Cybersecurity Maturity Journey

 NIST 1.1 Framework

The customer's cybersecurity journey maturity can be mapped against each category and the customer’s target objective for that category, as depicted below.

Target Maturity Roadmap mapped to NIST Framework.

Implement, Monitor, Measure and Improve

Cybersecurity maturity is a journey. Various organizations have adopted varying degrees of control and continuously taking measures to improve their maturity. 

Source: Verve

https://verveindustrial.com/resources/whitepaper/5-steps-to-greater-security-maturity-with-nist-csf/

 

Cloud Strategy

What's Cloud Strategy?

Cloud strategy is always confused with Cloud Implementation plan. These are different documents with diff purposes.

The Cloud Strategy is a business document, whereas Implementation Plan is IT document. The implementation plan is an IT document. It primarily talks about the Cloud Adoption, operationalization, methodologies, best practices, Assessments, Tools and steps etc

Key stakeholders: 

CIO, Cloud Architect and the Business Sponsor. 

• CIO: Initiate the cloud Transformation Project, Oversee, Mandate, Set the deliverables, and Set the success metrics.
• Cloud Architect: Project Owner who spearheads the cloud transformation
• Business Sponsor: CIO is not the business sponsor. The business Sponsor facilitates how the business will transform into digital business 

Key Business Drivers: 

1. How the business will transform into digital business.
2. Please note: Its not about Availability, Scalability, Agility, Cost reduction, Improve Productivity

How do we document Cloud Strategy: (5-7 pages)

1. Executive Summary (1-2 pages)
• Vision
• Why the project is important to business
2. Business Drivers (examples like)
• Is the organization leveraging Sensor based
• Are we interested in data ingestion & correlation
3. Cloud Adoption Approach
• Are we going to adopt Cloud First or Cloud Opportunistic
• Multi-cloud?
4. Risks
• Risks important to executives. Put it within context.
• Is the cloud Secure?
• What if the Cloud providers fail?
• What if Cloud Shut us down?
• How do we address the concerns around Cloud Lock-In?
5. Exit Strategy
• How much time do we have to exit
• What are we going to exit? Is it entire cloud provider or only the tier 1 applications?
• Who makes the decision? It should be collection of people (Legal, Procurement, IT, business)
6. Success Metrics for business
• Number of advise generated from the data stream
• Improve the efficiency by integrating the systesms
• Reduce the onboarding time by 15 %

Common Mistakes while building cloud strategy

1. Creating a document that's geared more towards IT than business.
• There are no IT projects. These are business projects and business outcomes
2. Writing a very long document
• Ensure you don't prepare IT specific cloud implementation plan> Remember this is for the Executives. Ensure it's accompanied with Presentation 
3. Not gathering everyone's viewpoints
• Get everyone's buy-in
4. Not appointing the Owner to drive the project
• Its the Cloud Architect 
5. Not having business Sponsor
6. Not having an exit strategy
7. Confusing Cloud Strategy with Implementation Plan
8. Not having Success Metrics
• To track the progress and stay on track 

Source: Elias Khnaser @ pluralsight

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud: ecurity is a complex and constantly evolving threat, but again, Google is top of the leader-board when it comes to cloud security.

IT Modernization Goes Beyond The Apps

<https://www.itjungle.com/2023/04/17/it-modernization-goes-beyond-the-apps-kyndryl-says/> 

Excepts from the Kyndryl sponsored Forrester Study on IT Modernization challenges and Benefits

Key Challenges faced by the organizations Modernizing

1. Nearly half of those surveyed say their operating models prevent them from making quick decisions based on changes to the business. 
2. Only 55 percent said they can effectively scale their operations when needed. 
3. And nearly half said they struggle to control and predict IT costs in the cloud, a common site (though not an exclusive one) for organizations’ modernization exercises.
4. In many cases, old infrastructure, including aging IBM i and System Z servers and applications, are holding organizations back, Grama says.

“It’s not surprising to hear the outcome of that study,” he says. “A lot of these guys have really old infrastructure. 

1. They have old monolithic application written on legacy technologies that don’t lend themselves to modernization at any level. 
2. There’s complexity, there’s sprawl.  Every one of them has had sprawl built up over the last many decades. 
3. And they don’t understand exactly what they have, and in cases they don’t particularly have the most accurate source code. 
4. Their applications are not agile, their infrastructures are very static, they don’t use things like infrastructure as code, etcetera.”
5. Global firms are suffering from IT inefficiency, a lack of innovation, and a lack of malleability to get new business models.

