Cloud Reset – The Podcast | Episode 3: Wait, security’s no longer an investment priority in 2024? What happened?

November 8 2024, by Cloud Reset | Category: Cloud Services
Podcast - Cloud Reset Episode 1

Show Resources:

Here are the resources we covered in the episode:

ADAPT’s 2024 Cloud & Infrastructure Edge insights for Australian technology providers

Follow Jono Staff on LinkedIn

Follow Naran McClung on LinkedIn

Cloud Reset’s YouTube Channel

Listen on Spotify

Listen on Apple Podcasts

Contact us at enquiries@macquariecloudservices.com with any questions, suggestions, or corrections!

A great no-cost way to support us: Rate/Review!

Episode Summary:

In this episode, Cloud Reset welcomes Phil Barlow, Director of Partner Technology at Microsoft, to dissect the surprising findings from 2024 ADAPT research. Cloud Security has fallen off the Top 10 investment priorities for Australian IT and Infrastructure leaders, replaced by multi-cloud architecture and generative AI.

Jono, Naran, and Phil debate what this means for businesses and whether it’s a step forward or a dangerous oversight.

Why You Should Tune In:

  1. Cloud Security Drops Off the Radar: Why is it no longer a top CIO investment?
  2. Multi-Cloud Tops the List: Why and why now?
  3. Generative AI’s Big Move: How it’s reshaping priorities and how to avoid the POC graveyard
  4. Platform vs. Best-of-Breed Security: The Defender debate heats up. Phil and Naran get into the nitty gritty.

Episode Transcript:

Alright Jono, so look, we’re back again. Uh, what is this, our third podcast that we’ve been recording? Episode three, let’s go. Episode three, we have a special guest today as well. How’s that gonna go?

Well, he’d better watch out, anything could happen. Yeah. We’re gonna turn the tables on him. Let’s make it really uncomfortable for him.

Happens to be a lovely guy, his name is Phil Barlow. He’s Director of Partner Technology for Microsoft. He’s a long time friend, at least he was, of Macquarie Cloud Services, so.

Guy, looking forward to hear what he has to say. Certainly. Certainly. Okay, um, we’ve got some good topics today, so we’re going to get into some ADAPT research, looking forward to that.

There’s some fascinating insights comparing 2023 and 2024. Definitely. Right, uh, we have our customer scenario project that we’re going to talk through, and there’s something potentially contentious with Phil, I don’t know. We’ll see how he responds to it. We’re going to talk a little bit about endpoint protection.

Uh, as it were, and then the third key topic, we’ve got a subscriber question. This is fascinating. This is a customer who is interested in embracing generative AI as a means to improve their NOC. Let’s get into it. Let’s get into that.

Okay, here we are for episode three of the Cloud Reset Podcast. I’m here with Jonathan Staff and we have special guests and I will say first guest Phil Barlow, who is the Director of Partner Technology for Microsoft. Welcome, Phil.

Thank you very much for having me, Naran.

Well, thank you, Phil. You’re a long time friend of Macquarie Cloud Services.

Um, we are very grateful that you’re here. You’ve done a number of events with us before. This is a first. To have you on with the podcast. I mean, you were our very first podcast guest, so I’m pretty excited about that.

I’m very excited as well too. I don’t think I’ve done a podcast for a long time myself.

Um, it’s a wonderful format. Um, I’ve seen the work of, uh, yourself and Jono in, before as well. So, You know, it’s a, you’ve set a very high bar, and I’m very pleased and, and thrilled to have a good discussion with you guys. Is it fair to say that you’re in the hot seat? This is our first special guest. How hot is the seat? Is that just the format? Like, we’re not here to attack you, Phil. This is just gonna be a friendly conversation. I don’t know why the chairs are set up this way.

I would just say I’m a rose between two thorns. There we go. There you go.

What are we here to talk about today, Jono?

Well, um, we’re here to talk about some pretty interesting stuff.

Uh, now, if you’ve been listening to the other episodes, we’ve got a bit of a format going here, but we try and keep it fun. There’s been some research recently released by ADAPT. Now, um, a lot of our listeners will be familiar with ADAPT. They’re a prominent research organisation. We actually partner with them at Macquarie.

So if you’re interested in learning more about ADAPT, Have a great day. And the report has come out, the 2024 Cloud and Infrastructure Edge Insights for Australian technology providers, and they’ve actually surveyed CIOs in the top Australian companies that represent about 42 percent of Australia’s GDP.

There’s some really interesting stuff to get into there today, especially the comparison points between last year’s report. And this year’s report. So we’re interested in the priorities of CIOs. We’re also going to be taking a question from a listener. Uh, looking forward to that one. And we’re going to be discussing a current customer project.

