SafetyDetectives spoke with Jaret Chiles, Chief Services Officer at DoiT International, about the challenges of using the public cloud, key considerations that companies should consider when selecting a cloud provider, best practices for improving cloud security posture, and more.
Can you please introduce yourself and talk about your role at DoiT?
As chief services officer at DoiT, I help organizations worldwide realize the true promise of the cloud. This ranges from helping startups avoid early-stage cloud adoption pitfalls to enabling some of the world’s largest IT organizations to advance beyond survival mode to positions where they are disrupting competition.
I have worked in the IT services industry for more than 20 years, helping organizations to balance their growth with the challenges of attracting and retaining talent while driving business outcomes and leading rapidly scaling organizations.
What are the key features or services that differentiate DoiT from its competitors?
DoiT’s technology portfolio of products and services enables organizations of all sizes to utilize the public cloud to efficiently achieve their business goals. What sets us apart from competitors is threefold: Our proprietary products, like Flexsave, which simplifies and automates the management of public cloud compute spend for optimized cost and agility; our talented Customer Reliability Engineering (CRE) organization where our world-class cloud architects provide support and advisory services; and finally, we create economic value with a friction-free contract model that simplifies cloud billing.
Companies have a lot of options when looking for cloud partners, but we’re really the only global provider of a full suite of products and services enabling a multi-cloud approach – that’s what sets us apart.
What are the main challenges that companies face when using the public cloud effectively and in a cost-efficient manner?
Cloud computing is a key part of any business’s modern IT strategy, but scaling, managing and paying for dynamic public cloud resources is costly, complex and difficult. The original promise of the public cloud was to offer flexibility and cost optimization with ease, which had been previously unattainable with traditional data center architectures.
The first challenge to overcome is ensuring that organizations have optimized their infrastructure, which a trusted CRE partner can advise on. Addressing the architecture is a critical first step and must be completed before moving on to other challenges.
As public cloud providers scale their offerings to account for new use cases and geographic needs, the involved complexity has made it increasingly difficult for enterprises to get the most out of their investments. This is especially true when it comes to compute usage, which can represent more than 70% of an overall cloud bill across different teams within an organization, and often requires unique commitments with multiple public cloud providers.
To account for this, public cloud providers offer a variety of discount programs to customers who commit to a specific amount of compute usage. But because commitment levels must be made in advance – either in one- or three-year terms – and are relatively static, these agreements are unable to account for unforeseen on-demand compute requirements. This pricing structure from public cloud providers, which often requires multiple commitments spread across different teams within an organization, presents its own set of challenges:
- Cloud usage – and its cost – is dynamic, not static
- Overhead management is challenging and complex
What are some of the key considerations for organizations when it comes to selecting the most suitable cloud provider for their specific needs?
It all depends on the specific needs of that organization. Each cloud provider has their set of strengths and functions that they perform better than the others. The Big Three are well known to be Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure.
The first things organizations should take into consideration when evaluating hyperscalers for their business needs are the regions the provider serves and availability, which directly impacts performance via items like compliance requirements and latency. This is especially important when it comes to dealing with data. However, not all regions cost the same, so if latency is not an issue, the organization may consider selecting a lower-cost region versus a closer one.
Another key consideration is the services catalog offered by each provider, which can also differ among regions, even from the same provider. These include critical resources like compute, storage and database services, networking and specialized services like support for the Internet of Things (IoT) and artificial intelligence/machine learning functionality.
The final consideration is, of course, price, which depends on many factors like usage, service needs and specific customer requirements.
What best practices or strategies can organizations implement to enhance their cloud security posture?
A lot of organizations struggle with measuring and managing cloud security. Adopting an approach that optimizes security while reaching the full potential of the cloud involves a shift from doubting the intrinsic security of the cloud to ensuring the organization is using the cloud securely.
Fostering close relationships between developers and security professionals from the outset allows companies to start their cloud journeys securely. A well-researched risk management strategy helps to identify where public cloud use makes sense and what can be done to alleviate the risks involved. Putting the right resources in place to review security measures, identify gaps, advise on security enhancements and deploy these enhancements can help improve cloud security posture.
What are the main causes of cloud breaches, and how can they be avoided?
Often, a misconfiguration in cloud service, or mishandling of keys and credentials, provides the adversary with an easy attack vector that could result in a security breach. It’s vital for organizations to understand the underlying shared responsibility model between a cloud service provider and the customer – and to adjust their internal processes accordingly. By partnering with companies like DoiT, organizations can better evaluate their current security postures and receive expert advice on risk alleviation, security enhancements and ongoing optimization.