Skill Shortage:

According to the Forrester study, 42 percent of respondents said their organizations don’t’ have the right skill sets to manage its current operations, 34 percent said their organization requires too many skilled workers, and about one-third said they struggle to retain employees.

Benefits derived from Transformation:

12 ways to maximize your cloud investments

https://www.cio.com/article/465322/12-ways-to-maximize-your-cloud-investments.html#sf265617302

Cloud costs are a rising concern for today’s CIOs, but the right tools, talent, strategy, and contract terms can help ensure you make the most of your current (and future) cloud spend.

Over the past few years, more organizations have gone all in with migrations to the public cloud. But for some “without a concrete strategy, it has led to some obvious challenges with respect to measuring the real value from their cloud investments,” says Ricky Sundrani, a partner in the pricing assurance practice at Everest Group.

Cut to one of the most significant concerns across enterprises today: rising cloud costs.

“Many enterprises are getting some unwelcome sticker shock surprises for their cloud services that are coming in much higher than estimated and blowing up the business cases they used to justify their program in the first place,” says Andy Sealock, senior partner in the advisory and transformation practice at West Monroe.

While inadequate planning at the start of the cloud journey is a major driver of this disconnect, there are plenty of others: limited visibility into cloud consumption and patterns, unchecked cost leakage, cloud sprawl, lack of workload optimization, and weak demand management policies, to name a few. More than two-thirds of organizations are not realizing the full value of their cloud investments, according to an Everest Group survey of CIOs.

0 of 30 secondsVolume 0%

 

The business case for cloud remains the same: greater scalability, increased efficiency, better data security, increased reliability and resilience — and, potentially, lower costs. But realizing those benefits requires deliberate and active management of cloud deals.

There are a number of actions IT leaders can take to maximize the value of their current and future cloud investments, from well before partners are narrowed down to long after the contracts have been signed. 

The following dozen tips are worth adopting.

1) Assemble a cross-functional cloud team

One of the biggest missteps when pursuing cloud opportunities is failing to make these cross-functional efforts from the top down.

“When cloud transformation is driven by a CXO office without close involvement of business units and development teams, finer nuances are missed, leading to ineffective cloud adoption from a cost and efficiency perspective,” says Mukesh Ranjan, vice president of IT services at Everest Group.

IT leaders should assemble a team with representatives of all key stakeholder groups during the planning stages of the cloud transformation journey, Ranjan says. A 2022 PwC survey found that companies that were achieving transformational benefits from the cloud and reporting fewer barriers to value typically involved five or more functions at the start of their cloud projects. Doing so later on in migration, though less ideal, is still an option to ensure that 360 degree view of enterprise cloud requirements and usage.

2) Define baselines and (realistic) expectations

Too many organizations lack a full understanding of the benefits they expect to gain from the cloud vis-à-vis their existing environment. That requires assessing the value of the current environment, the value they seek from cloud adoption, and timelines for achieving that value.  Only then can they select the providers, solutions, and expertise that best align with their cloud goals, says Ranjan.

It’s important to take off the rose-colored glasses during this process. “IT leaders must be realistic in how much of their premise-based compute footprint can be migrated to the cloud and how quickly this can happen,” says Sealock.

3) Build a full business case

During the pandemic, many organizations rushed to the cloud — and for obvious reasons. But migrating to the cloud without a well-thought-out business case is not an optimal strategy. A hurried lift-and-shift approach typically results in increased costs over the long term. During a migration frenzy, companies can take shortcuts that result in technical debt that dilutes the impact cloud transformation can have.

“Think of cloud as a modernization journey and not just a migration,” Ranjan advises. “Undertake application modernization initiatives such as refactoring, rearchitecting, replatforming, and replacing as needed to optimize applications running on cloud.”

4) Analyze (and negotiate) cloud contract terms upfront

Many IT leaders lack the relevant market data required to conduct informed negotiations with cloud vendors.

“This could be pertaining to expected discounts, more favorable terms and conditions offered to certain buyers, and better transformation timelines, among other things,” says Sundrani.

Marina Aronchik, a  partner in the law firm Mayer Brown’s technology and IP transactions practice, recommends accounting for the terms in cloud agreements as part of the broader evaluation of potential cloud solutions and providers. 

“In the current economic environment, customers may have a unique opportunity to secure more flexible and favorable contractual terms,” Aronchik says. “To do so, IT organizations should build time into the process for reasonable engagement with several cloud providers on a competitive basis, or a single cloud provider with a reasonable opportunity to pivot to an alternative solution if needed.”