And that’s kind of cyber security related, but we’re taking a little bit of a different angle with our friend here in the hot seat. So looking forward to that as well. Okay.

Let’s get into this report. Now, we like to think we’ve got our finger on the pulse. We’ve been talking about some, some stuff that we’re seeing our customers and potential customers tell us. And I was actually quite surprised. When, uh, when this report came out to see some of the top priorities that have changed, uh, and it kind of aligns with some of our thinking, but I think we’re also going to be making some assumptions about this as well and keen to hear what Phil has to say about it today.

So in 2023, let’s talk about 2023. 2023, the top priority for infrastructure leader investments, uh, in, in these companies that ADAPT surveyed was cloud security. Priority number two, cloud cost optimisation. I mean, that’s hot, you know, a hot item that everybody’s talking about. Cost and risk. Number three, you know, zero trust security models.

And then, you know, the list goes on, CMDB, all the things you would expect. But obviously cloud security being number one was no surprise in, in 2023. Move to 2024, uh, Would anybody be expecting to see cybersecurity in the top three?

I would. Okay.

I really would. Um, I, I, I say certainly conversations that I have on a day-to-day basis have been for months, I would say 2023.

Got it. Absolutely. Bang on. And I would’ve thought that’d be very similar in 2024.

Okay, Naran. Uh, well, we still know it’s a hot conversation, right? I mean, we just got back from Melbourne, right, from the, the CISO event and, um, clearly that was all about security. Um, so we still know it’s a hot topic. I’d be surprised if it wasn’t in the top three investment priorities, though.

Well, uh, Here to tell you, it’s actually not. Nowhere to be found in the top three in terms of investment priorities for infrastructure leaders that have been surveyed. And uh, the thing that’s taken out the number one spot, I think is worth a little bit of a deep dive today. Multi-cloud architecture and engineering skills.

And I’m kind of not as surprised by the number two investment priority, and that is generative ai.

No, me either, right? So, you know, definitely expecting investments in generative AI to make the top three, but multi-cloud architecture and engineering skills. Mm-hmm, Cloud co, uh, cloud cost optimisation rather, is still there.

Uh, but it’s down at number four. Interesting.

And so what is, what is this multi cloud architecture and engineering skills? Because, uh, it doesn’t, it doesn’t feature anywhere in the top 10 Investment priorities in 2023. How

interesting. Now, surely years ago, Phil, you’ll remember this, right? When public cloud first launched onto the scene and the cloud providers were there, there was this view that you must consume all of them, take advantage of containerization, shift workloads around at will, at your leisure.

That was the smart way to consume cloud and then people figured out that containerization is actually hard and it needs to be more purpose driven. What do you suppose the definition of multi cloud might be here if we’re to make some assumptions?

Well, I think about this. It’s a lot of words there. Multi cloud architecture and engineering skills.

So there’s the multi cloud components of that. Multi cloud can mean many different things to many different people. It will mean private cloud internal. They’re on premise. There’s still an awful lot. I believe some I did read some reports not long ago. There’s still well over 50 percent of workloads still on premise.

There’s lots of good reasons and stories behind that as well. Of course, there’s a we know you guys would know as well. There’s an awful lot of legacy debts. That is, people are just sort of putting to one side and saying we’ll get to that problem at a later date. Um, there is the other hyperscale providers.

So there’s that we have the Microsoft and we have the other hyperscale Well, so they come into that brand of multi cloud, um, as well. However, I think the multi cloud word here, my gut feel haven’t read all of the detail and all of the reports on this. My gut feel is the multi cloud piece. There is just a way within the reports to say we’re actually looking for Architectural engineering skills in general across multiple different platforms.

Um, there is obviously in every organization there is going to be multiple platforms in some shape or form. Some will be dominant and some will be less dominant in that place. Some will be highly on premise still. Some will have made massive investments in hyperscale cloud. Um, so there’s going to be options and choices across the board.

But I would, the one word in that sentence I’ll pick up is the skills piece. Because we know across Australia and New Zealand, um, that we have a skills deficit. And we know that there are, you know, there are, there are many programs in place to increase and drive the skills. We know that we’re working with education organisations throughout the country around ensuring that we have got the skills that are required for the future.

Um, there was a report by Tech Council of Australia, you know, um, last year. No, earlier this year? Last year. I’ll have to look that one up. But the Tech Council of Australia reports are saying that we are, we’re doing well, but we need a plan. Approximately 1. 2 million people in the, uh, in the, in the technology space that we, that we work in and kind of, we’re heading on a trajectory for about 800, 000 or so at this point in time.

