‘Cloud cost management is not just an operational concern. To be successful, it requires a tight collaboration among the disciplines of governance, architecture, operations, product management, finance and application development’ -Gartner
To learn how CoreStack can help organizations such as yours to enable efficient, lean and optimized multi-cloud management, please set-up a no-obligation demo at corestack.io/governance
Reduce Cloud Costs by 40% and Run Lean and Highly Optimized Cloud
—————Transcribed Text-—————
I'm going to talk about something a bit different, I'm going to talk about money because ultimately, we do all this to basically increase our top-line and decrease our bottom-line. We know it's all about profitability and of course, we all migrated to cloud for that reason. We want to be able to save money. That's what we're all sold on. Cloud saves money. We get flexible and optimized cloud computing, whatever we wanted. But, as we basically lifted the shift to the cloud and re-architected applications, we built cloud native applications, where all the savings?
I spent a lot of time with C-level executives and honestly, most of the CFOs are asking, where are my savings? I'm seeing my costs go up now. The costs aren’t going up simply because we go to the cloud, and there are lots of reasons. But certainly, the cloud migration has not necessarily returned massive amounts of savings back to these companies. And do we measure success by simply running to the cloud or do we want to measure success by optimizing these five things – cost, security, performance, operation, and reliability. Because if we optimize on all five of those pillars versus only simply running in the cloud, then we're sure to deliver, holistic savings back to the organization because ultimately, that's what this is all about.
So, looking at it from a ‘why this is difficult’ perspective, optimizing those five things is not trivial. It's not easy, right now with most of the companies that you've heard Elizabeth talk earlier, she talked about the fact that large organizations have double digit cloud providers. So basically, lots of people across the organization are setting up different cloud infrastructures with different accounts and different access points. So, from a governance perspective, do we know who's in the cloud doing what for the company? It's difficult to get that unified visibility.
The second one. We just heard from speakers around the world about data security and about protecting your data. But all these compliance standards that you have to deal with, all of the security standard you have to deal with, they change from country to country, region to region. So being able to run in a region, protecting your data in that region, and then complying with the standards and the requirement of that local government is exceedingly difficult when you get into multiple clouds. We hear a lot about cloud costs and budget. There're a lot of tools out there that give you some sort of reporting of what the cloud spends looks like. What you don't get is, where is that coming from, am I my right- size for my workload, what is my forecast based on how we're using the cloud, which accounts are likely to over-run their budgets. All that insight which transitions from reporting to governance – that's lacking today in most of these tools. Look at it from a resource consistency and visibility perspective.
Again, as lots of people roll-out cloud computing resources across the entire organization, do we know that they are configured in a particular standard way? Do we have the right level of patching in all the resources? Are we encrypting all the hard disks? Are all the ports protected that we need protected from an infrastructure perspective? That resource consistency, that gives us the safety that we need, is missing.
And then finally, as people are going to multiple hyperscalers, they find that operationally they need different teams because each cloud requires a different skill set and each cloud then requires a different team. So now operationally, what used to be five or six or eight people, now there are 15 people doing this because each cloud requires different people, and the operational costs are going off the rails. So, while we're trying to optimize our cloud infrastructure so that we're delivering these bottom-line benefits to the organization, these complexities make it difficult and that's why cloud governance really can't be done after that anymore.
I think to the pandemic as companies moved en masse to the cloud, governance took a back seat to that conversation, but that is not clearly changing. Most CEOS, CFOS, CIOS are saying I need to get my arms around what we're doing in the cloud, and I need to understand where this is all going. In fact, if you look at it from a governance perspective, how do we address those challenges?
The hyperscalers absolutely recognize the value in providing that level of competency, that level of operational efficiency. So, every hyperscaler has developed and has put forth a well-architected framework (WAF). Like you see the AWS one, Azure one and the Google Cloud one, and that's basically five pillars to each one of their approaches. There's a lot of redundancy, a lot of overlap between each hyperscaler providing it because these are generally good ideas. We need to basically architect applications that adhere to these pillars and principles so that we can see those cloud benefits in terms of dollars that we expect to see right from the get-go. And, what we at CoreStack have done is, we've taken the well-architected frameworks of each one of the hyperscalers and abstracted them into an abstraction layer that we call OSCAR. It stands for operations, security, compliance, costs, access, and resources. OSCAR gives you a single pane of glass from which you basically execute well-architected frameworks across all three hyperscalers, get all the benefits of these well-architected frameworks and deliver on the promise of the cost savings that we were expecting to see from going to the cloud.
OSCAR has a lot of capability because it supports all three of these well-architected frameworks, we feel that if you can deliver on the framework – the OSCAR, you're basically building what we refer to as ‘Cost Aware Architected Application’. So, these architected applications are trying to reduce your cost. That's the bottom line, that's what we're going after. Look at the operation side of it. As I indicated earlier, I do a lot of work with some other large organizations, we find that when they go to multiple accounts, their operational costs blow up. They have dozens of people not working out in terms of operating these cloud infrastructures, and by CoreStack providing a single pane of glass across all through the hyperscaler clouds, you can now operate with a much smaller team, a lean team that can implement and operate the entire cloud or multiple clouds.
