Peter Maddison, Founder of Xodiac Inc. and DevOps Institute Ambassador, talks about considerations for cloud migration, particularly in light of the driving forces into the next decade
The lightly edited transcript can be found below.
Intro:
You’re listening to the Humans of DevOps podcast, a podcast focused on advancing the humans of DevOps through skills, knowledge, ideas and learning or the S-K-I-L framework. Here’s your host DevOps Institute CEO, Jayne Groll.
Jayne Groll:
Hi everyone, it’s Jayne Groll And welcome to another episode of the Humans of DevOps podcast. I’m very excited today to be joined by Peter Maddison of Xodiac and we’re going to talk a bit about migration to the cloud, some of the different definitions around that. We’re going to talk about security in relation to that topic. Talk about some automated governance and we’ll see where our conversation goes. Hi, Peter. Why don’t you introduce yourself to our audience?
Peter Maddison:
Hi Jayne. And thank you for having me. It’s wonderful to be here. I’m Peter Maddison. I’m a coach and a consultant out of Toronto, Canada. I work within the DevOps space, primarily helping organizations adopt and change practices and build high performance teams. A lot of the work that I do is in that organizational change space. I’ve been in the industry for 20, 25 years. My background is primarily coming out of the infrastructure and operations space. I have a lot of experience in banking and finance and brokerage, as well as in the loyalty marketing space. And in my career I’ve done everything from being a individual contributor as a system admin and a DBA all the way through a being an engineering manager and the director and moving data centers and all sorts of fun things, including setting up and running cloud migrations, which is the topic we’re going to talk about today.
Jayne Groll:
Thank you. You mentioned expertise in organizational change management and I think this year has really been pivotal in organizations kind of examining, showcasing and realizing their ability to change their organizations. We’re going to talk a little bit about from a technical perspective, but certainly we’re going to zero in a little bit on the human side as well. Let’s talk about 2020. I know people are really tired of hearing the words unprecedented, unchartered and there’s a lot of truth in that, but here we are kind of facing the end of the year. And we know that there’s a couple of messages that have come out of 2020, particularly as it relates to DevOps automation and the human side of it, not the least of which is cloud. Before we started recording, Peter, you said to me, “Well, there’s so many different definitions of cloud migration.” Maybe kick us off, what are the different definitions of cloud migration in your view?
Peter Maddison:
When we look at the different workloads that we have residing in our data centers or that we have that we use to deliver value for our organizations, those different workloads have different requirements, need to be run in different ways. And as we look to migrating out into the cloud, it’s as much a case of saying, “Well, where’s the most appropriate place for this to go?” And if I’m looking at something that’s not core to my business, I can say, “Okay, I’m going to also let somebody else manage this entirely.” If I’m looking at something like a productivity suite, is there really a need for me to be running my own email service? And maybe there are reasons. But for the most part maybe I can just give that to a provider who’s running a SaaS service, a software as a service that they can look after that for me. And I can trust them to manage all of the data, look after the delivery of that service and provide it to me in that manner.
Peter Maddison:
I can start look at other forms in terms of a platform as a service. If I look at the different versions of that out there, where I can take my workload and I can have somebody provide the bulk of the infrastructure around that. And then I can look at the more generalized workloads in infrastructure as a service and other manners of different cloud. As well as running some of these capabilities myself on premise if I’m going to run a platform internally and have my own private cloud and at which point I can start to look at hybrid cloud models between my own premise and workloads in the cloud and really understanding what workload belongs where.
Jayne Groll:
Yeah, what I really find fascinating about that is that what you’re sharing with the audience I think this is really significant is that it’s not a one size fits all. It’s not migration of the cloud is, it’s not like lemmings to the sea, where we all line up and we jump off the cliff. There’s lots of different ways to optimize the cloud capabilities. And also depending on the nature of your organization or the vertical market that an organization is in, how they choose to optimize cloud resources may be a little bit different, particularly as it relates to say security considerations, governance considerations, and such. Why not talk a little bit about that? What could be an influence in terms of organizations really trying to strategize how they optimize some of these cloud resources?