Oh, that’s, I should say by that’s by, by 2030. Um, and so there’s a, there’s a, there’s a skills deficit. So that would be my take. I’d pick up the word. Do you read it differently? Well,

I don’t disagree with anything you’ve said. Um, I think that’s all very true. Um, I would say on reflection of, let’s say the RFPs and the RFIs that we see that find our business.

There’s been some consistent themes, um, certainly in the last six months that are calling for hybrid architectures, particularly. Now it varies. Um, opportunity to opportunity. In some cases there’s an existing footprint whereby the customer is seeking to have a consistent operational experience with their chosen public cloud provider.

So they’re seeking consistent governance and operations. So there’s a hybrid architecture. Demand or request coming through more specifically in a Microsoft context. We obviously have the adaptive cloud piece and clearly that’s a lot of work, Jono, that we’ve been doing with Dell and Azure Stack HCI. Um, and we certainly see a lot of opportunity there as well.

Um, particularly, um, as it relates to some customers that have been impacted by Broadcom, cost increases as well. Of course. And are seeking a different platform conversation, right? They’re seeking a conversation that may not necessarily just be, let’s move those workloads to the public cloud. We’re seeing that too, by the way.

Um, but maybe there’s, you know, A more discerning customer emerging now that places a greater emphasis or value on hybrid cloud. I’m wondering whether you’re seeing something like that.

I see, I see quite a lot of that. I think I see a, a, a set of customers that may have started their cloud journeys quite early on, uh, actually, and been, and have, Driven a lot of experience into their organisations.

They’ve got a lot of learning that they’ve taken from what they’ve done. And there is a there is definitely emotion at this point in time to have that realization that We possibly, I won’t say gone as far as we can with the current strategy that we have, but are looking at opportunities for achieving more, but with a slightly adjusted and a slightly different strategy, they still know they want to drive a level of optimisation, a level of efficiency, a level of catering for many different customers within their own organisations, many different requirements, government regulations, um, Um, the list goes on, but there’s also that thought as we look at, you know, point number two on the list here as well as to I need to be able to have access to all of my data and all of my workloads wherever that may be.

So how am I going to do that in an efficient and effective way? And where we started the conversation as well is how do I keep those secure as well? So you kind of skirted over a little bit there, Jono, in terms of where did security end up on the list?

Well, uh, if we look at security here, it’s. It’s actually all the way, it’s not even in the top 10.

Remarkable.

Right, and um. I think, uh, look, if I was going to make some, some bold assumptions with this, um, multi cloud architecture and engineering skills, they can be seeking skills. I think what that, you know, that’s kind of code for in terms of the prospective customers that I’m talking to, uh, we don’t know how to make this work.

Right. Either I’ve got the skills gap in my own organization, or I can’t find the skills in the market, or I’m struggling to find a partner who can help me. And there’s a, there’s a strong recognition here that multi cloud architecture is important. Right. And, and that’s like important enough to make an investment in getting it right.

Right. Now, skills is. people who can drive, you know, multi cloud architectures, people who can bring that to life, design those solutions, make them work, keep them secure. Um, but I’m actually more interested in why, right? Cloud cost optimisation is still in the top five, it’s moved down to, to top four. Um, we’ve got this hypothesis, it’s kind of a working hypothesis, keen on your opinion on this, that organisations who have done an excellent job of cost optimisation, let’s say they made those big investments Uh, in 2023.

Yep. And they’ve got it right, and they’ve gone as far as they can possibly go. Within I would think architecture and perhaps they’re looking now to multi cloud and bringing that to life and getting it to work for them as the next cost optimisation horizon.

I would tend to agree, I would change the language ever so slightly, not very much, just a little.

I would look at it and say, yes, they may, I wouldn’t say they’ve gone as far as they can go. I would say that given the amount of time and investment and the. the outcome that they could potentially drive from that optimisation. It’s the ROI. I think they’ve done the easy. They’ve done the big numbers, have achieved what they wanted to from a starting point.

Now they’re getting into diminishing returns on going through some of that optimisation and sort of, you know, and is the input that they’re putting into that worth the outputs that they’re going to get out from it? That would be my my kind of take on it. But I think in general, yes, it has been a. Hot topic of conversation for probably a two years now, I would say, um, and I think Naran was starting to touch on a point as well around the, so where’s next?

What’s the next sort of version of cost optimisation going to be? And I think it’s really that. So where are the large levels of workloads that we have not optimized? Simply because the fact we’ve not touched them yet. We’ve not done anything with those yet. So they before we put them into a sort of a bucket of we will get round to doing those at some point in time, whether it’s less business value or if it’s very high critical business value and therefore they say, We’ll leave, we’ll leave those to a later date.

