Up next in 10
C# Corner - Community of Software and Data Developers
https://www.c-sharpcorner.com
Conference Website: http://conference.c-sharpcorner.com
#CSharpCorner #CSharpConf22
About C# Corner
C# Corner, headquartered in Philadelphia, PA, is an online global community of 3 million software developers. C# Corner serves 5+ million visitors with 9 million page views each month. We publish the latest news and articles on cutting-edge software development topics. Developers share their knowledge and connect via content, forums, and chapters. Thousands of members benefit from our monthly events, webinars, and conferences. We also provide tools for career growth such as career advice, resume writing, training, certifications, books and whitepapers, and videos.
Show More Show Less View Video Transcript
0:00
All right. How many were here yesterday for my talk yesterday? Yeah, a few. Yeah, good
0:20
Welcome back. I didn't scare you away too badly. So yesterday I was talking about using some tooling
0:30
to effectively use the cloud. Today I'm going to talk about the problems and challenges
0:38
I see that companies have when using the cloud, and by extension what some of the people in the audience
0:49
may consider as their next career move, because the cloud is huge and growing. And in that
0:57
space, there is certainly a lot of business going on, and there will be going forward
1:01
So it might be worth listening to, okay, I'm maybe a young professional. I'm at the start
1:07
of my career. Where am I going? I don't know exactly. I can tell you to the cloud. And
1:14
I'd like to share that experience, share from using the cloud with lots of companies around
1:22
the world where I work with. Okay, great. So I'm going to start with a story. As all
1:33
stories start, once upon a time. There was this very successful manufacturing company
1:42
called Acme LLC here in Delhi, in fact. I believe you know it, of course. You know this
1:47
company because they are making, you know, chai mugs, so you can imagine how successful
1:52
they are. Huge, of course. And with all this experience, sorry, with all of this success
1:59
they also have a big IT department that they want to take to the cloud. With all of the
2:06
compute power and all the things that they need, they want to use the cloud platform
2:11
But they find when they're going to the cloud that the road to the cloud is kind of full
2:16
of holes, kind of like any Delhi road. Sorry about that one. Kidding. But really, there
2:24
are treacherous holes and pitfalls. You have to be careful how you walk that road. For
2:29
example, they find that when they start using the cloud, it begins to go first a little bit
2:38
and then more and then more, and it seems like the costs are always growing, always growing
2:43
and they don't know for sure if all that cost is motivated
2:47
So they want to have financial control of the usage of the cloud, but it is hard
2:54
Also, there is something called compliance. What is compliance? Compliance means, let's say
2:59
that you are handling personal information, hospital information, sensitive data. Your setup in the cloud has to follow all the rules, all the standards, all the ISO standards and NIST and other things
3:14
depending on who also you do business with in turn. They may have requirements on them, and you as a supplier using the cloud must live up to those
3:23
And that's hard, and it's challenging to actually make that work. You can make the application work, but is the application actually certified and compliant
3:33
And also, don't even get me started on security, right? Because security is a challenging area
3:42
as well, especially for Acme here. They're struggling to find their way with security
3:49
They see security warnings in the Azure portal. They can see different warnings and things
3:54
that they should live up to, but they don't know how. So they felt that, you know, however they go, there's always new holes in the road, and
4:03
they seem to grow deeper and darker and more scary all the time
4:06
And the problem is, by now, it is too late to go back
4:11
Now they've started out to the cloud, and now they have to fix this. They have to live in this world
4:16
And I can tell you for sure, from working with many different companies, that..
