Business in the cloud: Taking the forefront in times of crisis

Nasscom recently organized a webinar on “Business in the cloud: Taking the forefront in times of crisis. The participants were: Ramkumar Narayanan, VP, Technology and Managing Site Director, VMware, who was also the moderator, Peter Selfridge, Global Head of Digital Government, SAP, Harmeen Mehta, Global Chief Information Officer, Airtel, Joe Weinman, Author, Keynote Speaker, and Analyst, and Bharat Patel, Head of Bangalore Center, VP, Corporate IT at Nasdaq.

Ramkumar Narayanan, VMware said that the crisis has upended the reality as we knew a short time ago. It is being now being termed as the new normal. Nearly all of us are waiting to see what the new normal will look like. Businesses are figuring out how to operate in the new environment, it is becoming quite clear that those who had invested in digital tools, and had processes to support those digital tools, or digital transformation, as it has been termed, have been able to weather the situation slightly better than the others.

In these early days, it is quite clear that such as companies have been better in moving their employees, en masse WFH, protecting their infrastructure from security issues, helping people connect from wherever they are, continuing to serve their customers and themselves, going along with employee safety and how well they support their customers. This includes the government sector and the private sector companies, large and small. So, how are you viewing the crisis? How do you see cloud business go forward?

We didn’t plan for this!

Joe Weinman, author, said that the comparison is usually made with the Spanish flu of 1918. We didn't really plan for this. But, in a way, the ICT industry has helped save the day, to a large extent. There are opportunities in telemedicine, WFH, kids can learn from home, etc. It is just a fortuitous co-incidence that the ICT industry has managed to keep the civilization, as we know, running.

There are things like cloud and AI that are being used to do things like gene sequencing, automated hypotheses generation, etc. Because the infrastructure was never designed for this time, it is interesting to see what's going on. There was an open question as to whether the Internet infrastructure can support the huge activity that is going on.

For example, In the US, the peak busy time, at least on the local networks, was always prime time, where 50% of the bandwidth was dedicated to Netflix and Youtube. Now, with Amazon coming on in the USA, you have a completely different profile. Those networks were engineering specifically for content delivery, including things like using co-location facilities, to be able to move a lot of content also to the edge.

We are now doing videoconferencing, and point-to-point video calls during the whole day. It is transforming the requirements that we have. We live in a world of complex infrastructure that represents things like high-performance computing, public and private clouds, with all of this new infrastructure, including the emergence of 5G. As an industry, we have so far done a pretty good job. It remains to be seen how things are unfolding.

Suddenly, everything changed!

Harmeen Mehta, Airtel, added that there are lots of things involved. Nothing prepared anybody for all of this. The pandemic simply came across very quickly. You could literally watch what was happening, in just days ahead, in India, and the other countries.

All the BCP plans, whether it was our own, and even we support BCP plans for all our customers, were in place. At the consumer side, we support over 300 million, while on the enterprise side we support almost half a million customers in India alone. Nobody had prepared for big BCP plans. The entire plan was one city and one site shutting down, or how you would go about an application going down or some part of your infrastructure. As all cities got locked down, all at the same time across India, and all over the world, people were not able to get anything, anywhere! It was really unprecedented.

Two-three things have helped us. One, we crafted the continuity practice completely. We revamped it, literally over hours. Keeping in mind that we are also in the central services for India, and to the government. The obligation to the country and to the government is very high. We divided the BCP to plans such as: what we needed to do to keep the country going? Then, we looked at: what we needed to do to keep the company going. Everything else, including the business growth, really came after that.

To keep the country running, we are doing a lot of investments. Everything on Airtel, all of our engineering products, run on our own private clouds. Some run on the public cloud as well. That was one of the biggest boons that helped. Our entire NoC is completely non-human and fully AI. That helped us immensely. All of the operations team could work from home in literally 12 hours. The network bandwidth for the country was very important. You can imagine how the landscape has changed dramatically.