5) Read the fine print

The value of a cloud contract is not fully represented in the fee schedule. What the customer may assume to be “permitted use,” the cloud provider may deem “excess use” or an “overage.”

“To maximize total value of a cloud contract, IT leaders should look for contractual and technical clarity on the metrics that are used to calculate relevant fees, reliable tools for monitoring consumption, and the methodology for addressing actual or potential excess use,” says Aronchik.

6) Beware of minimum commitments

It can be tempting to agree to certain volume or spending levels to secure deeper discounts for ongoing cloud usage. But it’s one of the leading causes of stranded value in cloud contracts.

“It’s important to not overcommit on the minimum commitments,” Sealock warns. “This often depends on an enterprise being able to accurately predict how much of their premise-based footprint they can actually migrate to the cloud and at what rate.”

If an IT organization runs into issues that delay or prevent moving on-premises systems to the cloud, and thus miss a minimum commitment, there will be costs involved. “Longer term commitments, use of ‘sticky’ native services may drive larger contract discounts but also impact your technology plans,” says Sealock.

7) Leave no cloud stones unturned

There are a number of internal factors that can impact cloud value realization. “Challenge your IT department to pull all levers for efficient cloud usage,” advises Sealock. There may be an opportunity to refactor applications to make them more efficient users of cloud resources, adopt cloud native services instead of lifting and shifting existing system to IaaS, or move to SaaS options as part of ongoing application rationalization.

Increasing the focus on application modernization is crucial to extracting the full value of cloud, says Ranjan.

8) Invest in a cloud management platform

Real-time visibility across the cloud environment goes a long way in preventing unexpectedly huge bills from cloud providers. But “cloud pricing and ordering options are at a sufficient level of complexity that it is beyond the capacity of a ‘smart person with a spreadsheet’ to manage effectively,” says Sealock.

There are numerous cloud cost management tools on the market from established players and startups alike. These tools should have real-time interfaces to the cloud service providers’ pricing engines and be able to automatically match the enterprise’s cloud usage patterns with the right cloud services (e.g., IaaS, PaaS, native) and configurations (e.g., service instance type/size, storage tier). Sealock advises evaluating multiple platforms, looking for the following attributes:

• Financial (in addition to technical and operational) management capabilities
• Integration with automation tools for orchestrating technical deployments
• Capacity to pull usage from both cloud and on-premises environments
• Ability to model what on-premises environments would look like (and cost) on multiple clouds
• Engineering support to ensure the tools remain properly configured over time

9) Secure scarce cloud management talent

“Cloud pricing can be very complex and dynamic and is highly dependent on usage,” says Sealock. Without the proper governance, unnecessary costs can quickly accumulate. Adopting a cloud management platform is step one, but these tools are themselves complex. IT leaders must also recruit technology professionals who know how to use cloud management platforms to continually refine cloud service usage to meet enterprise SLAs at the lowest costs.

Enterprises  are seeing premiums for cloud skills outpacing those for standard IT infrastructure skills, according to research by Everest Group.

“Cloud expertise is in short supply, but without in-house experience it is difficult to avoid the wasteful pitfalls,” Sealock says. “Invest in the people to use the cloud tools properly who can also design the policies, processes, and procedures of a cloud governance framework.”

In some cases, IT leaders will create a cloud center of excellence that can be leveraged across multiple lines of business. 

10) Get serious about demand management

Ease of use and self-provisioning are two of the big benefits of using the cloud, but they also open the door to unmitigated (and sometimes invisible) cloud sprawl. IT organizations must create and communicate clear policies and processes for cloud demand management.

“Training can be used to increase the socialization of the policies and processes to users, but good compliance also requires those policies to be enforced within the programmed workflow of the tools,” says Sealock, who suggests putting some teeth into demand management. “Communicate top down that there will be smart constraints on cloud usage that will be reinforced via training but also codified in the workflow of their systems.”

11) Address overruns right away

Some IT organizations may view cost overruns as inevitable. But ignoring them is a mistake. “They do not get better on their own,” says Sealock. “It takes action to change the dynamic.”

Unexpected — or worse, inexplicable — cloud costs are a red flag. Understanding the root cause of the usage and addressing it as soon as possible is important. “You do not want to discourage cloud usage, but you must insist that the usage be smart, deliberate, and cost-effective,” Sealock says.

