AWS FinOps – Saving Money or Making Money?

How to regain financial and operational control and ensure a fully optimized AWS cloud environment (including insights on AWS gp3)

We’re working in an era where business moves at lightening speeds. Technology has drastically increased our ability to innovate, our speed to market, and the ease with which we can scale up or down in response to ever-changing needs. But with this enhanced agility and on-demand performance comes big tradeoffs in the form of financial accountability and corporate governance. Gone are the days when a staff member would fill out a purchase order, submit it to accounting for approval, and wait days (or even weeks) for the greenlight to make the purchase. Our on-demand expectations have phased out the spending analysis step from the procurement model.

In few places is this truer than cloud environments. All too often, inefficiencies are not uncovered until after the damage has been done and we’ve wasted significant portions of our -cloud budget on needless overspending. And let’s be clear:  wasting money means you’re not making money. This is why there is so much buzz surrounding FinOps these days. Short for financial optimization, FinOps is the practice of bringing financial accountability to the variable spend model of cloud, enabling distributed teams to make business trade-offs between speed, cost and quality. There are a variety of ways to optimize cloud spending, such as contracting and other savings programs, reserved instances and infrastructure add-ons that can boost efficiencies.

Optimizing AWS Cloud Performance

AWS is one cloud provider that consistently launches new technologies to increase the cost effectiveness of its cloud environments. The R&D teams at AWS are always looking for new ways to make their tools more functional and less costly. One of the most recent products is gp3, a new type of solid-state drive (SSD) Amazon Elastic Block Store (EBS) volume that lets you provision performance independent of storage capacity and offers a 20% lower price than existing gp2 volume types. The new gp3 volume type is designed for use with Amazon EC2 instances, an elastic compute cloud where virtual servers are procured as either dedicated servers or as part of a physical server. With gp3 volumes, customers can scale IOPS (input/output operations per second) and throughput without having to provision additional block storage capacity. This means customers only pay for the storage they need.

We find that most users are spending two-thirds of their budget on their EC2 product, and within that, about 40% of the spend is EBS related. The first step in optimizing this spend is to gain visibility across your entire environment and identify areas of high or rapid growth, then use best practices to optimize and contain your costs. Some ways to do this are by deleting or converting unattached disk storage, deleting old snapshots and terminating unused assets. Once you have done this initial analysis and clean-up, you can start taking advantage of savings programs. Based on your historical cost and usage data, AWS can recommend savings plan types, terms and payment options.

While it’s true that AWS and other cloud providers offer many ways for customers to save, it’s not always easy and can be quite time consuming to achieve results. Organizations often find that they don’t have the manpower to stay on top of cloud-cost management.

To help reduce the complexity of financial optimization, Lightstream offers a proprietary tool called Lightstream Connect that provides a holistic view of your technology spend and network through a single pane of glass. Lightstream Connect is not a new offering, however it was recently enhanced in early 2021 in response to AWS’s gp3 release. The first to market this type of functionality, Lightstream’s automated tool analyzes usage patterns and drives to gather statistics and generate a concise report of recommendations for infrastructure modifications that can increase savings.

Realizing Your Potential Savings

Most organizational leaders aren’t aware of just how much they can save by -optimizing their cloud environments. In fact, it’s not uncommon for businesses to cut as much as 20% of their monthly spend without jeopardizing security or performance. Financial and IT professionals who either aren’t sure how to go about taking advantage of these savings or don’t have time to devote to it should find a partner like Lightstream that is an AWS Advanced Consulting and Microsoft Gold Partner and invests in the tools and talent necessary to secure and optimize cloud environments. Lightstream helps customers re-incorporate financial, technology, operational and security accountability -back into cloud spending either by making it easier for them to monitor and assess their own environments, or by removing the burden entirely and doing it for them.

Lightstream has helped many customers to achieve -cloud optimization. With ongoing management of their cloud environments, on finance alone we save our customers millions of dollars every year. One customer was spending $1.2 million per month in AWS. Their IT team didn’t have the time, resources or visibility they needed to understand exactly where that money was being spent. Upon assessing their environments, Lightstream discovered that they lacked tags and partitions. So, we assisted them in a tagging strategy and determined that they were actually losing money on one of their products. Our Cloud Managed Services (CMS) team optimized the product to -improve its performance and make it profitable, ultimately saving the corporation over $1.5 million annually.

