News Automation & Orchestration Continuous Compliance Financial Management Life at Kion
Last updated on January 31st, 2023 at 6:29pm
Businesses have been planning cloud migrations for more than a decade, but cloud adoption has increased dramatically in recent years. Today, 92% of organizations are hosting at least some of their IT environment in the cloud, and enterprise cloud spend is expected to make up 14.2% of the total global enterprise IT spend by 2024.
Cloud adoption offers increased scalability, flexibility and cost savings but, when improperly implemented and managed, a cloud environment can also cause a number of challenges. The most common of these are controlling costs, data privacy, securing cloud resources, governance and compliance, and a lack of cloud skills.
And as more companies migrate to the cloud, these challenges will become even more prominent. But they aren’t inescapable.
With careful strategic planning, all organizations can take steps to improve their financial management, compliance, and orchestration within their cloud environment and reach a state of true cloud enablement, where they’re able to unlock and achieve all the benefits of the cloud.
To find out how businesses can get started on their journey to cloud enablement, we spoke to Randall Shore, VP of Delivery and Support at Kion. Prior to joining Kion, Shore spent almost a decade at George Washington University, most recently as Director of IT, where he managed an IT environment focused on academic, administrative, and research IT software and systems. For the last three years, Shore has been running a team focused on the technical side of the customer journey at Kion; from pre-sales demonstrations, to evaluations and onboarding, and through to support and ongoing training.
Who is Kion, and how does the platform work?
Kion’s technology itself has been around now since 2015. But we really became our own product and our own company in 2018.
We’re a cloud enablement platform—we help organizations of all sizes across multiple different sectors—from private sector to public sector—to achieve a well-governed and well-managed cloud. We focus predominantly on three main areas: automation and orchestration, financial management, and security compliance. And we predominantly focus those three areas on the three main public cloud providers today: AWS, Azure and Google Cloud.
In addition to helping organizations achieve each of those individual pillars, we also help them unlock the power of combining those pillars; being able to take automated action based on a financial issue or a security issue, for example. In terms of how the platform works, we’re a little bit different. We’re not a SaaS solution—we install inside the customer’s account, so they have full access to do what they need to do and can manage all cloud providers from a single instance of the platform.
What are the main benefits of cloud adoption?
A high percentage of IT projects fail. In a pre-cloud environment, the barrier to entry—before we even get to that failure status—is high. You need to buy expensive hardware that you’re keeping around for three to five years, which involves spending a lot of time building it, deploying it and managing it. And running data centers isn’t easy; you’ll have challenges with power and backup, for example.
But a lot of these challenges are things that are solved natively by running infrastructure in the cloud.
So, one of the first real drivers for cloud is low cost or low barrier to entry. You can build something quickly, which allows you to innovate and remain agile. And it also allows you to either fail fast and/or save money.
The cloud also gives you the ability to scale. As you’re building applications or running cloud workloads, you don’t need to buy additional hardware to sustain whatever your peak is; the cloud is almost an infinite landscape for you to scale up or down to meet user demand. Whether you’re selling tickets to a concert, or you’ve got a student information system where students are registering for a period of time, or whatever your project may be—the cloud gives you the ability to scale up and down quickly to meet the needs of the users of the application. Finally, a lot of pre-cloud organizations spend time focusing on things that don’t really provide much value to their business, but which are necessary to run an application. But the cloud has made a lot of managed services available to take care of these processes, like setting up your backup and snapshot policy or handling your disaster recovery. And all of this is highly available, which frees up your engineers’ time to build what your organization’s mission is.
What are the main challenges that organizations face when it comes to controlling their cloud environments?
I think one of the biggest challenges is the cloud skills gap. When you move to the cloud, the skills that you had and the ways in which you architected your application in a data center don’t just translate perfectly to the new environment. There are lots of new concepts that are introduced that you might not be familiar with. And some people may be scared of those new concepts, because of the risks that come along with them; it’s easy to make a mistake or expose something, and end up on the front page of a newspaper.
So, security is the second main challenge that organizations face. When you give somebody a cloud account, you’re essentially giving them the key to their own data center. So, how do you prevent them from accessing resources that they shouldn’t be using, or making something publicly available that might not even be possible in an on-prem network?
Another of the security challenges is that it’s more difficult to get a complete overview of a cloud environment. If I tried out one of those managed services and decided I didn’t want to use it, there would be nothing to tell me that I was still using it until a bill came through. Whereas on-prem, somebody is controlling what servers you have access to and what’s running on them. And they’re very easy to see because you’re hosting them physically in a data center you control. The final main challenge is the fundamental shift in power from on-prem to cloud in terms of financial management. The financial team or procurement team in a traditional on-prem model approves a purchase order to buy hardware that you’re going to rack and stack inside of your data center, so they’re well aware of what’s being purchased and they can depreciate it across a certain number of years. In the cloud, all that control is lost; they get a bill at the end of the month, and they need to figure out how to pay it. So, gaining an understanding of what the cost is and attributing the cost back to where it happens can be a huge challenge.
