Igloo Conf Summer Edition 2022

Siili was delighted to be a part of the event as a participant and sponsor of the two-day Azure Igloo 2022. 

The conference was a relaxing, stress-free and welcoming event packed with interesting talks, experience sharing and discussion. Although the conference did not have an emphasis on any specific feature from Microsoft, it gave space for open conversation and collaborative problem solving for practical challenges.

Speakers at the event were either Azure MVP, Regional Directors or Microsoft representatives who shared their experience and ideas on a variety of fields. The topics included cloud infrastructure, cloud migration, data partitioning strategies, AI & Data analytics, etc. Within each discussion, we gained insights and ideas on solving the challenges of our customers, along with improving our own competence.

1.  
   

   Highlights and notes from Igloo talks:

Azure Cloud Development

Within the cloud infrastructure domain, we saw recurring themes and challenges for many companies. The speakers also pointed out these four domains: FinOps, Security, Operations and Compliance.

FinOps: 

• One of the highlights of hard challenges for companies is cloud spending. Magnus Mårtensson put a new perspective on cloud challenges. The speaker was referring to cloud challenges as more of business constraints rather than technical ones. Therefore, HR Directors and HR should be part of cloud strategy discussions.
• Cloud teams, management and HR departments should work together and spend time optimizing the cloud costs. Though sometimes neglected, Azure offers tools to help with this kind of endeavors, such as Azure Cost Management, Budgets and Cost Recommendations. Utilizing such tools help teams become aware and responsible for their cloud costs.
• Providing FinOps analytics to customers will help them keep their cloud spending optimal and improve their competitive edge. Some surveys suggest cloud spending waste could be as high as 32%. Minimizing this waste could provide more investment opportunities in other areas of development.
  
  
  

Security: 

• Though security has always been a large concern for all industries, it is rarely seen well strategized and incorporated into business plans. During his talk, Karl Ots mentioned that companies allocate unbalanced resources to FireWall and other security features. Commonly, FireWall has been too privileged and consumes an unnecessary amount of development effort. Other aspects of security should also share the same level of concern. Organizations need to restructure and re-strategize to improve overall security performance.
• For multiple cloud resources, there is no hat that fits all. Security resources should be developed and maintained for each cloud from different providers. It is important to understand how each cloud works and the unique requirements that make them secure. Following each provider’s recommendations and framework is always key for maintaining security.
• It is vital that organizations understand that security is on everyone’s responsibility. All levels need to contribute to protecting the assets of companies. Therefore, security should never be an afterthought. Security needs to be integrated in key decisions such as defining business processes, policies outline and roles delegation.
• Another mistake that has been observed is how many teams skipped security testing in CI/CD pipelines. A good mitigation for zero-day attacks is incorporating security checks within the release process. It is already common to integrate QA tests within the lifecycles of products. Teams should expand to also include security tests as there are already numerous tools available
  
  
  

Operations & Compliance:

• During the first talks of Igloo, Rik Hepworth made an insightful analogy of application in the cloud: “Once your application is in the cloud, it is like a puppy. You need to look after it, see how it grows, and constantly and carefully take care of it.” After migrating applications to the cloud, there will always be more work to ensure its quality. Azure has many built-in policies, initiatives and compliance checks to help maintain applications. However, companies are not fully utilizing these functions.
• The use of DevOps methodology was emphasized during some talks. It is crucial for products to have a constant schedule of quality improvement. Additionally, teams with clear tasks and schedules perform much better and are more productive. DevOps not only ensures the constant release of necessary changes but also recovery during disasters.
• Evaluating the responsibility chain is a good approach to understanding roles and delegating tasks. Companies need to have a clear view of team structures, roles and responsible areas. This ensures correct resource allocation along with collaboration across teams and departments.
  
  

Bonus tips – Cloud Migration & CAF model utilization:

• Most important aspect to consider when migrating any application is to understand the expertise of the customer’s teams. It is not enough to just migrate all data and applications to the cloud. Every consultancy also needs to ensure long-term success of the customer. Therefore, during the hand-off, the customer’s expertise level needs to be clearly evaluated. If there’s a clear lack in this area, the consultant needs to address this issue immediately.
• Within the Microsoft CAF model, there are clear instructions and tools to implement SRE along with cloud optimization, which is something any organization can implement. Although the model is not easy to fully grasp, businesses should embrace it to optimize Azure usage. A good approach is to compare the model with current practices. Find similarity to continue working and outsource areas that need improving.
• For any migration project, CAF Landing Zone is recommended. Microsoft had outlined procedures and resources needed to quickly create functioning cloud application infrastructure. This model will help teams easily transition to the cloud.
  
  

4. Software Development

Written by:
Minh Bui