By Chris Reid, Partner Anothertrail
‘What exactly am I paying for?’
A question on the lips of many CFOs after the initial waves of Cloud mania and virtualisation had washed onto the sands of financial reality.
As purely an elastic plaything for software engineering, public cloud compute and the associated costs were initially accommodated via general fiscal bit bucket, yet as the continuous improvement mantra gained wider acceptance so the cloud exerted even greater pull on key corporate software and fiscal concerns grew.
GDPR mandated strict control of private user details, yet in the cloud poor visibility of compute and storage functionality left not only fiscal questions but ones of compliance. What code was running where, why and how secure was the associated data?
Traditional operational security based on the concept of software and hardware ownership under one roof, suddenly had to accommodate remote 3rd party infrastructure, services and dynamic addressing concepts, often well outside traditional procedures, whilst agile coding practice lacked the diligence and hence security demanded by the mainstream
The result was a slew of Cloud billing companies, a combination of discipline, tagging and optimisation, morphing single bills into specific departmental payment silos whilst ensuring a better bang for your buck. Close behind came code security, a model that embraced the agile nature of cloud compute whilst enforcing best practice through development, test and formal release.
Within the cloud eco-system early entrants saw IaaS, PaaS and SaaS services emerging daily to tempt and orchestrate your beloved service to new levels. This eventually evolved into Cloud Native, with business focused purely on code production devolving the rest to the Cloud providers. Over time the ‘as-a-service’ boundaries blurred, Infrastructure as code emerged and orchestration now means many things to many marketers. SaaS drove a stake through traditional linear routes-to-market. Gone the classical vendor-Distributor-VAR-Client CTO relationship, replaced by vendor agnostic line of business buyers purchasing SLA structured managed services, and the so called citizen integrators, ploughing individual agile furrows across the various clouds.
Shadow IT has emerged as the latest organisational concern. It is one thing knowing what your numerous bills consists of, another understanding where your resources actually are across private and public estates. Who hosts your HR records? Where are those micro-services actually operating? And what is your disaster recovery plan for the intertwined set of virtual compute?
Education is key. Business without significant internal Devops resource need trusted partners(System Integrators, MSP) like never before to guide them through the maze on which their very survival depends. Is it any wonder many consider returning in part to a private environment.
And then there is vintage code, often overlooked yet performing critical functions in many domains of the business. People, companies who built that vintage code aren’t there any more…
So what does a business do with it?
(Part two will looks at the options…)