FinOps pros know the deal. Try as you might, getting your entire organization on board with cloud cost management best practices is extremely difficult.
According to the 2021 State of FinOps report, almost 40% of FinOps pros cannot get engineers who work with cloud resources to factor cost into their decision-making. That slows down innovation, creates unnecessary bottlenecks, and almost certainly causes friction between departments. It’s symptomatic of old, ingrained and painful ways of doing cloud cost management.
What Problems the Old Way of Cloud Cost Management Brings
Specifically, cloud cost management breakdowns often lead to these problems:
A monthly curse of trying to reconcile people and initiatives with billed spend. The old way of cloud cost management requires you to separately log into every public cloud portal and reach out to multiple departments and untold numbers of people, just to hopefully find out who used what resource at what time and for how much. Does this sound like a fun way to spend a day? Or, more likely, a week…or more?
Endless spreadsheets. You may love spreadsheets as much as the next person. But when it comes to figuring out cloud spend, you can drown in them and never come up for air. Traditional cloud management requires analyzing multiple tabs of data on spreadsheets, a process that’s about as fun in reality as it sounds.
Monthly bills and finance challenges. Poring over monthly bills line-by-line is another reality with the old way. At the same time, finance has to manage rogue spending and a lack of governance. This causes headaches up and down the line.
One pattern you’re probably noticing here: so much of the old way is reactive. There’s too much focus on reconstruction of what happened in the previous month or quarter and then picking up the pieces later. It’s a truly backwards way of conducting any form of business. The truth is: things have advanced. There’s a new way to do cloud cost management, one that emphasizes ongoing optimization, automation, and uses actionable data to get smarter about costs.
Learn more about the new, intelligent way to do cloud cost management in our new infographic.
Where are you in your public cloud security optimization journey?
Public cloud adoption is exploding. Gartner forecasts worldwide public cloud end-user spending to grow 18% in 2021 to $304.9 billion. Organizations are taking hybrid and multi-cloud approaches to digitally innovate, modernize processes, build efficiencies, and collaborate among teams. With the right public cloud approach, your development team can get the resources they need fast to move your enterprise forward.
But with any technology, there is risk. Security breaches happen, and the proliferation of public cloud has given rise to shadow IT and other threats to your critical data and infrastructure.
To help your organization make sense of the current public cloud security landscape, and provide advice on how best to navigate it, we’ve created our new eBook 7 Essentials for Public Cloud Security Optimization, which you can read for free anytime.
This is the first post in a weekly blog series examining each of the seven essentials. This week, we’re taking a look at Essential #1: Avoid Getting Run Over by a Cloud Shared Security Model.
Essential #1: Avoid Getting Run Over by a Cloud Shared Security Model
In the world of public cloud, it’s important to remember that security is a two-way street. The security onus does not fall solely on the platform vendor, nor does it fall solely on the end customer. This is why the Cloud Shared Security Model exists. However, there are obligations you must meet in order to keep your data safe and in the right hands. The key is knowing what parts you are responsible for as a user and what parts the cloud platform provider must do. And, you can’t forget about app security either.
Know your responsibility as a customer. For your public cloud, have you turned on important features such as
multi-factor authentication or set up all of your root account capabilities? Don’t underestimate the fundamentals of good security on your side of the equation. Are you cloud services configured correctly? And what about that relationship with your applications in your environment?
It’s time to get your cloud security optimization in gear. Book your demo of CloudBolt’s security optimization solutions now.
Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Here are the blogs we’ve posted this week:
- IT Automation Secrets: Stay Compliant and Stay Secure
- Webinar Recap: 7 Spending Sins That Every Cloud Team Should Avoid
With that, onto this week’s news:
Why hybrid cloud is here to stay
Naomi Eide, CIO Dive, April 22, 2021
“The underlying problem is, data is directly woven into the legacy application logic, which impacts when and how businesses can move them, according to Whitehurst.
What’s important is creating a hybrid bridge that takes technologies core to critical business processes and ties them to innovation a business is putting into the cloud, said Drobisewski. Hybrid is a piece of this, enabling workloads across the spectrum of technology. What’s next for businesses is a slower rate of cloud adoption as organizations take stock of what they’ve enabled and how it fits into their long-term plans.
Post-pandemic, people want optionality to sit back and think through their three-to five-year tech strategies, according to Wassenaar.”
