Business leaders today aim to operate with a comprehensive security model to cover all bases and ensure they are boosting productivity. Gerald Pfeifer, CTO, SUSE, discusses the organisation’s latest report and says it is no longer a question of ‘this or that’, businesses must manage a diverse set of technologies, Edge locations and environments efficiently to ensure greater control and security across their infrastructure.
Can you give us an overview of the ‘Understanding how enterprises can securely innovate with modern infrastructure report’ and what the research set out to achieve?
I engage with customers and non-customers, as do my colleagues in product management and other departments, however, there are times when we seek a broader perspective. The worst scenario is when a CTO extrapolates too much from one or two customer meetings and in order to mitigate this, we interviewed 250 CEOs, CISOs and general IT decision-makers. This comprehensive approach complements the insights we gain from our regular conversations.
What were some of the highlights and key findings of the report?
The first insight was somewhat surprising. When we asked about priorities, application performance emerged as the top concern – this was unexpected, as I usually hear about security and agility being the primary focus. However, delving into the numbers, application performance led by a small margin. Following closely – and with nearly the same number of points – were security, agility and availability of services. This makes sense as excellent application performance is crucial, but it is worthless if your service is unavailable, compromised by hackers, or you become a victim of ransomware.
The report contains extensive data on various areas such as containers, Edge Computing and Linux. However, three common threads stood out; firstly, security was a recurring theme. Related to this was whole life cycle management, which also encompasses the complexity of managing diverse environments. The term ‘complexity’ frequently arose, highlighting concerns around control. Automation emerged as vital to maintaining control, ensuring security and fostering agility.
Furthermore, using multiple Linux distributions, multi-cloud and hybrid cloud environments were prevalent. Managing Edge locations consistently and securely was also a significant concern. It is no longer a question of ‘this or that’; rather, it is about managing a diverse set of technologies, Edge locations and environments efficiently to ensure greater control and security.
The need to identify solutions and partners that can secure everything from the core to the cloud to the Edge is emphasised – can you shed some light on this?
This is where the concept of what I call the Continuum is crucial. Security does not have a one-size-fits-all; it requires multiple layers. I often compare it to Swiss cheese – if you cleverly layer several slices of Swiss cheese on top of one another, the holes disappear because something that penetrates one layer is stopped by another.
In security, we must continue practicing long-standing measures like Multi-Factor Authentication (MFA), firewalls, four eye principles and access restrictions. However, in the new world of cloud native computing, we need approaches that are inherently designed for these environments. Using traditional tools for cloud native challenges is like fitting a diesel engine into a horse-drawn cart without changing the tires or steering; it simply doesn’t work.
We need to combine established, proven methods with tools specifically designed for new domains. For cloud native and distributed environments, this means adopting tools that are well-suited and purpose-built for these areas. This dual approach ensures comprehensive security across both traditional and modern infrastructures.
Innovative DevOps and PlatformOps tools were highlighted in the report as being important for competitive advantage and enhancing operational efficiency – can you elaborate on the benefits these tools offer?
Developers spend most of their time not writing code but aspects like managing infrastructure, which often involves a significant amount of waiting. Whether it’s filling out online forms or waiting for a cluster to be provisioned, delays are common. I’ve seen instances where developers need a test cluster but end up waiting two days.
Our survey confirms the importance of equipping developers with the right tools. This enables the infrastructure team to empower developers through self-service options, allowing them to request resources like clusters quickly and automatically. However, simply shifting the load to platform engineering teams without proper support isn’t effective. While developers might benefit from streamlined processes, this can overburden infrastructure teams unless they are equipped with the right tools.
What would you suggest to companies attempting to balance their digital and cloud native infrastructure?
That’s an excellent point and a challenging one. It’s rarely a matter of simply discarding legacy workloads in favour of cloud native solutions. Those legacy systems are often crucial to driving revenue and safeguarding key data. My primary recommendation is to focus on modernising and automating processes around these classic systems.
Consider whether you have multiple Linux distributions or a distributed environment, perhaps utilising multi-cloud or hybrid cloud setups. I’m not suggesting you consolidate everything into a single cloud — this isn’t feasible or desirable for everyone. Instead, aim for consistency. Implement a unified infrastructure and tools that manage the entire life cycle, with a single pane of glass for oversight. This approach ensures comprehensive security across your premises, supporting your security and infrastructure teams to boost productivity.
This strategy also helps to create space. In my experience, it’s rare to see an influx of new projects accompanied by additional staff. More commonly, teams are expected to handle increasing workloads with the same resources. By modernising and automating, you can manage your legacy systems more efficiently, freeing up the capacity to tackle new initiatives without overburdening your existing teams.
How do attitudes compare in the UAE and Europe when it comes to digital and cloud native infrastructure adoption and what conclusions can we draw from this?
In my engagements across Europe, I haven’t observed substantial differences. The concerns remain classic: ensuring security and availability while driving innovation. The key challenge is balancing the maintenance of existing systems with the need for transformation.
If an IT department isn’t quick and innovative, business units often resort to Shadow IT, acquiring solutions independently with corporate credit cards or even forming small development teams. This can lead to fragmentation and security risks.
The primary question is, how can I maintain transformation and be a good partner and provider to my internal users? This involves maintaining and securing current systems while enabling rapid, controlled innovation to prevent the rise of Shadow IT.
The report states that organisations are using Linux for multiple use cases to accelerate their digitalisation efforts – how do SUSE’s services and products enhance digitalisation initiatives?
The report shows that Linux is extensively used for embedded systems and by developers. For modern technologies, Kubernetes is paramount, but it’s essential to note that Kubernetes orchestrates workloads; it requires an operating system to run these workloads. Plus, containers contain parts of operating systems, too.
Our role is to manage the aspects you prefer not to handle, such as life cycle management. Whether you have Edge devices or established workloads, you might not want to update them frequently. Instead, you need a life cycle of seven, 10, or over 13 years. Think of systems like those at the base of telecom towers; they require infrequent updates but must remain secure.
Security is paramount, especially in ensuring a secure supply chain. Many security breaches occur through the supply chain, not just through direct attacks. Downloading images or packages from unverified sources can introduce vulnerabilities.
Our focus is also on the ecosystem. We collaborate with hardware and software partners, consulting services and domain experts across various industries, including financial services, healthcare and telecommunications. This rich ecosystem provides extensive choices at technical, business and ecosystem levels. Offering this network and choice is a key element of our approach.
How do you predict infrastructure systems will evolve in the future and what can companies do to embrace such transformations?
When we talk about infrastructure, ideally, it should be very unremarkable for the consumer. In Austria and Germany, where I live and work, electricity and water are seamlessly provided. The electricity comes from the power plug and water flows from the faucet because the infrastructure is high quality. This is the goal for IT infrastructure – its reliability and quality should be so high that it becomes invisible to the user.
However, achieving this level of reliability requires significant effort. Many dedicated professionals work tirelessly behind the scenes. Our aim, akin to building a stable foundation for a house, is to ensure stable, high-quality infrastructure for our partners and customers. In the face of increasing security pressures and growing dynamics, the key to survival is automation — specifically, Intelligent Automation.
Traditional principles like secure supply chains, four eye principles and security audits will remain essential. However, classic management tools will increasingly incorporate intelligence, evolving to meet new demands. I hesitate to use the buzzword ‘AI’, but Intelligent Automation is indeed the future. This will enable self-service for customers and users, allowing human experts to focus on their domains. IT leaders, architects and security professionals will set the policies and intelligent infrastructure management tools will enforce these policies and manage the entire life cycle.