To Infinity and Beyond: Building 100% Cloud and Mobile IT Panel
Speaker 1: And, on that note, I'd like to introduce Daniel Lu. He's a product marketing manager here at Okta.
Daniel Lu: All right. Good morning, everybody. How's everyone doing? My name is Daniel Lu. I'm product marketing manager here at Okta. Today, I'm really excited to be hosting a panel on "Building 100% Cloud and Mobile IT".A lot of our customers were asking us how they could continue to push further into a cloud and mobile only world. And so, what we wanted to do was bring a couple of customers who've gone through the journey and share a little bit of their insights and experience with all of you today.
This is a very simple agenda for our discussion today. I'm gonna set up this discussion with a very brief summarization of how Okta thinks about building 100% cloud and mobile IT just to set the conversation a little bit. But, then we'll get into thereally bulk of this conversation and this discussion with some of our panelists here, ThoughtWorks, Vevo, and Appirio. Really excited about that.
Of course, this is an opportunity for them to share some experiences with you guys and we'd love to hear your questions as well for some of them. So, we're definitely gonna have some time at the end for Q&A. Make sure to have some of those ready.
Quick show of hands here. Just want to get a sense of the room. How many organizations right now are already starting to implement a Cloud-First strategy?
All right. A really good number of you guys. And, you guys are not alone. An IDC survey has shown that over 40% of organizations are looking to adopt a Cloud-First strategy over the next 24 months. This is up from 8% today.
And, those that are really adopting cloud are really committed. With 60% of applications using the typical SMB are in the cloud. And, even the most core focused on prime infrastructure like we see today, like directory services, those are moving to the cloud as well. So, looking at our own internal data, Okta's customers, over 30% of our SMB customers don't have AD or LDAP.
And so, why are customers and orbs looking to build 100% cloud and mobile IT strategy? Well, building 100% cloud and mobile strategy allows organizations to achieve more. This shouldn't be news to anybody here in this room. Everyone should be aware of this already. Let's go through these a little bit in more depth.
Moving to an all cloud strategy enables you to stay more competitive. You scale faster. You deploy apps. You adopt apps must faster. And, things like provisioning really helps enable you guys to unlock the potential of your workforce, make sure that they're the most effective workforce that they can be.
Decreased costs. No longer are you managing, updating, patching on prime resources. And, of course you have fewer help desk costs, which as we all know is kind of a pain in the ass and takes up a lot of our resources and time.
And, finally, moving to an all cloud strategy really enables you to increase security. Always having up to date resources. Really reducing that risk of a security breach. But, most importantly, moving to an all cloud IT strategy frees up IT to do more impactful and strategic work.
The role of IT is shifting to strategists and business enablers. Across all of our segments at Okta, across all of our customers, we're really seeing that IT is really becoming an even more core stakeholder in defining how organizations should be evolving their business strategy as they continue to find ways of better serving their customers.
Your management team, your BUs, they're leaning on the IT team and only can this shift continue to happen as only if you can continue to push further into the cloud.
So, what does that really look like? What does it mean to build a 100% cloud and mobile IT? At very high level, it means your employees, maybe your outside partners, or even your customers, they get access to all the app that they need, wherever they are, on whatever device they want to be using, whenever they need it.
But, let's stroll down into a little bit more concrete examples of what that really means. At Okta, we break this down into seven different pillars. And, I'll go through them right now.
The first is SaaS. Pretty straight forward. The idea that instead of running and managing apps themselves, IT is offloading that to best of recloud apps. For as many reasons that we just talked about. These are modernizing things likeSAML 2.0, Open IVC Connecting that we've been talking about in the last session, as well as, Todd's keynote. Everyone here is very familiar with this.
The second idea is Distributed IT. Because SaaS apps have such an easy deployment model, discovery and adoption of these new apps have shifted entirely from IT to now a partnership with the BUs, who have the better understanding of what IT apps they really need. And so, now there's a good partnership between the BU team and the IT team in deciding how they should be deploying some of these in apps.
A Distributed Workforce. This is a significant reason why companies tell us that they want to be going 100% cloud and mobile. Also pretty straight forward, as we and all know, and as Tod talked about in his keynote, the perimeter is no longer the four walls of the firewall, it's now the individual. And so, more an more of your employees, again contractors, etc. They're gonna be working from different parts of the world and you want to be able to enable that so thatthey can get the work done no matter what location they are in.