Our sites, whether serving a locality, or a tech park, they are capacitized to serve what is around there. Tech parks would have around 40-50K people during peak hours. The sites are capacitized to carry all the traffic during the day. The home residential areas are capacitized to carry traffic to them for home broadband or mobile traffic, and the patterns are more or less similar.

Suddenly, everything changed! All of the traffic had moved to residential areas from commercial areas, as everything got locked down. Everybody was trying to access everything from home. In literally, over 72 hours, we had used every single spare equipment that we had.

Our CEO ran a letter to all the video media platforms across the country asking them to downgrade the bandwidth from HD to SD. On broadband, we could afford to keep the same speed. I think, every provider in the world has done that.

That has also helped. I owe a lot to the heroes in our company who have been helping us all along to achieve all these things. While we were all running for the comfort of our homes, there were a lot of people in the NoC network side and in the engineering data center, who were getting quarantined in the data centers, and lived there for days. They are the real heroes and ones that have kept the country going. We literally owe them everything.

The digital growth has been phenomenal. We were on the cloud and that was completely seamless. We concentrated on making a lot of journeys simpler. India is now becoming digital because of the crisis. How quickly can we revamp, going forward? We can enable the not-so-digital to embrace digital in a big way. Except for a lack of sleep, it has been the learning of a lifetime. The sense of nationalism in the telecom sector and within the company is very, very high.

Never let a good crisis go to waste!

Peter Selfridge, SAP noted that never let a good crisis go to waste, is exactly right. What this pandemic has exposed to the governments, especially on the government technology side is that there are a lot of outdated legacy systems that were running. For e.g., the IRS in the USA still has a system running on 1965 technology. It has also exposed access issues and scalability issues. It is starting to expose the skills issues as well.

As we move on to the next phase in the response to the pandemic, we are seeing from various governments across the world, a lot of stimulus packages, including IT investments. Forward-looking governments are also taking on skills development as well. India is a good example of this. We are going to see an expansion of clouded options, an expansion of skills programs, etc.

The governments were slow to adopt, mostly due to funding and having to go through the pain of ripping out some of these old systems and going to the cloud. The impetus is here, finally. There is not any sliding from the tech industry. We are hopefully going to see exponential and smart growth, moving forward, in the cloud area and general IT, especially in the public sector initiatives.

The earlier you jumped into tech!

Bharat Patel, Nasdaq, added that some of these characteristics of an organization were developed over a period of time. With Nasdaq, and some of the earlier jobs, we have observed that the earlier you jumped on to the technology bandwagon, the quicker you will understand the limits of your system and how they operate. At Nasdaq, it helped us understand better, as technologies and networks evolved, how do you take advantage of those.

The areas that benefited us are in the markets where we are and also in the markets where we have customized infrastructure. We had to operate these markets with one thing in mind: one day, people will operate remotely. They will operate for weeks and weeks. Right now, we don't know when this crisis will get over, so we can get our workforce back.

The other part of the journey is how technologies can evolve and how we can collaborate. We have to balance this very carefully. People can still shift overnight, and still do video conferencing. You still have to operate as though the person is sitting right next to you. For us, it is important that these things have been rehearsed well ahead of time. We have continuously tested our BCP and the other plans. Our adoption hasn't only been across public and private clouds only.

We have a bit of hybrid cloud as well. We also have a customized high-performance component. For running our markets, you need to have an extremely fine-tuned engine. The processes and technologies that we have in place, and the engineering, that keeps all that running, is very important.

Expectations from cloud

Next, what are the expectations from cloud, post Covid-19, going forward? Joe Weinman said that for a long time, people in the public cloud industry have been saying that this is the future, and this is the only possible solution, and that you need to jump on to the bandwagon. However, it doesn't really reflect the reality of the different sets of requirements that every company has.