Now I think we’re coming around to seeing that and then looking at those different architectures for how can we now tackle the challenges of these other workloads that previously didn’t fit into a nice little square box that we could go and tackle straight away, and we’ve got to go and do something different.

I wonder whether we can consider OT in this as well. Right, if OT is sort of a, let’s say, call it a subset of hybrid perhaps, um, as it relates to edge computing. Um, because clearly we’ve had conversations with OT software vendors, for example, that see the evolution and the maturity of hybrid technologies, and let’s face it, as us, particularly with Stack HCI, as a means to deliver cloud services as first class citizens on those platforms, which means linking.

The let’s call it the prior 2023 priority security being able to push, you know, things like Defender for cloud and policies and controls to the edge in an OT scenario that weren’t available in the same way before. So perhaps OT, Edge, maybe that’s another way of thinking about multi cloud as well.

Unless that’s a stretch.

Look, um, like I said, you can draw a lot of conclusions from this. And I think it’s important to weave in some practical use cases and conversations that we’re having with, with real life customers, uh, who are trying to make this work for their business. Um, Phil, let’s wrap it up.

What’s your key takeaway? Um, comparing 2023 to 2024, there’s some surprises in there. Uh, but if you had, uh, one insight for our listeners. What would it be?

I’d say my insight for listeners is, um, despite the fact that it is not actually, I’m just looking at it now, it is not actually on the top ten from the report, um, I would say To all listeners, please keep putting security somewhere close to the very top.

Um, that is the one thing I would, I would hate for anybody to, to look at this and think, Oh, that’s a job done. Um, I think it is a continuous job, um, that we should be, that everybody in Australia, um, you know, should be, should be focused on. Um, and Yeah, I think there’s a little bit of misleading. Only thing I can take away from this from a security perspective is that from the questions that are being asked, it is actually embedded in some of the answers that are in here, some elsewhere.

I think so. Yeah, that’s right. Yeah.

Naran? No, I’d agree with that. Look, I like, uh, priority number two, Gen AI. Um, it’s almost like this year’s conversation. If security was last year’s conversation, by the way, it’s still this year’s conversation, but just for the purposes of honoring the research here, the Gen AI conversation is fresh.

It’s current. Um, we’re going to have A separate conversation on that, clearly. Um, but it’s had a massive impact on our own business. Um, I can say that from the outset. Um, and I know that we have a great number of customers that are keen to understand what does it mean for me? You know, bring this thing back to the working man, right?

What does Gen AI mean for me and what practical examples do you have on how this technology can help my business? Um, and I think we’re going to have more and more of those conversations.

Yeah, I think that’s right. I’m really excited to see Gen AI in the top three. Um, just as a, as a tech guy, I think the potential is huge and, and it’s a really exciting and exciting movement that’s going on and something that I’m always curious to be a part of and see what comes next.

So I’m looking forward to getting into that today as well. Okay guys, uh, moving

into the customer scenario right now. This one is I think going to be deliberately slightly curly considering we’ve got to, um, unashamedly Microsoft. Uh, guys in the room here, but, uh, so the situation is this, uh, we’re dealing with a customer at the moment who for all intents and purposes is mostly a Microsoft shop, right?

I’m going to say mostly, um, you know, isn’t that most organisations, John? Well, I think so. There’s some, you know, even if you’re just using the OS, right, um, mostly Microsoft shop. But. They’re really struggling with the idea of endpoint protection and taking on Defender into their environment. Been a long time customer of another product, um, one that seems to be working quite well for them, they’re quite happy.

They are actively testing the market, considering Defender, but finding it, I think, really difficult. to navigate what seems to be an increasingly fragmented market in endpoint detection. They’re just overwhelmed with new products coming out of the US, stuff that makes wild claims around why it’s better than the other things and it’s leveraging AI or it’s doing something else.

Um, and they’re, they’re unsure. They’re actually still unsure whether or not Defender is the right thing for them. Is it too expensive? Does it have the right features? Uh, will they be able to drive it and get the most out of it? Other tools look like they might be easier to deploy. So there’s lots of evaluation criteria.

There’s a lot of misinformation out there. And I’m going to put a question to you both and maybe flip this on its head because you can stand around and, um, talk about why Defender is great all day. Why would, why would a discerning Australian business not buy into, into Defender for endpoint security?

Well, I can start with that one. And I would say there’s a There’s history that comes with it as well. There is legacy. There are personalities. There are people that have made history. Specific decisions at a specific point in time, um, around the what direction they’re going in, um, and that could be a strategic or it could be a tactical decision.