12) Continuously monitor and measure cloud value

Having clearly defined SLAs to measure performance against expected value is crucial. “Unless enterprises have a well-built process to continuously monitor and measure value against their stated goals, they will slip off in their transformation journey,” says Ranjan.

Cloud vendors, consultants, and other partners are likely to keep pushing more cloud, but its critical for IT leaders to periodically re-evaluate the cloud march to ensure the organization can achieve the intended value. 

by Stephanie Overby

B2B Sales Quick Overview

Noting down the overall B2B Sales process. 

B2B Buying Journey

B2B Buyer Challenges:

• Modern Buyers are more skeptical
• Buyer is well informed about the services/solutions they are buying
• Buyers worry more about the risk of Purchase
• Buyers want to try out first before buying Solutions or Services

Effective Sales Strategies:

• Know Prospect Well, Research thoroughly:
• Effective Sales enablement. Provide buyers with adequate, advanced information to supplement their knowledge to assist them with their decisions.
• Create Ideal Buyer Personas.
• Be far-sighted and think long term
• Sell solutions to help solve problems and not products loaded with features 
• Periodic, Value added follow ups are important

Effect of Identifying Appropriate Buyer Personas in Numbers:

6 Steps of Solution Selling Process:

Credits:Mark Quadros

https://www.reallysimplesystems.com/blog/b2b-sales-strategies/#skeptical

Interesting insights around Cloud exit

 https://world.hey.com/dhh/the-hardware-we-need-for-our-cloud-exit-has-arrived-99d66966

DAVID HEINEMEIER HANSSON

April 6, 2023

The hardware we need for our cloud exit has arrived

It's been a long time since I last saw a physical piece of hardware used to run our services at 37signals. I vaguely remember doing a tour of our Chicago data center over a decade ago, but somewhere along the line, I just lost interest in the iron itself. Now the interest is back, because hardware is fun again, so let me share my excitement with you!

These are the two pallets that showed up in our Chicago data center recently. The same day that an identical set arrived in Ashburn, Virginia for our second data center. In total, we received twenty R7625 Dell servers that'll power the bulk of our cloud exit. It's a staggering amount of computing power in a shockingly small footprint.

Here's a diagram of our four cabinets in Chicago (we have another four in Ashburn). As you can tell, there's still a bunch of older hardware dedicated to Basecamp in particular. A good chunk of that will actually get retired, once we're done setting things up. But all the 2U servers marked "kvm" at the bottom of the cabinets are the new ones:

You can spot the new R7625s at the bottom of the actual racks here, next to the older gear:

Each of these R7625s contain two AMD EPYC 9454 CPUs running at 2.75GHz with 48 cores / 96 threads. That means we're adding almost 4,000 vCPUs to our on-premise fleet! And a ridiculous 7,680 GB of RAM! And 384TB of Gen 4 NVMe storage! Serious horsepower and headroom for years to come. In addition to this, we have another ~six database servers showing up between now and this summer, and then we'll be set.

The contrast to the origin of Basecamp is funny. We launched Basecamp on a single-core Celeron server with just 256MB of RAM back in 2004. Spinning rust at 7,200 RPM. And that was good enough to get the business from part-time to full-time in about a year.

Almost twenty years later, we now have a long lineage of legacy applications (because we promise to keep applications customers depend on running until the end of the internet!), some massive flagship services in Basecamp and HEY, and a mission to get it all running on hardware we own ourselves again.

It's kinda wild to think that it's been less than three months since we decided to scrap Kubernetes and pursue a simpler solution for the cloud exit with MRSK. And that we've already moved half of the cloud applications that need to come home!

Over the next month or so, we plan to bring home both Basecamp Classic (still a multi-million dollar business, even if it hasn't been updated in about 13 years – that SaaS magic!), as well as the grand prize of the cloud exit: HEY! That'll leave us with just Highrise and a small auxiliary service called Portfolio left in the cloud as we start the month of May.

I thought we were already being optimistic when we planned a total cloud exit by the end of summer, but now it seems we'll basically be done by the end of spring instead. Truly a remarkable achievement by the team working on this effort.

The reality of our accelerated timeline has made me even more bullish on cloud exits in general. I imagined getting out of the cloud was going to be as hard as getting in. But that just hasn't proven to be the case. Though perhaps it's helped that we've had that nuts number of $38,000/week in cloud spend as a motivating carrot to get it done quickly!

I seriously hope that other SaaS entrepreneurs looking at their daunting cloud bills are paying attention. Once you've gone cloud, it might seem impossible to contemplate getting out again, but don't believe that for a second.