Peter Maddison:
There’s a lot of different parts that we can start to consider as we decide, where should I put this workload? Where should it belong? One part of it is this critical to me doing business? Is there something I want to learn and innovate from? Something that I really want to have much greater control around? If it is then maybe I want to find a way running this that allows me to do that. If it is something that I don’t want that control like productivity, like email or being able to store documents and maybe I just take advantage of using a cloud service to do that instead. There’s, if I’m looking at specific governance requirements around, I need this data to reside in a particular location or I need to be able to ensure that it doesn’t leave a particular location. And there are incidences here where we have to careful around things like that, because even what the cloud provider might say is happening may not actually be what’s happening. And we need to be able to really understand in great detail where different pieces of data are being sent to.
Peter Maddison:
And then we need to look at as well, what skills do our people have? How close are they to different ways of working? Do I need to bring in people who have a different sets of skills? Do I need to up skill the people that I have and give them the opportunity to learn and develop and start to work within these? Because if I start to bring in lots and lots of different types of services from lots of different places, I now need to think about where is all of my data? How do I manage all of those different services? How do I ensure that things that I really do care about that is critical to me doesn’t end up in the hands of people I don’t want it to?
Jayne Groll:
Well and I’m glad you brought up skills because the human element of everything we do in DevOps is sometimes overshadowed by the belief that technology will provide all of the answers. And as you know, Peter, and I think the audience is becoming aware of, DevOps Institute fields annual community research project on up skilling. And last year CICD tool chains in cloud took the top two in terms of technical skills. The transformation is not only digital, the transformation is human and there’s a big organizational change management focus that has to include up skilling programs, has to include really helping a new culture that is comfortable, that’s secure, that is elastic. But then also grows the individual as much as perhaps they grow the elasticity. I can’t even say that. Of the cloud migration. Talk a little bit about organizational change and skills growth. How does this fundamentally, how does a migration to the cloud in whatever perspective or whatever use an organization might take advantage of, how does that affect the culture or the human side of the enterprise?
Peter Maddison:
Well the adoption of cloud enables a lot of capabilities to the organization that it didn’t have before when they were running inside of more traditional and types of infrastructure on premise. I think it gives them the ability to start to change the dialogue in the way that they engage across the organization. This is why the adoption of a cloud type methods are so much more powerful. One of the biggest things that it can enable you to overcome and we can talk about why organizations sometimes fail to really gain this benefit.
Peter Maddison:
But one of the biggest benefits is now that I can make the access to the IT resources more self-service more available on demand versus having to send in a ticket to a group and then wait. And it’s that wait state that we see so often when we start to map out how organizations work. The cloud enables us to overcome that that’s where we can start to talk about that human interaction, where we can now start to have conversations about what is the actual problem we’re trying to solve? Rather than relying on another group to have having gone and solved it and then send them a ticket.
Peter Maddison:
There’s some really fundamental behavioral pieces that come out of something as simple as that interaction, because we’re changing the dialogue from one where we believe that this group over here has already solved this problem for us, which also creates a passing the buck type model, where we’ve just said, “Hey, we are going to rely on them having done it. Then if something goes wrong in my side, it’s not my fault it’s theirs. I’m going to pass this over.” And instead of coming together to have a dialogue, about how we might possibly use these capabilities that we’ve enabled, because these capabilities we’ve been enabled are now ones that we can all start to use and understand and cloud can really enable that to happen.
Jayne Groll:
What about organizations that are concerned about security and the cloud? I know that one of the topics that you speak frequently about is security and automated governance. What should they be concerned about? What should they be aware of? What should they not be concerned about when looking at either a cloud environment or hybrid environment?