And they end up with a set of products that are, they thought at that time, or they may be, they were at that time, going on a better breed route, um, possibly, but actually started entering, as you said, that fragmented market. And then, so what I’ll say is, There is definitely historical components of this.

What we are seeing now in terms of is that moves rather than that. That’s, um, well, actually the combination of what would have been just the best of breed. We’re now looking at the best of platform perspective. Now you, we still have best of breed capabilities within that platform itself. But why do we see that move to best of platform?

It’s because There are so many when you get to that fragmentation in the world of security every single time where you’ve got a handoff point between one set of products and one set of organisations and another that introduces a gap and it’s the ability and it’s people like us that are actually human beings that have to fill those gaps, not the technology at times.

So people are looking at how can I, how can I squeeze and fill more of these gaps? How can I get greater operational efficiencies and how can I? Ultimately get more out of the platforms that I’m investing in. That’s hard though, when you are working from a position of legacy. And how many organisations do you come across in reality that are full green field, that you can just say, we can make any technology decision that we like, based upon this specific set of criteria.

And just go for it. So I think there’s a bit of history there. Would be, might be my first take on that. And we should probably have a, I’d love to have a conversation with that customer, obviously. Um, over to you, Narayanan, what do

you think? Well, okay, so look, I don’t like to remember a world that didn’t trust Microsoft as a security provider.

I choose not to. The fact is, there was a time when Microsoft wasn’t trusted as a security provider a long time ago. Um, I’d like to think that that’s not today. Now, having said that, um, this can be somewhat of a religious argument, right? Because there is a lot of history there, and there are some strong opinions, and you could argue it’s a subjective conversation.

Um, um, The feedback that I receive at times, let’s say against a vendor, is that sometimes, um, there will be, um, perceptions of, I don’t want all my eggs in one basket. I don’t want to trust just one vendor for everything. I take your platform point. Um, clearly we are invested in the Microsoft security approach completely.

But the feedback that we often get, particularly through RFPs, is that we must consider alternate technologies, right? It’s a little bit like APRA. Right. And this, this obligation on organization to have a tertiary environment available for critical services. Um, so that’s that same sort of view of should we have multiple vendors in there just by virtue of it’s better than just one.

That’s one argument. Yeah, we’ve had,

we’ve had that, you know, defence in depth conversations many times, many, many times. Not just on the endpoint protection, but across the security platform as a whole.

100%. And then sometimes it’ll be very specific as well. There’ll be some specific requirement or feature or capability that’s not found.

Um, with Defender. And it’s something that they’re used to, that they’re wedded to, that they believe is critical and they can’t live without it. Right, and that is that a product has a particular feature or capability that they do not want to lose. And it can be linked to legacy as well, at times. So we do see that too, and that’s difficult to argue with.

Right, now, the case for, It’s very different, right? I mean the case for like, one of the questions we like to ask, Jono, is do you know what good looks like in your environment as it would relate to your whole security ecosystem? And maybe one of the first decisions is, uh, what would be your scene platform of choice?

Now, should you land on Sentinel as your scene platform of choice? Then I’m a big believer in the quality of telemetry. I’m a big believer in the quality of telemetry that will come from Defender itself, but also as it relates to Entra. as well. And identity. Yep. Yep. Um, because we know that when working on incidents, um, managing breach, et cetera, you need rich telemetry in order to make decisions, particularly where those decisions are programmatic too.

And if you’re taking advantage of technologies that will perhaps get into that involve generative ai, you wanna believe the information that’s coming from your agents and from your endpoints. So, um. Clearly I’m sold on Defender, and we’re not here to sell it, but there is an argument to suggest that, to your point on platform, that the information, the quality of the information in the telemetry is improved.

But maybe you are offsetting that with a very specific requirement that a customer has to say, we need this feature or this capability, and it can only be provided by this particular agent or endpoint client. How would you argue with that?

I don’t think I would argue, I’d build on it, I would say. My build on that would be, and it comes down to, Well, you know me, I’m the director of partner technologies under my remit is also all of our software partnerships that we have as well.

You mentioned SIEM as the place to collate, you know, that’s the central collation of all of that security data and information that when we get onto the topic of generative AI, Absolutely critical. Um, really from the overall protection of any organization. Um, and to be able to protect an organization at speed as well.

So therefore, All of the partnerships that we have are also feeding into that overall ecosystem. So whilst I say, yes, we have, that’s the, that’s the beauty. Well, one of the beauties of having this, this end to end platform capability is to say we can cater and we can work with our partner and we can build really strong partnerships and deliver incredible value to our customers and to our joint customers, whilst also feeding some of the critical systems that are going to be needed Not necessarily just to protect today, but are absolutely going to be critical for protecting into the future.