4:21
Don't take a picture with the fail in the bank. Wait one slide, yeah
4:26
I'll give you a better slide. No, no, hang on, hang on, stay, stay, stay, stay
4:31
So I can tell you that a lot of companies are struggling with this, all right
4:39
So there must be a better way, and now take the picture
4:42
All right, so you need to look at what information you can take from the cloud and start using it
4:57
Because there is a lot of information there, a company is running a lot of things in the cloud platform
5:01
and there is a lot of information there to be used, if only you know how to use it. Right
5:09
Okay, good. So I am Magnus, Magnus Martinsson. I am from Sweden, a country far away in the north
5:15
Yes, winter is coming, land. And you know, Sweden is about one-seventh the size of India
5:24
So, okay, India is large, but Sweden is not really small. One-seventh of India is still pretty big
5:30
There are about 10 million people total in my country. That's almost like half a suburb of Delhi
5:36
So, really, it is not a lot of people, and it's far away in the north
5:41
That's where I'm from. I am 11 times a Microsoft Azure MVP, so I was there from the very beginning of Azure
5:47
Tell me, what were you guys doing 11 years ago? No, don't tell me
5:51
Some of you young professionals were probably in grade school or something, yes
5:58
And I'm also something called, very strange, Microsoft Regional Director. So I want to make something clear I don't work for Microsoft
6:04
I also don't have a region, and I don't direct anything. But it is a title that means that I am very close with Microsoft
6:12
and I talk to them at a VP level, and I get to know a lot of things along this road
6:18
And I'm here today to share some of this with you. Tweet me something nice, yeah? But I promised you gold. This session promises gold, so you
6:30
can rightly ask, okay, where's the moolah? Bring me the cash, yeah? I promised you gold
6:35
yeah? So I'm gonna do that. The question we need to ask ourselves is why is the cloud
6:42
so hard? I'm claiming that it is hard to do. Is that real? Is it hard? Let's take a look
6:50
This is something called the Microsoft Cloud Adoption Framework. It is a very, very good resource to study, but it is also massive
6:59
So Microsoft has taken a lot of information from a lot of companies, a lot of customers
7:04
and their experience, and they have come up with this plan. It looks like you should follow this line here and go around and kind of do, you know
7:12
first you have a strategy and then you make a plan for the cloud and then you get ready
7:16
and off you go to the cloud, right? That seems like a step-by-step modularized approach
7:20
except that reality is nothing like that. Reality is more this right It much harder than you think You have to go back and maybe redo some of the plan Once you get to know the cloud better it like oh that what we supposed to do
7:37
Oh, crap, we have to go back and do the plan again, right? So it doesn't really work as simple as you might think
7:43
And then also, I'd like to point out that this is very technical, technical stuff
7:50
And way down there, you see people and process. Just a tiny mention about people
7:55
So, you know, technology is all focused, but people are in the corner
8:01
And that's why if you go into the cloud adoption framework, you will see another picture down there that is focusing on organize
8:10
It says that you need to evaluate the needs and establish a team and so on and so forth
8:15
Yes, you do. and that's where we can start bridging from technology
8:20
into something that makes sense for you all, for us, for people
8:26
And by the way, when you're there, now security all of a sudden in this picture is just a little mention
8:34
So however you turn the cloud and look at it from different angles
8:38
and focus on different things, maybe sometimes something else goes away in the background
8:44
But if you start looking into this, again, a cloud adoption framework is just a framework, a reference material
8:51
But it's like hundreds of pages and even thousands of images. So it's a huge reference material
8:57
And it is challenging for any organization to consume and apply all the great advice in the cloud adoption framework
9:06
This, I put this up on purpose, not like I'm going to have a quiz for you
9:10
It's also not an eye exam, so you can, like, can you read what? No, it's not an eye exam
9:15
And what this slide is for is to show you that, yes, there is a lot, right
9:22
So that you get it. These are things, if you're in the cloud for real, committed
9:28
and maybe your company you work for is spending millions and millions of rupee every year consuming cloud services
9:36
they will need to be mindful of all these things. they need to do all that, whatever that is, right
9:44
All of these things, with security again, right? Do we have a strategy
9:49
Do the people that work for the company, do they know the strategy? Or are they just working with their technical thing
9:54
building an application, are they sure they know the strategy? And operations, how do we take care of things
10:01
when they're running in the cloud? So many things, okay? And the challenge is, right
10:09
right, that the cloud sounds technical. This is for technical people. Sounds very technical
10:16
It's commonly mistaken for being primarily a technical challenge. This is not the case
10:21
It is, in fact, primarily a strategic business challenge with a human capital challenge on top
10:28
right? You have to know the strategy, why you're using the cloud, for what purpose and how
