Stacklet Survey: Challenges of Cloud Governance

Guest: Travis Stanfield (LinkedIn, Twitter)
Company: Stacklet (Twitter)
Show: Let’s Talk

Stacklet is a Governance as Code platform, which is a new paradigm that empowers developers and teams to codify best practices for their organization. Swapnil Bhartiya, CEO & Founder of TFiR, invited Travis Stanfield, co-founder and CEO of Stacklet, to talk about a recent survey the company ran to find out why governance is a challenge.

Here are some of the highlights of the discussion:

What kind of insight were you trying to gain through this survey?

“We started off just trying to get an understanding of what governance is as a challenge. Is it a challenge for you and your environment; where governance sits in terms of a priority; and within the scope of governance what are the priorities to your organization. We also looked at the biggest challenges for security and cost.”

How would you define cloud governance?

“We consider it to be incorporating FinOps (your asset management and your financial posture), ITOps, compliance, and security.”

How much awareness is there about cloud governance?

“Developers don’t always know or understand the governance controls that are at play or at the heart of an organization. So even though they may be aware that they’re working in an organization that has high standards, they may not be fully aligned to what those standards are and they may not, if they violate them, know the best or easiest way to fix them.

What are some of the highlights of the survey?

“Around 86% respondents agreed that governance was a pivotal inhibitor to cloud adoption.

Cost optimization, best practices implementation, strengthening security posture, and improving visibility were among the top priorities for these organizations.

Top three challenges for security were: collaboration, the existence of manual processes and workflows, and the difficulty in understanding the compliance policies at the heart of the organization.”

Cloud was going to break old silos, but it seems we are creating new soft silos.

“I prefer to think of it as federation. There are federations of development teams who are able to be autonomous because that gives them the ability to move as fast as possible. They want to quickly solve the most important problems for the business.”

Are there certain things that enterprise users and customers can do to improve the process?

“Where you want to be is your ability to move as quickly as those federated development teams are capable of. And that’s really the key pattern and theme that we’re trying to evangelize and promote and redeliver to other customers and users as these have already been battle-tested.”

The summary of the show is written by Jack Wallen

[expander_maker]

Swapnil Bhartiya: Hi, this is your host Swapnil Bhartiya and welcome to TFiR: Let’s Talk. And today we have with us Travis Stanfield, co-founder and CEO of Stacklet. Travis, it is good to have you on the show.

Travis Stanfield: Thank you for having me Swapnil, it is a pleasure to chat with you today.

Swapnil Bhartiya: Excellent. You folks recently announced a state of cloud governance survey. So the focus of today’s discussion is going to be around survey, but since you are on the show again, and I quickly want to just remind our viewers, what is Stacklet all about?

Travis Stanfield: Sure. So Stacklet is a governance as code platform and governance as code is a new paradigm that allows and empowers developers and development teams to codify best practices for the organization. So this can be things related to cost, related to compliance, related to security, and it’s, as we’ll see in the survey results, a vital, very important challenge that all organizations are facing in the cloud. And this new paradigm, in the form of governance as code is really the key answer to the challenge.

Swapnil Bhartiya: Well, let’s talk about the survey, first of all, is this the first time where you folks have been doing this survey on regular basis? What was the goal for what kind of insight you’re trying to gain through this survey?

Travis Stanfield: Yeah, so the way the survey worked, we started off just trying to get an understanding of what governance is as a challenge. So is it a challenge for you and your environment, so starting off there. After that, we talk about where governance sits in terms of a priority and, and what within the scope of governance are your priorities or priorities to your organization. Next, we look at the biggest challenges for security, and last, we look at the biggest challenges for cost.

Swapnil Bhartiya: We have talked about this previously with your folks in TV shows, but just to get some foundation for our viewers, how would you define cloud governance? What exactly is it?

Travis Stanfield: Yeah, good question. So we consider it to be incorporating FinOps, right? Your asset management and your financial posture, ITOps, compliance and security.

Swapnil Bhartiya: There’s so much paradigm shifts happening there. But the fact sometimes is that developers know they, they still do more or less the same things. A lot of things are actually falling into their bucket while we do use different labels. You know, it could be DevOps, DevSecOps or, NetOps. When it comes to cloud governance, how much awareness is there about it? How many, how much people, are kind of aware of it. And then how much do you see in the practice?

Travis Stanfield: That’s a good question as well. I would say that the key advantage of cloud is that developers can, self-service on infrastructure using a few lines of code, and this is a large productivity lift. However, the developers don’t always know or understand the governance controls that are, at play or at the heart of an organization. So even though they may be aware that they’re working in an organization that has high standards, they may not be fully aligned to what those standards are and they may not, if they violate them, know the best or easiest way to fix them.

And what governance as code gives them the ability to do, is to balance their infrastructure as code by codifying those best practices and doing so in a way that’s declarative. So now you have effectively designed the end state for what your cloud should be. And if those, if the infrastructure as code that the developers are, are creating, doesn’t align, then it doesn’t basically get to exist there for very long, or we have opportunity to remediate it or to notify the developer to really bring along a collaboration and shared responsibility model for cloud.