Lightstream offers a free assessment to identify which EBS workloads you should migrate to gp3 volumes and calculate your potential savings using our proprietary EBS optimization analytics application. To speak with a representative about having your environment assessed at no cost to you, contact us today.

Cloud FinOps – Saving money or making money‪?

 

Cloud technology has speed go-to-markets in ways unimaginable in the past. With these advances have also come setbacks, such as runaway costs and a breakdown in operational processes. As a result, the Cloud FinOps movement has emerged to bring financial accountability to the spend model of cloud. Lightstream’s Sjon Benson explains Cloud FinOps and how to keep the focus on optimization and performance. He touches on AWS’ gp3 as a use case for harnessing disruptive cloud innovation without blowing the bud.

 On Apple 

 On Spotify

Matching Your Value to a Carrier-Support Mode‪l‬

 

Network complexity, industry consolidation and cost compression have affected carrier customer-care levels over the last decade. Lightstream’s Mark Feil decrypts the reasons behind this shifting landscape and outlines concrete steps businesses can take to find the right balance between connectivity, price and customer care.

 On Apple 

 On Spotify

Reducing the Complexity of Securing SD-WAN Environments

In today’s remote-working world, many enterprises are transitioning to software-defined networking in their wide area networks, or SD-WAN, in place of traditional MPLS-based WANs. Is it any wonder network and IT professionals are fully embracing SD-WAN? Where they once had to deal with the challenges caused by an architecture overwhelmed by an ever-increasing load of data and devices, IT departments now are able to increase bandwidth, improve connectivity, and enable multicloud applications via a single, centrally managed WAN edge platform.

MPLS-based wide area networks allowed for centralized security policy and enforcement across the organization. While SD-WAN enables lower latency and faster access to cloud and SaaS applications, it also raises significant security issues. If a corporate enterprise has 200 locations, transitioning to an SD-WAN topology now expands the footprint of locations that must be secured, audited and monitored from a handful of data centers in the MPLS world to all 200 locations in an Internet-based SD-WAN architecture. That’s a tremendous burden for IT leaders to take into consideration as they are not only deploying a new WAN architecture, but they also must make sure it is properly secured. So as SD-WAN fosters tremendous transformation, it also increases the potential for major vulnerabilities within the organization.

SD-WAN topologies enable greater network visibility and centralized management of the distributed network This in turn allows IT personnel greater insight into the applications traversing the WAN between locations as well as to the Internet. When properly secured, SD-WAN enables “internal” network segmentation on an organization’s WAN without forcing all Internet-based traffic to flow through the headquarters location. However, it is imperative that additional security tools be implemented. Networking and security technology have come a long way, but still there is significant room for advancement. No cybersecurity infrastructure is perfect, and that fact is proven daily by the number of successful cyberattacks experienced by businesses worldwide.

As organizations increasingly move to the cloud, many have turned to a cloud access security broker (CASB) or one of the cloud-based caching, proxying, and security devices to confront data security and governance challenges. Secure access service edge (SASE) frameworks have been gaining traction as these are designed to connect and secure geographically dispersed branches and other endpoints to an enterprise’s data and application resources, whether internal, cloud-based, or Internet-based. Despite – or perhaps due to – this rapidly emerging technology, it is more important than ever for IT teams to come together to determine where to do the appropriate level of security introspection and inspection.

The Convergence of Security and Networking

Where security and network procurements were once handled separately, network and security decisions increasingly are being made at the same time and more often with the same solution, according to Gartner. It predicts that as part of a desire to minimize branch sprawl, more customers will look to partner with vendors that offer a combined security and networking solution or as part of a broader ecosystem.

Likewise, this convergence is prompting convergence of networking and security teams. Frequently the question is who owns the SASE product set? The answer: it doesn’t matter.