10:33
and then you have to align that with the people of your organization
10:38
So this picture is probably the best value, in my opinion, from the cloud adoption framework
10:45
In other words, when you have this cloud business strategy meeting, when all the big wigs at the top of the company food chain are deciding
10:55
yes, we should have a cloud-first strategy for our company, yes, we should, the most important person in that meeting is the human resource director
11:03
because you will need to align your company's people with the same
11:08
I see a lot of nodding heads. Thank you for that. So I'll just give you one example why
11:15
this can be challenging. This is an example where we're talking about infrastructure services
11:23
as in virtual machines moving to the cloud, or setting up virtual machines in the cloud
11:28
Is that our strategy to run our applications using servers? Or maybe we want to be more
11:35
modernize and innovate and get rid of some of the service and use what is known as platform
11:40
services instead. And just deploy the applications to maybe a web app service or something like
11:47
that and not use so many servers. For those of us who know, this is a pretty, you know
11:52
these are two different things, right? Using IaaS services mainly or using PaaS services
11:59
services mainly. Or maybe skip it altogether and go use a software service, right? For example
12:05
a company should not, I mean, that would be crazy if a company is running, let's say
12:10
exchange server for email and stuff and they move to the cloud. If they take that exchange
12:16
server and migrate it to the cloud and use it there, I'm going to say they're crazy because
12:20
that's not how you do it. You migrate your company over to Office 365 instead and get
12:24
rid of the server altogether, right? So there are some strategy choices here. Why is this
12:30
a difficult choice to make? Well I'll tell you, if your company has a lot of people that
12:36
know about servers and love them and work with them and have done so for 10, maybe 20
12:40
years or something, and your company has a lot of servers, you have a lot of staff that
12:45
knows this. Effectively meaning it's going to be challenging for you to truly innovate
12:52
truly get the best out of the cloud, you won't be able to do it. And when you do, if you do
12:58
let's say that someone understands, hey, listen, we have to use more PaaS services to really
13:03
optimize the cost of the cloud, to really get the best benefits. Well, then these people will
13:09
start wondering if they still have a job. So this, that sounds technical, it's not a technical
13:15
question. It is a human question. And there's a saying of, you know, you could look it up
13:22
there's a saying called moving the cheese. What it means is humans are not really susceptible to
13:28
change. You know, I'm used to my cheese being over here and now I can't find it, somebody moved my
13:34
cheese and it's really making me uncomfortable because we are changing things and that's
13:38
I don't know how to relate to this. But for young professionals, this is a clear opportunity
13:44
company, coming into the business today, maybe you haven't been managing a lot of servers
13:50
in your life, you should start here. Forget about the servers. I don't care. Nobody cares
13:55
about servers. Sorry. Servers have a clear use case as well, of course. Some things can't
14:03
run well in platform services. But you may end up using the new cloud in the old way
14:09
right? So all the people in the organization need to feel included on the journey to the
14:13
cloud. Otherwise you may have serious problems. So here is a survey which I found, lovely
14:21
survey because it really confirms everything I've been saying just now. So I was searching
14:26
the internet and I found this and I was like, hey, that's exactly what I have been saying for years. So on this top list here of top challenges in the cloud, let's remove managing
14:36
software licenses because I don't know about you but managing software licenses is not
14:40
my cup of chai. No, no, that makes me want to shower or something. It's software licenses
14:47
Yuck But let look at the other things on the list It is security It is spend which is cost It is governance managing the thing in the cloud it is compliance What did I just tell you Right So all of those things And then there one more thing Lack
15:11
of resources and experience. Staffing. Yeah? If you only had the right people, if you only
15:20
you had the right people with the right skills, you might be okay or better off
15:26
But that's a problem, you don't have those people. And there is a deficit in the market of this
15:34
That translates to an opportunity for anyone who wants to be a professional in the cloud, right
15:40
This has directionality. So let's run through maybe, hopefully a little bit faster, I tend to talk
15:45
Hopefully a little bit faster, the different areas that I have been mentioning, the large areas
15:51
Financial operations, self-estimated in the same survey by the respondents. They self-estimated that no less than 32%
16:01
a third of their spend of Azure, of the resources that they use in Azure and they get the monthly bill for
16:10
how much money, a third is waste. That was my session yesterday, yeah
16:15
That was what that was about. A third is waste. This is crazy, this is nuts
16:20
So if a company is spending 10 million rupee on the cloud
16:24
3.2 million rupee is just like burning money on the lawn. Dang, think about it
16:31
