We’re delighted that you dived into the Season 2 Edition 3 of Z to A Pulse!

With $630 billion of business value at stake in cloud implementation and migration, organizations are overwhelmed with the evolving strategies that are disrupting the industry.

It is crucial for organizations to tap into cloud strategies that untangle knotty cloud architecture and operating models and leverage significant value out of their cloud journey. That’s specifically what this edition of the newsletter exchanges views about.

As we promised in Season 2 of this newsletter, this is a report spotlight, where we have delved deeper into the “Insights from CTOs on cloud strategies” * report of McKinsey to extract data on the trending cloud strategies and blended it with the technical dexterity of Zuci’s cloud experts. Additionally, to unravel the complexity of multi-cloud environment security, we also probed into the “Cloud Native Application Protection Platform Report” * from Cloud Security Alliance (CSA).

Hello readers,

I am Ameena Siddiqa, Marketing Strategist at Zuci Systems. To gain deeper insights into the aforementioned reports, I tapped into the expertise of our cloud enthusiasts and experts, Prasanna Venkatesh, Vice President-Delivery, Digital Engineering and Feroz, Solution Architect, Digital Engineering.

Let’s dive into the topic!

Ameena: Can you elucidate landing zones?

Feroz: Sure. Instead of describing landing zones in a hard-core technical way, I will quickly explain it with a simple example.

Let’s assume that you plan to keep your body and mind fit but are mystified with the preliminary steps. Hiring a trainer and investing in sports infrastructure can be time-consuming and pricey. Enrolling on the nearest sports club seems favourable as it has all the ready-to-use solutions that are requisite to accomplish your goals.

Landing zones are like sports clubs in a cloud environment.

Landing zones are a pre-configured and standardized environment within a cloud platform, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP), that is specifically designed to support the initial phases of migrating workloads, applications, and data to the cloud.

It’s a user guide with best practices, tools and frameworks that can be very helpful in setting up a cloud environment that matches their business needs.

Ameena: How does building standardized landing zones maximize cloud benefits?

Feroz: With ready foundations and structures, landing zones are highly beneficial in accelerating cloud migrations and workload deployments. Some hard-to-miss benefits of landing zones are:

• Security & Compliance: We must thank the guardrails for the safe environment it creates for the engineering teams to deploy and update cloud resources with adherence to security, compliance and operational guidelines. It reduces shadow IT risk because they don’t have to implement intricate rules within the public cloud.  One example is enforcing the use of encryption for data at rest and in transit enabling Multi-factor Authentication (MFA) for access and setting up firewall rules to control network traffic.
• Faster Time to Market: With automation and predefined templates in the landing zones, preparation time for cloud migration is substantially reduced. As a result, organizations can build and deploy new applications in a real quick time and achieve results faster.
• Cost control: It’s easier for organizations to lose control over their cloud spending when they don’t have a clear framework of what they are doing. With the right landing zones in place, engineering teams can easily predict their expenses when they are building new initiatives in the cloud.
• Scalability: Landing zones are designed to be scalable, allowing organizations to grow their cloud footprint as and when needed while maintaining a consistent and secure architecture.

Ameena: How many landing zones are needed in an organization?

Feroz: There is no one-size-fits-all when it comes to setting up landing zones in the cloud. Its number and structure vary based on factors such as the size, industry, regulatory requirements and cloud adoption goals of organizations.

But very often, Cloud Service Providers (CSPs) such as AWS, Google and Azure, provide reference architecture and solutions that align with these landing zone types to help organizations get started quickly. Some of the conventional landing zones offered by CSPs are:

> Development & Testing Landing Zones

> Production Landing Zones

> Big Data Processing Landing Zones

> IoT Landing Zones

> NFT and Blockchain Landing Zones

Ultimately, organizations should determine the number and structure of landing zones that they want through an out-and-out assessment of their cloud maturity, strategies and evolving requirements.

Ameena: Can you tell us a bit about the Design, Deploy and Operate (DDO) framework in the landing zone lifecycle?

Feroz: Sure. Design, Deploy and Operate (DDO) is a kind of strategic way of seeing how a landing zone should be perceived before it becomes operational. Though the DDO framework has Design as the first approach, I would say the persona effect comes prior to the design strategy.

The acceptance of the shift should transpire from the top of the organization pyramid to the bottom. It helps organizations in realizing the potential of cloud investments and enhancing the operational efficiency of the overall process.

> Design

In the next progressive step of the DDO framework, organizations plan the architecture and configuration of the landing zone based on their requirements. It includes defining their network topology, IAM policies, implementing security controls and much more.

> Deploy

In this phase, the actual infrastructure for the landing zone is provisioned according to the design, with the assistance of automation tools and infrastructure-as-code templates such as AWS CloudFormation and Azure Resource Manager templates.