Securing SD-WAN can be a complex and overwhelming undertaking, and one that should not be initiated without networking and security teams joining forces long before the SD-WAN is deployed. The two teams must collaborate on how to take the organization’s architecture and security posture from its current state to where it needs to go for future growth and success. Three steps to get started include:

  1. Evaluate Your Services Chain
    Analyze your edge services chain to identify what network functions need to be supported and integrated into the SD-WAN. By analyzing what components need to be physical, virtualized or combined/collapsed, your organization can determine if a single SD-WAN appliance will meet the need or whether a more complex deployment model is needed. Be sure to look at it from the lens of security, including regulatory compliance.
  2. Identify Must-Have SD-WAN Security Capabilities
    Learn the different security features of various SD-WAN vendors and line them up against your organization’s requirements. Some must-have security capabilities include policies for on-demand security, encryption, distributed denial-of-service DDOS protection, unified threat management (UTM)/firewalls, and threat intelligence.
  3. Fill Security Gaps
    Address missing security needs with managed services. These services can range from Managed SD-WAN solutions to Managed Security Services that address security from the network’s edge all the way to the cloud, and incorporate automation, Zero Trust, and best practices for security and industry-specific compliance. The key is to make sure you work with a partner who understands clearly how to secure SD-WAN solutions effectively with clear KPIs that work well with your IT organization.

The Case for Outsourcing

As SD-WAN adoption expands, there is a surge in managed service providers augmenting the enterprise IT staff. Organizations are finding that they must refocus valuable internal IT resources to carry out their core goals. The software-defined nature of SD-WAN lends itself to leveraging third-party providers that can alleviate the burden on overworked IT staff. The smartest IT leaders will turn to a provider with expertise in network, security, and cloud to gain 360-degree visibility into network and security actions as well as cloud governance

 

 

Top Security Predictions that WON’T (But Should) Happen in 2021

If you’re scoffing at the predictability of a trend-related blog post in January, we couldn’t agree more. In an effort to be slightly less predictable, we’re taking a different approach by letting you in on what the cyber security community predicts will not happen this year. Industry veteran and Vice President of Security Strategy at Lightstream, Rafal Los recently took to social media to ask, “What’s the thing that probably won’t happen in cyber security in 2021?” Some of the responses from his followers were expected, others, not so much. So, without further ado…let’s take a look at their anti-trends for the coming months.

Tied for #1: Password Elimination & Meaningful Asset Management

Let’s face it, passwords and asset management seem like they’ve been a thorn in the side of the security industry since the invention of the computer. In fact, the first computer password was developed in 1961 at the Massachusetts Institute of Technology, for use with the Compatible Time-Sharing System (CTSS). Yet 60 years later – long after CTSS has given way to the modern Windows and OSx systems in use today – the general consensus is that passwords won’t be going away anytime soon. What is driving this skepticism?

For starters, we still don’t have a better way to protect our personal and enterprise data. Thumb prints and facial recognition are promising, but they still haven’t proven themselves to be ironclad. Adding to that are the security challenges COVID-19 has forced enterprises to overcome. With many companies now operating in work-from-home (WFH) environments and the very real possibility that this will be an ongoing strategy in the post-pandemic economy, remote workers are at a huge risk for identity-related breaches. Corporate IT is struggling to maintain control of computer-related assets, including software, unauthorized devices and loss of security.

Knowing that passwords are here for the foreseeable future and that asset management has never been more challenging, 2021 presents an opportunity for IT leaders. This is a critical time to adopt new ways to improve the identification, tracking and management of employees, applications and devices that access resources.

#2: Widespread Zero Trust Adoption

It’s hard to argue that the adoption of Zero Trust principles is anything but required for cybersecurity to advance. So, despite Zero Trust being at the foundation of Lightstream’s offerings, and what analysts and professionals feel is the future of security, there appears to be a lack of confidence in it being widely adopted in the coming months. It could be that many see Zero Trust as a tool or a widget to be installed – when in fact it’s a rethinking of the way systems interact and behave. Zero Trust goes at the root of security – identity and data – oddly the two things cyber security understands the least. There is something of significance here, but we’ll save that for a future article.