One other mistake that people had been making till a while ago, and hopefully, not now, is that the public cloud is just a fad. And that, the people need their own data centers, and that's the only way to go. People were analysing the situation incorrectly, even the major consulting groups. They were saying, wait before price comes down and you can use it. That was missing the obvious economic benefits of the cloud. Especially, in dealing with variability and the unpredictability. The benefits include statistical multiplexing of the different workloads into a common infrastructure.

People also made the mistake that the public cloud is the only solution. That is also problematic for a variety of reasons. For large companies, that can self-multiplex their workloads, they can gain the kind of utilization that makes economic sense. It all depends on what you do. There are benefits of running a hybrid infrastructure in a variety of different ways.

We will make an error thinking that the only choices you have are private, public or hybrid. The real architecture used by many companies is a mix of non-virtualized, non-cloud high performance computing on dedicated systems. Latency is absolutely critical in high-speed trading. You can use public and private, as necessary. There are lots of trade-offs between the center and the edge. It is also the data center volumes, proximity to data. For the edge, you are closer to sensors and actuators. If you are in the cloud, you need to think about latencies between microservices. There are a variety of solutions. You need to think about what your requirements are.

BCP and security

BCP plans were not really up to the mark for most companies. Security is also an issue. Have things changed in the crisis? Harmeen Mehta said that the number of security incidents across the globe have increased many-fold since the lockdown started. Phishing attacks are at least 10-20 times higher. That is the biggest vulnerability that we have noticed.

One of the first things that we did since the lockdown was that we upgraded the threat levels at the park, especially, our own security center. It controls a lot of enterprises as well, including financial service customers. We have been operating at that highest threat level ever since. We have seen some of the largest DDoS attacks over a period of time, whether it is attempts at different industries and different kinds of customers. We have been able to thwart that.

In security, there is never that you can do enough! You have to keep investing and you have to try and stay as much ahead of the game. Companies that are using deep AI will have a very differentiated response. If the volume is very high, tackling any kind of intervention is almost next to impossible.

About 70% of the attacks are dealt by the AIOps at the Airtel NoCs. Humans are only dealing with 30% and that itself is quite a workload. If we didn't have that kind of security, we don't think any kind of company will be able to cope. Attacks have also changed in nature. A lot of attacks were on corporate networks. In fact, 80% of the attacks are now happening on personal IDs and WhatsApp Groups.

Almost anyone, who has a malicious intent, knows that every company has opened up its network to people who are working for them, and so, they are open to attacking. The phishing attacks are the easiest way to create a vulnerability. You can just be going to a low-level person, who is probably outsourced, but has access to the CRM. These small attacks are just looking to create these small windows of vulnerability. Over a period of time, these organizations may be exploited for various different things. Telecom services, financial services, etc., are seeing a large part of that.

A very interesting piece is that, previously, the attack used to be on a large part of the workforce. Now, it has moved to the extended workforces as well. People who are having some small part of the window open, that's where a large part of the attacks are happening. The medium-sized organizations are not prepared at all. We are working with some core customers and bringing their core apps within the MDNs and combining them. Companies are doing that at low latency.

Policy nightmares

Many companies don’t have adequate laptops. Governments are also said to be struggling. It also opens up lots of policy nightmares as well as new vistas of attacks. What should be done in this scenario?

Peter Selfridge said that it was interesting to see that in first few weeks after the pandemic, a lot of malicious attacks by the state actors dropped. Even those folks are figuring out how to WFH. Now, they have it figured out, and also, the vulnerabilities in the cloud. So, the attacks have gone up again.

Europe is actually well positioned in some ways due to GDPR. There are cultural and legal lenses to look at this as well. The EU bloc has a legal construct in place. Then, there is a cultural battle. France is looking at the tracing approach in one way, while Germany is doing it more in a decentralized manner. In the US, the solutions have been pushed out. However, there are 50 States that are looking at it with different views. The Senate has introduced a bill around privacy. If there is a federal response to the tracing apps, the Senate wants to have the privacy bill so that the data is protected.