The hybrid-cloud mainframe: What it means for enterprise apps
David Lithicum, TechBeacon, April 27, 2021
“Migrating to the cloud? What will you do with your mainframe-based applications? Traditional options include refactor/rewrite, rip-and-replace or rehosting. Luckily, a new approach is coming into vogue, one where you can partition, refactor, and then move mainframe apps. Parts of the application run on the mainframe, and parts run as cloud-native applications.
Using this technique, you’re running a distributed application that is essentially a hybrid-cloud mainframe. On the cloud side you can leverage any modern development platforms, such as containers/Kubernetes, serverless, CI/CD tools, etc., or even use cloud-native databases as augmented storage or as a complete replacement. This is becoming a popular technique.”
Gartner sees surge in public cloud spend as CIOs shed migration inhibitions
James Bourne, CloudTech, April 21, 2021
“The task for 2021 is to make even more use of the cloud. Global spending on public cloud services is forecast to grow 18.4% next year to total $304.9 billion, up from $257.5 billion in 2020, according to Gartner. The analyst says companies have more IT to do and less money to do it, so they will spend on areas such as the cloud to help accelerate digital business.
Software as a service (SaaS) continues to be the largest bucket, representing almost 37% of total spend in 2021. Infrastructure as a service (IaaS) represents almost a quarter, with platform as a service (PaaS) at 17.9% and business process as a service (BPaaS) at 15%. In terms of growth, desktop as a service (DaaS) will see the highest growth in 2021, at 67.7% year on year. Of the larger segments, IaaS – at 38.5% – is best performing.”
We’re here to help you anywhere on your hybrid and multi-cloud journey. Request a demo today.
CloudBolt Software recently held a joint webinar with DZ Solutions to discuss “7 Spending Sins That Every Cloud Team Should Avoid,” based on our recent eBook “Avoiding the 7 Deadly Sins of Public Cloud Spend.”
In the presentation, which you can find embedded below, CloudBolt’s Nilesh Deo and Josh Mau, as well as DZ Solutions’ Alex Jaspersen, went deep on the topic of public cloud spend, the pitfalls organizations make, and concrete steps for avoiding them that all cloud stakeholders in an organization should know.
Here are some of the highlights of the discussion.
How to stop zombies from eating your cloud money
When organizations move to the cloud, it’s great for streamlining processes and developing tools to promote the growth of your business. But, when resources are forgotten about, they become dreaded zombies that can cost a business lots and lots of money.
“It’s easier to build out infrastructure within the cloud than it is to scale back,” Jaspersen said, adding that many organizations came out of the events of 2020 needing to cut back on costs after years of mass migration to the cloud.
“Many organizations are unable to account for about 20% or more of the cloud resources that they have running,” he said, noting as well that not only do “zombie” resources cost organizations money but they also present a security risk.
Mau suggested that organizations should conduct monthly investigations to identify servers or workloads that have been left behind.
Overspending and overprovisioning is overkill
Overprovisioning in the cloud can be detrimental, as old datacenter habits can die hard despite a new reliance on cloud infrastructure. Sometimes when it comes to cloud, your eyes can be bigger than your stomach, Mau said.
“Oftentimes there’s so many options with the cloud service providers—and that’s a good thing for flexibility,” he said, but, if you don’t have a strong framework in place to create blueprints that easy to direct folks to select from options they have, things can get expensive in a hurry.
When organizations are using manual worksheets or scripting involved in the process, it can fail when you have multiple clouds involved.
“Amazon and Microsoft Azure may change their pricing and now your scripting might not be relevant anymore,” Deo said. An organization can use a cost adviser and analysis tool that helps ensure that resources are right-sized.
Please check out the full discussion here below:
See CloudBolt’s Cloud Cost Optimization solutions in action today.
Is your business falling behind in the race to the top?
Your business moves fast. Different, often-competing units within your enterprise want to achieve business priorities, drive efficiencies, and rapidly produce revenue. They’re relying on IT to provide the resources necessary to grow fast. They need what they need and they need it now—as in yesterday.
How can you ensure fast compliant delivery of resources—be it virtual machines (VMs), applications, public cloud resources, or other types—so your business can grow quickly without friction and delay? The answer: IT automation.
We’ve recently posted our eBook, The 7 Secrets of IT Automation, which gives you the opportunity to learn a step-by-step action plan to unlock the potential of your hybrid and multi-cloud environment.
This is the seventh and final post in a weekly blog series examining each of the seven secrets. This week we’ll look at Secret 7: Stay Compliant and Stay Secure.