Enterprises should widely embrace a model that shuns the assumption that everything behind the corporate firewall is safe, or that there is such a thing as “behind the corporate firewall” anymore. The security of every organization depends on a new way of thinking, and the Zero Trust model of “never trusting, always verifying” would be hugely beneficial in an environment where remote working is becoming the norm. Lightstream’s Managed Security Services platform incorporates automation, Zero Trust concepts, best practices and industry-specific compliance to help IT leaders manage costs effectively, reduce complexity and improve the efficiency and efficacy of data center, network and cloud security.

#3: Fully Patched Environments/Systems

“Patching. It was a problem in 1999, and the social media responses prove that it continues to be a problem in 2021. What makes this such a difficult task?” ponders Rafal Los. Patching is the process of applying ‘fixes’ to existing deployed software packages, most often from the vendor, when flaws are identified and resolved. Similar to applying a physical patch to a garden hose to prevent water from leaking out, the purpose of the cyber security patch is to cover the vulnerability, keeping attackers from exploiting the flaw. Much like how water usually finds a way to break through that patch in your garden hose, attackers are experts in finding ways to circumvent applied patches when the underlying cause is not fully remediated. Therefore, enterprises must ramp up their vulnerability management strategies in the coming year.

The process of identifying, categorizing, prioritizing, and resolving vulnerabilities in operating systems, enterprise applications (whether in the cloud or on-premises), browsers and end-user applications is no small feat. It’s an ongoing process that requires considerable time and resources, which makes it an initiative that enterprise IT might best consider outsourcing.

#4: Elimination of Phishing

It’s clear that no one expects phishing to go away, nor do we expect people to stop clicking on phishing lures – yes this includes you, security professionals. So, it’s not a huge shock that this is among the anti-trends predicted for 2021. Phishing scams are becoming more sophisticated every day, so it’s imperative that corporate IT do their best to stay one step ahead of attackers. This may involve taking a multi-faceted security approach to lessen the number of phishing attacks and reduce the impact when attacks do occur.

#5: Unification of C-Suite & Security Professionals

There are many cynics in the cyber security industry that see a lack of executive accountability (with the exception of the Chief Information Security Officer). This threatens to further deepen a dangerous rift between security professionals and the companies/boards they support. Therefore, there is a major opportunity for companies to develop strategies to ensure accountability “goes both ways,” as we like to say.

#6: Effective Use of Machine Learning

People are still broadly skeptical of Machine Learning in cyber security. This subset of artificial intelligence has been significantly hyped since its inception, yet it still hasn’t fully come to fruition. Rafal Los considers that while it sounds exciting, perhaps we might be a bit premature in the belief that systems can learn from data, identify patterns and make decisions without human intervention. Besides, we’ve all seen what happens when machines become “artificially intelligent” – and we’re pretty sure we don’t like the ending of that movie.

Other Notable Anti-Predictions

There were several other responses to Raf’s social media posts worth mentioning. While you’d be hard pressed to find someone that expects the number of breaches to go down or malware volume to decrease, they surprisingly didn’t make it into the top six predictions. Could that be due to industry optimism, or perhaps it’s just that we’re all tired of talking about these topics? On the flip side, the elimination of WindowsXP systems made the top 10, which is astonishing since it officially became unsupported way back in 2014 (seriously, what’s it going to take?).

Software-security-related items appear several times, making it obvious that there are some who still have little faith in software security. Rafal Los blames the contentious relationship between security professionals and developers. According to Raf, a typical security professional/developer exchange [still] goes something like this:

Security professional: “You’re doing it wrong.”

Developer: “You don’t know what you’re talking about. Show me.”

Security professional: “It’s not my problem. Fix it.”

Clearly, this is another area where there is major room for unification in 2021.

Contact Lightstream to find out how we can help you unify strategies to build secure, generational capabilities that can help your organization accomplish its goals for 2021 and beyond.

So Many Tools, So Little Time

More than ever, IT departments are being burdened by securing and retaining talent, procuring and maintaining toolsets and overcoming budgetary constraints. Lightstream’s Mark Feil discusses why IT leaders should be rethinking deployment of best-of-breed management tools and pushing back on Managed Service Providers to deliver better value despite these constraints.