Security and compliance is a big deal. CoreStack comes with 1500 security and compliance standards built into the product. You pick and choose what you want to deploy and redeploy those compliance standards throughout your organization. And now you have that level of security and compliance, which is measured and reported in real-time via dashboards. So, this is that point in time, this happens continuously and is reported in real-time.
From a cost perspective, we're not simply a reporting tool, we're a recommendation engine. We're going to tell you exactly where the savings are and even potentially auto-remediate maximizing and recognizing those savings. So, this is a second-generation capability, not like the first-generation ones we saw. Very good products with good reporting, not necessarily the governance side of it.
Access control is obviously one of the most important elements of securing your cloud infrastructure. So, we provide in terms of how we know who can access what, when and have a centralized way of doing that.
And then finally resource visibility. Candidly, all this starts by gaining resource visibility and accountability through tagging. But this is, of course, a very important thing, and we can automatically generate all this stuff as an automated way of doing it. The overarching theme here is that while there are technologies available in each one of these buckets that I would characterize as first-generation technologies, at CoreStack, we have integrated all this stuff together under the OSCAR framework and have provided this as a second-generation capability under a single pane of glass. And that is a key differentiator for us because we're bringing all this capability into an environment where most CIOs and CTOs want to rationalize their tool set. So, we help guide that rationalization exercise by giving you all this capability under a single pane of glass and then going from reporting to auto-remediation as the core capability from the first generation moving to the second generation.
How does CoreStack work? In three easy steps. You on-board your cloud accounts. Sometimes we need read-write privileges if you want to auto-remediate. If we're simply reading the stuff and reporting on it, all we need is a weak access privilege, then we apply guardrails. Like I said earlier, all this stuff is pre-built in CoreStack. So, you can apply the guardrails coming out of CoreStack by checking off boxes or you can create your own guardrails. You can say, hey, for my industry, for my business, I need a particular security policy and a particular compliance standard, I have a particular budgetary profile, a particular access control need, particular cloud operations capability I'm looking for. I can create the stuff that you need or I can take the stuff that comes out-of-the-box and apply those guardrails again by checking the boxes. As soon as I do that, I'm now getting an optimized well-architected cloud, I'm now beginning and be able to recognize the primary benefit of why I went to the cloud which is to save my organization money at the bottom-line.
Here's a quick example of output. On the well-architected framework side, we have dashboards and reports that'll tell you exactly how well your application or your environment is behaving with respect to the well-architected framework. We're checking for almost 400 different elements that that Azure or AWS or Google recommended. So, we have a long laundry list of things that we're checking for and making those continuous real-time recommendations to your organization. And then when we find things that are outside of compliance, you can either remediate via approval or you can set it to auto-remediation for certain capability. For example, if you have capabilities that requires every hard disk to be encrypted, we can auto-remediate that. So, if somebody provisions computing resource, that storage is immediately encrypted, whether they do or not, will basically optimize.
If you really want to recognize the value of cloud, all the hyperscalers are recommend well-architected frameworks which have five pillars. If you want to optimize those five pillars, CoreStack gives you the capability of optimizing each of those five pillars by using our technology under the single pane of glass. That is the definition of how we are being successful in the cloud, not necessarily just running things in the cloud. So that was relatively short and sweet. Hopefully, you guys see some value in that.
I'm happy to answer any questions, but I'm available at bob@corestack.io should you have any follow up.
Hey bob, that was great. We did have a question from ted from the FAA. He specifically wanted to know how do you integrate with ITSM or other monitoring tools?
Yeah. Great question. So being an enterprise capable technology, we integrate into most of the ITSM tools – ServiceNow, Jira etc. We're getting to the APM tools like CAPM, Splunk, Datadog. The list of the lengthy one. But we integrate all those technologies.
And the good thing about the CoreStack solution that many people have commented to me is that it's easy to deploy. It's compatible and simply enhances what you currently have. And I think as they talk about, and we hear about this a lot. In fact, we've got a program next week in automation. They just want to take away a lot of these tedious tasks that may not get done correctly. And so, you get the dual benefit of the automated compliance done more accurately and free up you and your team’s to do more valuable tools.
Not only is it going to save your boss’ money as far as your capex and opex budgets, but it will also help you make more money because you will become a more valuable employee by ensuring that the CEO, CIO, CFO know that they follow an increasingly complicated regulatory environment. You'll be more secure, and you will also free yourself up from the tedious tasks that are often error prone. Is that a reasonable summary there, Bob?
Yeah, that's perfect, the only one thing I would add to that is you're right. I mean it's lots of wide products, that's kind of a deep capability. We chunk up the products into three separate modules, FinOps, CloudOps and SecOps. And our customers can deploy those on a modular basis. So many of our customers say, hey, we already have a solution that we're happy with. Well, that's great. We can start with compliance and SecOps. Some of our customers have great security solution but they really want the integrated FinOps, CloudOps. And if you think about it, first step back, you got to go down that thread of not having a handle on CloudOps to see how workloads utilization looks like, how do you do effective FinOps? It's kind of difficult, because you can report on FinOps fine, but you really can't do FinOps without having a great handle on CloudOps. So again, this is what we see in the second-generation capability, and this is where a lot of customers see value.