Having served as the CEO of Skytap since July 2013, Thor Culverhouse has a unique insight into how the cloud computing market has evolved over the last five years. Ahead of an exclusive Skytap-NS Tech roundtable dinner discussion earlier this week, we caught up with Thor, and Skytap’s Europe chief Chris Griggs, to discuss some of the biggest issues facing the industry today: security, modernisation and why the cloud computing market is still in its infancy. This is an edited version of that conversation.
What’s the Skytap elevator pitch?
Thor: So the way I explain Skytap is we’re a public cloud like many of the other hyper-scale cloud providers out there. But where we’re specifically and uniquely different is that we focus on applications or workloads that were never designed to live in the cloud in the first place. We have some very unique, patented intellectual property and our whole focus has always been on those applications that were never really designed to live there. In effect, our cloud looks a lot more like on-premises infrastructure. So when it comes to lifting and shifting those applications, there’s much less refactoring.
By contrast, if you take some of these large Oracle RAC environments running on specific hardware, and want to get them to run on AWS or Azure, they won’t run natively. You actually have to refactor the application, which introduces other challenges: risk, bugs, money, time, all of those things come into play. The idea is to lift and shift those applications into Skytap and then that’s a great place to start to modernise the application. You get all the cloud-like utility immediately, but over time it’s a great place to actually modernise those applications either by injecting other web services from other clouds or through microservices with containers and things of that nature.
Surveys often indicate that CIOs and CISOs still have major reservations about cloud security. Are they justified in doing so?
Thor: Be worried about it of course, because it is the crown jewels of the company – but my sense is that that fear is starting to wane a bit. If you take a look at the number of large companies that are moving mission critical applications to a variety of clouds, they’ve done it quite successfully. All of us in this business treat security as our number one priority so in a sense I would argue that many of the cloud providers actually have much stronger security than enterprises have in their own data centres. They’re using all the latest and greatest technology. If it’s your number one concern, you’re going to be very, very proficient at it.
Healthcare and financial services used to be very concerned about it – we’re starting to see that thaw more and more. One of the largest verticals we have outside of retail is healthcare and there’s a variety of things we can do, like putting them in a private region, to increase the overall security profile. I would say that each one of those verticals that used to be hyper-concerned about it, that concern is starting to thaw quite a bit. It will always be done piecemeal. Certain workloads they’ll move and others they won’t. It will just happen over time.
How should CIOs and CISOs responsible for large legacy portfolios think differently about cloud security? What’s your approach?
Thor: The first thing we do is take clients through our own experience and we share with them all of our own certifications. We have focused on the enterprise for a long time and have some quite large enterprise customers with extremely large, complex workloads. We’ll have other CIOs share with them the experience that they’ve had with Skytap. It’s about getting them to understand how we think about it and how we go about it and the steps we take and the technology we put in place to make sure that we’re ultra conservative in that particular area.
Chris: We also look at the areas of security that are concerning those organisations the most. If it’s a heavily regulated industry for example, some of the concerns are quite different to those industries which are not regulated. One of the ways that we and other cloud providers address that is through private regions. Like other cloud providers, we can stand up a private region and that means we can lock down access to the internet and control how users interact with those systems.
Skytap published research earlier this year suggesting many organisations are over-complicating the migration process and creating a self-induced skills gap. How can they simplify the process?
Thor: What we’ve seen with many of the CIOs we work with is the first step is actually to recognise that it’s not going to be a homogenous world where you’re going to have a one-size-fits-all solution. Any enterprise is going to have a variety of different workloads and some of those workloads are easier to transform than others so I think it’s that initial acknowledgement which is important.
The ones that I’ve seen that are really successful go into their organisation and just do a triage of all those applications and score them in some sort of framework that gives them a sense of hard to easy and then work through those in a very logical fashion. Net new applications, moving to the cloud and building in the cloud are a lot easier than the processes that we talk about. CIOs are just now starting to wake up and focus on the ones that are traditionally a little bit harder. The process of moving an AIX-powered legacy system into Skytap is actually pretty straight forward but having people on the ground who actually understand those applications is the hard part. The transformation is actually pretty straight forward if you have the right people who know what they’re doing.
The “cloud wars” get a lot of press attention. That narrative can imply the industry is already mature. Where do you believe we are in the cloud maturity cycle?
Thor: I think we’ve only just started. Gartner believes that by 2020 only about 20 per cent of IT spend will actually be outside the enterprise data centre. The other 80 per cent is still going to be inside it. That would tell you that the journey to the cloud has barely started. I think the landscape of players is going to change as well. Microsoft is coming on phenomenally strong lately. We hear about them all the time now, much more than we used to. We’ve also seen Thomas Kurian leave Oracle and take over at Google Cloud. Given that there’s so many dollars available, the total addressable market is so large and the journey hasn’t completely started for many organisations, I would argue that the landscape of what those vendors look like is going to continue to change.
Chris: It’s really astonishing: some of the workloads and applications companies are starting to think about moving into the cloud, including in some government organisations you wouldn’t dream of using it. But my experience is that for most large commercial organisations, only five to 10 percent of their workloads are in the cloud. That tells you the scope and size of the market and the fact that the journey has only really just begun.
What are the best examples of cloud innovation you’ve seen to date?
Thor: We’re working with one particular financial services business, and their core application runs on an IBM I-series framework. They want to modernise the front-end so they’re looking at using a Kubernetes service front-end, a very modern micro-services architecture, but they don’t want to rewrite the back-end and so we’ve worked in conjunction with them to meld those two worlds together. The result is we migrated their backend to Skytap Cloud still running on IBM i, while the front-end is a microservices architecture based on Kubernetes.This basically allows them to modernise that application without a rip and replace strategy and I’m convinced that’s where the industry is going to go.
You hear a lot of vendors out there selling this concept around containerising your world. Well it’s just not going to work that way; there’s certain architectures you can’t containerise. There’s certain hardware you can’t containerise yet, and also the economic model doesn’t really work. Enterprises typically evolve and they’re going to incrementally modernise applications, rather than re-writing the whole thing just so it can simply live in one of the hyper-scale cloud providers. More and more you’re going to see a sort of incremental approach to modernisation and this one particular example with an enterprise we’re working with holds a ton of promise and is really intriguing.