you can use it. For example, you have a full customer email list, a list of product purchases, and you just need to join the two together. This is a great place to be and is where we see the vast majority of customers.

That means finding patterns and insights not just within datasets, but across datasets. This is only possible with a modern, cloud-native data lake.

The solution: define your business need and build a data lake

Step one for any data project – today, tomorrow and forever – is to define your business need.

Do you need to understand your customer better? Whether it is click behavior, email campaign engagement, order history, or customer service, your customer generates more data today than ever before that can give you clues as to what she cares about.

Do you need to understand your costs better? Most enterprises have hundreds of SaaS applications generating data from internal operations. Whether it is manufacturing, purchasing, supply chain, finance, engineering, or customer service, your organization is generating data at a rapid pace.

(AWS :What is a Data Lake?)

Don’t be overwhelmed. You can cut through the noise by defining your business case.

The second step in your data project is to take that business case and make it real in a cloud-native data lake. Yes, a data lake. I know the term has been abused over the years, but a data lake is very simple; it’s a way to centrally store all (all!) of your organization’s data, cheaply, in open source formats to make it easy to access from any direction.

Data lakes used to be expensive, difficult to manage, and bulky. Now, all major cloud providers (AWS, Azure, GCP) have established best practices to keep storage dirt-cheap and data accessible and very flexible to work with. But data lakes are still hard to implement and require specialized, focused knowledge of data architecture.

How does a data lake solve these three problems?

  1. Data lakes de-silo your data. Since the data stored in your data lake is all in the same spot, in open-source formats like JSON and CSV, there aren’t any technological walls to overcome. You can query everything in your data lake from a single SQL client. If you can’t, then that data is not in your data lake and you should bring it in.
  2. Data lakes give you visibility into data quality. Modern data lakes and expert consultants build in a variety of checks for data validation, completeness, lineage, and schema drift. These are all important concepts that together tell you if your data is valuable or garbage. These sorts of patterns work together nicely in a modern, cloud-native data lake.
  3. Data lakes welcome data from anywhere and allow for flexible analysis across your entire data catalog. If you can format your data into CSV, JSON, or XML, then you can put it in your data lake. This solves the problem of “no data.” It is very easy to create the relevant data, either by finding it in your organization, or engineering it by analyzing across your data sets. An example would be joining data from Sales (your CRM) and Customer Service (Zendesk) to find out which product category has the best or worst customer satisfaction scores.

The 2nd Watch Dataops Foundation Platform

You should only build a data lake if you have clear business outcomes in mind. Most cloud consulting partners will robotically build a bulky data lake without any thought to the business outcome. What sets 2nd Watch apart is our focus on your business needs. Do you need to make better decisions? Speed up a process? Reduce costs somewhere? We keep your goal front and center throughout the entire engagement. We’ve deployed data lakes dozens of times for enterprises with this unique focus in mind.

Our ready-to-deploy data lake captures years of cloud experience and best practices, with integration from governance to data exploration and storage. We explain the reasons behind the decisions and make changes based on your requirements, while ingesting data from multiple sources and exploring it as soon as possible. In the above image, the core of the data lake are the three zones represented by green S3 bucket squares.

Here is a tour of each zone:

  • Drop Zone: As the “single source of truth,” this is a copy of your data in its most raw format, always available to verify what the actual truth is. Place data here with minimal or no formatting. For example, you can take a daily “dump” of a relational database in CSV format.
  • Analytics Zone: To support general analytics, data in the Analytics Zone is compressed and reformatted for fast analytics. From here, you can use a single SQL Client, like Athena, to run SQL queries over your entire enterprise dataset — all from a single place. This is the core value add of your data lake.
  • Curated Zone: The “golden” or final, polished, most-valued datasets for your company go here. This is where you save and refresh data that will be used for dashboards or turned into visualizations.

Our Classic 3-zone data lake on S3 features immutable data by default. You’ll never lose data, nor do you have to configure a lot of settings to accomplish this. Using AWS Glue, data is automatically compressed and archived to minimize storage costs. Convenient search with always-up-to-date data catalog allows you to easily discover all your enterprise datasets.

