Mr. Bhaskaran, Chief Academic Officer, UNext Learning
Hello and welcome to Portal, Powered By Jigsaw (Now UNext). This is one of the most interesting spaces on the Internet for organizational stakeholders like us to discuss the futuristic world of in-demand technologies, in-demand competences, job markets and employability, work culture, AI dominance, and more.
Digital transformation still seems to be a buzzword. We’ve all been hearing about it and talking about it. Virtually, all companies across industries are wondering how to make the most of it. We know they want to get there. They just want to know how to do it. This Portal promises to be the guide for you. We will give you the insights that you need to make it to the other side of the door.
The Portal aims to feature veterans who will help you seamlessly transition into the digital space and start discussions on crucial topics that will only make workforces across businesses future-proof. We know that digital transformation is not only going to change the way you do work, the way you do business, and the way you connect with your customers, it is going to change the world as we know it. Our gateway opens and leads to the other side – the only chance of escape from the point of no return. This is popularly known as Event Horizon – the point of no return. So, all aboard our Capsule and fasten your seat belts. We promise it’s going to be an exciting journey.
It’s promising to be an exciting journey, so fasten your seatbelts.
So let me now introduce to you our guest for the day, Dr. Venu Murthy. An interesting side fact for you. He got his doctorate in para psychology.
He’s an engineer by qualification, an engineer by profession. But his passion is in para psychology, and that’s where he chose to get his Doctorate from. He is the current Chief Technology Officer of Stealth Startup.
With over two decades of experience in enterprise software development and IT consulting, he’s worked for large organizations like Infosys, IBM, and Unisys. He’s worked for the second-largest retailer in the world and the largest nuclear reactor company in the world, too. An absolutely incredible background.
He’s a key influencer. He helps businesses transform through digital implementation. He helps them build the right competencies and, of course, walks with them through the journey of process automation – from leading management of mission-critical applications to tech enterprises and migrating legacy systems to the cloud.
We could best describe Dr. Venu as a technology evangelist and a harnesser. Besides, he’s also been responsible in spearheading ThoughtWorks into the cloud by building the teams and processes to migrate large user bases from legacy systems to the cloud for over 15 years – a decade and a half.
He has envisioned a multi-cloud strategy half a decade ago and innovated a driver, which made cloud bursting a reality. The good thing is, instead of patenting all of this, he open-sourced it for the good of the world.
Dr. Venu, we can only thank you that much more. He’s also traveled the world of DevOps. And to him, DevOps is not about the tools, DevOps is not about the technology. DevOps is a culture and he truly evangelizes that, even today, as we speak.
He is way ahead of his time and he has been responsible for building resilient smart systems that could scale at speed, designed and developed based on microservices architecture, and deployed on infrastructure as a cloud for Phoenix Environments.
Dr. Venu, it’s truly an honor and privilege to have you with us as a guest on Portal today. I am pretty confident that our listeners are in for an interesting and enriching session with you.
Dr. Venu, it’s indeed a pleasure to have you with us on our portal today. We are going to be discussing cloud and cloud-related architectures. And my first question to you is, have we crossed the event horizon with respect to cloud adoption?
Have we crossed the point where we say, hey, there’s no going back? What’s your take on that?
Dr. Venu Murthy
Thank you for taking the time to listen to this podcast. Now the thing is, having been on this journey of migrating systems from Legacy to the cloud, it’s been almost like 13 years now.
So for me, I just can’t imagine a world or a technology or a company which doesn’t have their foot in the cloud. By default, any architecture that we do, any system, is keeping the cloud in the mind right now. Gone are the days when you would just place a request for, say, you want this server and this goes for an approval and then, I think, by the time it comes into your server room and your system has lovingly configured it and given it to your teams, that cycle was more than 3 months to 4 months.
But now, it’s just a matter of getting an approval from your asset management team with a username and a password and all the resources that you need are at your hand. So, there are no bottlenecks now. Because of the cloud, you have all the resources available for your teams to work efficiently and go to the market as soon as possible.
So, what I’m hearing you say is cloud has really entered the plateau of productivity on the Gartner Hype Curve. Is this true? And if this is true, what are the benefits organizations see by adopting the cloud?
Dr. Venu Murthy
The most important benefit is time-to-market. There is a drastic reduction in the way that you can go to the market and you can scale up. These are some of the most important things that come into my mind.