And so if you start working with the customers on the, well, How can we take you from tactical to strategic? What is your future strategy going to look like? We talked earlier around multi cloud, for example, and the different architectures that are in place there. How are the products and the capabilities that you’re utilizing today?

What are they going to look like in the future, in a year, two years, three years, four years time? Um, I’d be hesitant to go any further beyond four, I think. Anything to

add? Yeah, look, it’s a, it’s a pretty interesting way of looking at it, right? And if I was going to sum it up, what I’m taking away from that is, if you’re an organization that has a specific requirement and the endpoint technology that you’re using to protect your environment is working really well for you, I think what we’re saying is have a think about how best to integrate that into your platform and your broader security strategy.

So I think that integration point is really important. And, um, and make sure you’re actually secure.

That is the most important. That is the most important thing to take away from the order list, you know, is

Buy Defender, don’t buy Defender, just be secure. If I’m taking it from the ADAPT resource, it better be free too, because it’s no longer an investment priority, right?

That’s right. Yeah. Okay. All right. Yeah. Great conversation. We’ll move on to, uh, the next topic and that is, uh, a listener question.

Let’s come in here, Jono. I’m interested in using AI to increase productivity in my NOC. Um, for the acronym, uh, people out there, that’s Network Operations Center in this context. So I’m guessing kind of their help desk. I’m sure I can use AI to double the number of tickets that I close without hiring any more staff.

And taking some pressure off my great people. But where should I start? How should I approach budgeting and the business case? It’s quite, it’s quite, um, an interesting one. Real life one from a week ago. Um, now we have had some experience in this. We have. Very keen on, on your opinion. I’m going to start with you, uh, Phil.

You’re seeing, obviously, some of this at a grassroots level. Any advice for somebody considering a business case? This sounds like a technology leader. Looking to do more with less, as we always have. Yeah.

So that’s it, that kind of, there’s some green flags and some red flags going on with this one actually, Jono.

Yeah. Um, I think let me start with the red flags. Um, the red flag for me here is, as you just said, this is a technology driven one by the look of it. In fact, it’s an IT one, and what I am seeing at this point in time is, it’s, Very hard within an organization to get the buy in for generative AI expenditure or any AI expenditure when it is pure IT technology led initiatives.

The reason being is You have to build the link back to the business to drive and deliver to what to get those investments and deliver on the ROI, and it’s gonna be a measurable piece. So what I would say on this particular one before going too much further, would it is what are the measures that are going to be utilized in order to define success for the overall project?

Are those measures monetary value? What is the ROI that will potentially which is going to then define what is the budgetary constraint that we’re going to look at here before even going down delivering any sort of proof of concept because we’ve seen what we call in the proof of concept graveyard because people have thought I’ve got a small budget.

I can I’ve got enough to service a proof of concept. I’m going to start do something and they get to the end of it and think that was really cool or that was really interesting. But have you got somebody on the executive leadership team that’s actually going to put their hand in the pocket and pay for that because there’s a business justification sitting behind it?

Now, I think there is in this case, I think there really could be, um, but I’m not sure whether it would be a build something opportunity or a buy something opportunity in this particular case.

All right. Fascinating. Look. I’m a big supporter of the business case. I believe in everything you’ve said there.

IT projects, for the sake of it, very rarely go further than a POC and somebody’s bright spark idea. Um, so you want to be able to quantify the return on investment. Now, I’m wondering whether that can be tricky with a Gen AI project. And if I reflect on our own Gen AI projects, some of them we wouldn’t have been able to quantify the impact until we did the work.

So there’s somewhat of a chicken and the egg problem there as well. And we know that, um, uh, the models are fluid as well, and different models achieve different outcomes, et cetera. There’s a trial and error type approach to figure out how do I get the best results? Some of our projects, even though they were famously successful for us internally, I wouldn’t have been able to predict upfront the outcome and therefore potentially may not have been able to quantify the business case necessarily.

quite articulately up front problem. That is a problem. Yeah, that is a problem. I think, um, unless you have a, um, a very technology focused board of directors that are, or a very, um, a very technology focused CFO sitting in your organization that is incredibly trustworthy and willing to Say, sometimes you’ve got to be willing to go on the journey.

Take a punt. Well, I think that’s probably reflective of our own business. Being a technology business, a bit of, um, a bit of that, like, we’ve probably got a bit more foresight and support in, in the executive. for those kinds of business cases. Yes. Tech curious. Call that the, it’s going to be great business case.

Just trust me.

