May 9, 2019 | 6 min read

Spotlight Series: Hard Won Lessons From Secure Cloud Transformation

This series highlights the key insights and lessons from our Digital Leadership series of podcasts. We spotlight the important takeaways from our interviews in an accessible format. The following insights come from Rich Stiennon, industry analyst and author of a new book, Secure Cloud TransformationStay tuned for the full podcast interview with Rich Stiennon, in the meantime, take a look at our full library of podcasts.

Could share a bit of your background, what’s brought you to where you are and what ended up being the impetus for your decision to write this book?

I’ve been in IT security since 1995. I did a gig as an ethical hacker where I had my introduction to large enterprise. I got recruited by Gartner as an industry analyst back in the early days, as the second industry analyst covering security at Gartner, and obviously the entire space grew dramatically in the four years I was there. You and I met when I joined a little company called Webroot Software in 2005 and lasted maybe two years there before I had the itch to get back on the podium, and have more people listen to what I had to say so I started my own firm. So, I’ve pretty much been an independent industry analyst since then. I interviewed 18 CIOs, CTOs, 16 of them made it into the book, and their stories to me were fascinating. I would say it couched the book and put it inside a story arc that takes us from the transition, to applications in the cloud, to the networks transformation that has to occur for that to work properly, to learning and security on top of that.  

One big point that you highlight is the importance and the implications of cloud application adoption. How is adoption of cloud applications different, and why is it important?

It brings me back to something I’ve observed over my 30 years in IT, in that the IT department which when I started was called the MIS department. They would resist all new technology, I saw them resist the introduction of Internet connectivity, they resisted Wi-Fi, and the same thing of course repeated itself with cloud with so-called shadow IT, but even the IT department would eventually sanction getting rid of internal CRM and using Salesforce for instance. They saw the costs were lower, there’s no engineering anymore, what you see is what you get, and the providers of those platforms enhance them. Almost every week you’re getting new features and capabilities, they listen to their big customers and they improve the program as they go, so it evolves, and you usually pay per user timeframe budget so you can quickly figure out if its lower cost, and invariably it is.  

Could you compare and contrast some of the experiences that you’ve seen when you have traditional organizations that are taking that inventory of their applications, and then some of the criteria that needs to come into place to successfully make the decision of what path to take?

In general they all went through the phase where everyone was enthused about moving to the cloud, but then either made mistakes, they made them pullback, or wiser heads prevailed and they said, ‘No, you’ve got to be methodical about this’. So, the recommendations out of several of the people I interviewed was, step back, look at your applications, make that decision upfront about which ones are easy to lift and shift, so in other words are already an internal web application. It doesn’t matter if you move it from the datacenter out to the cloud and host it on Azure, Amazon, or Google, but also prioritize them on not only the total cost of maintaining and developing, and shifting it, but the security. So, it’s “do you need another layer of security if you’re going to host it hosted by a third party, in essence?”

One organization I talked to just made the decision that they were going to move everything to the cloud and shutdown their datacenter. They did that on a weekend and everything broke, nothing worked and they had to revert to the datacenter, take a step back and come up with a two-year plan to make that transition. So, I think it’s valuable that I get those lessons down, because you don’t want to make this hyped, it just happens to be the way that its going, and there’s long-term benefits for doing it.

You’ve highlighted that Office 365 in itself has created an enormous amount of pressure on traditional IT organizations. Why is Office 365 so different from other software as service applications, what’s unique about that, and how has that informed some of the lessons that have come out in the book?

My experience with Office 365 over the years was first as a security person, I did everything in my power 10-years ago to get off of Windows as much as I could, so I switched to a Linux laptop and used early versions of WebMail, and if you use the early Microsoft WebMail solutions you’d say this is not enterprise ready, it’s slow and cumbersome. I’d like to say email is a killer app, but Office 365 is killer app that is going to kill your network just because of the way it evolved over time to what it is. At Salesforce you have to have persistence with email because you want to receive an email as soon as it comes in, so those connections have to stay up all the time; so everybody is logged on as all these different TCP/IP protocols running at once, and if Microsoft makes a change in the IT addresses of where those servers are, or the routes to them, it can cause havoc for all your operations, because we all know without email everybody just shuts down and goes to the watercooler.  One organization like Kelly Services, including Office 365, up to 70% percent of their band width was directed to the Internet, so they eventually ended up throttling Office 365 traffic so that it would max out at 50% of all their traffic.

Could you share some of what you learned about the transformation in what we’ve considered traditional roles in the CIO, or the CTO, and any relevant lessons you found that really stuck with you.

I think the role is changing into one of a visionary business leader as opposed to, ‘Here’s 150 projects that have got to get done, and here’s your budget for it’. That to me is the most dramatic change, because there’s this overarching umbrella of the direction we’re taking in technology which was moving into the cloud, and then the things that cascade out of that with cost-savings that usernames are going to have enhanced capabilities that they never had before. A couple of CIOs I talked to recognized they were just in the dark ages, and a major insurance company in Canada and the US realized they need younger customers ultimately for their insurance policies, and those younger customers expected a lot more digitally from somebody that provided them with a service. So, they’re used to leading edge bank applications and we realized we had to get there somehow. We incorporated that move to a more customer-facing technology than they used to have through cloud transformations.



Momenta Partners encompasses leading Strategic Advisory, Talent, and Investment practices. We’re the guiding hand behind leading industrials’ IoT strategies, over 200+ IoT leadership placements, and 25+ young IoT disruptors. Schedule a free consultation to learn more about our Connected Industry practice.