How are these challenges different for organizations just starting out on their cloud journey, and those with already fairly established cloud environments?
First off, you’re going to make mistakes when you’re starting out in the cloud, and you’re going to find out either due to something getting leaked, something going down, or a bill coming in. And as you become more established, you’ll make less of those mistakes.
But there’s also a fundamental difference between those that are new in the cloud and those that are established in the cloud, in how their workloads are architected. A lot of people take the traditional “lift and shift” method of cloud adoption, which is when they say, “This is how my application looked in the data center,” and move it to the cloud in exactly the same way. But they don’t get the value they were promised—that scalability, elasticity and the cost savings. So, then they rewrite their applications and re-architect their platform.
That itself presents new challenges in terms of how the application was designed to work to begin with; there could be scale concerns that didn’t happen before, for example, because they weren’t able to scale out that large with the bounds of their physical hardware.
At Kion, we often think of customers as being on a cloud maturity scale, where zero is getting started and five is cloud native. And it’s particularly interesting to compare which aspects of our platform appeal most to those folks at the beginning of their journey, to those which are more established.
One of the things I mentioned in terms of the pillars was combining something like automation and orchestration with financial management. One of our concepts, called Enforcements, allows you to take automated actions, like shutting down resources or locking people out, when you’ve met or crossed a budget threshold. Typically, in those early stages, those are going to fire a lot more often. And when you’re cloud native, you know what those thresholds are and how to prevent that from happening. So, we see different challenges, based on where they are.
But one thing that’s similar across the entire cloud journey is that cloud is not stopping; it’s evolving and launching new services every day. And whether you’ve been in the cloud for five years or you started today, those new services are completely new to you; you need to digest what they are, what they’re doing, whether they have value to you, and how to take advantage of them. So, there are different levels of maturity, but there will always be something new to learn, no matter where your business is on that maturity scale.
As we’ve been talking, you’ve mentioned the three “pillars” of cloud enablement: automation and orchestration, financial management, and continuous compliance. Could you tell us a little more about each of these pillars, and how Kion helps organizations achieve them?
Yeah, absolutely. So, traditionally, the industry uses the terms “cloud management” and “cloud governance.” In our mind, what happens after your cloud is well-managed and well-governed is this area of “cloud enablement”. And we break that down into those three pillars.
From a financial perspective, it’s not just reporting on spend—we try to give some of that shift in power back to the finance team. One of the ways that we handle that is by looking not only at how much you’re spending, but helping you connect that back to your internal budgets and cost centers through a concept that we call “funding sources”. To have a well-governed cloud, you have to be prepared for cost runaways and you have to be able to understand how cost can show anomalies in your environment, like a compliance vulnerability, for example.
And it’s not just having these three pillars, but it’s the intersection of them, that’s particularly important to us at Kion.
So, in addition to the reporting and control of financials, we tie finance into compliance by thinking in terms of a “prevent, detect, report and remediate” cycle. We come with over 6,000 compliance checks out-of-the-box, aligned to all the popular frameworks such as NIST 800-53, PCI-DSS, and ISO 27001 to name a few. These help us take a preventative posture to compliance issues, as well as detect anomalies in an environment and report on them, and then either auto-remediate them or provide steps for remediation, depending on the organization.
Another strong intersection of these pillars is the provisioning of new cloud accounts. If you’re joining an organization as a developer, you get a laptop, a key fob to the office, and a cloud account. We programmatically create those cloud accounts, automatically putting in all of those preventative controls that outline what that person can or can’t access, making sure access is aligned with compliance requirements from the start.
Then on the automation side, we have that programmatic provisioning of new cloud accounts and the ability to automatically remediate issues, align their cloud spend to the internal budget, and provision end-user access seamlessly. When all of this comes together, you have one single place across all of your cloud providers that you log into for all things cloud, giving you insights into your financial health and compliance health, as well as those automation and remediation capabilities.
What final pieces of advice would you give to organizations struggling to manage their cloud environments?
Get a grasp of what’s happening in your environment—you can’t fix what you don’t know about. Now, Kion can help with that, but there are even open-source solutions and native solutions from cloud providers that help you understand what your presence looks like.
You’re in the wild west, where everybody can do whatever they want within the organization, and you need to get them reined in.
So, start by finding out what’s out there and where your vulnerabilities lie, and which of those are your biggest pain points—maybe your cost runaway is huge, or nobody knows how to access anything or create a new cloud account. Then prioritize those points and start taking steps to fix individual issues at a time.
You need to work out what “good” looks like, then start that process of fixing individual issues until you reach it. And there’s tons of training out there, and there are tons of communities of folks out there willing to help. I don’t think anybody goes from a complete madhouse to a perfectly governed environment in a day. But you absolutely can go from a complete madhouse to a path toward cloud enablement in a couple of days, knowing exactly how long it’s going to take you to get all the way there.