And, very closely related to that is this security that is now focused on the app and the data. This is instead of security focusing again on the four walls and the firewall itself. So, no longer are you worried as much about the network infrastructure and protecting that, but now you're worried about protecting the actual data, and the user profile, and the access to that app through things like NFA.
The fifth is the idea that there's more and more of organizations are moving towards a mixed Mac and PC environment. This is really grown by the adoption of Macs and you guys might have seen this in your environment as well. And so, how do you enable your users to have the device that they choose in the environment that they want while still, of course, securing that device?
Very closely related to that is this idea of a BYOD environment, bring your own device. And so, especially with contacters and partners who you have no control over in termsof the devices that they're using, how do you enable this type of strategy in your organization?
And, finally, an automation focus. And, this is really talks about the provisioning aspect of things. As your company starts to grow, you want to make sure that, again, you want to make sure it's a very secure environment. You have the capabilities to, through policy, ensure your employees, contractors, and customers get access when they need access and stop getting access when they shouldn't get that access.
This gives a really good concrete overview of what 100% cloud and mobile IT really looks like. And, it's a great goal to achieve, but there's definitely some challenges in getting there. Right?
Let's talk a little bit about some these challenges. As we work with our customers who've gone through this journey, we see that the two types of organizations that really go through this are what we call first "The Cloud Native". These were companies that were born and breed in the cloud. They have no on prime infrastructure. And, their challenge is what we're calling, "Mastering The Cloud".
And so, things like no central admin tool to manage access, their processes are typically met very manual. They're probably a smaller org, maybe a one or two man shop manually managing a lot of these processes. And, as they continue to grown and scale, how do they continue to provide a secure experience for their environment?
Of course, as they continue to grow and scale, they have more and more people who are working from around the world. How do you make sure that your distributed workforces has those security policies in place? Growing collaboration with outside partners and contractors is an issues of them. And, of course, with more people, means more endpoints.
The second segment that we see are what we call, "The Cloud Aggressives". These are organizations that do have some on prime infrastructure, but they really want to move full fledge into the cloud only world and so they are looking at ways to really offload some of that on prime infrastructure and move completely into the cloud. Aggressively moving into the cloud.
So, their challenge is scaling in the cloud. Things like removing or reducing dependencies on on prime directories like in ADI or LDAP. The needs to modernize their apps from some of the old legacy standards to, again, SAML 2.0, Open IVC Connect, OAuth. The need to secure a BYOD environment or a mix Mac environment, as we've talked about.
The need for groups and user membership. This is pretty standard and it's always gonna be something that we're thinking about. And, the kind of who gets access to what conundrum.
That being ... There's gonna be some challenges involved in this, but there's a lot of people who we've worked with who have gone through this process and I think that that's a great segue to really introduce some of the people that I'm very excited to talk to today. These three. Let's bring them up really quickly.
So, Phil, Stephen, and Mishaal. Let's give them a quick hand.
I'll do a really quick intro here. Phil from ThoughtWorks. He's TechOps Head of Tech and has been with ThoughtWorks for 12 years. Founded in 1993, ThoughtWorks is a community of passionate individuals whose purpose is to revolutionize software design, creation,and delivery. It provides pioneering tools, consulting services, and software. It's headquartered in Chicago, where Phil is based. Over 4500 employees. 40 offices in 14 countries. Big, big organization.
Stephen is from Vevo. He's the Senior Director of IT Strategy and Operations and has been at Vevo for almost four years. Founded in 2009, Vevo is the world leading all premier music and video entertainment platform with over 24 billion monthly views globally. Vevo brings a library of over 250,000 HD music videos, exclusive original programming, and live concert performances to everybody on the planet who loves music. It's based out of New York City, which is where Stephen is based out of, with roughly 400 employees and seven global offices.
Finally, Mishaal. Mishaal is an IT Business Analyst for Appirio and has been there for over five years. Appirio is global IT tech consulting company that provides mobile social cloud sourcing and cloud technology services to companies wishing to adopt public cloud applications. So, a great person to talk to. Last October, they were acquired by Wipro, a publicly traded IT technology consulting company based out of India. They are based out of Indianapolis. Over 2000 worldwide employees in six global offices.
