CONTRIBUTOR
General Manager and Editorial Director,
Techstrong Group

Synopsis

In this Digital CxO Leadership Insights series video, Mike Vizard speaks with David Williams, Vice President of Product Strategy for Quali, about infrastructure management.

Transcript

Mike Vizard: Hey, guys. Welcome to the latest edition of the Digital CxO videocast. I’m your host, Mike Vizard. Today we’re with David Williams, Vice President of Product Strategy for Quali, a provider of an infrastructure automation platform. David, welcome to the show.

David Williams: Thank you, Mike. It’s good to be here.

Mike Vizard: We saw this mad rush to the cloud and everybody is being driven by digital transformation initiatives in the wake of COVID. The world just changed. It’s been about a year and a half, going into two years, depending on when you got started. What is your sense of how many workloads are up there? Are they up there to stay? Are we going to have a little bit of a hangover soon, because maybe a lot of this stuff was rushed?

David Williams: I think everything is there to stay. I do not believe that anybody is retreating from the cloud. Things are changing shape slightly in the way the cloud provides services to the consumers now. So in that period of COVID that we’ve experienced, it coincided with the adoption of 5G in greater momentum.

So consumer applications were becoming much more, I’d say, high-growth. There was a lot of appetite for businesses to put a lot of information at what is arguably the edge. So the cloud becomes much more of a core type of environment, where a lot of the, I suppose, momentum is also now towards the remote edge locations that need to be put together to provide all these consumer-based applications that people really have the appetite for.

So I think that that’s really what’s going to continue to obviously drive the cloud adoption, but it’s also going to not mean everything goes to the cloud. There has to be – the edge infrastructures are infrastructures. They’re datacenters. It’s not just a 5G tower. It’s where a company’s business resides. It’s where intelligence is on the rise, and therefore arguably distributed infrastructure is here to stay as well.

So it’s not everything in the cloud. It’s pretty much you put the business infrastructure where it’s nearest to the consumer, but with the ability to obviously make the right application architecture choices.

Mike Vizard: So it’s almost like everything operates like a cloud. Not everything is in itself a public cloud, but think about it and manage it like it was.

David Williams: Exactly. The way that people are really looking at it, it’s quite interesting in how you see people moving in the cloud. The cloud always seemed to be something of a safe sanctuary for a lot of companies. They were moving all their digital or their frontend type applications to the cloud aggressively. The backend infrastructure, which always supported the very large enterprises, which sits on more legacy types of capabilities, can sit on-prem, but of course that is being moved to the cloud as well.

What I see is the push going along. The cloud is now becoming a provider to other environments, and also becoming the recipient of those environments. For example, if you look at building a highly distributed infrastructure that supports a wide range of global resources, you’re going to have to have things that don’t sit in the cloud, but sit much more in the consumer’s lap or at an edge location that enables you to communicate more effectively with your consumer base.

So it is becoming a hierarchical way that makes most people think of previous iterations of distributed computing with things like high-availability coming back in vogue, because people can’t assume the cloud is completely covered. So now people are starting to think, “Okay. What do we need to do to make sure that all the data and the infrastructure that supports the applications at the edge has all the resilience risk associated with it?” managed, associated with it, that the traditional stuff had, but the cloud sort of gave the illusion that it was taking away for a while.

But as I say, what comes around comes around. I’ve been in this industry a while, like most people, and nothing has really changed. But I’d say that cloud is definitely the dominant component, but as I say, the edge environment is definitely making things a little bit more challenging for people that want to manage infrastructure.

Mike Vizard: How automated do you think all this is going to get? I’m asking the question because as the IT environment becomes more extended, one of the issues that people come up against is they can’t find the expertise. When they do find it, it’s a little expensive. It’s hard to retain.

What happens is I have to constantly recruit folks, and then my total cost goes up because labor is still the most expensive part of the IT equation. How can I as a digital CXO rein in those costs a little bit, while still scaling?

David Williams: Okay. I’m going to try and approach this one logically because it’s easy to just launch into this is how to do it, but it’s really probably more important to understand why this is happening. Why is cost control still an issue today? Why don’t we use tagging in cloud and stuff like that to get a good visibility into it?

I think the reason that it still remains a challenge is because practices like DevOps have also grown over the last decade, and everything like that is no longer – it’s not seen as maverick or entrepreneurial anymore. It’s almost continuous software delivery has become normal. I mean that’s what you expect. You expect continuous improvement, continuous measurements, et cetera, and obviously predicted movement, predicted costs.

It’s the predictive bit that’s the heart of it, because as you start to build up, one, your organizations are using whatever they think is appropriate to do what they need. So you and I as individuals, for example, we could decide to provision infrastructure in the way that you and I require.