In the Curated Zone, only the most important “data marts” – approved datasets – get loaded into more costly Redshift or RDS, minimizing costs and complexity. And with Amazon SageMaker, tapping into your Analytics and Curated Zone, you are prepared for effective machine learning. One of the most overlooked aspects of machine learning and advanced analytics is the great importance of clean, available data. Our data lake solves that issue.

If you’re struggling with one of these three core data issues, the solution is to start with a crisp definition of your business need, and then build a data lake to execute on that need. A data lake is just a central repository for flexible and cheap data storage. If you focus on keeping your data lake simple and geared towards the analysis you need for your business, these three core data problems will be a thing of the past.

If you want more information on creating a data lake for your business, download our DataOps Foundation datasheet to learn about our 4-8 week engagement that helps you build a flexible, scalable data lake for centralizing, exploring and reporting on your data.

-Rob Whelan, Practice Manager, Data Engineering & Analytics

 

 

Cloud for Advanced Users – The 5 Most Important Lessons Learned Over a Decade

Being involved in cloud services and working closely with cloud providers over the past 10 years has given us a great deal of insight into the triumphs and pitfalls of cloud consumers. We’ve distilled that vast experience and come up with our list of the 5 most important lessons we’ve learned over the past decade for users that are experienced in the cloud with multiple applications/workloads running.

1. Governance – Tagging, Tools, and Automation

Many of our customers have hundreds, if not thousands of accounts, and we’ve helped them solve many of their governance challenges. One challenge is ensuring they’re not doing certain things – for example, shadow IT and functioning in siloes. In the cloud, you want everyone to have visibility into best practices and understanding the critical role cloud plays in creating business value.

There are numerous tools and automation methods you can leverage to ensure your governance is in step with the latest innovation. First and foremost, a strong tagging strategy is critical. As with shadow IT, if you don’t tag things correctly, your teams can spin up resources with limited visibility on who owns them, continuously running and accumulating expenses over time. If you don’t start with a tagging strategy from day one, retroactively correcting is a herculean task. Starting with a strong architectural foundation and making sure that foundation stays in place with the proper tools will ensure governance doesn’t become a burden.

Putting the proper guardrails in place for this, such as AWS Config, can help overcome this challenge and make sure everybody’s following the rules. Sometimes governance and moving fast can seem like adversaries, but automation can help satisfy both.

2. Optimization – It’s not a one-time exercise

Cloud users tend to think of optimization in terms of Reserved Instances (RI), but it reaches far beyond just RIs. Well-defined policies must exist to exhibit control over spend and discipline to go along with policies.

There are many ways to leverage cloud native solutions and products to achieve optimization as well as new classes of service. One key point is leveraging the right resources where appropriate. As new services come out and skills increase within organizations, the opportunity to not only optimize spend but optimize the applications themselves by leveraging more cloud native services will continue to drive down operating cost.

Optimization is not a one-time exercise, either. It’s an ongoing practice that needs to be done on a regular basis. Like cleaning out the garage, you need to maintain it. Who’s responsible for this? Often, it’s your company’s Cloud Center of Excellence, or a partner like 2nd Watch.

3. Cloud Center of Excellence – Be bold and challenge the norm

We encourage all organizations to form a Cloud Center of Excellence (CCoE). Typically lead by an executive, your CCoE should be a multi-stakeholder organization that includes representatives from all areas of the business. With the multi-skilled group, you benefit from subject matter experts across a wide variety of areas within your organization who collectively become subject matter experts in cloud services and solutions. When you break down siloes, you’re able to move rapidly.

Your CCoE should be formed at the beginning of your migration and continue to revisit new capabilities released in the cloud on an ongoing basis, updating the organization’s standards to ensure enforcement.

One of the CCoE’s biggest roles is evangelizing within the organization to ensure people are embracing the cloud and celebrating successes, whether it comes from implementing DevOps with cloud native tools or optimizing and cloud refactoring. The CCoE’s motto should is, ‘Be bold, challenge the norm, look for new ways of doing things, and celebrate BIG.’

4. Multi-Cloud – Get out of your comfort zone

As an advanced user, you have grown up with AWS and have a solid understanding and background of AWS. You’ve learned all the acronyms for AWS and understand the products and services. But now you’re being asked to integrate another CSP provider you might not be as familiar with. How do you take that basic cloud knowledge and transition to Azure or GCP?