Cool. Very accomplished people. So, wanted to quickly just start off the conversation with ThoughtWorks here with Phil. Phil, I know from your story, your background, that you were looking to move off of AD. You had AD in the past, you currently still have some of thatright now, but you wanted to get off of AD. There were some issues that you thought AD maybe wasn't the best for as ThoughtWorks is moving forward.
Can you tell us a little bit about why you were thinking about this and some of the challenges that you faced?
Phil Ibarrola: Okay. ThoughtWorks is an older company, like you said, founded in 1993. We didn't have the option of going cloud native. What did most organizations do in the 2000's? You set up Active Directory. You needed a directory service, Active Directory was the only game in town. And, it worked well for a while. But, as ThoughtWorks as an organization evolved, we started to evolve away from the path that Microsoft prescribes.
So, we started using more Open Source and Linux. On the server side, we started providing Macs to our employees rather than PCs. We started, we got more globally dispersed, as you said. We're 4500 people across 14 countries. But, I think, the biggest drivers was we started adopting more cloud services.
As we pushed more up into the cloud, having an on premises directory didn't seem to make as much sense. So much so that Active Directory has become essentially just a password storer. That's its primary function. It still has some dependencies, but that's mainly it.
So, about this time last year, we were actually here at Oktane. A bunch of us said that we should start on the journey of actually decommissioning AD. And, we decided to apply what we call, "A Strangler Pattern" to it where we looked at all the dependencies that wehave on AD and started trying to knock them off one by one.
And, as we knocked off each dependency, the noose Ad's neck gets a little bit tighter and at some point we'll feel comfortable actually retiring AD. So, we're hoping by next Oktane, I'll have a good story about how we have actually retired AD.
Daniel Lu: We're looking forward to that story.
Phil Ibarrola: Yeah.
Daniel Lu: We got into the discussion of your guys' removal of, or the process of removing AD. Can you step back a little bit and tell usmaybe why you want to go 100% cloud and mobile in the first place?
Phil Ibarrola: Active Directory has become a glaring bit of tech debt on premise. And, as our AD environment has become less and less interesting to maintain, it's been harder to retain top talent who can look after Active Directory in a meaningful way. And, it's really hard to recruit people when you're Active Directory footprint is shrinking and you're not really ... It's not a strategic investment anymore for your organization.
That was another reason. We just couldn't get people on staff who really knew what they were doing and could maintain it in a meaningful way. The skillsets just transferred to the cloud more. Active Directory became less of a desired skillset within our organization.
Daniel Lu: All right. And, Stephen, at Vevo, it's a very similar story. When you started about three, four years ago, Vevo had Active Directory. But, over the next couple of years, you actually were able to completely decommission Active Directory and now you've guys are completely off of that. Can you tell us a little bit about that journey? Why were you guys going through that? And, what was ... That's kind of a big deal.
Stephen Bruno: Yeah. I mean, look. A lot of the points that Phil just made, we just simply weren't using it. It was a password storer. It was used to map a few drives here and there. And, we did have a lot of Apple devices in our environment that just weren't fully utilizing itself. I took a bit of a kind of rip it off like a bandaid approach and just got rid of it very, very quickly. And -
Daniel Lu: How long did it take you?
Stephen Bruno: Pretty much, a week or two. I had a bunch of techs visit these machines.
Daniel Lu: A lot of questions for him later.
Stephen Bruno: Oh yeah. Well, the fact is, when I first started there I noticed that the end users took IT on themselves. We weren't offering the tools that they needed to get their job done. They didn't want to VPN into our network to access files. So, when I got there ...
Well, the first thing I noticed was the amount of file storage platforms we were using. This department was using Box, this department Dropbox, this department Google Apps. And, completely unsecure. I don't who was administrating this stuff. So, that was really when I took a look at what are we doing here? What do we need to do?And, it was when I decided to move forward with Box, which was a very, very easy transition. People were very happy afterwards. A Box rep actually introduced us to Okta and it kind of ballooned from there.
Daniel Lu: And, it sounds like that bandaid you guys ripped off pretty quickly, but that's a big ass bandaid. Were there some challenges? I'm sure. What were some of the issues? What were some things that you had to maybe give up, or think about, or really work through?
Stephen Bruno: Yeah. There weren't that many challenges since most of our apps were SaaS based. So, that was a biggie. Sales still had their sales force. Finance ... Well, finance was ready. Most of their systems were already in the cloud. We had to re-add printers I guess. I ended up just getting rid of all of our file server immediately. Got rid of them all. That was very quick.