Swapnil Bhartiya: Great. Once again, thank you for explaining that. And now let’s go back to the survey. What are some of the key highlights, because that will also touch upon some of the things that we just discussed.

Travis Stanfield: Yeah, absolutely. So I would say the, the starting point is how, how many of the respondents agreed that governance was a pivotal inhibitor to cloud adoption, right? So 86% is a large amount of folks that are facing this challenge. Especially from a sample size of over 700. So the next kind of key point is around, beyond cloud adoption, what are your priorities as an organization? And again, several of the themes around governance as I, that I mentioned, your cost optimization, getting your best practices implemented for your organization, strengthening your security posture, improving visibility. Those were the top priorities for these organizations.

Then what we did was we drilled into security, right? The biggest challenges for security, the top three were collaboration, the existence of manual processes and workflows, and then difficulty understanding the compliance policies at the heart of the organization, just like I mentioned at the onset.

We also then look into the top challenges for cost optimization. And it was very similar. Certainly collaboration was in the top three as well, but also key challenges for cost had to do with different development tools and processes, especially across different clouds. And lack of visibility was another thematic problem for both security and cost. So the, challenges are very similar, right? The challenges are profound. And several of them, we addressed through the governance as code paradigm shift that, that we’re at the center and the driving force behind.

Swapnil Bhartiya: One thing that I, when I was reading the report was that there was a lack of collaboration and communication across groups was also seen as, one of the hurdles there, because it sounded like as much as we talk about it, we are kind of creating soft silos where, we are with the Cloud Native, we’re trying to break the old silos where you don’t live in your own ivory tower and do things. But it seems like, that is not happening in real. So not only based on this survey, but your own experience as well, do you think that is still the case?

Travis Stanfield: Well, I prefer to think of it as federations, right? So there are federations of development teams and it’s in a lot of ways for organizations, a good thing that they’re able to be autonomous because that gives them the ability to move as fast as possible. And that’s really what a lot of developers want to do at the end of the day. They want to quickly solve the most important problems to the business.

Now, the counterbalance to this, or the challenge that’s, I think that’s showing up in this survey is if you are an organization and you need to apply uniform standards, uniform best practices, uniform controls, how do you do that across a federation? You don’t want to bottleneck the experience or essentially restrict the key value proposition of cloud, which is that self-service empowerment productivity model. But in order do so you need a tool such as a governance as code solution or a governance as code platform like Stacklet to really balance out and give that, that empowerment of uniformity across the federation and do so in a way, that’s going to continue to keep up with all of those federated teams.

I like to say that you need an AZ Code solution to solve your AZ Code challenges and your AZ Code opportunities.

Swapnil Bhartiya: Based on this survey, and of course, some of this insight that you shared, of course, we don’t have time to talk about a whole playbook, but are there certain things that, enterprise users, customers, can do to kind of, improve there? Because when we do look at cloud, it’s not one thing, there’s so many things. And when, when you talk about Cloud Native, it’s not a thing. It’s a, it’s a process, it’s how we do things. So if you can share some, that would be great.

Travis Stanfield: I think oftentimes organizations make the mistake of maybe of, two different ends of a spectrum. They may prevent or restrict access to cloud, or they may be risk managing their way to it, which is, basically reducing their opportunity because they might be moving slower than other organizations who have embraced it. On the other end of the spectrum, perhaps they’re moving too quickly. They are, let’s say giving their developers too much self-service and too much freedom. And that carries with it risk of, the misconfigurations that can cost them money and reputational challenges.

So where you want to be is able to move as quickly as those federated development teams are capable of. And that’s really the key pattern and theme that we’re trying to evangelize and promote because we’ve seen it play out dramatically for a lot of organizations who have been able to get to the cloud, scale in the cloud, and be successful in the cloud, over time. Those are the patterns and practices that they have already battle-tested, and that’s really what we’re able to redeliver to other customers and other users.

Swapnil Bhartiya: Travis, thank you so much for taking time out today and talk about this survey and also share some insights into how companies can improve their cloud pressure. It was a great discussion and as you, well, I would love to have you back on the show. Thank you.

Travis Stanfield: Thank you so much Swapnil and I would love to be back. This was a great conversation and I can’t wait to do it all over again.

[/expander_maker]

Stacklet Survey: Challenges of Cloud Governance

Latest Episodes

Hammerspace Takes On Institutional Investors | David Flynn

Dynatrace Adds Gen AI Capabilities To Its Platform

How Galasa Fits Into The New Mainframe Modernization Agenda | Louisa Seers

Alkira Provides Best-Of-Breed Integrations With Observability Platforms | William Collins

Why You Should Run Regular Health Checks To Ensure High Availability | SIOS Technology

You may also like

Latest Episodes