Secret 7: Stay Compliant and Stay Secure
While it is important to stay agile and focused on the outcomes, you should also focus on compliance. This is critical not just for organizations in healthcare, government or finance but also for enterprises in practically every vertical these days. You don’t want your company to be featured in news articles for all the wrong reasons.
Adhere to compliance standards that are important for your company and industry. From basic compliance frameworks such as CIS, PCI-DSS all the way to NIST, HIPPA, etc., it’s important to stay proactive and utilize automation in compliance and security. Identifying exposed S3 buckets and IP addresses shouldn’t be difficult. Taking simple steps to prevent a breach now can save a lot of time and effort later recovering from one.
Secrets No More: Unlock the Power of IT Automation. See How CloudBolt Can Help.
Welcome to this week’s edition of CloudBolt’s Weekly CloudNews!
Here are the blogs we’ve posted this week:
- IT Automation Secrets: Bring Order to Chaos with Governance
- Podcast | The Cloud Junkies | Episode 4: Cloud Automation and the Old Way vs. the New Way w/ Grant Ho
- Buyer Beware: Cloud Management Vendors Are Not Equal
With that, onto this week’s news:
Pulling devops and multicloud together
David Linthicum, InfoWorld, April 16, 2021
“So, how do you deal with these devops and multi cloud issues without driving more risk and cost into the processes? I have some general guidance: First, leverage IaC (infrastructure as code). This means shifting from monolithic approaches to more fine-grained ones, such as microservices, and from mostly using VMs to choosing cloud-native patterns.
Second, use common services. One of the issues around having an agile process and a layer of devops technology to support that process is that developers can make things complex pretty quickly. When using multi cloud, developers have more choices, including services from three or more public cloud providers. If they all use different security systems, governance systems, databases, etc., the number of things that need to be run over time goes way up, plus needed skills and supporting tools. This increases complexity and will get you into trouble quickly.
Delivering On Multi-Cloud Promises Means Killing Complexity
Tobias Mann, sdxcentral, April 16, 2021
“All of the panelists cited ‘business agility’ — in other words, the ability to build and deploy services when and where the organization needs and wants to — as the primary driver of multi-cloud adoption.
‘I think people are facing the challenge where it was okay for the network to be slow, and now that people are getting used to the cloud, they know how quickly they can adopt and deploy newer types of applications in their environment and start offering it to the broader community,’ Khan said. ‘One of our customers says that we need to move at the speed of the business, not the speed of the network.’”
Businesses failing to adhere to data protection best practices
Sead Fadilpašić, ITProPortal, April 15, 2021
“Despite the fact that many organizations (50 percent) have an encryption strategy that is applied consistently, they struggle to encrypt data in multi-cloud environments. For this reason, unified key management across both multiple clouds and enterprise environments is considered pivotal.
Key management is increasingly complex, the report states, with simply knowing where organizational data resides across on-premise, virtual, cloud and hybrid environments being an ongoing issue. As a result, two-thirds (65 percent) of organizations claim locating sensitive data is the top challenge, when it comes to planning and executing a methodical encryption strategy.”
We’re here to help you anywhere on your hybrid and multi-cloud journey. Request a demo today.
Cloud management vendors have made the cloud a more attractive venture for organizations of all sizes. After all, running a cloud deployment often sounds simpler than it is.
Enterprises want to take advantage of the benefits the cloud offers. But to do this, they must manage their cloud resources and operations effectively. One way to optimize cloud management is to implement a cloud management platform (CMP).
Understanding the CMP Market
The CMP market has two categories: third-party tools and cloud vendor native tools.
Cloud vendor native tools refer to the tools provided by public Infrastructure as a Service (IaaS) vendors. These include Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure. The tools work exclusively with their products. Native tools provide unmatched, deep functionality into the specific platform.
Third-party tools are cloud management tools built by third parties. These tools work seamlessly across a multitude of clouds. An example of such a tool is CloudBolt. There is no cloud provider attached to these tools. This gives you the flexibility of operating in multiple environments and avoiding vendor lock-in.
In essence, enterprises that use a single vendor could get by using the vendor’s native tools. In contrast, those with a hybrid cloud setup would benefit from using third-party cloud management vendors’ tools.
Evaluating Cloud Management Vendors
Today, cloud management has turned into a wide and varied market with providers specializing in various segments. One of the problems many enterprises have is selecting a cloud management vendor that’s the right for their businesses.
The good news is, it’s not that difficult to choose a vendor. We’ve narrowed it down to four major areas that you should focus on when evaluating vendors.