Are we asking the business, “Is this the way that it should be done so you get better visibility?” No. We are provisioning as we want. So whether we use infrastructure as code tools or configuration technology or something that we build ourselves, whatever we want, it is very much an individual choice or team’s choice, if you like, in support of the application lifecycle.

I think also when you look at that, how do you then bring it up to a point where uniformity and standardization is needed, but doesn’t inhibit the ability to innovate? So how do I make sure that Mike can David can do their job, but not to a point where I’m putting so much rigor and standardization in place that it stops us innovating at the speed with which the application has got to be delivered?

So it’s a conundrum. How do I get costs managed in a uniform way that takes into association all the different provisioned infrastructure technologies that are used? Then also, how do I make sure that I’m – the observability factor, whether it’s sort of like what is happening across the DevOps lifecycle, or what is happening between the end user and the database and the applications? Something has got to be standard.

So my point is that I think that when I came to Quali, one thing that was very much in my mind was I’d worked with companies who had spent an awful lot of time building application architectures and technology that enabled software to be delivered correctly, for production environments to be managed more effectively. The one thing that was always a challenge was what is happening with the infrastructure. How is the cloud being used and when is it being used? More ephemeral, more temporary. So how do I understand who’s using it, why they’ve been using it, how long it was used for? Is it still sitting out there costing me money?

That sort of thing is still a big issue today because the uniformity is not there. So when I talked to Quali, and I spoke to the CEO, Lior is very visionary and understands this is the challenge that we have: how do you build sort of like a control plane, something that lets people do what they need to do at the bottom level and get a visibility at the high level, with which things like AI can come in to help you plan more accurately based upon the consumption that’s being used associated with a value to the business?

So even though that’s an abstracted view, that’s what they want. The business wants predictability in costs, and they want to be able to optimize what they’re using and understand why it’s being used; yet the underlying organization wants freedom of choice. So that is why these new technologies are coming out to market now.

They’re really there to let people innovate, develop their application architectures, put things at the edge, put things in the core, manage the cloud, but actually provide a plane with which you can then extract it, so the business can make the decisions on allocation or resources. How do you keep the skills up? Where do people go?

So the skills thing is absolutely critical. I think that that is an attribute. If you build up environments that are repeatable, usable, and let people modify it slightly but don’t make them all become – you don’t want to go head hunting at MIT and NASA to find out who is going to manage your infrastructure.

So how do you make sure that there’s a level of people that can interoperate with the infrastructure safely, but also there’s a level of people that will always want to get into the detail because their applications require it that way? So you’ve got to have a platform that provides both environments and integration with the infrastructure that optimizes the skills.

That’s an approach that I think today a lot of companies are now starting to think about more clearly because five years ago, even before COVID, it would be make things much more technical, more complex. Let application people do what they need to do, but don’t worry about the fact that in three years’ time there’s a pandemic about to happen. How do I now use those technical skills that are transient and keep the IP _____?

That’s why the environments are coming in that says, “I’m going to take that information, bring it within an environment, keep it managed.” So if the next person that comes along wants to use it, they understand what it’s doing in a little bit more of a clarity without having to, as I say, understand the bits and bytes underneath the hood.

Mike Vizard: One of the things we do see with all these digital business transformation initiatives is they make a lot of use of microservices, Kubernetes, serverless computing frameworks, and not every digital CXO may understand what those things do and how they operate. But I think one of the things you might want to think about is things might get more complex before they get easier. What does the future look like? Because that, quote/unquote, legacy virtual machine stuff isn’t going to go away any time soon either.

David Williams: Yeah. Infrastructure has always been an interesting one. It has a long tail. What I mean by that is that what went before stays before. People still have physical infrastructure. Believe it or not, underneath that virtual hood there’s a bunch of physical componentry. So some people still want to manage and utilize that.

Then you had virtualization. Then you had grids and all the other things that came out. Now we’re into highly containerized environments, and also the cloud providers are bringing in serverless. So you’ve got these iterations.

So what have you really –? You’ve got to have technology that, one, enables you to look at the bleeding edge, so the developers can _____ at their applications to really start making a massive difference.

But you also can’t ignore the fact there’s a long tail. So how do you manage all the things that went before it, so they don’t become the weak link in the chain? So if your backend infrastructure is more legacy-based and your frontend infrastructure is much more digital, cloud-based, then how do you make sure that the backend doesn’t impede the frontend from becoming extremely agile?

I think the reason that most companies are looking at platforms now is really: how do I get the 5G’ness into my infrastructure that I’ve already got in place? How do I make sure that I can get the speed of change happening with my more legacy apps that were in previous iterations, virtualization, et cetera, as they move towards more containers? How do I then use Kubernetes? Kubernetes Next is only days away, probably.