And it turns into that there are tools in the platform, this is a random copy screen from the internet
16:38
that helps you with cost alerts and cost ysis and budgets and things
16:43
But what I see is that a lot of companies are challenged using this
16:47
They don't know how to use it and how to take value from it properly
16:52
Here is a company they are spending 567,000 Danish kroner for nothing
17:01
That's about six, that's little over six million rupee, which is waste
17:07
If only they followed this advice, which is already in the portal
17:11
ready for them to see. They look at this every day. They see it. It's right there. But they're not taking action on it
17:17
And look at this one. It's over 300,000 Danish, so it's the most of the money
17:21
This is exactly, should we have virtual machine reserved instances, or should we maybe use
17:27
platform services instead? This is exactly the question I had up before, right
17:32
And if they cannot have that conversation, which strategy should we have
17:37
That's strategy. Which strategy should we have? If they can't have the conversation
17:42
you have to ask, why can't you have the conversation? And then it turns out when you ask why a couple of times
17:47
that it's actually because you don't have the staff and the staff that you do have are scared
17:53
of losing their jobs. So it wasn't a technical question. Setting it up is very, very easy
18:00
Technically you just essentially click next, next, finish, but it's a big money commit
18:06
so you can't do it without permission, and if you go to the managers and say
18:10
if we do the following, very easy to do, we save lots of money
18:14
And then they start like, hmm, right? And then it gets stuck
18:19
Waste, waste, waste, waste, waste. Right? All right, good. You with me so far
18:26
Good, yes. So, sure, sure, sure. We know that there are Azure cost management optimizations
18:32
we need to tend to, but seven months later, when the enterprise agreement ran out
18:39
those had not yet been reviewed. So I was talking to a company they made
18:43
was it a one million dollar commit? One million US dollar commit at an enterprise agreement with
18:50
Microsoft for 12 months, right? And after seven months, they were out of money because they had
18:56
been overspending so much that they ran out of money in the commit. And then the blame game
19:02
started. Whose fault is this? Who did that? Why are we spending so much money on the cloud? Why is
19:06
it so expensive, Microsoft? This is your fault. Microsoft looks at the recommendation and says
19:11
Okay, but we have given you this list of recommendations. You haven't done anything about it
19:17
It's not like we haven't told you. Crazy. So as consultants, if you're a consultant
19:26
you should create financial ysis services. You should offer cloud FinOps trainings and things like that
19:32
Also prepare to help strategically as a consultant. Train yourself in understanding FinOps for the cloud
19:38
and you can help. You can really be beneficial and valuable. And if you want a career path as an engineer, there is actually a controlling Azure spends
19:48
and stuff in Microsoft Learn, and Microsoft loves when I talk about Microsoft Learn, so
19:53
I tend to do that. You can go to the Learn site, and you can look up this module, and
19:59
you can learn about financial optimization. So, as customers, if you are running, if you
20:07
are using the cloud and paying lots of money to Microsoft, for example, you should really
20:13
invest in making a solid financial ysis, and you should have that uncomfortable strategic
20:19
talk about the strategy of reshaping the skills in the organization. That can be hard. Don't
20:27
forget human resources, most important, and for heaven's sake, implement those cost advisories
20:32
that are already there. Don't forget about them. It's on you if you do
20:39
Right. Compliance. Maybe most of you don't know really what compliance is, but essentially
20:49
in the Azure portal, if you're using Azure, you can click on policies, and you can see
20:55
what is our compliancy state. Here is a company. You know, I've removed the name so as to
21:01
not hang them out. Here is a company that is 12% compliant. They're using cloud, spending
21:07
millions, and they have happy customers using their applications, but their compliancy is
21:12
crap. There is a site called azadvertiser.net, and it shows, for anyone who understands these
21:23
technical things, all the policies and things in the cloud. It's run by a Microsoft person
21:29
but it's not an official Microsoft tool. But what he's doing is that he's reading the policies
21:35
and things installed in the cloud. Policies are what's baselining your measure against policy
21:40
to find your compliancy score, right? And Microsoft keep changing the policies
21:46
so I wanna focus in on the policy piece and note that there were 346, 41 changes in this case
21:54
in less than two weeks. So keeping up with policy in the cloud is very challenging
22:00
If you have an application, and you deploy it, and you run it, and your business is doing fine, your customers are happy
22:06
money is coming in, and everything is cool, and it was compliant
22:10
Yeah, sorry, but maybe sometime later, a month later, it is not compliant anymore, and you may have an issue
22:19
So you have to keep up with compliancy all the time. So we put in a lot of effort says this company and fixed our compliance It was almost perfect but Then the cloud changed shape again and we back out of compliance Or here
22:37
another one. We know compliance is a must-have and we are trying to do it, but..