 On Apple 

 On Spotify

The Evolution of the CIO: The Convergence of Technology and Operations and How Enterprises Must Adapt

In a recent report entitled Gartner Top 10 Strategic Predictions for 2021 and Beyond, a Gartner contributor boldly stated that by 2024, 25% of traditional large-enterprise CIOs will be held accountable for digital business operational results, effectively becoming “COO by proxy.” No one can argue that as enterprise processes have become digitized, today’s CIOs are being challenged to shoulder many tasks that traditionally fell under the operations umbrella. Over the past few decades, technology has helped streamline processes and create efficiencies across the enterprise, making IT support integral to every organizational silo, from marketing to finance to customer support.

How the role of the CIO changed in 2020

In 2020, the COVID-19 pandemic forced organizations worldwide to rethink the way they do business. IT teams scrambled to set up remote working capabilities for the majority of staff, which was no small feat from an operational standpoint. As we enter 2021, many are still successfully working from home thanks to operational controls, technology and the support staff that maintain it.

All of this has taught us how important ‘composability’ is in business. According to Gartner, one of the keys to enabling business success in 2021 and beyond, is to engineer your organization for real-time adaptability and resilience in the face of uncertainty. That means accelerating digital business initiatives so that you’re able to quickly and smartly react to external circumstances and optimize business processes accordingly.

Companies that are cloud natives already have an advantage. However, as CIOs are increasingly being called on to enhance operations and help make their organizations more nimble, they have less time to focus on important initiatives such as cloud management and security.

The impact of digital transformation in the enterprise

External pressures are forcing the C-suite to evolve, and new roles keep popping up in response to this digital transformation. The organizational silos that have always existed are now becoming somewhat obsolete. Enterprises that were once vertical in nature are being flattened by digitization. As they become more horizontal, they’re increasingly resistant to the vertical roles that once governed them.

So how are business leaders supposed to overcome these challenges and equip their organizations with the composability they need to accomplish future goals? In the wake of such a drastic digital conversion in 2020, how do you build a C-suite that works with this new model? Who should report to whom? And finally, how should CIOs think differently in the coming year? Future-proofing the enterprise won’t be easy, and it will likely require significant changes.

Closing the gaps in what technology can do and what your business wants to do

Since people are often opposed to such change, it is not recommended that an internal leader conduct such a drastic shakeup. Instead, it is recommended that you engage a project management organization or other third-party consultant to analyze your business and technical processes. It’s also wise to partner with a culture consultant who can bring an outside view and help facilitate a smooth transition. You may find that outsourcing some of your IT services will free up your CIO and support staff so that they can focus on their core business which is now heavily centered on enhancing operations.

When outsourcing, it’s best to find a partner with multiple views of the environment in order to address any gaps in service. Keep in mind that what you knew yesterday about the tech stack is not necessarily what you’ll need to know in the future. IT professionals should no longer consider themselves purely technologists but rather business optimization professionals, and outsourcing the baseline technology set will allow for that shift. The ideal partner can expertly manage your cloud environment and provide value through technical and operational best practices, cost optimization and a specific focus on security and compliance.

While Gartner’s view is that the roles of CIO and COO will merge in the coming years, it is unlikely that internal IT teams are ready for a total transformation. The breaking down of operations and IT silos has been a very slow process that may never be complete. Some CIOs don’t believe it would be entirely appropriate, as there are still many COO responsibilities that do not quite fit into the CIO’s business model. So, we may see a new title taking over this role in the future. As with everything, there will be early adopters such as cloud-native businesses and others where the bulk of operations are already in the digital environment, as well as organizations such as those operating with legacy systems that may never adopt it.

The bottom line is that a CIO’s role, and that of its support staff, is no longer just about technology. Holistic thinkers know that as we move forward, the focus should be more about the overall business and culture of an organization. COVID-19 forced the operational model to change overnight, and it’s impossible to go back to the way it was before. The past year highlighted how CIOs can drive digitalization across the organization — and how their shift in focus from purely IT to contributing to overall business operations is integral to future success.

To learn about how Lightstream can help your organization overcome complex technology convergence challenges through a flexible mix of consulting, integration and managed services, visit www.lightstream.tech.