So you’ve got to be able to make sure that you keep that arc, but you’ve also got to be very aware that most large organizations have this legacy environment that needs to be also managed, and benefit from the speed with which the platform can enable you to make changes to it, to alter is in a safe way, but also keep the bleeding edge stuff in the sink and make sure that they can do that too.

So it’s a balancing act, but at the end of the day, I think that when you look at companies and talk to them, a lot of the executives that are in there have as much concern about what they have already in place as much as they have about all the new stuff coming on. So the complexity, to your point, will continue to increase exponentially, and you’ve got to have the ability to be able to get some governance and rigor around how it’s brought into the infrastructure that doesn’t impede your ability to move further forward or create risk in an infrastructure that still has an awful lot of legacy installed.

Mike Vizard: We hear a lot about AI these days. Do you think artificial intelligence will save us from ourselves?

David Williams: I think that AI in the area that we cover is going – I’ll tell you where I believe it’s going to have the most benefit. It’s in the predictive nature of what’s going on. So I think with so much – and again, to your previous point about a lot of sophistication and complexity going on – it’s how do I plan my head count? How do I plan my costs? How do I plan what infrastructure is going to be doing in the next six months to a year?

Obviously, people have still got budgets. They’ve still got business value realization to inject into this. I think what AI has is the ability to not just provide analytics, which basically takes lots of data and turns it into more data, it’s the ability to be able to take the data that it does create, which has got good behaviors and the trends built in, and then you can harden it, so you can actually have much more accurate predictive capabilities on the usage and what to use.

The second thing that I believe in this space, AI is definitely – what we’re doing is looking at how to help companies interact with the infrastructure much more coherently by putting guardrails around the interaction, making sure that compliance is inherent within what they do. AI should be in the background checking that human error doesn’t create catastrophic impact. So you want to be able to mitigate the engagement, so access controls, governance, guardrails, advice, even what-if. If I did this, then this would be likely to happen.

So you want this sort of teacher of sorts in the background. As you’ve got more and more people interacting with it, it would arguably lower skills or different types of skills interact with the infrastructure. You’ve got to do it safely and, obviously, if anything looks like it’s gone awry, it could be captured at that point and stop any catastrophe happening with misconfigurations, for example.

So those are the two areas. Predictiveness is definitely one. People really want to know where it’s going, and what’s the impact and the cost. The second thing is interaction. How do I make sure that it’s managed more effectively and governed, without inhibiting that innovation that most companies want?

Mike Vizard: All right. You did bring up what I consider at the moment to be the bane of digital transformation, which is security and all these misconfigurations. It seems developers have a lot more control when they provision stuff as they see fit, but they don’t have a lot of security expertise. Then the next thing you know, a port is left open and extremely valuable data is flying out of the enterprise.

How do I approach this or think about this from the perspective of a digital CXO? What do I need to tell my people to focus on or to think about? How can I resolve all this stuff?

David Williams: Security isn’t an add-on. That’s the first thing. I think people, when they say, “We’ve got infrastructure specifically to provision and get running,” again, it’s the cloud thing. We’ve got you covered. In the cloud, you can quite happily do things. But the cloud doesn’t understand. The cloud is going to give you the outer reaches of access, if you like, if you’re provisioning in the cloud.

What it’s not going to do is all the – are you misconfigured? Are there half-duplex/full-duplex settings in the networking? All these things have to be covered. So I think that the security environment generally is becoming much more intrinsic within tools.

So it’s with the tools that you’ve got to have the first layer of cover. So if the security officer has the remit with which risk must be managed, then the technology that’s used from the operations side, provisioning, needs to have at least a lot of the indicators that show that it’s doing its job. It’s managing the configurations. It’s managing the access. Granular permissions are being set. So when you look at information reports, you understand what’s going on. Very much the bare bones table stakes security has got to be built into the technologies. It’s not an abstraction.

When it comes to the high-level risk and obviously the data protection and the things in the database is definitely an art form of its own. But within the responsibility of the infrastructure providers, they’ve got to have these don’t do anything crazy in regards to configuration misconfigs, which is a risk and therefore an impact on the business. Don’t open things that shouldn’t be opened, that should be checked as you go in.

So the secrets management has got to be built in, whether it’s through integration or whether it’s inherent within the product just to get the bare bones stuff. Access, privileges, rights, information has got to be built in. That, again, should feed into the larger CXO’s requirements for managing what the security infrastructure requires.