22:46
Getting policy governance in place is overpowering. They don't know how to
22:51
to update the policy governance and manage policy. They don't know how to take care of this
22:58
There is no one that understands it enough and they're also quite stuck
23:04
That's how it goes. So as a consultant, you can create compliance ysis
23:08
services and help your customers to use the cloud better. You can focus on compliancy
23:14
You can operate the customer compliance and say, hey, we can help you, we have experience in compliancy
23:20
We can do this, we can manage this for you. And then create compliant deployments
23:26
because the challenge is if you say you go into, for example, the Azure portal and you say
23:31
click, I wanna deploy this thing, like a virtual machine, when it's deployed, you think it's compliant
23:40
Well, it depends on which settings you set, right? If you make the wrong choices along the path
23:47
of deploying a virtual machine, It's not necessarily compliant when you're done
23:52
You can turn off compliancy without knowing you're doing that. So this is something you need to learn how to do and understand how to do
24:01
And it actually takes experience and it's actually hard to do. So if you're a customer of the cloud, if you are spending money on the cloud again
24:10
you want to centralize that compliancy governance in your organization because otherwise you will have, let's say you have 20 different teams
24:17
and they build 20 different applications in the cloud. And each one of these teams in turn
24:23
will have to do the same work and understand the same things about compliance
24:28
So you're 20 times over spending time from your engineers to do the same thing
24:33
over and over again, and that doesn't sound smart to me. So very, you can have
24:42
this is a little bit more technical, I want to mention it. If you have environments like development environment
24:47
a testing environment, production environment. You can apply the same policies, the same compliancy standards
24:54
to all of these different environments, but you can do in production with an effect called deny
25:02
So if somebody tries to deploy and they're not compliant with policy in production
25:06
the deployment will fail. You will say, no, you're denied, you're out of compliance
25:11
sorry, you can't be here in production. You can have the same policy in development, but applied with an audit effect
25:20
So you can fiddle around with things in development until it's right
25:27
And when you know it's compliant, you can go and deploy it to production, and it's going to work there as well
25:34
But that's a little bit more technical. I don't know if that made sense to you all, but that's how it goes
25:38
And also, you could invest in a reusable library so that your organization has the same packages
25:46
that you deploy over and over again, using what's known as infrastructure as code, and
25:51
make a centralized body that builds and maintains these compliant deployments of whatever it is
25:57
It's, oh, we have a website, and we have a SQL database, and some things, and have a compliant
26:03
deployment and redeploy that over and over again. That was also in my talk yesterday
26:08
Okay, brilliant. I'm using my pen as a clicker, by the way, that's cool
26:15
Engineers, okay, now, compliancy is a challenging area. It's a big and challenging area, and the problem is that the only way to really fix
26:25
compliancy is to get good at Azure. So you have to become experienced
26:30
You have to learn and become better and be on your toes
26:34
And if you are a person who can do it, you will be very valuable in the market
26:41
So, also with security and compliance, you can't say, yeah, yeah, yeah
26:49
we're gonna deploy things now and make it work so that the customers are happy
26:53
so that the business is happy and they get off our back, and then later we will go and fix compliance
26:58
Yeah, well, that doesn't work. It's never, if you don't do it right away, it's never
27:07
gonna be compliant later. I'm sorry. There is no business in the world that's going
27:11
to say, oh yeah, great, now you have the application running. By the way, the engineering team
27:15
is taking six months to fix compliance. It's okay, right? We can do that. Business will
27:19
say no, they don't understand. They don't, why the application is running, what are you
27:23
doing, right? You're wasting my time, they think, because they don't understand. Your
27:28
technical people need to understand. So, also you can have this library of compliant components
27:36
Yes, we talked about this. Good, good, good. Moving on. And this one is actually very interesting
27:41
as well. I did not talk about that in my session yesterday because that was about command line
27:47
