Infrastructure Vendor Landscapes

Infrastructure Vendor Landscapes
Have you ever done an inventory of your digital infrastructure?

Top Answer : You have to know your infrastructure. I’m both CIO and CISO, so when I joined the company I went through all of my technology organizations to get an accounting of all of the assets and what they're for. I wanted accounting in all the accounts and to make sure that we'd off-boarded everybody we needed to. Now I'm looking at tools to reduce licenses when people don't need them, which reduces the security footprint and saves money. Those are the things that matter the most.

What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

Related Tags
Business Application Development
Architecture & Strategy
Requirements & Design
Testing, Deployment & QA
Mobile Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Data Center
Public and Hybrid Cloud
Business Applications
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Machine Learning
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
Virtual Reality
Digital Innovation
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Voice & Video Management
Continuous Integration
Technical Product Management
Continuous Deployment
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Enterprise Resource Planning
Marketing Solutions
Human Resource Systems
Product Recommendation
Risk Management
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Attract & Select
Cost & Budget Management
Manage Business Relationships
Organizational Design
Program & Project Management
Train & Develop
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Strategy & Operating Model
Business Continuity
Architecture Domains
Tool Recommendation
According to Gartner, 76% of organizations are currently starting, restarting or renewing their enterprise architecture (EA) efforts. Does this apply to your organization's roadmap for 2021?

Top Answer : I did a study on this a number of years ago when I worked for an analyst firm.  At the time I recognized this as a cyclical thing.  I think this continues.   Organization need EA organizations.  This becomes increasingly true when the world is moving fast and where you need to have the various parts of the organization work together. Since this is the permanent state, they all need EA. However, most organization don't want to make the changes necessary for EA teams to thrive, many EA teams aren't very good in actually producing change, and everyone else is often too busy protecting their turf to see how EA can help them. Eventually someone begins the question the return on investment of the EA function, the turf protectors become even more rigid and accelerate it, EA starts producing artifacts that only they understand and are never up to date and EA gets disbanded, reduced funded, or decentralized. Then someone realized, there is a lot of change happening, we are slow ad adopting, the parts of the organization aren't working together, etc... and we start anew. I too am seeing a upswing at the moment, and have some hope that it could be more lasting this time with the emergence of journey based/capability based organization and modern operating models. But the resistance is still there so we will see.

What’s the #1 focus of your cloud security strategy?

Top Answer : Right now I'm driving everyone to focus on implementation of basic controls, as I call them, that gives you the best thing for everybody, and to ensure there’s governance around it. Then over time, hopefully you navigate to cybersecurity maturity and reduce your likelihood of being attacked by making sure you put the right controls in place. That's not the answer that people like to hear because it's not sexy, it’s boring—there's no AI or ML mentioned. But there's an opportunity right now to get that to the baseline. After that, when you have it, then you can then leverage technology to be the force multiplier. What I don't want happening right now is that people put AI/ML on a crappy foundation. That will just keep telling you that you have a crappy system over and over again. I don't need a notification every day telling me something's bad if I already know it's bad. But that's where people are wasting a lot of time. So where’s the balance? I think it will be a scale of maturity. You protect your infrastructure, identity, boundaries, and you make sure those are all well connected. From a cyber perspective, you have tight control over what goes in and out of those parameters. And then you can start worrying about some of the loopholes that all these cloud apps are creating in terms of bypassing those boundaries.

Is process improvement part of your cloud security strategy?

Top Answer : There are several elements to building a more robust security footprint, and process is number 1: you're never going to get rid of people in the chain and therefore process remains important. And it’s also important to make sure people have a good understanding of what that process is, that they know how to run it and have the discipline to do it effectively—not create artificial constructs that just make you appear to be secure. The second element is that you need to have something—not somebody—watching your security on a 24/7, highly scalable basis, and looking for vulnerabilities to take immediate action. Because you might have identified the compromise and developed a fix, but now you've got to roll it out to billions of nodes. That is a daunting task in and of itself.

How have you secured your network in a perimeter-less context?

Top Answer : I spent 5 years at Illumio, so I'm a little biased towards micro-segmentation as a security strategy. If you could segment your applications, networks, and endpoints from each other, you should. If you don't have a need to access that web server, then why do you have the ability to access it? So obviously some segmentation is critical.

Should vendor landscapes shift into an industry-wide standard architecture model?

Top Answer : I used to lead the solutions architecture team at WSO2 for more than 10 years. While working with architects I identified a bunch of issues that they are facing. First, people are looking at a mismatch of reference architecture because most of them are reference implementations. I call it a reference implementation because most are bound to a specific vendor. It's explaining how you build something using that particular vendor technology. I wanted to make a vendor and technology-neutral architecture. Second, people are blindly moving to microservices. They are not looking at the complications they face in production systems and enterprises, or how to use microservices correctly. And there's a need to group or federate microservices but there's no standard to do that. In addition to that I saw a gap between the architecture, development, and deployment—basically between the architect, developer, and DevOps engineer. There was nothing common that you could take from architecture into development, and into deployment. So I wanted to build an architecture construct that can take throughout the development life cycle. I call the architecture construct a ‘Cell’ in the reference architecture.   That's where cell-based architecture (CBA) came into the picture. I saw that the concept of cells in biology was very fitting because cells create complex systems, and in an enterprise, you see the same thing. I studied system biology a bit and looked at parallels between biology, system biology, and the system architecture to create this architecture style. For example, each cell should have a gateway, like the membrane of a biological cell that controls it. After I released a paper on this in 2018, many other parallels came on the market. Uber is using a concept called Dorma, a domain-oriented microservices architecture, which is the same concept. A number of our customers use this concept to plan, build and run their cloud-native microservice deployments. We are planning to inherit some of the concepts in our internal product development in this low-code and pro-code platform as well. You can read the complete spec from, released under CC-4.0 so feel free to contribute, comment and even criticize.

How have you approached implementing cloud architectures when working with private equity-backed companies?

Top Answer : In automotive, they're definitely big cloud users, but they're also leaning a lot more towards edge, because they see long-term payoff in that investment simply because of latency. 5G only gets me to the pole—from the pole in, edge computing is my way around that. So they're creating these very complicated, multi-cloud hybrid environments and the decision at the board levels, or at the senior management levels, is not around the details of the cloud, or the model. It's, "Can you get us money back in? Yes or no?"  That's why the discussion from the perspective of the PE and the split that they're doing makes no sense to me. It's like, "I'll take a quarter of this, half of that and another quarter of this and call it a company." I think that puts CIOs in a very bad way.

Technology selection is a critical success factor for any startup. If you are a startup founder and responsible for the technical strategy, what is the process and the criteria you follow when picking the technology for your MVP? (if you are running an innovation lab in an enterprise, you might facing similar challenges that come under conditions of extreme uncertainty)

Top Answer : There is no formula for this selection. However, keep two things in mind. Scalable - does the technology stack provide scalability. You do not want to start big but you do not want to change technology when you become big. Flexibility- does the technology let you change quickly? Does it let you integrate with other technology?