Speed Is The Name Of The Game

by Meerah Rajavel, CIO, Forcepoint

1. How has your IT operating model in cloud changed during the last five years?

As a security company, we have been a thoughtfully embrac­ing cloud over the past five years. For me the big shift is going from “Why cloud” to “Why not cloud” in everything we do. We’re not only helping our customers by delivering solutions with a cloud-first orientation, as a company we’re also embracing the many opportunities that come with us­ing cloud technology.

However, the introduction of cloud in any organiza­tion does require changes in the operating model in sever­al areas. In infrastructure management, there needs to be a shift from racking, stacking, and building to designing, monitoring and optimizing for effective performance and cost management in the cloud. Identity and access control is also a crucial element for protecting company informa­tion, and this needs to be integrated and tightly managed with the corporate IAM policy for data protection and oth­er compliance reasons. Capabilities like single sign-on be­come paramount to avoid multiple user ID and password scenarios. This is both a user experience issue and poten­tial security threat, as users may record ID and passwords which could be easily compromised. Finally, every cloud vendor has varying levels of sophistication and access when it comes to security. Depending on the classification of the application/infrastructure, the security architecture needs to enforce the same rigor, level, and appropriate monitoring.

2. What do you think are the biggest obstacles that cloud technologists face in working in a more agile and out­comes based model?

As the leading cyber security company, Forcepoint un­derstands that there are inherent and important security issues that come with embracing the cloud. When con­sidering cloud opportunities, security is first and foremost for us in its adoption and implementation. By definition, the cloud should enable more agility and speed. Howev­er, if designed incorrectly the cloud can become multiple islands of applications and infrastructure with very lit­tle information sharing. This suppresses business effec­tiveness significantly. Having a conceptual integration and information architecture is the key for a successful cloud implementation.

"Having a conceptual integration and information architecture is the key for a successful cloud implementation"

In addition, not having a hybrid security architecture can stifle notably the agility and outcome in the cloud. Many assume the cloud in and of itself is safe, and addi­tional security is unnecessary. The analogy I use is, being in AWS is like having a house in a gated community. Just be­ing in a gated community doesn’t guarantee security from burglars. It’s crucial to design appropriate security and access controls in the cloud which meet company security objectives and standards.

3. Moving from traditional IT to a ser­vice offering model requires a major mindset shift in cloud. How did you make that happen?

Shifting to the cloud is both a blessing and curse in some ways. As an IT per­son, you lose access to some granular details; however it frees bandwidth to do more valuable things, like focusing on availability, monitoring, and per­formance.

It’s said “You are only as strong as the weakest link in the chain.” With regard to availability, if the service you offer sources from multiple clouds or vendors, then understanding the de­pendency and ensuring the SLA re­quirements meet the SLO promise for the service you offer to the business is compulsory. Monitoring requires clearly understanding what the vendor and what you are responsible for in the stack. For example, Salesforce of­fers certain levels of service assurance on SFDC objects; however any exten­sions or services built-on the Force. com platform are not monitored auto­matically in the SFDC console. Lastly, if your service requires any SLO based on performance, make sure you have an agreement with the cloud provid­er. In many cases, deeper access to the cloud vendor stack isn’t a given, so be cautious before making any promise on performance based SLA. Howev­er, I do strongly encourage setting an SLO for performance, working close­ly with the cloud vendor, and moni­toring them to ensure superior experi­ence for the users.

4. Which growing or future technolo­gy innovation are you personally ex­cited about?

I am very excited about deep learning and Artificial Intelligence. We have generated 10 times more data in the last year compared to the last decade. This will accelerate with IoT and com­plex, experiential, virtual systems. This poses a challenge for data process­ing and rapid intelligence gathering. Systems need to quickly classify and process data (e.g.: fog computing vs. cloud computing), and determine its life expectancy.

This complexity also demands greater security sophistication. The fo­cus needs to move from perimeter to data. In most cases data is influenced by humans, so good security strategy needs to have data and humans as core elements.

5. We are all dealing with technology every day. How does technology drive your life?

It’s hard to distinguish any more where I don’t have technology in my life today. Alexa wakes me up in the morning, Siri takes my to-do list on the drive to work, my Apple watch alerts me to the steps I need to take to reach my daily quota, Touch ID unlocks my home alarm and Nest drops the room heat in my bedroom, reminding me it is time to go to bed. I feel in some ways technology is inte­grated in every step of my life.

On the professional side, speed is the name of the game for winning. In my opinion, there is very little distinc­tion between IT and business today. Successful companies treat IT as busi­ness and drive an integrated roadmap between IT and business goals to meet growth objectives.