Peter Maddison:
There and one of the common things that is very well talked about, but it often gets overlooked is the shared security model that most of the major cloud vendors have. This understanding of who is responsible for what. As you start to map how we did things before into how we will secure things in the cloud, we need to understand that the models and the ways we had of working don’t translate one to one into what we’re doing in the cloud. We got to really carefully think about what are we doing to manage and secure workloads in the cloud versus on premise? And I’ve seen organizations where they’ve had that same security group or people from the existing security group suddenly become the cloud security group. And as an example, their solution was to create a spreadsheet which had hundreds of items in which, in order to put a workload in the cloud, you had to go through and tick off what you were going to do. Which is crazy because the instant you even get to consume those resources, anything was in that spreadsheet would be irrelevant.
Peter Maddison:
Bringing them to the table and getting them to understand that well, that’s not how we’re going to secure workloads in the cloud. We need to have something that’s more dynamic, that’s automated and in line with how we deploy those workloads. We also are going to have workloads that are going to be much more ephemeral in nature. You can’t rely on this idea that we used to have in the more traditional models where it takes static workload that’s going to sit there and we can come back and we can look at it again in a year and it’s effectively going to look the same. This is something that may only exist for minutes or even seconds.
Peter Maddison:
If you’re going to secure this, we have to secure the system and the process that does the deployment, that manages the deployment and all of the surrounding pieces that allow access into that particular service. There’s a lot of talk as well at the moment about how do we secure the pipelines that do the delivery of the code into the services as well and making sure that every aspect of the pipeline is secure. And that’s something that I talk about in talks I do at conferences and things.
Jayne Groll:
What’s really, I think interesting, as you mentioned, you come from an ops background and so do I and with DevOps, we’re looking to shift left. And so as we’re talking about cloud, as we’re talking about organizational change, as we’re talking about security and the rise of saying DevSecOps, the developer has a new part in this play really. They have a lot more responsibility to be comfortable with infrastructure, to be comfortable with security, to be comfortable with testing. How does this approach, how does the approach of really looking at your cloud strategy, whether you’re at the early stages of it, midway through or even more mature, what’s the influence of and on the developer?
Peter Maddison:
Developers are having to take a lot more on in theory within these models. There’s also a reality that if you read through a lot of the things that are in the press had there, this idea that the developer now has to be this unicorn who has ultimate knowledge of absolutely everything in the entire enterprise and all of the skillsets to go along with it, which is somewhat unrealistic in that to even find the person who is this polyglot of every programming language and has deep operational knowledge, analytical abilities and all of these other pieces. There are some people who are very good across many, many areas are very, very skilled, but there’s very few who could, you could arguably say that could do all of these things. Really the way I looked at this is we work together to create pieces within the platforms, within the system.
Peter Maddison:
And there’s a quote I usually use for this around, we fall back to the strength of our systems. This idea that we need to build up the system so we can reduce the cognitive load within the teams so that the systems are starting to take care of the delivery processes so the developers can focus on the actual development of value inside of the system. Now, there are lots of things we need to do to ensure that we’re not having a platform that’s providing services that the developers then have to wait for changes to the platform. There’s pieces there that we need to ensure that we’re building this collaboratively with them and that they have access to be able to make the changes they need so they can continue to evolve. But it becomes a partnership between development and operations and security in all of the areas of the organization to work on delivering that value through the system.
Jayne Groll:
And, we talk a lot now about hybrid product teams. We talk about hybrid humans because I agree with you on the mythical unicorn, that’s affectionately called a full stack developer, full stack engineer. They are rarely seen in the wild, but again, the ability for humans to become more hybrid, typically developers. And I think there are a lot of tools that are being made available to them to lighten the load. But certainly that shift left could increase the knowledge requirements that they have, whether it’s broader or deep. Peter, we’re going to run out of time, but I would be remiss if I didn’t end today by talking about predictions.
Jayne Groll:
None of us have a crystal ball. We keep talking about coming out of, well, we’re moving into 2021, but not a 100% sure what we’re coming out of or what we’re coming into. But I think this year, the challenges of managing an on prem environment, even physically having people that can go to your data center to manage it, probably has sparked some interest or at least some review from CIOs and CTOs in terms of what should they consider for next year. In terms of, was this something that pushed us forward into the cloud, maybe to organizations that wouldn’t. Let’s talk a little bit about predictions. What do you predict in terms of cloud adoption, whether it’s hybrid adoption, full on moving to the cloud or somewhere in between for the large complex organization? Do you see more migration to the cloud if not in full or in part? Do you see kind of that same steady movement to the cloud? What do you think based on what you see?