Cloud Management and Brokerage of Services
The CMP should be able to spin up and spin down resources on-demand, sometimes automatically, across cloud providers, and provide expansive self-service IT capabilities.
Expense Management
Cloud costs are one of the biggest pain points for an enterprise after it has moved to the cloud. The right CMP should help the organization to analyze cloud spending and compare it to historical averages. The tools should also identify wasted resources that an organization could shut down to reduce cloud costs. Rightsizing your cloud is one of the easiest ways to reduce wastage since you’re not paying for unnecessary services.
Operational Monitoring
A CMP should help you determine the following about your cloud deployment:
- The number of resources you have running and how they compare to the past.
- The number of users accessing your environment and what they’re doing.
- The cloud services users are utilizing at any one point.
Governance
Go for a cloud management vendor whose tools help you set governance policies. You should be able to dictate whether users can access your cloud and what they have access to. The tool should help you set up and monitor data management policies to secure your cloud from unauthorized access.
Conclusion
A CMP should carry out the following functions: orchestrating, monitoring, optimizing, and governing workloads and resources while also providing self-service. It should give you visibility into cloud usage with the aid of a dashboard.
Request a CloudBolt demo today to see the new way of cloud management.
Is your business falling behind in the race to the top?
Your business moves fast. Different, often-competing units within your enterprise want to achieve business priorities, drive efficiencies, and rapidly produce revenue. They’re relying on IT to provide the resources necessary to grow fast. They need what they need and they need it now—as in yesterday.
How can you ensure fast compliant delivery of resources—be it virtual machines (VMs), applications, public cloud resources, or other types—so your business can grow quickly without friction and delay? The answer: IT automation.
We’ve recently posted our eBook, The 7 Secrets of IT Automation, which gives you the opportunity to learn a step-by-step action plan to unlock the potential of your hybrid and multi-cloud environment.
This is the sixth in a weekly blog series examining each of the seven secrets. This week we’ll look at Secret 6: Bring Order to Chaos with Governance.
Secret 6: Bring Order to Chaos with Governance
Controlling the chaos is a basic requirement for effective cloud management. That’s why governance is so important. Not knowing who’s accessing systems or overprovisioning resources can make you feel like you’re being robbed – or at the very least, uncomfortably exposed. Manual approval processes take a long time and often delays resource availability. You want to automate resource provisioning, but establishing and maintaining clear guardrails may seem like an impossible task. Breaking down these hurdles is as critical as identifying the right technology for your IT needs.
Implementing good governance cannot be treated as a nice-to-have when it comes to digital transformation via cloud environments. Create a clear organizational hierarchy to see your systems and who’s using them. Trigger approvals and send alerts based on services criteria (development, testing, etc.). And, use role-based access control to ensure resources are used properly. Stop herding cats: start governing so you can keep innovating without worry – and maintain your sanity.
Secrets No More: Unlock the Power of IT Automation. See How CloudBolt Can Help.
If cloud security is your responsibility, you pride yourself in staying ahead of the curve. Attackers are one issue, but there are plenty of other hurdles to jump over, including misconfigurations and human error.
However, if you’ve been at the game long enough, there are probably some methods around managing cloud security that no longer work in today’s automated, I-need-it-yesterday world of information technology. If any of the following ways of cloud security management are part of your day-to-day activities, it’s time to rethink how you’re approaching a critical part of your business.
Endless spreadsheets. Who doesn’t love a good spreadsheet? The truth is, traditional cloud management requires analyzing multiple tabs of data on multiple spreadsheets. Not only can this make your eyes hurt from all the squinting, but it’s awfully cumbersome and there are better, more time-efficient ways to get the job done.
Manually identifying and notifying resource owners to take action. You love your end users and those who are responsible for your cloud resources. But, with the sheer number of disparate departments and resource owners across an enterprise, it’s a lot of work if you have to manually identify and reach out to them to take actions around security. Like with the spreadsheets, you have better things to do.
Security challenges. SecOps has a huge job. They have to keep shadow IT from causing big problems, keep VMs from becoming zombies that can wreak havoc on an environment and maintain governance standards for users. And that’s to say nothing of the external threats every organization faces.
Additional tools needed for compliance. Traditional tools don’t provide the capabilities you need for comprehensive compliance. It’s an even bigger pain when you need additional tools because you need integrations for required standards.
These are limiting factors for cloud security management platforms that put your entire organization at risk. If you don’t have visibility or clarity in your strategy around cloud security, it means you’re stuck doing things the old way.