For example, one of the referenceable projects that I’ve been fortunate to architect was for our own Bengaluru International Airport. We did an assessment and it is very funny to know that they had approached us for a website. This was way back in 2015, when I was working with ThoughtWorks at the time.
As a team, we just put a point across to them saying that why not build an app which can put that 1.5lakhs square feet of area into the fingertips of passengers? At the same time, giving the airport the much-needed data that it needs to get insights into so many other activities surrounded.
So, when we started designing the system the most important thing for us was to keep in mind that we could hit spikes and there could be no passengers are using this particular application at times. So, cloud was the default choice and we had to go with the cloud because it gave us that auto scalability and the resilience that an airport requires. So, I cannot imagine having designed or architected this on an on-prem system.
One of the most amazing parts of this journey was how easy it was for us to take this organization, which is generally around transportation helping people go from point A to point B, how easy it was for us to communicate with them and make them understand what were the benefits of this and how easy it was for the teams to adopt to this latest technology that we were deploying. And it’s been now 5 years since we have deployed this on the cloud and we have deployed this using the Microservices Architecture. I cannot imagine not having something like an advanced form of Microservices Architecture, not being done on the cloud. So, cloud born, cloud-native and Microservices is the way to go.
So, I hear you say two things – one is that the time to bring an application up to speed is immensely faster when you use cloud-based technologies and the fact from a technology perspective, you can scale it all the way up to infinity on one side and all the way down to zero on the other side.
But then now let me ask you, if I were the Chief Financial Officer of an organization, what does this mean in terms of Capex and Opex? Am I going to spend more than I’m doing now? What time frame do you think I will get to recover the money that I’m investing?
Dr. Venu Murthy
Very good question, actually because a novice goes and tries to jump on the bandwagon right? The latest and what is the greatest technology. It takes a pro to understand the pros and cons of a system. Cloud also brings along with it a deep sense of responsibility in the teams.
Teams cannot just take all the freedom that they get and spawn up instances and then they just running and nobody has the courage to go and shut these instances down because these are like leeches and they are adding to your billing and all that.
And whenever I have gone on an optimization spree, we have reduced the Opex cost by 50% by very minor tweaks, where the developers are involved, where the system admins are involved, and the entire team as a whole is in world. So, the most important thing is to keep a close eye on the budgets, what is it that we have been spending.
Of course, there is no Opex moving into the cloud and the most other important thing that I believe in, which is much overlooked is training the team’s actually. Its building the capability within the team’s because what we generally say is, “The crowd is just like, okay, it’s no more on in my server room, but I am just taking this application and dumping it on someone else’s server.”
That’s not how cloud works. The cloud has so many services that it can provide, which can be used for auto scaling. And when I say auto-scaling, the cost-cutting is employed there. That is on demand services in is employed there, right? So, there is a live example that I can give you where one of the number one – in their country – transport provider cut their Opex cost of cloud from $4 million per month to $1.5 million.
But the differentiator here was the way they started leveraging the capability that cloud gives you. It’s not just, okay I’m going to the cloud doesn’t mean that you just go and spawn a VM on say, any of the public cloud providers and dump your application. That the most important thing. And I think this is where most of the mature companies are right now where they are getting into the phase of app modernization. The traditional application, which was sitting in their server or on the cloud on a VM is now being disintegrated into say services.
And there are some phenomenal technologies that have come out and I am ever grateful to Google for having open sourced, Kubernetes because it’s a game-changer and the Containerization by Docker – again a game-changer.
So, these are some of the technologies that were not there earlier. And we know the difficulty, we all faced like said 10 years ago, and I think this is the best time to move to the cloud because these technologies are at a state where they are very mature, and can increase your efficiency.
And if architected well, cut your costs drastically. Imagine getting a bill from $4 million to say $1.5 million. But at the same time, you continue to keep your system. So much more efficient now, much more available now, much more, scalable much, more resilient, and you can ingrain as much security as possible into every stage of this SDLC.
Dr. Venu, that’s a very interesting point that you brought up. A couple of questions around this piece and the first one on my mind was should we be worried about cybersecurity-related issues when we migrate to the cloud?
Dr. Venu Murthy
It’s a very, the most important thing whether the app or your data is in-house or on the cloud. We have to ingrain security into every stage of the development and the complete SDLC.
So sorry. What is this SDLC?
Dr. Venu Murthy
The Software Development Life Cycle! The most, that comes to my mind is like, I’m a bit confused because this question doesn’t matter whether the data is on the cloud or is it on-prem because the responsibility remains the same.