> Operate

In this phase, organizations establish incident response procedures to address any security incidents, downtime, or performance issues and optimize for the changing updates.

Setting up the DDO framework is a cyclical process, and organizations should revisit the framework constantly as their business evolves, technology changes and new requirements emerge.

Ameena: How is the agile product operating model gradually replacing the traditional lift and shift approach?

Prasanna: The Agile operating model comes with a lot of advantages and moving from the traditional lift and shift approach to the agile is more convenient and suitable for the organizations.

Why?

Because, in the agile model organizations can test prototyping and release the features one by one rather than going with a big bang in one go.

When companies make the shift towards the cloud, they may not be able to check all the boxes of the cloud journey on day one. It is a progressive process that requires a methodical approach that identifies the basic things. The incremental nature of agile processes allows organizations to launch these strategies in targeted sprints.

The agile approach also helps to take feedback on the new features, assess them and deploy an enhanced feature based on the trends and acceptance. This would go a long way towards creating a backlog for future releases.

For example, we can act on insights such as the usability or number of hits on the new features. This data will help in understanding the need for a campaign and enhance them for better results. Organizations can easily analyze the features that are most used and take surveys to explore what more can be done in subsequent releases.

In short, the agile model helps organizations maintain an innovative, acceptable, sustainable and resilient system.

Ameena: How does establishing a Cloud Center of Excellence (CCoE) pave the way for the success of the overall cloud journey?

Prasanna: A CCoE is a dedicated team or group of individuals responsible for defining, implementing, and governing cloud best practices and strategies within an organization. It is the best practice when an organization intends to build a homogenous strategy, especially when multiple departments are involved, and set standards for each department to follow. The major value driving factor of CCoE is it removes stress and friction out of the way and decentralizes the whole migration process.

Ameena: Your recommendations for setting up an effective CCoE?

Prasanna: A Cloud Centre of Excellence (CCoE) is a combined effort and contribution from various departments. Whether it is a security network or application strategies, experts from different teams should work hand-in-hand in bringing together the best cloud policies, practices and principles that can be centralized and maintained as a reference point for everyone in the organization to follow. The setting up of CCoE is not a one-off strategy and organizations should work on continuous improvements.

Some of the best ways to nail the CCoE are:

• Governance: Create policies by building a cross-functional team within the organization. This gives an instant buy-in from the organization and no ideas are left behind in coming up with winning strategies.
• Brokerage: Consult with users when selecting cloud providers and architecting cloud solutions, as well as collaborate with the sourcing team for contract negotiation and vendor management. This will give a great pool of choice in acquiring technology and help in optimizing the cost.
• Community: Build a community of knowledge where a larger support structure such as training events, source code repository, etc., is created and more awareness is formed within the organization.

A CCoE is the linchpin for ensuring that cloud adoption is well-managed, secure, cost-effective and aligned with business goals. It provides the necessary structure and expertise for organizations, that are both new and existing, to navigate the complexities of cloud computing and derive maximum benefits from cloud technologies.

Ameena: How can businesses quantify value in the cloud?

Prasanna: A cloud environment offers instant scalability and gives a plethora of technology choices that the organizations can pick. The major gain is that the organizations need not bother about the license as everything comes as a bundle. Organizations will also have the flexibility of using the various native tools that are provided in the bundle.

This helps in having a predictable cost and a one-time investment in the infrastructure with all the required features required for sustainability.

Ameena: McKinsey’s survey report states that companies optimizing for new business value have a propensity to go for a mix of approaches between lift and shift, targeted remediation, and rewriting applications using cloud-native tools.

Lift and shift, targeted remediation and rewriting applications: Which approach would you vote for? Why?

Prasanna: All of them. Each strategy has unique attributes attached to it and it fulfils a certain checklist of cloud readiness. One of the three strategies may fit for each application on a case-to-case basis.

The lift and shift strategy is more suitable for mature and cloud-ready applications. When organizations opt for a lift and shift strategy, they should consider the stability and the technical prowess it’s going to bring. As an initial step, they should check if the application is technically sustainable in the long run and prepare a robust migration checklist to quantify its value.

Whereas in targeted remediation, there is a baseline work that the organizations should carry out to make the application cloud-ready. Based on the application’s maturity, budget, timelines and the value that they see, they can opt for this strategy. Unlike lift and shift, target remediation is not instantaneous and may slow down their cloud migration process.

The rewriting approach is often kept as a last resort by the organizations. They opt for this approach when their applications never come into the framework of the cloud and when they find it difficult to scale up their existing applications.

Though timeline and budget are the main parameters organizations should consider when choosing the strategy for their shift, the stability of the application comes on top of everything.

