Join Insentra CEO Ronnie Altit and Michael Webster, Insentra’s Chief Cloud Architect on The Download as they discuss industry trends around identity and security, common mistakes organisations make when moving to the cloud and the top business outcomes organisations can achieve in the area of identity and work.
SOME KEY POINTS IN THE VIDEO INCLUDE
[2.14] Identity is the new firewall.
[2.31] Hear what Michael has to say about identity as it relates to being in the Cloud.
[8.44] What are some of the common mistakes you’re seeing that clients are making?
[9.30] Cloud is a journey, not a destination.
[16.08] what are the top three things that you would say to an organization that may already be in the Cloud?
READ THE TRANSCRIPT
Ronnie Altit: Hi, and welcome to The Download. Today, I’m joined by Michael Webster, Chief Cloud Architect at Insentra. Michael, welcome along.
Michael Webster: How are you doing?
Ronnie: I’m good, buddy. How are you?
Michael: Very good.
Ronnie: Tell me, Chief Cloud Architect at Insentra’s what you’re doing now, what’s your background, what’s all into this role?
Michael: I’ve been in Microsoft’s technologies for the last 25 years. Started out as a hardware engineer, software engineer, architect, enterprise architect, practice manager, and today, a Cloud architect.
Ronnie: Okay. Through all of that history, as you say, you’ve been really deeply engaged with Microsoft. A lot of people I’ve met in the industry, you’re one of the few people I know that has such depth of knowledge in such a breadth of Microsoft technologies. How is it that you can do that?
Michael: I have passion for the technology. I love the things that Microsoft does, I love the way they do it, and I’ve always been involved. Been in MCEC since NT 3.51, been a trainer, consultant. I just love teaching people, I love sharing my knowledge, I love working with customers to make better accounts.
Ronnie: You’ve actually worked for Microsoft as well, right?
Michael: Yes, for a brief period.
Ronnie: Like I say, Michael Webster, chief Microsoft dude, right?
Ronnie: Tell me, as Chief Cloud Architect at Insentra, what’s a day in the life?
Michael: Day in the life these days is talking to customers, explaining what’s new in Cloud, how they can use it where they’re at in their journey, and how we can help them move forward.
Ronnie: Okay, so Cloud is this wonderful and morphous thing that’s in every conversation now. When you’re talking to customers about Cloud, because we know that everybody’s talking about Cloud, what are the main things that you’re seeing that some of the partners and clients are really interested to pick your brains on and what they’re really focused on right now?
Michael: The big things I see these days is security and identity. With the move to Cloud, the security paradigm has changed. Customers are used to the traditional model of, “I have my data center, I have my protected zones, and everything lives inside this data center.” But in Cloud, your data’s no longer in your data center. It could be in many data centers. How does that move? Realistically, it comes to identity. Identity is the new firewall. If you protect the identity, you’ve protected your access, you’ve protected your data.
Ronnie: Tell me about protecting identity. A lot of people would talk about protecting identity, credit card fraud, that sort of thing. What do you mean when you say identity as it relates to being in the Cloud?
Michael: Firstly, it’s about proving who the person is. Things like multi-factor authentication, single identity source. These days, it’s really important to have control of provisioning and deprovisioning into services. A great example is a company uses multiple Cloud services. Maybe they use Salesforce, maybe they use Dropbox. You join the company, how do you get that access? How do you revoke that access when you leave that company? And providing that single source of truth of, “This is my identity and this is the access that I have,” that all then allows you to do auditing and control. That’s when you then stop bringing in PCs, mobile devices, and the other peripheral devices which is where the data resides once you’ve protected the identity.
Ronnie: We’ve now got an identity and we’re perhaps using two-factor authentication to verify that identity, what are other ways we might verify the identity that you’re seeing?
Michael: Two main ways. Typically, another form of two-factor authentication. That might be I send a text message to a device or I control where I’m authenticating from. That might be I only allow access to the service from my corporate network.
Ronnie: Right, okay, so doing some really tight security then around where that identity comes from?