and using the command line to develop and test very quickly. But now this is another
27:51
tool that Microsoft is working on. The code name is called Fidalgo. I was part of the
27:56
the private preview on this as an MVP before the public got
27:59
known of this. It's now known as the Azure deployment environments, which is a way for the infrastructure teams to
28:05
set up environment subscriptions in Azure and identities for the users and give permissions to sign in and so on and create
28:12
these infrastructure as code templates that can be reused by the entire organization. Now we're back to my yesterday's
28:20
session again. And then there are developers who is actually building an application, they don't have to worry about all of this. They shouldn't worry
28:28
about all of this. They can just take one of those deployments and say, hey, I want one
28:32
of those. Give me one of those so I can deploy my application and do my job. Right? So keep
28:42
an eye on this. This is a good one. All right. Security. Last one. Secure score. In the Azure
28:51
in what's known as a secure score to tell how secure is our deployment, is our company
29:01
Are we following security standards? All right? I like to call this picture half secure. How
29:08
is your security, by the way? Oh, it's about half. We're half secure. What is half secure
29:17
But those of us who work with security understand that it's not necessarily as bad as it looks
29:26
You can maybe fix one thing, and just one thing can be 25%
29:30
So it's not necessarily super bad, but there's work to be done in this picture
29:36
And here is 611 active security alerts. 611 high-risk security alerts
29:46
not all of those are high risk, but only 24. So this is a challenge, and it needs to be someone's job
29:54
to ensure that security is a focus. It needs to be a cloud-based
29:59
The security team. Before the cloud, I'm very sure the engineering department had an IT security team
30:08
Yeah? Now we're in the cloud, we need a cloud security team, but guess what
30:12
Just because you are an experienced and probably very skilled and really good and hardworking
30:18
IT security person does not also mean that you can become automatically a cloud security person
30:26
You need retraining, or you need to hire more people. You need to hire security consultants
30:32
and I tell you, good luck with that, because they are very, very scarce in the market
30:39
So you need to retrain your own people and bring them along and show them that there is a future in the cloud. Or, as an individual expert, you can become one of these people
30:48
right? Okay, Microsoft Defender is blinking all of these red lights, all of these alerts
30:56
I get all together now, you know what to say, right? Microsoft Defender is blinking all
31:00
of these red lights, but... Huh, thanks, that was a nice but. I made you all say but
31:14
All right, sorry about that, I'm 12 years old. Microsoft Defender is blinking all of
31:20
these red lights, but hey, it's not my job to fix it, right? The application is my job
31:25
the application is running, everything is cool on my side. I don't know what all those
31:30
red lights are. They're blinking all the time, so we've stopped looking at them. Yeah
31:38
And I did. I wrote Microsoft in the cloud, it's called Microsoft Defender, the thing
31:44
you would get your security score for. And I wrote Defender in the Learning Path catalog
31:48
and out came lots and lots and lots of things. So if you want to become a security expert
31:53
in the cloud you could start at Microsoft Learn Resources and take a look at what's in
31:57
there. There is a lot. Okay? Actually, can I redo my selfie thing now? Because seriously
32:04
I have a crowd standing in the back. Can we do it one more time? Yes! Look at this
32:12
Crowd standing in the back. Yeah, don't say but. I mean but with only one T
32:22
Just want to make that clear. I didn't say the other word
32:29
Okay. So lots and lots and lots of different security trainings that you can get involved with
32:34
You can learn about security. You can become a security expert. And if you are or want to be or can become a security expert, wow, you will have a job straight away
32:43
Because there is such a shortage of security cloud experts. So as a consultant, you can help be experts on security services
32:52
you can operate your customer security as an external entity. Come in and say, we can take care of your security for you
32:58
and help you build a plan to improve security. Hire all the security experts you can find
33:04
You won't find any, but you can try. And then if you are using security
33:13
you need to build a security office for the cloud. If you don't have one
33:18
if you're spending millions of rupee on cloud resources and running your business critical applications in the cloud
33:24