Well, I’m wondering if like there’s, there’s plenty of precedent for this use case. Of course. A little bit of research suggests that you could probably improve on 20%, 30 percent conservatively. And what is that worth to your business?

I would say you could, you could probably lose a lot of the data points that we have from contact centers, for example.

You know, contact center is certainly from what I’ve seen is one of the most metric part of a business that I’ve ever come across. Yes. You know, people really know how to scale and manage those environments. I think there’ll be a lot of learnings you could take from that into a network operation center and from a, a, how do we, how do we engage with clients?

Yeah. What are the cost benefits of closing tickets faster, having greater throughput, um, greater volume without, with less people, et cetera. So there’s, there’s many elements there that I think we can learn from.

So our own success story, Jono, are we allowed to tell stories of Things that we’ve done, clever things, say smart things.

Not sure which one you’re about to talk about, sure.

Okay, well it’s similar to this, right? So this, this would be our SOC digital twin project. Ah, yeah. Okay, so real world example for us. Now look, we’re fortunate. We’re, we’re a tech curious business, right? And we have clever people who have enough time, either in the week or in their own time, to explore projects.

And an MSP like us is always looking to scale programmatically. We want to be able to, um, introduce new customers to our business without proportionally adding as many people as we would otherwise have to, right? If we can be smarter and, I don’t want to say do more with less, but you know, with the people we have, um, leverage programmatic methods and automation and AI to achieve outcomes, frankly it makes us more scalable to bend the curve on scale.

Of course, right? So that’s, that’s an objective from the outset. Yeah. So we get to explore projects like this. And I would say the closest project to this example was our SOC digital twin. Now, real world example. So, uh, very clever, um, senior analyst in our business worked for two to three months, um, part time, I would say, but two to three months off and on a few hours a day, um, to take our mean time to respond.

This is leveraging information in Sentinel. So you’ve got a very contained data set already, very well defined. Meantime respond from around 15 minutes to seven. Meantime, declosure from seven minutes to under three.

Thanks, sir.

Remarkable.

Totally.

Right? Remarkable outcome for us. We would never have predicted that it would have gone so well.

We knew there was an outcome in there, but we would never have known. Now, there’s a lot of retraining. There’s a bit of trial and error involved in that. We had to adhere to all best practice around obfuscation, etc. We had to speak to our customers around enrolling in the project. I think we’ve got around 50 odd customers enrolled now.

That outcome for us costs us less than 1, 000 a month for all customers.

So that’s a really interesting one because my actual question around this was, you know, when we’re talking about business cases for generative AI. You know, how much does it actually cost to do some generative, like to actually get some outcomes?

Yeah.

Right. Um, and in this case, you know, a pretty small investment, albeit, you know, we had the people and the skills, but from the tech itself, uh, They tell me, I mean,

I believe them, less than a thousand dollars a month is what we pay for this, for that outcome.

That’s believable because you’ve got quite a, contained use case.

Okay, where is the, the, um, the, uh, the issues arise? John, I think is where there is. We’re doing more public facing type activities where you don’t know if this campaign, if this thing was successful, do you suddenly go from having 1000 users of this? This this this product to 10, 000 users. Does that suddenly mean that your costs are going to grow tenfold?

How does your architecture scale? Is it scaling linearly or like with your business? Are you bending the curve on that scale? And so you’re not getting those, you know, that exponential costs increase back to our cost optimisation stories from earlier as well. So I think it’s that having that constrained use case where you can actually define and upfront what your costs are going to be and removing as many of the.

The, uh, the, the, the, the variables and the fluctuations that can, that can really impact you significantly.

I think that’s really, I think that’s good advice for any business case, but certainly there’s going to be a lot of, um, I think a lot of new stakeholders interested in these projects in businesses that have a lot of scrutiny, a lot of people wanting to participate.

There’s so many applications for this tech that’s going to touch every area of business in ways that we probably can’t even predict yet. That’s right. Um, maybe it’s a back to basics approach on, on the business case, you know, and just to get back to the actual question, um, where should I start? Yes. Maybe we can give our listener a takeaway.

You know, where should you start? What would be the first, the first thing you’d be interested in doing if we came to you with this problem?

Well, I would sort of take on what Naranth was saying around that you didn’t really have an ROI per se for the project. You knew that there was some potential there.

Yes.

But, but what I bet you would have at the start of the project is so what are we going to use as our measures of success and do those stakeholders that it might not be in the form of a, you know, in a highly well defined business case, but have you got the stakeholder buy in based upon those measures of success?

Do they see value in that?