Ronnie: Okay. On that basis, when we start talking about security, I mean, Microsoft’s making a big play in the security space now. I think, historically, people would have seen Microsoft necessarily as a security vendor. They started with the antivirus, and I can’t remember the name of the tool, but no doubt you will. What was the antivirus?
Michael: Defender or OneCare.
Ronnie: Windows Defender, et cetera. Everyone’s like, “Microsoft’s playing in the security space, that’s interesting.” But now, we’re actually seeing they’re really heavily invested in that space with things like the AMNS Sweep, AIP, et cetera. Can you talk just a little bit about that?
Michael: I see today Microsoft is actually the number one security company on the planet, which is a big call. Microsoft’s strategic advantage is the Cloud. Today, they use Azure. They have the thing that they refer to as the Intelligent Cloud. What they’re really talking about here is they have millions of data points coming in to their environment. Every Windows device that is getting telemetry data, every log on into Azure, every log on into Office 365, they’re able to bring all that data together to then do machine learning and mass analysis across this for the benefit of everybody.
A great example is these days with tools like Enterprise Mobility and Security, particularly Azure AD Premium, you can stop building Smarts. If a user’s password and the username is seen on the dark web, Microsoft can immediately flag a trigger to make you change your password. That broad knowledge is serviced to each customer without any of their security or their privacy being violated. To provide a level of security that there isn’t anyone else in the planet that has that many data sources that has that much intelligence coming in, to be at a surface, that kind of intelligence.
Ronnie: Right. Talk to me about what Microsoft’s doing as it relates to a data loss prevention and those types of parts. Security’s so broad, right?
Ronnie: Perimeter security and then notify our company, right? Microsoft’s starting to get engaged in that part, obviously, protecting identities, et cetera. Talk to me about data security and the sort of things that Microsoft are doing. Not necessarily just in the Cloud, but also to assist organizations with their on-premises environments. What are they doing around that?
Michael: Traditionally, they’ve had Active Directory Rights Management Server or ADRMS. Today, the new version of that is called AIP, Azure Information Protection. What we’re able to do now is put DRM on your documents so that you can control what is allowed to happen to them wherever and whenever they’re accessed.
Ronnie: What I love about talking to techs like you, you’re always good with acronyms, DRM.
Michael: Digital Rights Management.
Ronnie: Okay, cool.
Michael: Basically, we’re saying, “I have a document, I’ve put some security in this document and I’m saying what saying what’s allowed to happen to this document.” If you think about it, it’s like a DVD. Your DVD has DRM on it so that you cannot copy it and you see the rights. You have a key that allows you to read and watch the video file, but you can’t copy the file. It’s that kind of control.
I could send a document to you, you’re in another company from me and I can say, “You’re allowed to read this, you’re not allowed to print it, you’re not allowed to forward it.” I can control what happens to that data that I’m sharing with you.
Ronnie: Fantastic. I think all of these stuff is really fantastic. I think it’s great that we can start to get those types of things in place. The one thing that nobody’s been able to crack yet, and I think it’s the billion dollar idea, is if you put DRM on a document, how do you stop someone being able to take a photo of it?
Ronnie: Because that’s always going to be still the outlier.
Michael: Yes, the analogue solution. That’s like watch the DVD and put a camera in front and record the screen.
Ronnie: This is exactly the thing, the bootleg.
Michael: Yes, good old bootleg, absolutely.
Ronnie: All of these security stuff’s great. The identity stuff, I get that. When you’re talking to the clients that you’re talking to, I know that you’re big on not talking about tech even though you’re a core tech. As you said before, you’re passionate about the technology. I know that you don’t like necessarily talking technology, but you’re more interested in discussing business outcomes. What are some of those business level discussions that you’re having right now where you’re trying to understand what the customer or what the client is actually trying to achieve, and whether or not, or what technologies fill that gap is secondary?
Michael: While I love my job, you’re absolutely right, I like to talk about business outcome. I’ll have a conversation with a customer, they might say, “We’re migrating to Office 365. We’re going to move our email there.” I’m like, “Fantastic, great move. It’s going to save you a bunch of cost.” Now, you’re going to have a mobile device. You’re going to plug that device in, you’re going to let someone with their own, or I buy my iPhone, I want to plug it into Insentra, copy my data down. What happens when I leave Insentra? How does Insentra protect their data?
