If you have read my Architect as a Service (#AaaS) Blog and are back here to understand more about the deliverable roadmap provided at the end of an #AaaS engagement, welcome to part 2.
Quick recap – What is #AaaS? – In its most basic form, #AaaS is a fixed price engagement engaging senior stakeholders in the business (often executives CIO, CTO, CISO), and delivered through a series of workshops, meetings, interviews, and interactive sessions. The intent of the engagement is to discuss the top questions, risks and concerns to a client, and to remove as much fear uncertainty and doubt (FUD) as possible.
The Output – Strategic Roadmap – The deliverable from the #AaaS sessions is a prioritised strategic roadmap showing tasks which can be completed rapidly for the quickest possible return, through to consulting and consumption activities which will drive the fastest possible time to value. The intent of the roadmap is to allow the executive sponsors and business leaders to work in a collaborative manner with their partners and vendors to clearly understand business risks and mitigation strategies. We’ll also arrive at a timeline which will allow continuous improvement through project delivery, whilst ensuring efficient consumption of existing entitlements that will drive successful business outcomes.
So, what does this look like?
We recently completed an #AaaS engagement with a private oil company. The clients concerns and brief given to us was as follows:
“After a number of months working through schedules and projects trying to get a consensus on direction, we are no further forward and still somewhat in a state of flux. We cannot be sure that we are realising the value of our investment in Azure and O365, we do not fully understand our cloud application usage, and we have a number of concerns around cyber security. Maturity around information management is weak, and we have a mix of identity sources which makes credential and password management almost impossible. It would be fantastic if we could leverage you architect as a service to help us better understand the landscape and derive a mitigation and remediation plan”
Upon completion of the onsite workshops and collation of findings, we were able to provide a priority focused roadmap presentation to address the brief, which is summarised below:
1. Priority 1 Security Critical – Identity. We strongly recommend that a central source of identity is established in Azure (AAD Premium) with enforcement of multifactor authentication and conditional access for AD and all O365 Services. Privileged accounts should be given just in time access to allow effective execution of tasks and no more. This would be a professional services engagement and a statement of work will be provided to deliver this outcome.
2. Priority 2 Security Critical, quick win, and strategic – Security. The ShadowIT audit used in the workshops has shown that information is leaving the organisation and being stored in unsanctioned cloud services. The sensitivity of this information could expose the organisation to reputational or fiduciary risk. It is recommended that a program of work focused on Data Loss Prevention is undertaken. DLP typically starts with a Risk assessment, through to a Pilot, and then over time into production with policy enforcement. Each stage of the process will be scoped accordingly.
3. Priority 3 – Visibility – Quick win, understanding workloads in Azure and how they have been provisioned against the actual requirements of the service can lead to overallocation and subsequent costs. Having Azure advisor run across the tenancy and provide insights into optimisation and right sizing will likely drive cost savings. This is a task that a secured global admin in the organisation can complete.
4. Priority 4 – Migrate – Strategic. Audit the on-premises infrastructure and application estate to assess the viability for migration to Azure public cloud. Based on the priorities determined in consultation with the customer, Azure Site Recovery (ASR), can be implemented in order to migrate identified resources from on-premises to Azure, reducing capital expenditure moving forward, whilst further increasing the security posture of the organisation.
5. Priority 5 – Optimise – Strategic – Review the solution design of applications migrated to Azure to understand the process to move from traditional infrastructure-based design, to Software-As-A-Service (SAAS) or Platform-As-A-Service (PAAS) models. Following on from the migrate phase, review Azure Advisor recommendations regarding Reserved Instance Pricing to further reduce operational cost by pre-purchasing virtual machine infrastructure for 1 or 3 years at a substantially reduced cost.
This information was collated into an easy to consume 2-page summary presentation. The presentation to the executive team provided clear mapping to the provided brief on what needed to be done, why, and in which order to ensure the quickest possible time to value whilst continually improving the risk posture of business. Subsequently we were asked to engage with the customer to begin the work required through a fixed price outcome-based set of projects.
Making the decision to take a small step back and take a look at the bigger picture through engagement with a trusted, and independent voice of reason allowed the business to rebalance projects and achieve tangible business outcomes that were more in line with where the business needed to focus.
Look out for part 3 this series – Customer Case Study
Want these insights delivered straight to your inbox?
Enter your details to join Insentragram
ABOUT THE AUTHOR
Solutions Manager, Secure Workplace, Modern DC & Cloud at Insentra
Data and Information are not the same thing.
As much as businesses try to evolve in the continuing vaccum of information management and security, the goal posts continue to move as individuals create more and more information. How and where does this information get stored? is it always going to be available to me? can i be certain that no matter what, I can get access to my information? common quesions, and in almost all cases the answer is simply “buy more storage and keep all data”
Seldom do individuals or businesses think about what “Information” resides within the data that they store, backup, duplicate, replicate, take offsite etc. It is a published fact (Gartner) that 69% of information stored is a zero commercial, or legal value to the business. The trouble is however, you don’t know what you dont’ know.