Data is the lifeblood of any modern digital business. Without it, organisations can’t do the analysis they need to inform their thinking about new products and services that will provide them with an advantage in a competitive global marketplace.
These days, companies are looking to their data to power new insights, many of which are driven by artificial intelligence platforms.
But there’s a problem. As organisations move more and more services to the cloud, data management can become a messy affair. Distributed, dynamic and diverse data requires effective and efficient management.
Senior tech execs gathered in Sydney recently to discuss the strategies they're using to make better use of and protect their information, particularly in a hybrid cloud world where systems and services exist on premise in companies’ datacentres and the cloud.
Paul Reilly, storage specialist at Lenovo Australia and New Zealand, says organisations today have digital transformation front and centre in their growth and profitability strategies. Data is a vital part of these transformations, he says.
“Our customers are under pressure to use this wealth of data, to apply it to create new value across their entire organisation and to do so within limited time and budget. Additionally, their data is out there – it’s distributed, dynamic and diverse and it’s overwhelmingly difficult to manage,” he says.
Reilly says organisations are having great difficulty overcoming these issues and now require intelligent data storage platforms that support fast and easy access to data, optimised data management and security, as well as mobility that spans the edge, core and cloud.
Daniel McGarry, IT director at WSP Australia, says the engineering firm’s biggest challenge, related to managing and protecting information in a hybrid cloud world, comes from the number of vendor offerings available to engineers and consultants. This will continue to grow as smaller software and solution vendors offer software-as-a-service and cloud storage.
“It’s easy to control my own hybrid cloud but I have less control over project and enterprise information hosted elsewhere,” he says.
McGarry says his organisation’s strategy, first and foremost, is to ensure it has solid contractual agreements with its major vendors that protect ownership and the location of hosted data.
“Secondly, governing the procurement of cloud-based solutions [is a challenge]. It’s very easy today to procure software as a service instantly without understanding where the data resides or is copied, what the retention policy looks like and or how you can get that data back up if needed,” McGarry says.
Andre Joubert, project director at Westpac, adds that working in a financial services environment and having to adhere to the guidelines and constraints imposed by ASIC and other regulatory bodies makes it easy to reject utilisation of key data in cloud environments.
“This, however, limits the utility of cloud environments,” he says.
The bank overcomes this issue by working with its security group to try and develop templates and patterns, which limits the need for individual security assessments.
Meanwhile, Leon Gu, global director of information technology at Staywell Holdings, says his team has spent a lot of time and money to improve its on premise firewall and data protection capabilities.
“We find that the public cloud does not give us the same level of visibility and it's a totally different ecosystem. A security weak point in the public cloud can easily reach on premise servers without leaving a log,” he says.
Dealing with unexpected cloud costs
Despite the cloud often being hailed as a computing model that will reduce infrastructure costs, some organisations are dealing with unexpected charges related to moving workloads in and out of the public cloud.
Lenovo’s Reilly advises organisations do their research to understand what they’re getting into when they select a public cloud service.
“This is also the best time to decide whether using public cloud is appropriate and cost effective or whether it may be better to look at a hybrid or multi-cloud approach."
In general, costs associated with public cloud fall into three categories, Reilly says. The first category is ingress costs related to moving data to the cloud, which can be low cost but time consuming.
The second category is transactional costs. Every time, a company accesses its data in the cloud, a cost is incurred, he says.
“Fees are low but the more you use your data, the more you pay. This is very expensive if you’re running thousands of analytics jobs,” he says.
The third category, he says, is egress costs which are “probably the biggest pain point for customers.”
“Moving your data between public cloud providers or back on your premises is expensive for more reasons than just the associated fees. As an example, recreating new scripts takes a lot of time, which results in additional cost and lost productivity.”
Westpac’s Joubert says the bank’s cloud infrastructure costs have been expected but additional support and administrative costs were, in a number of cases, initially underestimated or not transparent.
WSP Australia’s McGarry says his organisation is not seeing unexpected costs from cloud services but he has spoken to other CIOs who “wear the scars associated with a rapid move to the cloud.”
Striking a balance between performance and security
Tech execs also discussed how they ensure staff have access to all the information they need to make business decisions while maintaining the right level of security for data across multiple platforms and locations.
CIOs need to strike the right balance between performance, agility and security, says Lenovo’s Reilly.
“When evaluating storage infrastructure today, features such as encryption, data locking/legal hold for regulatory compliance and multi-factor authentication should be mandatory but should not come at a cost to performance or agility,” he says.
Westpac takes the ‘safety first’ approach so staff access is limited to only the ‘absolutely essentially users’, which reduces the value that can be gained from these environments, says Joubert.
Focus on data privacy
Finally, new data privacy in Australia and overseas have changed the way organisations view their data management policies and procedures.
“We are seeing a shift in mindset from our customers since these new laws have come into effect,” says Lenovo’s Reilly.
“Data protection strategies are being built into every project, upgrade or deployment because customers understand that prevention is better than cure when it comes to data breaches. There is also a strong economic case for having a robust data privacy strategy in place – phishing, hacking and ransomware attacks can cost companies millions of dollars in fines and loss of reputation,” he says.
WSP’s McGarry says his organisation has developed policies and procedures for managing potential data breaches that comply with the new mandatory data breach notification laws.
“We have a senior team of IT and information security specialists and legal counsel that are ready to initiate the procedure at a moment’s notice. We are now extremely cautious and conservative in how we manage client and employee data,” he says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.