We talk about it in those terms to say what are the outcomes. How do you protect these, how do you do these? What happens if this happens? Have you thought about this scenario, this approach? And then from there, we see what the customer wants, what the customer’s pain points are, and then we can dive into technical solutions that fix those problems.
Ronnie: What are some of the common mistakes you’re seeing that clients are making? There are some organizations that you’ll talk to who are early in their journey, some who are part way through the journey, and some who have gone really all out. I know you meet and have conversations with all three. Let’s pick the ones that are either on the way or all out.
What are some of the most common mistakes you’re seeing as it relates– I mean, you could probably talk to me for hours about some of the mistakes you’re seeing as it relates to identity management security posture, particularly, let’s say, in 365 or Azure. What are some of the most common mistakes that you’re seeing that the organizations are doing?
Michael: The number one mistake I see is that customers look at each Cloud project as a discrete piece of work and not a large piece of work. Cloud is a journey, not a destination. Even when you move to the Cloud, once you’re there, things are going to continue to evolve, things are going to continue to update. The way you do things and what you do is going to continue to change.
As an example, yesterday, I was talking to a customer and explaining a limitation of a particular service in Azure. Literally, four hours later, Microsoft placed a blog post explaining that that is now on preview and that limitation is gone. Today, I’ve got to go back and say, “Hey, Mr. Customer, guess what? The thing we talked about yesterday, here it is in preview. By the time we implement, you’re going to be ready to go.”
Ronnie: That’s on their platform as a service solution, right?
Ronnie: Something that just occurs to me, I wasn’t even thinking of talking to you about but you’ve just brought it up in a roundabout way. How the hell does someone like you keep abreast of everything that’s happening in the market, in this particular space alone when it’s changing so very quickly, and still have time to do your day job?
Michael: I do more than eight hours a day, that’s the honest truth. I actually love the technology. What I do, is in the morning, I’ll get up and I’ll have an hour assess reader. I follow all the particular blogs of the technical things that I found over time. I’ll skim through that and find out what’s new.
Ronnie: Then have you go back and think, “Okay, which customers have I spoken to about that and which partners have I been working with on this?”
Michael: Even for ourselves, the approach to the way we did an Azure deployment two weeks ago is different today. It’s a continually evolving space. That’s a challenge, but also makes it exciting. Techie, it really scratch that techie itch.
Ronnie: [laughs] Always playing with something new and fun too, right? It is a real challenge, no doubt. We understand some of the mistakes people make there when it comes to mobility. Again, the world is changing now. It used to be BYOD. It’s not even BYOD, it’s BYO, whatever the hell you want.
Michael: Bring your own anything.
Ronnie: Bring your own anything. In that sort of environment, we spoke a bit about the Enterprise Mobility and Security side, Intune, it’s part of that suite, et cetera. What are you seeing as being some of the biggest challenges in managing a mobile workforce with multiple different types of endpoint devices?
Michael: The biggest challenge is having a consistent framework, what is it we want to achieve? Do we want to allow users to bring their own devices or to anyone, like corporate devices? If we have the two sorts of devices, what do we allow on one and not allow on the other? And having that clear policy definition of this is what the organization is going to accept and seeing that it’s enforced.
The big part is the enforcement. A lot of times you’ll see IT has a policy, but you know what, they just let anyone bring their own device, they just allow anyone– “I’ve brought a brand new iPhone. The company only gives me a new phone every two years. I also want to buy this toy, so I buy the new phone. I plug it in, I want my data, I want to work wherever I am. ”
It’s that line between letting the workers do their work they want where they want and securing what’s important to the business. That line’s different for every business. That’s really a big part of the conversation we have with customers.
Ronnie: The scenario you paint is a really interesting one too. Which is, if you’re an organization that’s 5,000 seats, at any given week, you might have a hundred people who are buying your devices and upgrading their own devices. How do you control what was happening with the devices that they take, turn off and stick in their drawer, and maybe six months later give to one of their kids to take to school? How do you actually manage and control those devices that have no longer being used?