There’s a little bit of a learning curve, so we recommend taking a training course. Some even offer training based upon your knowledge of AWS. For example, GCP offers training for AWS professionals. Training can help you acclimate to the nomenclature and technology differences between CSPs.

We typically see customers go deep with one cloud provider, and that tends to be where most workloads reside. This can be for financial reasons or due to skills and experience. You get a greater discount when you push more things into one CSP. However, some solutions fit better in one CSP over the other. To maximize your cloud strategy, you need to break down walls, get out of your comfort zone, and pursue the best avenue for the business.

5. Talent – Continuously sharpen the knife’s edge

Talent is in high demand, so it can be challenging to attract the top talent. One way to overcome this is to develop talent internally. All cloud providers offer certifications, and incentivizing employees to go out there and get those certifications goes a long way. With that, success breeds success. Celebrate and evangelize early wins!

The cloud changes fast, so you need to continuously retrain and relearn. And as a bonus – those individuals that are involved in the CCoE have the unique opportunity to learn and grow outside of their area of expertise, so proactively volunteer to be a part of that group.

If you want more detailed information in any of these five areas, we have a wealth of customer examples we’d love to jump into with you. Contact us to start the conversation.

-Ian Willoughby, Chief Architect and Skip Barry, Executive Cloud Enablement Director

Cloud for New Users – The 4 Most Important Lessons Learned Over a Decade

Over the past ten years we’ve learned quite a bit about cloud migration and achieving success across various platforms. Over that time, a lot has changed, and ongoing innovations continue to provide new opportunities for the enterprise. Here, we’re recapping the four most important lessons we’ve learned for new cloud users.

1. Close the knowledge gap.

With the rate of innovation in the cloud, the knowledge gap is wider than ever, but that innovation has reduced complexity in many ways. To maximize these innovations, businesses must incentivize employees to continue developing new skills.

Certifications and a desire to continue learning and earning credentials are the traits businesses want in their IT employees. Fostering a company culture that encourages experimentation, growth, and embracing new challenges creates an environment that helps employees develop to the next level.

At 2nd Watch, we create a ladder of success that challenges associates to move from intermediate to advanced capabilities. We foster employees’ natural inclinations and curiosities to build on their passions. Exposing people to new opportunities is a great way to invest in their aptitudes and backgrounds to evolve with the company. One way to do this is by setting up a Cloud Center of Excellence (CCOE), a multi-stakeholder group that includes subject matter experts from various areas of the business. With the multi-skilled group, the collective become the subject matter experts in cloud services and solutions. By setting up a CCOE, silos are eliminated and teams work together in an iterative fashion to promote the cloud as a transformative tool.

2. Assemble the right solutions.

Cloud is not always cheaper. If you migrate to the cloud without mapping to the right solutions, you risk increasing cost. For example, if you come from a monolithic architectural environment, it can be tempting to try and recreate that architecture in the cloud.

But, different than your traditional on-prem environment, many resources in the cloud do not require a persistent state. You have the freedom to allow jobs like big data and ETL (extract, transform and load) to run just once a day, rather than 24 hours a day. If you need it for an hour, spin it up for the hour, access your data in your cloud provider’s storage area, then turn it off to minimize usage and costs.

You can also perform simple tweaks to your architecture to improve performance. We recommend exploring containerization and serverless models to implement automation where possible. New cloud users should adapt to the new environment to allow for future use cases, provision resources for future states, and use assets based on scalability. Cloud allows you to map solutions to scale. Partners like 2nd Watch help create a roadmap based on forecasting from current usage.

3. Combine services based on desired outcomes.

There is a plethora of cloud service options available, and the way you use them should be driven by the outcomes you want. Are you looking to upgrade? Lift and shift? Advance the business forward? Once you have a clear outcome defined, you can begin your cloud journey with that goal in mind and start planning how best to use each cloud service.

4. Take an active role in the shared responsibility model.

In traditional IT environments, security falls solely on the company, but as a cloud user, the model is significantly different. Many cloud service providers utilize a shared security responsibility model where both the cloud provider and the user take ownership over different areas of security.

