On July 7th 2021, Noord hosted a virtual boardroom in association with Nero Blanco. The event consisted of an introduction from Twan van Beers, Director of Technical Design Authority at Nero Blanco, accompanied by a presentation from Ian Bleazard, Director of IT Infrastructure and Analytics at ASM Assembly Systems, who detailed a project that he had worked on with Nero Blanco. This was followed by a discussion among senior IT professionals on considerations for large-scale cloud migrations.
Nero Blanco: brief introduction and case study
Twan explained that following its establishment in 2012, Nero Blanco now worked directly with over 100 clients. The company had seen sustained growth, with an increasing number of businesses choosing to undertake cloud migrations. In one highly successful case, Nero Blanco had migrated 500 terabytes of data for 18,000 users in just 9 weeks with a single cutover event. As a result, the client had been able to minimise any coexistence issues, and within a short space of time the number of tickets dropped down to normal.
Twan stressed that as no migration project is the same, it is paramount that the chosen tool is tailored to the client’s specific needs. Nero Blanco is therefore tool-agnostic, and likes to be thought of as an extension of the existing project team. Moreover, the company is committed to serving its clients, even when the required solution is unusual or involves additional work.
Ian then explained that as a leading producer of machines that produce chips and circuit boards, his company was experiencing a post-Covid boom, with spending up on consumer electronics and cars. In terms of the company’s IT infrastructure, it has 14,000 end points across 62 sites globally. Under its IT strategy, it had planned to create a single secure enterprise infrastructure supporting the global business.
In collaboration with Nero Blanco, the company had implemented a project to create a single global collaboration platform. This included the creation of a single tenant, the migration to Office 365 and the use of Microsoft Teams.
Reasons for attending and key challenges
Following the presentations, attendees were asked to briefly introduce themselves. They represented various sectors, including banking and financial services, housing, healthcare and national infrastructure.
Detailing their organisation’s cloud strategy, one representative raised the challenge of ‘reaching back’ after a cloud transition, noting that if some data is left behind, it may become difficult to assure and manage. Many others were part way through their organisation’s transition to cloud, with key challenges including getting a view of security events and alerts across a hybrid environment, ensuring data security and governance, juggling regulatory demands and developing cloud-focused business strategies.
The move to Office 365
Attendees noted that their organisations had begun to move to Office 365, with the pandemic accelerating such transformations. One organisation was grappling with moving the last of its on-premise mailboxes to the cloud, and noted that residual assets were proving difficult to get rid of. Two separate representatives from the banking sector stated that their move to Office 365 was uncoupled, with one organisation still relying on remote desktop applications and another noting that its applications were lagging behind, which hampered a smooth transition.
Balancing security, governance and control against usability and user satisfaction
Ian explained the specific cultural challenges faced by his company. While the European branch of the business tends to see security threats as emanating from external sources, the Asian branch tends to be focused on insider threats – with executives particularly concerned about employees taking photos of their screens and leaking company secrets. The difficulty lay in moving from two cultures to one without putting limitations on existing teams.
Picking up on this idea of culture change, one attendee representing a housing association noted that in a bid to tackle user reluctance, they had engaged the entire business through a specific forum whereby any employee could talk about security matters. Sessions were held on a range of topics. As the company had begun to change people’s mindsets and educate them on the importance of specific security measures, this had translated into behaviour change at work. As a result, the organisation had changed the narrative of ‘security versus the business’ to ‘security at the heart of the business’.
Ensuring joined-up thinking
One attendee underscored the sheer scale of moving an entire organisation into the cloud, and felt that working in silos was a potential barrier to effective implementation. A potential suggestion was to frame the transition to cloud as addressing a business problem. In other words, all organisations must understand the problem before jumping ahead to the solution, and they must be able to demonstrate that the chosen solution provides clear business value.
Twan noted that in his experience, the biggest mistake is lifting and shifting apps directly into the cloud, with companies wrongly assuming that this will automatically save them money. The best approach is when architects design the patterns they want the apps to use and work with app owners to fit into their release cycles, rather than imposing a schedule on the business.
Following a brief discussion on the challenges of multi-cloud environments, attendees were asked whether they are looking at endpoint security to protect the data contained within apps on the cloud. Several organisations noted that they had adopted a zero trust approach.
One organisation was looking into the additional controls it could implement, how the data moves around and who has access to it. Another was looking into microsegmentation to eliminate movement, and had recently taken on a data architect to understand the data landscape and coordinate with data governance teams. Lastly, an attendee who helped public and private companies with their cloud journeys noted that through their work with a large insurance company, they were looking to tunnel all traffic through the security system, in addition to ensuring endpoint security.
Closing of the session
In summary, Twan noted that Nero Blanco was offering a new service which would enable businesses to maintain governance in the transition to Microsoft 365. In particular, it aimed to bolster organisations’ capabilities on the application side and ensure that any changes being made were subject to prior approval.