Yes. I saw a wonderful example, by the way. It was one of your colleagues I was working with, and it was a side by side live demonstration. We’ve all been to those websites before where little bot services fire up and say, Hey, can I help you? Right? And you just immediately go, Oh, God, I know that you can’t.

You’re not a human. This is going to be terrible. Yeah. I want nothing to do with you. I was going to use the word clippy, but it’s similar. Right? But, so, but I’ve seen that work well too. Okay. Right now working well in this example was firstly fantastic q and a right? But also really low latency. And the example that was given to me was the use of performance throughput units.

Okay. Right. ptu. Now clearly they’re more expensive. Yes. But the difference was remarkable. I just imagine myself sitting in front of a website with a bot that’s asking me questions. If I don’t get what I want very quickly, and this could be my ADHD kicking in, I flip off that website and I go and do something else.

But if I get an answer, so over many milliseconds faster, that happens to be a good answer, I’m likely to stay on that website and keep progressing. And I reckon you could probably work that into your business case. I don’t know what the term is when you, you know, you have engagement on a website and they disappear.

There’s probably a term for that.

Then there’ll be a ton of research to actually prove the point of you’re absolutely right in terms of people will click away very, very quickly. Link

that back to your ROI. So good advice there from Phil. Think about the ROI. Do that work up front. Not necessarily

ROI.

Measures of success. Measures of success. KPI strong.

Okay. The things that we want to happen that are good.

What is important ultimately? Are we solving something that’s important?

Yeah, yeah, great advice. Naran?

Look, um, this stuff’s exciting. I agree with that. Um, and, um, playing with the models too. Like listening to our, our team and our, our analysts.

and architects who have, um, tried various projects. And they said, Oh, look, we tried one model. We’re working with Lama one day, and GPT 3. 5, and then 4. 0. And they were all performing differently and producing different results. And there was a fair bit of trial and error involved in that before they dialed in on the model and the use case that really worked for them.

So there’s a bit of that too, I think, and maybe a bit of experience would probably speed that process up.

Experience is important. It’s very important. Amen. I think, uh, my advice would be, uh, seek help. You know, if you’re, if you, if you’re actually thinking about this, go out there and do your research, network with your peers, talk to some friendly MSPs or some professionals that have done it before.

The tech community is moving at an absolute rate of knots in developing capability in this space. And, um, I think it’s on everyone to collaborate. So, uh, yeah, great conversation. I hope that, uh, helps our friendly listener.

Thanks, Jono.

Thanks, Phil. Jono. Thank you, Naran.

Okay, guys, that was episode three, Cloud Reset.

That’s a wrap for today. Uh, massive thanks to Phil Barlow for joining us, our first guest on our podcast series. Thank you, Phil.

Thank you for some interesting questions. Thank you to your, uh, your listeners for throwing in their questions. And, um, I’m going to read the ADAPT report a little bit more deeply and some more answers myself.

That was another episode of Cloud Reset. I think it was fantastic. Some great Takeaways there for our listeners and don’t forget if you’ve got a burning question, you can hit Naran and I up directly on LinkedIn. You can follow the newsletter on LinkedIn and ask a question there. You can also listen to this podcast on YouTube, Spotify, and Apple podcasts, which is actually pretty cool.

And if we manage to keep it up. And we can convince some more guests to come and join us after today with Phil. I’m sure we’ll be able to.

We’ll be releasing a new episode every two weeks. So if you subscribe, you will get alerted to that. You can listen. Thanks for listening. Hope you got something valuable out of that. And that’s Cloud Reset. Straight talk. Real solutions.


Cloud Reset

About the author.

Cloud Reset is the podcast where no-nonsense meets cloud strategy. Hosted by Jono Staff and Naran McClung from Macquarie Cloud Services, it’s all about cutting through the noise with straight talk and real solutions for IT leaders. With decades of experience on both client and vendor sides, Jono and Naran arm listeners with strategies to save costs, reduce risk, and maximise cloud ROI.

See all articles by this author

Get in touch.

1800 004 943 +61 2 8221 7003

Enquiry Sent.

Thank you for contacting us. Our specialists will get back to you shortly.

From the Blogs.

The AI compute crunch: How MSPs and hybr...

Artificial intelligence (AI) is transforming the way businesses operate. It’s driving smarter customer experiences, creating new efficienc...

Read More

Cloud Reset – The Podcast | Episode 4:...

Show Resources: Here are the resources we covered in the episode: Follow Jono Staff on LinkedIn Follow Naran McClung on LinkedIn Cloud Reset...

Read More

Planning for the cyber inevitable: 8 bus...

When it comes to cyber threats, it’s not a question of if; it’s a question of when. With risks rising and regulations shifting, CFOs are...

Read More