Often times, cloud providers can offer more security than your traditional datacenter environment ever could. For example, you are not even permitted to see your cloud provider’s data center. Their locations are not known to the public, nor is where your customer data resides known to the datacenter employees.

Although your cloud provider handles much of the heavy lifting, it’s your responsibility to architect your applications correctly. You need to ensure your data is being put into the appropriate areas with the proper roles and responsibilities for access.

Are you ready to explore your options in the cloud? Contact 2nd Watch to learn more about migration, cloud enabled automation, and our multi-layered approach to security.

-Ian Willoughby, Chief Architect and Skip Barry, Executive Cloud Enablement Director

Fully-Managed DevOps – Is It Possible?

If you’re in a development or operations role, you probably gawked at this title. The truth is, having some other company manage your “DevOps” is an insult to the term. However, bear with me while I put out this scenario:

  • What if you don’t have a team that can manage all your tools that enable you to adopt DevOps methods?
  • Why should you have to spend time managing the tools you use, instead of developing and operating your application?
  • What if your team isn’t ready for this big cultural, process, and tooling change or disagrees on where to begin?

These are key reasons to consider adopting a DevOps platform managed by experts.

Just a Quick Definition:

To bring you along my thought process, let’s first agree on what DevOps IS. DevOps, a term built by combining the words Development and Operations, is a set of cultural values and organizational practices implemented with the intent to improve business outcomes. DevOps methods were initially formed to bridge the gap between Development and Operations so that teams could increase speed to delivery as well as quality of product at the same time. The focus of DevOps is to increase collaboration and feedback between Business Stakeholders, Development, QA, IT or Cloud Operations, and Security to build better products or services.

When companies attempt to adopt DevOps practices, they often think of tooling first. However, a true DevOps transformation includes an evolution of your company culture, processes, collaboration, measurement systems, organizational structure, and automation and tooling — in short, things that cannot be accomplished through automation alone.

Why DevOps?
Adopting DevOps practices can be a gamechanger in your business if implemented correctly. Some of the benefits include:

  • Increase Operational Efficiencies – Simplify the software development toolchain and minimize re-work to reduce total cost of ownership.
  • Deliver Better Products Faster – Accelerate the software delivery process to quickly deliver value to your customers.
  • Reduce Security and Compliance Risk – Simplify processes to comply with internal controls and industry regulations without compromising speed.
  • Improve Product Quality, Reliability, and Performance – Limit context switching, reduce failures, and decrease MTTR while improving customer experience.

The basic goal here is to create and enable a culture of continuous improvement.

DevOps Is Not All Sunshine and Roses:

Despite the promise of DevOps, teams still struggle due to conflicting priorities and opposing goals, lackluster measurement systems, lack of communication or collaborative culture, technology sprawl creating unreliable systems, skill shortage, security bottlenecks, rework slowing progress…you get the picture. Even after attempting to solve these problems, many large enterprises face setbacks including:

  • Reliability: Their existing DevOps Toolchain is brittle, complex, and expensive to maintain.​​
  • Speed: Developers are slowed down by bottlenecks, hand-offs, and re-work.​​
  • Security: Security is slowing down their release cycle, but they still need to make sure they scan the code for licensing and vulnerabilities issues before it goes out. ​​
  • Complexity: DevOps is complex and an ongoing process. They don’t currently have the internal skillset to start or continue their progress. ​
  • Enterprise Ready: SaaS DevOps offerings do not enable them to have privacy or features they require for enterprise security and management.

Enter Managed DevOps:

Managed DevOps removes much of this complexity by providing you with a proven framework for success beginning with an assessment that sets the go-forward strategy, working on team upskilling, implementing end-to-end tooling, and then finally providing ongoing management and coaching.

If you have these symptoms, Managed DevOps is the cure:

  • Non-Existent or Brittle Pipeline
  • Tools are a Time Suck; No time to focus on application features
  • You know change is necessary, but your team disagrees on where to begin

Because Managed DevOps helps bring your teams along the change curve by providing the key upskilling and support, plus a proven tool-chain, you can kick off immediately without spending months debating tooling or process.

If you’re ready to remove the painful complexity and start to build, test, and deploy applications in the cloud in a continuous and automated way, talk with our DevOps experts about implementing a Managed DevOps solution.

-Stefana Muller, Sr Product Manager