The McKinsey report states that most organizations prefer using more than one Cloud Service Provider (CSP) for their cloud migration journey.

Ameena: What would be your suggestions on this, Prasanna?

Prasanna: Having more than one CSP would be the right strategy based on the type of business, region and client partnerships that the organizations have. This also gives an opportunity to understand the industry landscape and get more insights into all the players.

The common perception that every organization has these days, when opting for multiple CSPs is that they could have more bargaining power. Organizations, rather than looking at it from just the cost perspective, should take into account other important factors such as their cloud strategy, Total Cost of Ownership (TCO) and Return on Investment (RoI).

While implementing cloud-based systems for clients, it’s possible that they may have their own preferred partners or strategic cloud service providers (CSPs) that we need to accommodate and work with. Hence, being prepared for multiple CSPs is a need for technology organizations.

Due to complexities in multi-cloud environments, 32% of organizations are struggling with prioritizing security improvements and 3 out of 4 organizations use CNAPP to protect their multi-cloud environment. Understanding the essence of CNAPP has become a need of the hour for enhancing security and operational efficiency in cloud implementation. And that led me to plunge into the CNAPP report from Cloud Security Alliance.

In the following section, we will explore the insights and best practices shared by Feroz, shedding light on how CNAPP optimizes security measures in this dynamic landscape.

Ameena: What is the best way to implement a CNAPP in a hybrid cloud environment?

Feroz: Implementing a Cloud Native Application (CNAPP) in a hybrid cloud environment involves a combination of on-premises and cloud-based resources. To do this effectively, organizations should consider factors such as architecture, deployment models, security, and management. Here’s a methodical way to do this:

> Start by assessing the needs and goals for hybrid cloud adoption. Determine which parts of the application should run in the cloud and which should remain on-premises.

> Choose an architecture that suits the organization’s requirements. They can either use a hybrid API gateway to manage traffic between on-premises and cloud-based components, containerize applications or go for serverless computing.

> Each CSP has its own strengths and services, so choose the one that fits the organization and application’s requirements.

> Implement robust security measures such as Identity and Access Management (IAM), encryption, and security policies to protect data and resources.

> Determine the ways data can be managed across the hybrid environment. They may need data replication, synchronization, or storage solutions that work seamlessly between on-premises and cloud databases.

> Set up secure connectivity measures such as Virtual Private Networks (VPNs), Direct Connect, or ExpressRoute, between on-premises and cloud environments.

> Implement cloud-native monitoring and on-premises management tools to gain visibility into both on-premises and cloud components.

> Implement a robust CI/CD pipeline that can deploy and test applications across hybrid environments and set up a rollback plan in case of issues.

> Plan for disaster recovery by creating backup and redundancy strategies that work across both on-premises and cloud resources.

> Ensure that the entire team is well-trained in managing hybrid cloud environments and document all processes and configurations.

>Regularly review and optimize the hybrid cloud setup. Embrace DevSecOps practices to continuously improve and update the CNAPP.

> Continuously test CNAPP in the hybrid environment and monitor its performance and security. Use the data collected to keep updating the CNAPP solutions.

Ameena: How do you think organizations should manage cloud permissions across multiple clouds?

Feroz: Multi-cloud permission management is where organizations grant the right level of access to users, services, and applications while ensuring compliance, minimizing risks, and maintaining a consistent security posture. Some of the best practices organizations can follow to better manage multi-cloud access are:

• Enable Identity and Access Management (IAM) governance with centralized IAM, Single Sign On (SSO) and Role-Based Access Control (RBAC).
• Apply the principle of least privilege (PoLP) to all permissions. Only grant the minimum level of access necessary for users and services to perform their tasks and revoke unnecessary permissions.
• Use automation tools and scripts such as Infrastructure as Code (IaC) and Configuration a Code (CaC) to manage permissions, roles, and policies consistently across multiple cloud platforms.
• Implement policy as code (PaC) with the help of tools like HashiCorp Sentinel or AWS Config Rules to define and enforce security policies consistently across different clouds.
• Consider using cloud-agnostic IAM solutions that work seamlessly across different cloud providers, helping maintain a consistent approach to permission management.
• Implement CSPM tools to automatically assess cloud resources’ security configurations and permissions across different clouds and provide recommendations for improvements.
• Implement a Centralized Security Information and Event Management (SIEM) system and Vaults to securely store, manage, and distribute sensitive information, such as passwords, API keys, encryption keys, and other credentials.

So, how do you quantify the value of Cloud?

Leave your comments and queries in the comments below. Our tech titans will be happy to get back to you.

If you like our content and do not intend to miss out on the upcoming insights, subscribe to Z to A Pulse!

Resources:
* Five learnings from CTOs and tech leaders on their cloud strategies
* Cloud Native Application Protection Platform Survey Report