you should also probably have a security office for cloud. Right? I've seen companies that don't have that
33:32
And they're spending lots. So hire all the security specialists and consultants
33:37
If you can find them, they're going to be expensive. But most importantly, also make security strategic in the organization
33:45
So it needs to matter to less technical people, to business suits
33:50
Right? Normal people So what does that mean Technical people are not normal No no no no Technical people are like magical folks Yeah Yes Right Exactly right So normal people are
34:05
like muggles. Non-magical folks, right? That's exactly right. Because we are the magical
34:12
people, you know that they say that any sufficiently advanced technology is indistinguishable from
34:18
magic. So we are all in the business of magic. Yeah? True. So ensure, you have to ensure
34:28
that it is somebody's job to fix that secure score. Because I've seen in many occasions
34:33
with my customers that they have different teams building different applications for
34:37
the business and they're running. But it isn't someone's job to ensure that security has
34:42
progress. Okay, cool. That's security. We're coming towards the end. I have a few more
34:50
slides to end. Do we have any questions from the audience? Yes, sir
34:57
So the compliance that you're talking about, can you give an example, like, what actually
35:04
happens in a company? Compliancy? Specifically. Okay, the question to repeat for the audience is what about compliancy specifically? Can you give
35:13
an example what does that mean? I'll give a very simple example. So, and you can extrapolate
35:20
There are hundreds of policies in the cloud. And policies about what exactly? So for example
35:28
you know that there is something called a TLS which has versions, right? If you know
35:33
that as versions like 1, 1.2 and the old versions are being deprecated for security reasons
35:40
You should not be using the old versions. But technically you can still deploy, let's
35:44
say, a blob storage account. A blob storage account in Azure is a service where you can
35:51
upload and store all your files. And that needs to be secure because otherwise if someone
35:55
breaks in and steals your files, you may have a major problem, right? And so it is technically
36:01
possible to already have deployed one of those with the old TLS version, or actually technically
36:08
possible to even do it still today. But you shouldn't. So there's a policy that says
36:16
we noticed that you deployed a storage account with the TLS version which was less. That
36:21
is not compliant. You should put it to 1.2 instead. You should up the security, right
36:27
That is one example of one policy, and then there are hundreds
36:33
You should always use HTTPS. That's another policy. You can deploy an application, a web application, using HTTP, but that's not good
36:44
It should be using HTTPS. That's another policy. Again, hundreds of those exist. Great
36:51
It's a wonderful question. Great question. Any more questions? Oh, now we have
36:55
The security issues promoted by the Microsoft special. Yeah. Are they can be handled automatically or manual intervention
37:04
That's a good question. So to repeat the question, for security in the cloud, all of these alerts and notifications
37:13
we saw, can they be handled automatically by the cloud itself or do you have to do a
37:18
manual intervention on them? The answer is both. It depends which thing it is
37:25
you can in fact put policy in place that fixes things. So if you deploy a virtual machine to the cloud
37:41
but you forgot to also include a network security group, no actually let say you deploy a virtual machine to the cloud and you configure it to HTTP Oh bad idea You put an open port to the internet and it only HTTP
37:59
Don't do it, folks. Right? You can have actually a policy with a remediation effect
38:05
which will change the setting on the server so that when it is
38:09
deployed, it will not have the instruction said deploy HTTP. When it actually shows up in the cloud, it has HTTPS
38:16
So the policy goes in and makes it an automatic integration and changes it
38:20
That's something you can do. But then you have to learn about policies, compliance and security, and you have to be an expert at this
38:27
Great question. Final question, maybe? Final question? It seems like there's two persons with a hand up. Yes
38:36
How many compliance we can include so that our performance will not update
38:40
Our compliance includes any number of compliance Right. That's a great question. So the question is, if you have many compliancy policies in effect, and you try to follow them, will it have a performance impact
38:57
Can we use all the compliancy settings and still have performance? The answer is yes, you most certainly can
39:06
