WashingtonExec has reached out to leading govcon cloud executives about the latest trends in a post-pandemic world. These interviews highlight success stories that resonate, discuss how organizations are navigating current challenges, and provide insight into lessons learned.
Brad Schulteis, director of cloud and security solutions for global consultancy Slalom, shares his thoughts below.
What were you and your team heavily focused on this year?
DevSecOps has been a huge focus for Slalom’s clients in 2022. Legitimately incorporating security into ongoing DevOps modernization efforts at our largest clients has greatly accelerated. Shifting security to the left is becoming the norm, as continuous integration/continuous delivery and agile development practices mature. Helping our clients inject security into everything they do is a primary concern of development teams, and we have been very active in helping them do that.
What were some of this year’s biggest digital transformation challenges, and how did you overcome them?
Complexity was this year’s biggest transformation challenge. A lot of the transformation initiatives our clients ultimately opted to pull us into had grown into incredibly complex efforts and resulted in objectively overly complex systems in the name of “technological advancement.”
Unfortunately, it is increasingly common for potentially unnecessary application of bleeding-edge technologies due to the increasing ease with which these technologies can now be rolled out across entire enterprises.
DevOps practitioners, who may have a relatively limited understanding of how we got where we are today, are making arguably poor technology decisions because they ostensibly think they are making improvements by solving an already solved problem in a novel, albeit inefficient manner. They honestly do not know any better. The precepts are ingrained in them.
“We are a serverless organization.” “We use containers for everything.”
They are simply using the tools in their tool belts, and when all you have is a hammer, everything looks like a nail. We have seen situations where developers have essentially completely reverse-engineered relational database engines and reimplemented this functionality in serverless functions as a service.
Traditionally multi-threaded functions (think SQL joins), specifically optimized and compiled for local hardware, which could have run as in-register transactions within a single CPU core, are being re-implemented by inexperienced developers as single-threaded, network APIs written in interpreted languages. Transaction times for fundamental functionality moving from milliseconds to seconds is not uncommon. That’s literally thousands of times slower for every transaction.
We have attempted to help our clients overcome this by providing technologists with vertical and historical understanding of how these large-scale transactional systems have evolved and promote the use of more traditional approaches and technologies when possible. But this can be an uphill battle to get young, energetic development teams to focus on outcomes and not simply the latest and greatest technologies and techniques.
What were some of you/your team’s lessons learned as you addressed these challenges?
Whatever you do, do not add to the complexity. Simplify in all areas. Focus on driving simplicity through automation and standardization. This must encompass security, development, operations, financial management and governance.
Did the pandemic accelerate digital transformation efforts in your organization or with customers? If so, how did you/your team approach this, and how did cloud play a role?
Without question, we are seeing the results of accelerated technology adoption within our clients. Unprecedented times and situations drove accelerated decision-making, and many of these decisions did not have the luxury of trend analysis and data. Now that we have some historical data and greater context, we can help our clients reevaluate some of the potentially rash choices, the cloud adoption patterns and added complexity, that were made.
How do you/your team prepare customers for digital transformation trends of the future?
We have developed a new approach to rationally and securely adopting new cloud services across large enterprises, which we call the Service Adoption Framework. SAF focuses on simplifying the adopters’ journey by proactively marrying functional requirements with preventative and detective security controls, financial controls, quantitative risk analysis and existing policy.
This allows large, complex organizations to adopt new cloud services and features relatively quickly and orderly, without compromising their security and governance needs while keeping complexity low.
We help organizations codify this into infrastructure as code, with embedded security as code and policy as code, and automated enforcement mechanisms all throughout the continuous integration/continuous delivery pipeline.