Michael: The tools around things like Intune allow us to see the devices that haven’t been seen by the network for a period of time, and then we can send out kill commands. For us, that would mean I’m going to remove the corporate data that’s on that device because it’s still a valid device. The last thing you want to do is delete someone’s pictures of their grandkids and that sort of scenario. We need to be able to secure the data.
Initially, we have to enroll the device. That’s key here. We set up a policy, we say, “This is what the device can do, this is how we’ll secure that data on this device,” and then we can run reports. Again, sad to say, why haven’t we seen these devices for three months, six months, whatever that time is. And then we could even book policy to say, “If I haven’t seen it for three months, I want to send an automatic command.” As soon as it turns up, I’m going to remove the corporate data.
Ronnie: Understood. I think that’s probably one of the biggest changes as well as people are moving to the Cloud. It’s kind of like everything is just out there, and being able to manage all of these different components. I was talking to somebody yesterday. I was talking to them about our reporting tool that we have in and around the 365 Suite for SharePoint and the reporting and auditing in mail and Skype, et cetera. They’re like, “I can do all of these things with Microsoft tools.” I say, “Great. How about we have a look and we get online, and we run some scenarios as to what you would do with a Microsoft tool. Let’s see how it works.”
Microsoft has so many different platforms and so many different places with so much information that you can gather. I’m sure you’re having these conversations regularly. It’s like, how does an organization– because too many people think, “I’ve moved to the Cloud now, it’s cool. I don’t have to worry about that, I’m done.” What they miss most more often than not is that now that I’m in the Cloud, holy crap, I’ve got to pull a lot more rigor and control around what I’m doing. I’ve got to try and centrally manage as best as possible and do things like kill devices, and all those sorts of things that, “But it’s in the Cloud, I thought that would just happen.”
Michael: Absolutely. It goes further than that. These days what we’re seeing is the concept of evergreen. You connected yourself to the Cloud, the Cloud then evolves. That evolution may have an implication to what you’re doing on-premises. Office 365 is a great example. You’re running a hybrid Exchange environment, you’ve got some things still on-premises, and Microsoft Revs Exchange.
Exchange, traditionally, is only every supported backwards compatible two versions. When they announce the next Rev within 365, you’re going to have maybe two months. You’re going to have to get rid of that old infrastructure. That is a big challenge for enterprises. It’s a changing philosophy because they now need to move quickly. That’s not something that enterprises have ever done. They’re used to five and ten-year deployment cycles. A deploy Exchange, a Windows SOE, and attach it for five years. Now, it’s guess what, I got two months. I’ve got to refresh 5,000 devices.
Ronnie: That’s a crazy refresh cycle, isn’t it?
Michael: It is.
Ronnie: That’s a whole different discussion that we could probably have at a different time. Tell me, Michael, if you had three recommendations for organizations, top three recommendations around identity and security in a Microsoft Cloud-based or Cloud journey– I love that statement that you made by the way that it’s a journey, it’s not a destination. I do love that. On their journey, what are the top three things that you would say to an organization that may already be in the Cloud? What are the top three things they should consider from identity and security perspective?
Michael: One, what is your strategy and how close are you to it? Where is that leading you to? Second one would be mobile devices, how are you managing them? Office 365 comes with what they call MAM application, Mobile Application Management. If you don’t have an MDM solution, at least turn on MAM. It’s free, it’s part of the product. The third one would be manage the devices.
Cloud is more about cost control and about reporting than it is about keeping the lights on. The work is in your infrastructure team need to get new skills. They need to be more forward-leaning, as in, “What are we doing, how are we going to make this better,” as opposed to, “I’m worried that this cannot send, it’s going to fail, see.”
Ronnie: Got you, I think that’s really important as well. You mentioned a little bit earlier in our discussion, Office 365 is going to save cost. It doesn’t necessarily save cost, it changes the paradigm. For the people who are working in organizations, they go, “Oh my God, the Cloud is threatening my job.” It’s actually really not. The Cloud is creating, in some ways, quite a lot more work but a lot more interesting work and lot more outcome focused work than as you say, checking whether the lights are green on a spinning hard drive or not.
