Deliverables need to be clearly called out in a cloud contract
Cloud contracts are tricky – it is different compared to traditional software/services contracts. Hence it requires a fresh look at each and every point, keeping in mind the scope you are signing in for. All deliverables need to be clearly called out with a threshold for each parameter. Do not assume anything on a Cloud contract. Debashis Singh, Senior Vice President & CIO, Mphasis speaks with EC’s Abhishek Raval
As a CIO, what are some of the key priorities from a data center perspective?
At present, the focus is moving from Data Center to Data from anywhere. As connectivity has become more reliable and cost efficient, adoption of models with Data residing in a central place and being accessed from anywhere in real time are becoming increasingly popular. In parallel, we can compare what used to happen in power production during Industry 2.0 and the move to a centralized Electric Grid based distribution model subsequently. We are seeing the same approach being adopted in terms of Data currently – moving from localized Data centers to centralized / Cloud based computing models, which allows for Cloud adoption in all possible flavors – SaaS / PaaS / IaaS for enterprise across all industries. It is just a matter of time and not a question of whether or not to make the shift anymore.
Being a leader in IT Service Transformation, Mphasis provides services to customers in North America and Europe. There is a strong urgency for Cloud Adoption in the industry as well.
In terms of allocation of workloads, how do you see the future changing from the present – private to public cloud or hybrid cloud or fully public cloud? Please share your perspective.
For enterprises, Hybrid Cloud will become Business as Usual (BAU) soon, if not already. There are multiple drivers for the hybrid approach – different technologies, customer contractual requirements, statutory and compliance needs, and so on, which will force large enterprises to work with different SaaS/PaaS and On Premises Hybrid models to align based on business priorities.
At the same time, there are start-ups born on Cloud organizations which will push cloud adoption across the industry and challenge large players to meet the speed and agility enabled by the cloud. This will be a healthy environment and over a period of time, a more matured approach will evolve for each industry, which will be unique and completely aligned to the specific needs of each of the industry domains.
What role will technologies like AI, ML play in improving the data center efficiencies in your group and modernizing the data center? Can you share some examples?
Data is the new oil. This essentially means that every bit of data needs to be analyzed to derive effective and actionable insights, which will lead to the creation of a hyperpersonalized experience for the end user/customer/employee. We are talking about Terabytes of data – millions of records that must be analyzed – which is impossible for humans to work on. Cognitive technologies like AI and ML come in handy in such a scenario.
Take the example of Google or Amazon or Facebook. They are continuously analyzing all available data points to predict and create personalized search results for each individual user. All these platforms are powered by machine learning algorithms which work in real time to produce a customized experience for each individual using Artificial Intelligence.
Hence any technology platform you choose has to be able to process these kinds of datasets and produce the right intelligence in real time. Creating such high compute platforms internally may not be feasible in the long run, which is where the power of cloud comes into play that every enterprise can and should leverage.
Do you feel the outlook towards security has changed with more WFH users and what measures are you taking to secure your data center?
The pandemic has changed a lot many things around each one of us, security outlook being one of them. As per research by IDC, COVID-19 has shortened the timeframe of cloud adoption across the industry by 3 years. Similarly, adoption of Work from Home (particularly in the Indian context) has become BAU post pandemic to a certain extent. These two drivers have removed the so-called “network perimeter” for organizations – now anyone can work from anywhere and all enterprise resources are accessible over the internet. This has essentially increased the security risk and exposure of enterprise data manifold. Therefore looking at security with an elevated priority is the need of the hour for every enterprise.
Starting from re-architecting certain security control mechanisms to finding all-new solutions to deal with distributed and isolated computing environments (which are not always connected) are the major changes in priority for every organization. Solutions like Zero Trust, Multi Factor Authentication and VDI becoming must-haves in the current environment.
What are your views on the SASE approach to network management/security and are you adopting it in a restricted or limited way, if not completely?
With borderless networks, cloud enabled services and WFH end points, we have the makings for a perfect scenario to explore SASE (Secured Access Service Edge) for each and every service being provided in any enterprise today. Zero Trust Network (ZTN) is one such solution which is becoming extremely popular as it reduces the attack surface for enterprises drastically. In other words, the solution stops the exposure of internal applications on the internet, thus reducing the risk for all internal applications to a large extent.
As WFH continues to be the norm, solutions like ZTN have enabled Mphasis to provide seamless access to many of its internal applications for employees working from anywhere outside the office network.
Given that Mphasis is an IT company, how important is it for you to use containerization and micro services? Are you using an application management approach?
For any enterprise, Cloud adoption is not sustainable (read commercially viable) if solutions like micro services and serverless architecture are not adapted in parallel. While many legacy applications either need a fresh relook (read re-coding) or may use container-based solutions, they should be part of the Cloud adoption blueprint.
You can only leverage the power of cloud and benefit from cost optimization if the applications are designed to call or use services as and when required and release them immediately after the need is over, in a near real time manner. Using PaaS services, making API calls and consuming micro services (in other words, Cloud native apps) make applications light, reduce the development effort and also help optimizing the cost of ownership.
In conclusion, if you are on the journey of cloud adoption, exploring SaaS, PaaS solutions and custom building applications using cloud native architecture is recommended.
Your learnings on how to manage SLAs in a cloud scenario?
Cloud contracts are tricky – it is different compared to traditional software/services contracts. Hence it requires a fresh look at each and every point, keeping in mind the scope you are signing in for. All deliverables need to be clearly called out with a threshold for each parameter. Do not assume anything on a Cloud contract – be it Scope, SLA, License, Availability, Connections, Data Transfer, to name a few. Agree on all terms and make them a part of the contract.
The legal aspect to cloud is also crucial. Your viewpoint?
While we have covered a few contractual points in the above section, they are all critical points and need to be part of the contract. The overall deliverables (role and responsibilities covered under the contract), Jurisdiction, Penalty terms, Liability clause, Data & Cyber security clauses, etc. need to be agreed upon and should be part of the legal contract.
A critical point to be considered is the need to be extremely careful about choosing the right Geo for your cloud environment, with data localization regulations becoming stringent with every passing day. If you are choosing DR or different availability zones for your cloud instance, ensure you define the right geo for that as well.
Cloud is less secure is a myth. Your views?
While COVID-19 has advanced cloud adoption by a few years, it has also taken the myth out of many decision makers’ minds that Cloud is not secure.
Cloud is as secure as your on-premises data center; it all depends on what you configure on your cloud instance. We cannot have the same configuration yardstick used for on premises to measure cloud security effectiveness. The architecture of cloud is different and hence security configuration and measurement must also be different.
As we know, the largest e-commerce platform runs on cloud; many banking houses are adopting cloud on large scales; therefore it is time to change this thought and start looking at the security of cloud based services on your enterprise security framework. There is an urgent need to focus on all connections (API/Micro services/containers) across the Cloud and Hybrid environment, and configure the same, to monitor based on your enterprise security framework.
How do you see cloud and commercials?
Do not move to cloud because everyone else is. Rather, understand your business priorities, and find out if there is a synergy towards cloud adoption based on your business needs. Create a holistic plan (blueprint) covering workloads (services), best fit platform (SaaS/PaaS) and Cloud partners, timeline, architecture for connections (API/Micro services/containers) across your Cloud and Hybrid environment, Security, Management Layer and Automation. Cloud is designed to give you resources on demand – when it is required. So, do not overkill the Cloud by subscribing to any dedicated resources unless they are required for your business 24×7. Use the automation layer to keep the instance live when required and bring it down when not in use. Cloud, if designed correctly and managed meticulously will provide a cost advantage when compared to the total cost of ownership.