And one of the most important things for us to note is that any security breach is irreversible. What I mean by this, is that suppose, our team has developed a feature and it’s been rolled out into production and somehow it’s there in the production and it has introduced a bug.
Now we can roll back but in case of a security breach, there is no rolling back actually. Right, it’s like spilled milk. It’s gone. So, security has to be ingrained into our DNA whether we are on-prem or on the cloud or it’s a hybrid strategy. And we have to ensure that we take all the necessary, all leverage, whatever is available in the market to make our systems as secure as possible. Being the CTO, one of the things that we would always have a tussle with the board is their intention would be to go to the market as soon as possible. It should have been done yesterday.
But Someone who works in says healthcare – healthcare is the number one, most price data actually. So, as CTO, we have to ensure that the information and the data will never be compromised.
It does slow the team down. There are no readily available numbers to show to the board that hey, by doing this, you are going to get this many million, right? But a data breach can cost very dearly to companies. And companies just have to shut down actually with the kind of penalties that might attract because of this.
So, security has to be the focus and one of the main things about that I can relate between cloud and security is the shadow ID. That could be a need for a system, a simple example, maybe the teams are using WhatsApp because it’s easier for them.
But now the thing is how secure is WhatsApp? And if you’re in the healthcare industry, WhatsApp is not HIPAA-compliant. So, these are some of the things that we can connect between security and the cloud. Otherwise, security has to be ingrained into every single activity within an organization.
So, I have a follow-up question to that and the follow-up question is this, if I had all the data on prem right, within my infrastructure, I have only one point of potential breach, which is my connection to the internet. But if my data is on the cloud, there is potential for breach while the data is at rest, while the data is in movement and while the data is reaching me are going from me. So, is it not more serious than just having data on prem?
Dr. Venu Murthy
Wonderful! Very good question, Bhaskaran. So, the thing is any device, which is connected to the internet, whether it’s an on-prem or it’s in the cloud is susceptible to being breached actually, right? The surface area of attack continues to remain the same whether it’s on prem or on the cloud.
Now the thing is with the technology that is available. Say we call it as the DevsecOps actually. So what we can do is try to automate as much as possible. Well, for example, now we all know that our development teams might build an application and their effort is just 20 to 30% of the effort because others 70 to 80% is the packages that we use, and the open source technologies that we use, right?
We don’t write everything from the scratch. Now, we will have to use tools that can automatically scan the vulnerabilities in our code, can give us a solid metric about what is the toxicity of the code? What is the kind of code quality that we have and what are the vulnerabilities?
So many such things which can actually be readily beautifully in present terms, current scenarios, be easily ingrained into the build pipeline itself.
So very interesting! So what you’re saying is from a security practices perspective, whether it is on cloud or on-premise, we have to be equally alert. We have to take all the precautions necessary when we’re developing the applications and when we are actually deploying the applications for general use. It’s a very, very interesting perspective.
I had a similar question from a completely different perspective, right? And this is from a reliability of service perspective if you will. We know that in emerging markets in developing nations, a big challenge is the quality of network infrastructure. It ought to be 24 by 7 365 days and we know that that is not necessarily true. What does this mean for an organization that has chosen to deploy its applications on the cloud and those applications ought to be available 24/7X365 to its customers?
Any special precautions anything that they need to do differently?
Dr. Venu Murthy
Perfect! Yeah! Speaking about the developing countries, right? I think India being a developing country and I will share my experience having done these projects for say any legacy to cloud migration or any app development which is cloud native. One of the best things is that when we had our own data centers, it was very difficult for us to manage something as trivial as say, our power.
24 hours power wasn’t available for us and then network was also flaky. But compare that to moving it to into some state-of-the-art like world-class facilities, which have now come up within India itself. And these are like big companies, like big cloud service providers.
And when we host on their servers, we do not face any of these issues. We do not have to maintain a diesel tank, we don’t have to maintain a secondary line and all this complexity has been removed.
So, two things you touched upon. One is that a lot of the operational complexities have been removed from our side – now being managed by the cloud service provider and I hear you also saying, you know what, it doesn’t matter whether you are on the cloud or your on-prem. If the network goes down, it goes down for both. And you have the same risk, whether you it’s on the cloud or not. Perhaps, on the cloud is even better because it is distributed. That’s what I’m hearing you say in this. I have a related question and again, this is a question that gets asked more by the business folks than by the technology guys, right? The technology guys love this situation.