Nasdaq learnings

There is a need across the world to have to keep Nasdaq open. What has been the learning? Bharat Patel noted that you need to learn about what's not going well. When you move to WFH, technologies, such as VPNs are there. The question is: how will the companies maintain productivity?

There are challenges such as bandwidth. You just need four kids on the block when they stream tons of media, and there you go! Those are the types of challenges. This is more of a centralized view. What we thought initially will be bandwidth constraint. Is it just the behavior of the people that are working remotely? We needed to put some constraints, such as streaming from your work laptop.

We have also made a change around security intelligence. We have to thank the SaaS market in the security space for the tons of data on what's going around. Our shift definitely has changed. We try to see near real-time information about security.

We are looking at peoples’ homes. What are going to be the newer approaches of technology and security so that the apps they are absolutely insulated from any attacks. When the intrusion attempts occur, how do you send them to the NoCs, and make sure you are reacting quickly and ensuring the attack does not spread. You have to figure out the environment and the applications that are being accessed by your customers and company users.

Joe Weinman added that anyone who has ever done BCP, they know that people have short memories. Right now, you are thinking about survival. The good news is: this will go away, one way or another. The bad news is: because leaderships have short memories and budget constraints, will there be any meaningful long-term changes in the many companies. It’s going to be more unique. Will the leadership of companies take this lesson to heart and factor it in their budget?

SMEs angle

Finally, how can the SMEs handle this crisis and leverage cloud better? When lot of Indian businesses are not digital, how can you help?

Joe Weinman said that they would need to go the SaaS way. It's all SaaS for small businesses. Maybe, its one cloud provider or multi-cloud solution for workflow enablement. It is also an expertise and cost issue. For medium businesses, you need to do the key things to run the business. You now need to find a partner for helping with your competitive advantage for things like website development, e-commerce solutions, etc. It is the public cloud at a SaaS layer or the infrastructure for the larger providers.

From an Indian context, not many SMEs are digital. Does Airtel see an opportunity? Harmeen Mehta replied that for SMEs, it is almost like a restart of the economy. They have taken some of the maximum hits. Travel and tourism, hotel industry, etc., are all badly hit. A large part of these are hit very badly. The landscapes in each country will start changing. How will those who lost their lives or jobs recover? Will the migrants return, or do smaller, easier jobs? Will that create labor deficit? That itself could spiral different industries solving the different issues. Economies are also going to take some time to reset.

It is not all about digital transformation. Different consolidations will start. Whether businesses will have to build their ecosystem, or will they just rent some ecosystems? Will they probably rent some space in some app? Every SME won't really be able to survive. There are enterprising people who will kickstart the economy in a different way. The world out there is really finding it very difficult, and it is not just about our own business.

Airtel also runs a large payment bank. New models will actually emerge. Even in the medicine space. There are not that many hospitals in the second- and third-world countries, no matter what the government does. There will be some revolution where about 80% of the people will need to recover at home. And, if that happens, how will that be monitored? The world is going to change for ever.

Digital growth is now immense. People are going to download digital apps, even as a necessity. People are now going to learn how to do all this and survive. There are some fundamental things that will change.

Changing environment

Finally, how does the industry see governments reacting to changing environment? Peter Selfridge said that there was a trend toward increased regulation around cloud, privacy, etc. The pendulum was already accelerating towards heavy regulation, and it will go in that direction. A disturbing thing emerging from this pandemic is the localisation. I expect that to also accelerate. You will probably see the pendulum swinging back. There will be some regulation around privacy and data. The concept of virtual NoCs and SoCs will be the new norm.

How will security and connectivity models evolve for WFH? Bharat Patel said that the enterprises are accepting the reality that they need to run businesses. The security models will also change. The all-time actors are going to attack even more. We are going to see more of virtual VPNs, etc. You also need to protect the apps internally. Some companies are already testing on that. SDNs are a great example. Data and privacy on the cloud will take a while. You would need to scale up massively.