Virtualization as Risk Management
While it’s well known that virtualization controls costs, it’s often overlooked that it also supports governance and risk controls. The CIO of Digital River believes virtualization can be the foundation of a powerful enterprise risk management strategy.
The risks of virtualization
Even today, virtualization can make CIOs nervous. Taking data and computation out of big iron in your own four walls is inherently risky. Using a public cloud means paying someone else to use their computers— which means, as I sometimes observe, that your business operations are touching every computer those computers have ever touched. Investing in a private cloud, on the other hand, means trusting your business operations to third-party vendors, each of which has its own terms and its own limitations— some of which you might not consider until exactly the wrong moment. Hybrid solutions compound these risks. I like to joke that the only way to virtualize IT operations with absolute security and governance is to put everything back on your mainframe and lock the door.
"Virtualization can dramatically increase your ability to respond quickly and confidently to the risks that you face in the market"
Still, any technologist can tell you that virtualizing some aspects of your company’s IT operations— applications, web servers, even databases—is a necessity. Years ago, virtualization was a cutting-edge way to save money, power and space. But by now, those efficiencies are built into the competitive landscape—and CIOs accept the risks that come with virtualization as a necessary cost of doing business.
But my experience as CIO leads me to believe that virtualization is far more than a risk to be endured – when carefully architected it should serve as the foundation of an enterprise governance and risk management strategy.
Here at Digital River, we provide access to our global ecommerce infrastructure as a service to merchants marketing and selling products and services around the world. Along with that access, we must ensure that our applications can scale rapidly to accommodate unpredictable spikes in online demand, protect against ever-evolving security threats, maintain auditable compliance with an array of local laws and regulations, and ensure solid supportability.
To help govern and manage the risks of operating in the modern global market, Digital River virtualized nearly all of our IT stack in 2013. Now, practically all of the applications we build, the data centers we establish, and the transactions we process— works consistently and reliably, based on a single set of operational standards and protocols that evolves at the speed of the market. Needless to say, Digital River could never have achieved this degree of efficiency and agility if we were still chained to big iron. Based on our experiences of going virtual and operating day in and day out in virtual IT and software development environments, I’ve identified some valuable considerations about the ways virtualization helps govern and manage enterprise risk.
Virtualization can dramatically increase your ability to respond quickly and confidently to the risks that you face in the market. Here are five ways that IT can help to manage risk:
1.Governance. Pre-establish a governance model and standards in your virtual development environments. That way your engineers can innovate freely, knowing that the applications they develop will meet pre-established standards before they deploy their work into test and production environments, saving valuable time.
2.Compliance. Any global enterprise has to operate in accord with evolving laws and regulations across the world. Virtualization will help you stay compliant in shifting regulatory landscapes where you do business. Consider data security, for example. Many countries require that certain kinds of protected data remain in country—which used to mean establishing your own local data centers, at a great cost of time and resources. Now, by virtualizing your data centers, you can comply with data regulations in days, rather than weeks, simply by deploying the required processing elements into in-country, third-party, cloud computing infrastructures. By creating a virtual instance of an existing data center, you stay compliant with local regulations.
3.People. Enterprise governance and risk management starts and ends with people. In a rapidly virtualized world, the human skills it takes to manage IT infrastructures are converging. Where formerly specialized IT staff could work more or less independently, virtualizing central aspects of IT operations requires everybody to work in concert, across functional and technical boundaries. Standardized IT architecture lets training happen more quickly, enabling more intelligent and holistic collaboration. Collaboration extends beyond IT staff, too. One of the greater challenges businesses can face is the costly cultural divide between IT staff and developers. When operating in a virtual IT and development environment, coders and IT personnel can innovate shoulder-to-shoulder.
4.Capacity. The most obvious benefit of virtualization, of course, is that it will allow you to multiply your computing capacity. For multi-national organizations, it’s essential to manage the risk of operating in a global environment, where customers rightly demand immediate and perpetually available service, regardless of the demands an IT infrastructure might be experiencing. Virtualization lets you provide the level of service your customers expect without wasting vast quantities of space, processing power, and money to hedge against unpredictable (and inevitable) spikes in demand.
5.Confidence. Virtualizing your IT stack and development environment can set a new level of consistency across your technical operations. By making your infrastructure consistent across thousands of separate instances, virtualization yields the reliable performance needed to make bold decisions in the digital market. Consistent performance is crucial because it brings confidence. And confidence enables innovation. That’s why virtualization should be at the foundation of your governance and risk management strategy.