Peter Maddison:
I’m definitely seeing that there’s a drive to move more stuff into the cloud. And I know that clients I’m working with are actively looking at reducing the footprint in any private data centers they have or eliminating them entirely if they possibly can. There is this idea that not everything fits well in a cloud model and if you have legacy type workloads that you don’t want to invest in the migration of them, or even just running them as static workloads up in cloud. Those types of workloads really don’t work well and lifting and shifting them from on premise into cloud is probably going to cause you more pain and heartache than it’s worth. Although it’s possible to do it, it’s definitely going to cause some kinds of either stability or cost issues, all sorts of other problems that come up with that.
Peter Maddison:
There is a need to have somewhere to run that. I can see taking those sorts of workloads and running them either in 30 cloud or in co-hosting facilities and having your on premise workload sort of on premise private files to help manage these types of workloads so that you can keep them running. Because they’re often the sort of the workhorses that are running some of the backend systems as we start to reduce these private data centers. Which is it’s a continuation of the trends that we’ve seen over the last decade or two. And it’s really what I do expect to see is that, and we have some, I would say in the last six months, there’s a massive uptick in the migration of those services, which truly aren’t valuable to the organization. Things like your email services and your productivity services, those kind of things, call center services, a lot of these other pieces, like how do I get them out of my on premise data centers?
Peter Maddison:
And so that the only things that I might want to keep in my on premise data centers are those business critical legacy applications that I know aren’t going to run nicely in the cloud, but which I might have to re-architect in order to do so, so I’m going to have to keep them somewhere for the time being.
Jayne Groll:
I think, it’ll be interesting as we kind of move further and further out of this very strange year into 2021. I like to say that as horrible as the COVID situation has been around the world, in some ways it’s forced us into the future, particularly as far as technology goes. And that as I always want to call out the tech community for really being unsung heroes of this pandemic.
Jayne Groll:
Peter, thank you. Again, I appreciate you spending time with me, particularly appreciate your a DevOps Institute ambassador. And I know that you’ve been helping us out with a lot of things. I hope you’ll come back and we can look at the predictions for 2021 a little bit more closely as the year starts to unfold. For those of you listening, we talked a little bit about skills and I really want to call out the fact that DevOps Institute’s up skilling enterprise DevOps skill survey is open. For 2021, this data is so important. We’ve been doing this project for a couple of years now. This data, look at 2019 to 2020, we expect that there’s going to be a shift. And as Peter has said, everyone is kind of looking at their strategy from both an individual level to a corporate level. And of course, understanding which skills are important are there. If you’re listening, please go up to DevOps Institute’s website, take a few minutes, fill out the survey. You might win a Nintendo Switch, but don’t make that your motivation. Make it the fact that this data is important to all of the humans of DevOps.
Jayne Groll:
And then I want to wrap up by sharing that the week of December 7th, DevOps Institute is hosting a festival. We’re going to do Global SKILup Fest. It’s a whole week of activities starting with a career fair, moving into a couple of days known as get SKIL’d Up and culminating with an 18 hour global SKILup event. Stay tuned, pay attention to our social, go up to our website and you can learn more about our festival and all of the activities that will be available through that.
Jayne Groll:
Peter, thank you. Again, your insight is so important. I think being able to bring that kind of knowledge and experience to our humans, but also to the enterprises that the humans work for is very, very valuable.
Peter Maddison:
Well, thank you for having me, Jayne. I enjoyed the conversation.
Jayne Groll:
Me too. All right. Again, this is Jayne Groll with Peter Maddison and you are listening to the Humans of DevOps podcast. Stay well, stay connected, take care.
Outro:
Thanks for listening to this episode of the Humans of DevOps podcast. Don’t to join our global community, to get access to even more great resources like this. Until next time, remember, you are part of something bigger than yourself, you belong.