We know that cloud technologies are still extremely dynamic and changing virtually every week. Now, if you take such a situation to the business heads and say, “I’m going to implement something on the cloud but the half-life of the technology is two years because after that it becomes obsolete, something else will have to be done.” What kind of an answer should we give them?
Dr. Venu Murthy
Alright! This reminds me of a project that we were doing and we were doing it on the number one cloud service provider. And we had a requirement for something like a NAT gateway. The way we would do it then was like launcher instance inside of VPC and then just fortify the connection just to that machine to this one.
Then we place the request and the feature was available – NAT-as-a-service within two weeks. Now, the reason we would love to adopt a feature, which is rolled out by such a major cloud service provider is because there are so many other competent teams which have been involved in this. It’s not a lonely struggle anymore like, maybe my team is 10-people team but there is a huge organization out there, which is watching a back and which has done all the due diligence to roll out a service for us.
So, that makes it much more easier for us. And the most important thing is technology is to serve businesses. Technology in itself doesn’t have an agenda, right? It has to serve the business. And fast-to-market, making it as easy as possible for adoption. These are some of the things that these cloud service providers do a intensive research in and then roll these features out for us.
If I may be so bold as to say this, the new take on open innovation essence. There is an expert who’s doing this for us. We are just adopting it. We are using it and obviously paying for the services of such uses. The big message is, “Hey you don’t need to have all the competencies in house. Most probably you can’t.”
This is a tremendous segue into my next question. What kinds of competencies do we need to build? And I’m talking about this from two perspectives, the first perspective, I’d like you to discuss with us, is from the CIO organization’s perspective. People that are maintaining this kind of infrastructure and making it available to the organization. What kinds of competencies we they have to build to make cloud adoption a success while they build?
Dr. Venu Murthy
Wonderful! Very good question, actually. Now, I have started my journey from say, the bare metal to virtualization to Platform-as-a-Service to what the cloud is today, right? So, the competency level is, it’s good to know everything as going down to the bare metal level as possible so that we can architect systems, which are resilient and which are secure.
I’ll give you a simple example. Now, suppose you have a service which is handling some very client confidential information like say the PII – the Personally Identifiable Information of the client. So, knowing that there is something called as the Noisy Neighbor in the cloud scenario and that could be say, for example, the Denial Of Service that could happen because of this Noisy Neighbor and then in that case, you go in for, say, a single tenancy instead of a co-tendency model.
So, just by going into the cloud doesn’t discount, the fact that we don’t have to know everything The more we know about it from the ground up, the more we can design systems, which fulfill our need
Thank you. Thank you. Thank you. That’s super interesting. So, it’s from a CIO perspective, the competencies required are in a way, far less deletion of far less sophisticated than what they have. Therefore, far easier for them to adopt.
Now, the flip side of this is what kinds of competencies with the CTO organization need to build? Because they’re the ones who are actually going to implement stuffer as well, right? So, they will give it to the CIO after implementation, but during the implementation process, what kinds of competencies will the CTO organization need to build?
Dr. Venu Murthy
One of the most important things as a CTO is to not have the tendency to reinvent the wheel. So, as soon as there is a requirement, the first thing that we want to do is okay, now let’s start coding it. Instead, it’s better for us to do our research because that would save us a lot of time and effort and the chances in my personal experience has been that there would be a product which is an enterprise-grade, which can be leveraged up on.
This is very interesting! So you’re saying, hey, you know what? Maybe the product manager has a more important role to play in these kinds of situations than just the engineering team. The product manager is the one who’s defining the requirements and they are asking us not to reinvent the wheel here. It’s already available for sale out there. A very interesting perspective! Thank you. Thank you for this.
And a kind of supportive question if you will. How important, you think the domain competencies are if I’m working for BFSI or retail versus transportation? Is that competence important in this kind of situation?
Dr. Venu Murthy
Yes, experience does matter. And I think there is no shortcut to augment that kind of a wisdom that person has by being in a particular domain. Now, being from an agile organization, right? Agile was born in ThoughtWorks. So, this is like the way we work and being agile is the name of the game here because even if you do not have the domain competence, by collaborating with the customer with the client, we can build it up. We can try to understand and we don’t have to like, realize that. Oh my God, we have messed up the whole thing. Like this is not what the customer was asking after six months.
The first MVP comes out in 15 days. And every Feature that is built is built in collaboration with the customer with the client. So, I think this is the best time to be because there are so many methodologies which have been tried and tested and there is so much data, which is readily available for us to design really mature systems and Provide what the customer really needs.