Michael: I think it really leads to the idea of transforming IT from being a callcenter to being a business advantage. Because these people can start working on what are the pain points in the business, what’s the next big thing we can leverage to give us a competitive advantage in the market.
Ronnie: It’s the speed that which you can do it too, right?
Ronnie: It’s the speed. I was reading, just is an interesting story. I don’t know if you read this. I was reading a story yesterday of someone who had in, I think, 60 hours created the same solution that a government had spent $87 million doing and got a 95% accuracy, this was to do with number plate reading, just by leveraging equipment that exist in the Cloud and basic level stuff that he could put in his car. Quite a phenomenal story.
I think that ability to go in and just change the dynamic, and to come up with an idea and go, “Yes, that’s really quick. I could do that. I could turn on AI and I can do some machine learning, and I could gather all that information,” and, bang, out comes the output that you couldn’t do previously by freeing up the stuff to be able to be creative and have those thoughts, and be able to leverage those platforms is really important.
We could sit here and talk about Cloud, and identity and security, and all the things that you could do and all the rest for as long as we like. Tell me, Webby, because that’s what we call you. I don’t think many people actually know you as Michael in our business. I think everybody just knows you as Webby and Webby with the raucous laugh. Tell us something about you that people would generally not know just by meeting you. What’s something quirky about you?
Michael: I love birds. We have multiple birds in my house. I have a pink and grey galah called Norbert, who thinks he’s a chicken. He clucks like a chicken. He loves to come and fly into my shoulder when I’m on a webcast with people. He was on a webcast chatting to people in the US yesterday and had a raucous time, he loves to show off. I have a few Indian ringnecks as well. I love birds.
Ronnie: You love birds. I know about your love for bird. There’s a time that I remember, I rang you once and you were almost in tears because one of your birds had flown the coop. You had to go and chase the bird and bring the bird in the house. It’s always fun talking to you around them.
Michael: Life is an adventure.
Ronnie: About your birds, Michael, it’s fantastic. If you could tell me one joke, just to put you on this part, tell me what might be a joke that you’ve heard recently that you’d like to share with everybody who’s watching.
Michael: Guy walks in to see his proctologist, a bit nervous, a bit uncomfortable.
Ronnie: Michael, is this joke going to be okay?
Michael: It will be okay, I’ll keep it clean. He comes in, talks to the proctologist, gets through the pleasantries. The proctologist says, “Okay, it’s time to take your pants off. Hang them up on the hook right next to mine.”
Ronnie: [laughs] All right. Not now, wherever he may. Thank you very much. I don’t know if I really wanted to check the hairnet, but thank you very much, Webby, it’s been great. Fantastic for you as Insentra’s Chief Cloud Architect to share some of your wisdom, share with the audiences too the type of things, Cloud isn’t a destination, it’s a journey. I love that part, Webby. I know you said it might be a little bit of hyperbole, but it’s fantastic.
Webby, you’re known for coming out with some of these whacked up things. I know you’re also about to start doing and getting a lot more aggressive in your blogging because you want to start sharing a lot more. This interview with you is really kicking that off for you in letting people know, “Hey, Webby exists.” The market does know about Webby, there is no doubt about that. You’re a commodity that’s in demand. We’re very fortunate to have you as our Chief Cloud Architect at Insentra. Thanks for spending some time with me on the couch.
Michael: Thank you.
Michael has over 20 years’ experience with Microsoft solutions and has assisted many companies to implement these technologies cross government, private sector & not-forprofit organizations. Michael has a broad knowledge of Infrastructure as a Service (IaaS), Microsoft collaboration tools (Lync & Exchange) & private cloud (System Centre & Hyper-V).
Prior to working at Insentra Michael consulted for Microsoft Australia to implement multiple solutions across government and private sector throughout Australia. Previous to this he was employed as a Senior Solutions Consultant at a large IT System Integrator.
Michael is an accredited Microsoft consultant holding multiple vendor certifications.
MORE VIDEOS LIKE THIS