Cloud – Behind the Curtain

"It takes a village…" is one of the famous phrases that our VP of Cloud Operations uses.

And this is definitely the case when we're referring to a Cloud organization.

Managing a cloud requires a lot of behind-the-scenes work to ensure that all aspects of the service is functioning in harmony. A proactive position is critical here, since The intent is to make sure that customers will never be the ones to find an issue before the Cloud organization noticed it first.

In order the achieve highest possible CSAT levels, all disciplines (Infrastructure, DevOps, Security and Application Operations) need to work together in relative harmony in order to deliver the solutions to customers who have come to depend heavily on Cloud services to run their own businesses.

Just as the four wheels on a car rotate at the same speed and in the same direction, all Cloud Operations disciplines need to be linked together as one.

But what does it really mean to be a Cloud organization?

In my previous blogs, I focused on the benefits to move to the cloud. However, in this blog, I'd like to take you into the cloud operations world and show you what happens 'behind the curtain'. Can any company just declare that it has true Cloud Operations and supply Software as a Service (SaaS) to its customers? 

Well, not really… 

To offer a true cloud service to customers requires several critical aspects that the organization must design and make ready.

I will say, personally, being part of such an organization, I have the ability to witness the day to day operations of a cloud organization, and I find it is inspirational to view an organization focus on precision, accuracy, standardization and repetitiveness in their processes, activities and handling of customer facing support structures.

Without this level of maturity, the SLAs we provide our customers would never be met. The pathway to cloud maturity is a journey met with challenges and many celebratory milestones, when executed correctly.

Below is a list of 10 points that are a MUST have for any organization that would like to grow and provide a Cloud offering and Software as a Service to its customers.

It's not an easy task and obviously it's a lengthy journey to achieve this transition, yet the road must be traveled for any company that wants to consider itself as a Cloud Provider that can provide the best possible user experience to its customers.

The MUST haves:

Adhere and comply to regulations, such as SOC2 and ISO27001 

1. SSAE16 SOC2 certification means that there was a successful audit on the controls and best practices a Cloud Provider must adhere to. The Certification is based on multiple aspects of Security, Availability, Processing Integrity, Confidentiality and Privacy.
2. The ISO27001 certification specifies what is required to establish, implement, maintain, and continually improve an information security management system that is exercised 365 days of the year by the organization.

These 2 certifications are the requirements that potential customers must validate before taking advantage of the cloud offering.

Proactive 24*7 monitoring and maintenance 

1. An excellent monitoring solution needs to cover the entire environment from the infrastructure up and thru the application layers is mandatory. The solution needs to monitor all resources and the full functionality of the application, in order to ensure that all are working as prescribed.
   

   Reviewing thresholds and errors are not enough anymore. To make sure such errors will not happen, the latest best practices must be implemented, while the applications should be carefully monitored to recognize any anomaly and address it immediately without any interference to the users. In addition, logs should be proactively monitored as well to review any warnings that can indicate on upcoming event.

   As customers can vary in size, and the usage of the solutions might be in a different manner, the monitoring platform needs to learn, over time, what the customers' normal habitual usage is and then begin to define that as "normal operation". When the monitoring platform senses a deviation form norm, an early warning detection alert is issued to an available resource who in turn takes the predetermined and scripted steps to remove the risk which prevents the situation from becoming an issue.


2. The second important piece of the support system is the continual tuning of resources in order to ensure the application has what it needs to run properly. As customers agents increase and the size of their data grows, resource usage changes and requires constant adjusting or tuning of resources to ensure that the toes never hit the end of the shoes.

Build the security from the ground up 

1. There is no doubt that security is the most critical aspect of cloud deployments. Starting from the different tiers in the cloud with the intrusion detection systems, firewalls, monitoring, access control and processes. It must be built from ground up and there cannot be any compromise.
2. Therefore, strong architects and security and compliance manager are required for making sure the standards are being kept all the time.

Architectural reviews with the different line of businesses (LOB) and addressing all Cloud gaps in the products 

1. There must be an ongoing feed from the different LOB's to the cloud team and vice versa for any new solution or capability, and to have a thorough architectural review to make sure there are no gaps, either security-wise, operational or others.
2. With true collaboration, it is possible to make sure there are no surprises and any new capability or solution has a smooth transition and deployment 

Strict policies and ongoing reviews 

1. Dozens of policies and plans are required to create and follow, starting with the Information Security Overview, and following with how to manage and protect the information, assets, physical security, access management, backup, vulnerability management and much more
2. As mentioned, the policies cannot be written and be kept only on the pages, it must be strictly enforced

Ongoing vulnerability scans and penetration testing 

1. You can never be stagnate and must always run ongoing vulnerability testing that will cover all environments and make sure the customers deployments are fully secured and there are no new exploits. In addition, at least annually, there must be a third-party penetration testing as another line of defense. 
2. By complying to these standards, a cloud organization can be certain it has the most secure environments, and any findings should be treated immediately according the criticality of the issue

Dedicated teams from all disciplines 

1. In order to provide end-to-end Software as a Service, there must be the relevant teams that will support this model as well, and for this all teams from all disciplines must be recruited, trained and be part of the cloud operations organization. Teams such as network, security, architects, DevOps, application operations, DBA's and more are critical to be part of the Cloud Operations organization 
2. People are the most precious souse in a Cloud organization. Without the best people, there is no chance that the delivery will be as good as customers expect. Therefore, a Cloud organization must recruit the best people in its field with experience in cloud operations.

24*7 follow the sun process with teams across the globe 

The Cloud service needs to be available 7X24X365 in order to respond to customer requests in the form of service requests, as well as react to the alerts begin generated by the monitoring solution, perform all patching and upgrades as well as performing the proactive work that ensure that solution continues to run as well as the first day it was deployed.

As customers are deployed globally, so does the cloud organization, and there must be ongoing support to make sure any issue can be treated immediately.

This can be achieved not only by having the support teams across the globe, but also to make sure that in every location there are enough people from each discipline (DBA's, Networking, Security, DevOps etc.)

Have a dedicated team of Cloud Customer Relationship Executives

1. The Customer Relationship Executives will walk hand in hand with the Cloud customers during and mainly following the deployment for making sure the transition to the cloud is smooth
2. This is a critical role that acts as the customer's advocate and understand the customers challenges and able to address it immediately 

Have the whole organization in a Cloud mindset and make sure all processes and systems support this model 

1. There are numerous process and systems across the organization that are required for supporting the cloud model, from ticketing systems, pricing, operations and much more
2. Not only that, but the people need to be in the Cloud mindset so any decision made, either business or development side, the Cloud is on the first priority.

The above points are just examples of the complexities organizations can find along the way when trying to become a cloud organization, and the roles that should be part of this organization must be very precise with extensive experience.

"It takes a village"

Assuming you feel confident in moving into the cloud, you should make sure to have the solution deployed with a company that already travelled the distance and far beyond it.