But I think at the end of the day, every product needs to be, to a degree, a security product and it has to be a citizen of security. It can’t do its own thing. It needs to make it available to the security officer in the way that the security officer needs to consume it.

The last thing I’ll say about this is operations people have always been measured differently than security people. Operations people are like the anti-NASA. They assume things are going to go right. So people are looking at it and provisioning, and someone’s got their back somewhere, hence why the cloud has always seemed to be something of a safety mechanism.

Whereas the security officers and the security people always assume things are going to go wrong. What is happening now and where should I be looking? Because they don’t get rewarded for security breaches. Operations people typically get rewarded for availability, performance, up time, and the remediation of issues.

So I think that not only is it like a responsibility to the technology to provide that information and to cover a lot of those basics, it’s also part of the organization, the design of companies as they change that says you should be looking out. You should assume there’s going to be something of an issue. Now put the guardrails in place that make that assumption less of a risk, so you can manage it.

Again, it’s a 30, 40-year-old problem that I think most people are going to have to start working on. Everybody has got to have a security mindset today, irrespective of what their job is in operations.

Mike Vizard: What’s the one thing you wish digital CXOs understood? Because not all of them are as deep in the technology as you are. Is there one thing that you consistently see that you wish that they all had a greater appreciation for as we move forward?

David Williams: Yeah. I think the main thing is that if you ask a team, “How effective are you? How well are you provisioning infrastructure? How well are you secure?” they will all say, “We’re great.” You could go to 200 teams within your organization that will give you a positive indicator that everything is great.

Then you’ll stand back as a senior executive, as a leader within the organization and say, “So why is it costing me more? Why have I got to add more skills? Why are you telling me I need to get more stuff?” Because it’s the way you look at it and it’s really been an attribute of DevOps and things like this, where teams and fragmentation is being the way with which things go on with the emphasis on collaboration.

So if that is the case, I think it’s to make sure that the overriding organizational requirements are understood by the members, even though they’re doing it, or the points of pain end up being extreme points of pain at the higher level.

But also the other way around. To be honest with you, teams do what they do to execute and work well. They will use infrastructure and all the things that they need to do their job, and they’re not measured on infrastructure standardization. They’re not measured – in fact, there are two words developers typically don’t like: standardization and abstraction.

They don’t want something abstracted, because they want to get into the weeds. They don’t want standardization because it limits their ability to do their job. So the magic is making sure the C-level executives understand that at the bottom level everything looks very good, but if there’s no uniformity or at least some governance common across all those teams, then don’t expect the reports and information that come up to make sense to you in respect to the things that you’re seeing in regards to an inability to plan and cost management issues, et cetera.

So that needs to be done. Again, a control plane of sorts that needs to go in there and at least translate all the, “It’s going great,” into what that really means and where the issues are, but also back down and making sure that the teams understand the value contribution they’re making, and why the executives are asking questions of them when they’re looking at it and going, “I don’t understand. Everything is going well. Quality of code is going out. We’re releasing every ten minutes like you asked. We’re doing these things. So what’s the issue?”

So I think it’s really helping the teams understand how the business looks as the CXOs look at the infrastructure and how they regard the infrastructure and _____ the other way. So it’s much more of a bridging the gap between the two, and that control plane will definitely help.

Mike Vizard: So that divide between IT and business is still with us, but it’s changing.

David Williams: Oh, yeah.

[Crosstalk]

David Williams: It’s bigger than ever I would say. That’s the one thing I am seeing. Again, you talk to developers about how they can improve their day, and you get information that – when I talk to developers about infrastructure, I have an extremely interesting conversation around speed of delivery, taking infrastructure as code type of technology and making it more valuable, giving them a little bit more control without inhibitors.

So they really want to be more efficient and get their work done, but they don’t want things getting in their way. They want visibility. They want to understand what’s being done, how it’s being done, why it’s being done, and what the value to the business is. There’s got to be outcomes.

So without going down another path, this is why the emergence of value stream management thinking is starting to impact. What’s the value that each of the teams is doing in respect to specific businesses? So if you can measure the teams against a business outcome as opposed to just speeds and feeds, and how the infrastructure is leveraged in support of that outcome, then that definitely will help, at least bridge the information gap.

So they’ll know why they’re doing it. The executives will understand the connectivity. I understand the big picture and I understand the contribution that team is making. Therefore, I understand how they’re using infrastructure.

That alone would be a massive advance. It doesn’t address the deformity of technologies at the bottom, but it definitely provides greater visibility into why people are doing what they’re doing and how it impacts the business at the higher C-level.

Mike Vizard: All right. Start with what you want to measure and work backwards. David, thanks for being on the show.

David Williams: It’s great to be here, Mike.

 

Show Notes