Modern server hardware is incredible. We've taken huge leaps forward in performance, density, and cost over the last few years. If you haven't run the numbers since cloud became the default in the past decade, you really ought to do so now. The numbers might just shock you as much as they did us.

So the end is now clearly in sight. We've solved all the key technical challenges we needed to address to make the cloud exit happen. We've been running production apps on MRSK for a while now. The path is clear, and I can't wait for those mammoth cloud bills evaporate. I think we're going to find that the napkin math I did for our public calculation of savings will be highly conservative. But we'll see and we'll share.

Broadcom's perspective around unlocking the value and success with partners

 https://www.cio.com/article/472037/unlocking-value-and-success-for-partners.html

BrandPost

By Hock Tan, Broadcom President & CEO

Apr 03, 2023 5 mins IT Leadership

Broadcom is committed to a robust partner ecosystem.

In the years that I have led Broadcom, I have found two things to be true for technology leaders: First, success with your customers starts with success with your ecosystem partners; and second, driving ecosystem growth is key to maintaining the growth of your own business.

This is why, at Broadcom, we bring innovation, investment and attention into our making customer value a lasting reality through our pioneering partner programs. These programs help us drive two pivotal customer objectives: innovation in technology and innovation in business models.

From joint innovation to accessing new markets, our pioneering partner programs help us do more for customers. As digital transformation accelerates, customers need fully integrated solutions that address their needs.

Today, we have more than 35,000 partners in our IT infrastructure and cybersecurity software ecosystem, and every single one plays a vital role in bringing value and success for our customers. We work with many kinds of partners across the entire value chain – including the production, procurement, distribution and deployment of our products. They help us expand the reach of our technology and drive better business efficiency and experiences for customers.

When we set out to make any business decision, we always ask ourselves the following three questions:

• Does it drive a better outcome for the customer?
• Does it allow and enable profitability for a partner?
• Does it drive better efficiencies for Broadcom?

If the answer to any of these is “no”, it’s not a path worth pursuing. Our partners and customers should always benefit from the decisions we make.

What partners bring to Broadcom’s customers

At Broadcom, we understand that the key to growth isn’t found in being all things to all people, but instead we believe our customer-first mindset, coupled with purposeful partnerships, is key to delivering untapped value for customers. 

Broadcom’s innovative and industry-first partnership models provide that purposeful plan for how our partners integrate into the overall value chain, and empower each company to leverage their core competencies and do what they do best. Our highly capable partners help us provide solutions for customers ranging from the world’s largest public and private organizations to small- and medium-sized businesses (SMBs). Through Broadcom’s unique friction free Expert Advantage Partner Program, partners deliver high value services to customers of all sizes – including our largest enterprise accounts. 

Yet, the value our partners deliver goes far beyond services. Showcased on our Insights Marketplace at expert.broadcom.com, customers can find our partner-built applications that extend our product capabilities and tailor them for specific use cases – unlocking more value from our customers’ investments. In short, for every challenge, there’s a Broadcom partner ready to deliver the solution and support the specialized needs of businesses – regardless of size. 

What Broadcom brings to partners

At Broadcom, we are unique in how we engage with and support our partner ecosystem. Often, commercial vendors will attempt to control how their partners conduct business. But at Broadcom, we empower partners to identify and pursue their own commercial strategies, so they can bring sales and services to end-user customers on their own terms. We introduce industry-first, go-to-market partner models with shared risk and significant rewards. 

Our Global Cyber Security Aggregator Program (CSAP) is proof. CSAP was launched to expand our market reach and deliver enhanced levels of service to a subset of commercial enterprises with unique needs. The program brings together Broadcom’s Symantec cyber security solutions and partners’ resources along with their in-country expertise to offer a best-in-class customer experience. We have made significant investments, including in-sales training to ensure our distribution partners are well equipped to provide better customer support and a quicker response time to evolving threats.

Our customers can also receive hands-on technical help through our unique Broadcom Software Knights Program. We vet and provide certified partners with ongoing technical training, product presale and sales intelligence so that they can handle any complex issue put in front of them with hands-on technical support. We provide them with the best so that our customers experience the best.

Together, we have a shared goal and responsibility of addressing our customers’ needs and delivering superior outcomes. It’s a win-win-win. Our message to our customers, current partners and future partners is this: our goal is to deliver superior outcomes for customers of all sizes; and our partners’ success is our success. We understand the value our partner ecosystem brings to Broadcom and mutual customers, and we are committed to our partner and customers’ continued success.