SOAR technologies strive to automate some of the repetitive human effort required to maintain a strong security posture. Here's how SOAR tools fit into an enterprise security strategy.
How American Express is tapping the benefits of hybrid cloud
Evan Kotsovinos oversees cloud strategy for Amex, which serves more than 100 million card members globally. In this interview, he shares the critical role he believes infrastructure leaders should play in cloud adoption
If there ever was a moment for IT organizations to accelerate cloud adoption, it’s now. Consumers and businesses are relying on cloud more than ever with the recent massive shift to remote working and learning, not to mention the increasingly widespread expectation for "always on" services.
Evan Kotsovinos is no stranger to that reality. As head of global infrastructure for American Express (Amex), one of his responsibilities includes overseeing cloud strategy for the globally-integrated payments company, which serves more than 100 million card members around the world. Kotsovinos also manages the firm’s technology response to the COVID-19 pandemic. We caught up with him to discuss his perspective on the cloud.
In this interview, Kotsovinos discusses why cloud adoption is all about maximizing business outcomes. He shares a misnomer he still frequently hears from peers about the cloud (hint: it has to do with pricing), and he explains why infrastructure teams and leaders should consider themselves curators.
The Enterprisers Project (TEP): Cloud computing continues to grow, yet many CIOs are still working on their cloud adoption and migration plans. Does cloud adoption still have a long way to go? Is it inevitable for IT organizations?
Kotsovinos: Looking at the economies of scale that cloud providers can reap, and the engineering and innovation capabilities they have, in my mind the cloud is a complete inevitability. The question is not if, but how, and how fast. How will enterprises move to cloud and what cloud model (private, public, hybrid, and what specific flavor of these) will they embrace? And how fast will they move?
TEP: Can you provide a brief overview of how Amex is using the cloud right now?
Kotsovinos: Our approach to cloud employs a hybrid architecture that allows us to build applications once, inside a secure container, and have the flexibility to deploy those applications on private cloud, public cloud – or both – at the same time. We have been on our cloud journey for a few years now and have seen strong adoption of the platform as well as of cloud-native development principles and practices.
TEP: What makes you a believer in the benefits of cloud?
Kotsovinos: The cloud offers significant advantages compared with traditional, on-premises data centers. Three of those benefits stand out in my mind. First is the combination of productivity and speed that cloud offers. Today, thanks to cloud, you can tap extremely powerful, out-of-the-box capabilities in areas such as artificial intelligence, machine learning, or data analytics. Before cloud, that might have taken teams of engineers years to build.
Second is resiliency. At Amex, the ability to run the same application on multiple clouds gives us a high degree of resiliency, allowing us to deliver the always-on experience that our card members crave and deserve.
And lastly, economics. We believe the economies of scale achievable through our cloud strategy will drive significant advantage for us over time.
TEP: Can you describe your approach to application development given the prevalence of cloud today?
Kotsovinos: We are committed to cloud-native application development and to evolving with cloud-native as a standard. As cloud technology matures, we will continue to raise the bar on these cloud-native principles and the service we provide to our customers.
Cloud-native applications are architected to be highly available and continue to serve our customers in a multitude of scenarios. They are built to scale out as well as in, accommodating changes in volumes. They are built based on reusable components. They embrace a number of best practices in terms of logging, configuration management, port binding, and dependency mapping, which support portability.
Considerations for cloud adoption
TEP: Amex is quite advanced in its cloud journey; what are some considerations you are passionate about and believe other CIOs/IT execs should consider as they embark on their cloud journey?
Kotsovinos: As with any new venture, you need to be able to effectively measure results. But it’s also critical to understand the bigger picture of what you’re solving for. To measure our success in cloud, we focus on overall business outcomes rather than the isolated costs of cloud versus on-premises infrastructure.
In addition, to reap the full benefit of cloud computing, you have to move to the cloud in the right way. Lifting and shifting legacy applications to the cloud provides limited benefit. Moving applications that are cloud-native, fully or partially, has a greater return.
Next, consider how you are going to address your non-cloud native applications. Distinguish between your technical debt – those applications in your portfolio that will be out of date and need to be refreshed – and those applications that are current, but just are not built for the cloud. You’ll likely have more success by reviewing your application refresh cycles and prioritizing your portfolio to move gradually to the cloud. Again, it’s all about maximizing business outcomes, not moving to cloud for cloud’s sake.
Finally, account for bubble costs. As you are migrating applications to the cloud, you are likely running parts of your applications on both cloud and traditional infrastructure, which will temporarily inflate your cost base.
TEP: Is there a pet peeve or misnomer you hear from CIOs or even your peers in infrastructure that you wish you could debunk or clarify?
Kotsovinos: A misnomer I still hear is that the cloud is “cheaper,” or the cloud is “more expensive.” Both of these statements oversimplify the problem. The cloud is neither cheaper, nor more expensive. The cloud is a different way of delivering a service and what matters is the total cost of the technology stack you are delivering, not the cloud versus on-premises calculation.
TEP: What are some key talent challenges that organizations should consider as they shift to the cloud?
Kotsovinos: I think a crucial aspect of cloud adoption is investing not only in training and upskilling, but also in evangelizing and helping engineering teams adopt the right mindset and tools. Without that, you may not get very far.
[ Hiring for Kubernetes? Read: 14 Kubernetes interview questions: For hiring managers and job seekers ]
Do not assume that if you deliver it, they will come. In 2020, the role of an infrastructure organization is not just to build and deliver those capabilities, but to make sure they are understood and adopted in the right way. The infrastructure team is responsible for being a trusted partner, a consultant, and an advisor to the software engineering teams. Infrastructure teams and leaders are curators of developer experience above all else.
TEP: The world is changing before our eyes, including technological advancements. What are some critical long-term technology infrastructure considerations we might not yet be thinking about?
Kotsovinos: I would highlight two long-term developments that may fundamentally transform everything we know about computer architecture, and therefore technology infrastructure, over the next several years. First, quantum computing, which promises vast speed improvements for specific classes of problems but is nowhere near general-purpose computing or the level of hardware stability and usability that would make it mainstream. Secondly, the rise of very large non-volatile memory, which over time can lead to the collapse of the memory hierarchy (cache, RAM, storage) into one large persistent memory array.
[ Read our deep dive for IT leaders: Kubernetes: Everything you need to know. ]