You know what! You’re just kind of blown my mind where I’ll tell you why you’ve taken on, or you’re given me a new perspective of what agile does. I don’t need to have the domain competency in house. I need access to the competence. And that’s, that’s coming from my customer base, from my user base.
I love this. I truly, honestly love this. This fantastic.
As we wind down this podcast, I have a question about the actual implementation. I’m not talking about the nuts and bolts of it, but in your experience what kind of architectural decisions will need to be taken when you’re in implementing a cloud infrastructure?
So again, it’s not company-specific that I’m interested in but just generic approaches that an organization must look at.
Dr. Venu Murthy
Alright! So, one of the most important things that comes to play here is again the fundamentals, right? The culture which is there within the organization and the logging. So by logging, I mean being able to monitor every single thing that is happening in your system so that you are aware of where you are right now and where you want to be, right?
So, this is like installing CCTV cameras on your applications or on your infrastructure and being able to monitor is another very important thing, being able to take the insights because just by wanting to jump into the bandwagon of cloud can make organization repent actually. This is because the CTO or a CIO might be under the pressure that hey our competitors are on the cloud. What are you doing about it?
But the thing is, we have to do it, right? And then the most important thing that comes down to is the design actually, right? When you design a system for failure, that is success. So, success is when you design a system for failure. So, Cloud gives you that opportunity but we have to understand cloud in the right way and use or exploit all the technologies that it provides. So, it comes down to being able to build it into your culture.
So, for example DevOps engineer – that’s not right thing actually because DevOps is a culture where the Ops work with the developers, right? And the developers are able to also write that infrastructure definition now and then you try to automate as much as possible.
And it’s a journey if you are still not on the cloud but you have a robust system which is secure, which is resilient you haven’t missed anything actually.
So how easy is it to recover from a mistake? In the decisions that you have made? Is it easy Journey back?
Dr. Venu Murthy
Yes. So, this is where I would like to introduce something called as the Infrastructure-as-Code. So what happens is, when we move into the cloud, it’s all declarative. Actually, you’re not sitting and spawning a virtual machine and then the system admin is installing all the dependencies on it and very lovingly, crafting it and giving it to you because that becomes of snowflake, actually right and it leads to problems, like hey, it works on my computer and it doesn’t work on the Q A or the staging environment. And on the production it’s a completely different system. This is called the configuration drift. So, these things can we very easily avoided when we start building for the cloud.
Now, when I say cloud it’s not always the public cloud. Maybe, you are like the second retailer that I have consulted or the largest retailer in this world, who would like to build your own cloud. So that is called as a private cloud. And then, maybe you find that say okay, there is a particular service which has very low latency like, say, 100 millisecond latency, whereas the same services are available in a different cloud service provide with a higher latency.
So, you would Rather choose this. So, This are areas where you would bring into play the multi-cloud strategies actually, right? So the thing is, if we want to start on this journey of migrating our application into the cloud, you will have to assess where we are right now and where we want to be and what are the services that the cloud can provide us and take very intelligent decisions actually. This is because if at all we go into the cloud services, we will have to say start using, Kubernetes and containerization is another thing.
So, we’ll have to bring about a complete, cultural shift into the way we have been developing systems so far. The way we have been posting these systems and one of the things is if all the design decisions are taken with the due diligence, you will have a much better system available to you than what it was traditionally.
Dr. Venu! Thank you thank you, thank you. That’s years of experience compressed into less than half an hour. Amazing conversation, I couldn’t have asked for anything more. Personally, I learned a few new things there and I’m going to talk about these in the future with others.
Dr. Venu Murthy
So, Bhaskaran, it was a pleasure talking to you and sharing about this beautiful world of technology. That’s being growing and reaching new horizons and thanks to the UNext team and the entire production team for all your efforts. Thank you.
It was truly a pleasure having you here with us today. And I’m pretty sure I’m very confident that the listeners of our podcast would have each of them taken something or the other away from this conversation that they’ve had. I wouldn’t say conversation. I was not competent to much to do this, but from your perspective the gyan that you shared with us speaks tremendously of this. Thank you once again and we look forward to having many more such conversations with you.
Listeners out there. Thank you very much for tuning in to our podcast. Please do stay connected. We will constantly be bringing you more. Such state-of-the-art information and we are sure. That as you hit the follow button, you will truly enjoy the learning experience that they will carry you along with us through the Portal because it is an event horizon that we have reached.
Thank you and happy listening.