Kris Lahiri: In those four to five years, IT either did not have the tools that they would like or people’s thinking had to change. IT was just constantly looked at as a naysayer. If I go and ask my IT how to build this environment, they’re just going to say no.
So I’ll get a department-level AWS account and go build this out in AWS and demonstrate certain results. I’ll integrate some kind of a Hadoop backend and process all this data. They’re able to really work and produce results very rapidly.
On the flip side, they have not paid attention to what they are doing. Are they just taking customers’ data, sharing it to some kind of third-party system? Those are the types of things that the security department would have paid more attention to. What was that level of API integration that they needed, or compromised on, for speed of delivery.
The reason I’m giving you this long answer is what I’m seeing is this whole DevSecOps cultural shift. These guys are trying to embed that same type of DevOps agility and mentality into the security side. Even if you’re trying to build solutions, let’s get security folks earlier on so these guys don’t become these naysayers. That’s starting to happen.
I do see a lot of development here. It answers your other more generic question about how shadow IT was created because IT folks were either not equipped with the right tools or because of a mentality. That’s changing. I’m excited about the effects of that.
Sramana Mitra: From a data point of view, what do you do when you encounter these situations where IT is trying to rationalize from a shadow IT, public cloud architecture to something that is more secure.
Do you transfer all the data and content to your system and create some sort of a bridge or API integration with the public cloud vendor who has the workflow and application-level capabilities? What architecture do you follow?
Kris Lahiri: It’s a little of both. I’ll give you two drastic examples just to make a point. One is someone whose content is just completely distributed and they really have no control over it. This happens for companies that have grown through very rapid acquisitions or they’ve done things globally.
They’ve grown very rapidly globally, but each global location has been given a free hand in terms of what they are doing with their content. When we come in to some of these cases, it becomes a data rationalization story. This is a 100-plus year company. They’ve got so many different systems and things that they just need to rationalize and bring that all under one platform.
They use that as a way in which they can just see some data that they don’t need anymore. They can purge a lot of it. They are looking at it from other perspectives of who has access. It’s almost a revisit of their data strategy. We come in at that point and make this a central source where they keep everything.