And another part of the same answer is you can't really not have them. Right
39:12
You can't really choose if it were such a thing, and it's not really
39:16
You can't say either performance or compliance. There's no such thing. You have to have compliance, right
39:23
Basically, no matter the cost. Because if you... Yeah. Yeah. No, it will not
39:34
So the follow-up question is that if I have 50% security today
39:39
and I work on it and make it better and I get it to 100
39:43
will I have less performance? Probably no. It's not related like that
39:48
There can be performance indication for some things that you change in your applications
39:53
Can we increase the number of ads? Yeah. Our performance tweet, that particular task will decrease
40:00
No, I don't think so. I'll hold my ground firmly on this
40:05
It's not like we can say, can we have performance or security
40:09
It's not like we can say, can we have performance or compliancy, it doesn't work like that
40:13
And just because you increase compliancy level, just because you increase security level doesn't necessarily
40:19
mean that you decrease performance. It's not related. All right, I think we're about to wrap up
40:27
So I'm going to close up, do I have no, no, no, you stay down, yeah, I'm not done yet, you can go away
40:33
Just a Q&A. Uh-huh. I have some good news to give away
40:37
Yeah, yeah, yeah. Yeah, all right. So if you think it's expensive to hire an expert
40:44
you should wait until you hire an amateur, right? Just bring that with you in life
40:49
It's a good quote. If somebody tells me, hey, you're an expert consultant
40:55
but it's very expensive, yeah? So you can hire one that takes less
40:59
That's okay. I'll come back. I can wait. I'll come back in six months and see how you're doing
41:05
In summary, again, focus a lot on your skills, right? Learn, become better, become an expert
41:16
ensure that you focus and include on skills in your company. Spend time learning about something called Azure Monitor
41:24
Azure Advisor, learn about Defender, learn about policy, the things that I have talked about here today
41:29
Become a cloud expert, yeah? and consider then strategically also getting help. That's a very self-serving comment because
41:38
that my job I do that And you can become one of these people who are an expert you know a consultant who will come in and fix things for companies Because there are a lot of companies out there with half secure right There are a lot of
41:53
them there. And if you can become the expert, you come in and say, hello, I can help you
41:59
cut 30% of your cloud spend. You're hired. Right? You're paying for yourself
42:07
So that was it for me. Thank you. You have been a glorious audience
42:13
Thank you. And there are prizes I hear. Ask questions? What questions? Any questions
42:25
Yes, I'll give you one. Okay, so to how many cities, and you need to raise your hand, to how many cities has the C Sharp Corner Conference Tour gone
42:40
Five is correct. The gentleman in the shirt over there. Do we need photos of this
42:47
There's a photo guy. Come on up. Jump. There we go. What else questions? Three more questions
43:02
Three more questions. All right. It's a Q&A. I know, I know, I know. Oh, this is a nice T-shirt
43:09
And so this lovely looking T-shirt goes to the person who can answer the question
43:17
Where is Sweden? In Europe. In Europe, yes. Can you qualify that a little bit
43:26
Europe is large. Next to Finland. Next to Finland. That is correct
43:31
Give me one more fact. Capital is Stockholm. Capital is Stockholm. Sorry
43:38
You want to have a photo? Yeah, yeah. Well done. Well done
43:43
That's good knowledge right there. All right. Like this? Like this? Yeah, yeah
43:53
We have what, two more? Oh, OK, OK, OK. So, how many, did I say again, live in Sweden
44:04
You can't be shouting like that. That doesn't work. Lady in the yellow shirt
44:11
10 million is correct. See what happens when you shout like this
44:18
You lose. This is a size mega large, I think. That's going to fit you
44:23
You can make it into a hammock. All right, wonderful. One more
44:32
This is a backpack. Oh, my goodness. Oh, very nice backpack. It's C-sharp corner backpack
44:38
You want? You want? All right. Why don't we have a good question
44:43
It's all me? Oh, my goodness. It's all me. It's all me
44:47
It's all me. It's all me. All right. who is the most important strategic person in the cloud plan
45:00
security is wrong
45:09
in my opinion you have to have my opinion you're making a strategy for your company
45:19
to go to the cloud who is the most important person? HR is correct. Human resource. Yeah? Backpack
45:32
Thank you everyone. You've been beautiful. Thank you
#Business Education
#Computers & Electronics
#Career Resources & Planning
#Distributed & Cloud Computing
#Windows & .NET