And, the fact is, people don't have to call the help desk anymore to reset their password. They just do it themselves. They essentially become now a tier one support themselves.
Daniel Lu: Okay. And, Mishaal. At Appirio, it's a slightly different story. You guys were born and breed in a cloud. You guys are what we call, "A Cloud Native." You guys didn't really have an on prime infrastructure at the time. What were ... Why did you guys decide to start that way? And, what were some of the drivers and business decisions for thinking about that?
Mishaal Jamil: Our founders, when they created Appirio in 2006, they had a vision and they knew cloud was the future. With that vision in mind, they decided that this is going to be our bread and butter and like our CTO says, we eat our own dog food. Whenever one of our guys goes to a sales meeting with a client, what's the best story? The best story is, we use cloud. We're an example of how cloud works. We've never used on prime systems. We've never had a single server. And, that's something that really resonates with our clients.
The other reason was it gives us access to great talent worldwide. You're not restricted by, oh, we've gotta hire somebody in a local area who can come to the office. With the cloud, we can hire great talent that can just sign in online and we have access to them again. And, the other thing was, we run a very, very, very lean IT team. When I started at Appirio, we had two people in IT, me and our IT manager.
And, we were supporting 250 employees. Now, we have over 2,000 employees and we have eight IT people on the help desk supporting our worldwide organization. So, that's really why we went cloud.
Daniel Lu: Wow, yeah. That's a great story. Can you tell us little bit more about that journey of scaling from 200 to 2,000 employees worldwide? What were some of the apps that you had brought on? What were some of the issues and things that you were seeing along the way of that scale of business?
Mishaal Jamil: Certainly. One of the main issues that we felt earlier on was cloud was still young. There were not that many applications that most people are used to on prime applications. So, that was a challenge. But, now, there's a cloud application for every on prime system that anybody has been used to.So, that was one of our main challenges over there.
Daniel Lu: Just finding thatSaaS app or that public app. That public cloud app that you can use.
Mishaal Jamil: Correct. And then, another thing that I forget to mention was from an IT perspective, deep provisioning and provisioning, it just was time consuming. It took eight to ten minutes to provision and deep provision a single user and we just felt that, yes, we're running a very lean IT team, but they're spending a lot of time on just provisioning and deep provisioning people. And, that's really not what we want our IT people to be doing.
We want our IT team to be internal developers, internal consultants, making sure that our business needs are being met. And, we don't need to hire any outside help for that.
Daniel Lu: And, I know, Stephen, that's kind of a similar story I heardfrom you as well. Just the provisioning aspect of it. Making sure that you guys can run a great and scale a great company on a somewhat lean IT team. Can you tell me a little bit about that story?
Stephen Bruno: Yeah. Similar to you. Very, very lean IT shop. It's actually me and one other guy in San Francisco for about 400 employees. I do outsource or help desk, but yeah. So, we at one point had eight different apps. Exchange was actually being hosted in cloud, but not through 365 or Google.
And, when we have to bring on a new employee, it was a lengthy process of creating accounts in each area. When a title changed, you had to change the title in eight different places. And, similarly, when someone left, we had to make sure we got 'em all. It really ... Once I started overseeing our salesforce CRM, and I did that first audit, I found like 3 people who long left the company who still had access.
Daniel Lu: Oh wow.
Stephen Bruno: And, that's when it really hit home like this is a problem and we need to solveit.
Daniel Lu: Yeah. And, Phil, at ThoughtWorks, your thoughts around the provisioning and deep provisioning aspects and security aspects of that? What were some of the things that you saw there?
Phil Ibarrola: Provisioning and deep provisioning is really important. You want to make sure that the right people have the right access at the right time. And, that was one of the big drivers. Once we replaced our single sign on, that was immediately what we went into with Okta. We wanted to take advantage of allthose automations because, like we were saying, we had checklists, and spreadsheets, and all this other stuff that we had to go through.
And, so many either joined or left the organization and that is a time suck for people who could be doing more important things. So, we just wanted to kind of relieve that burden and Okta fortunately had capabilities that helped us do that.
Daniel Lu: Yeah. That's great. And so, switching gears a little bit. I know that many people in the audience probably already believe in the cloud, they want to go 100% cloud as much as possible, but enacting changes in many organizations can be very difficult. Cultural changes, convincing management, for example.
I know ThoughtWorks, that's something that you guys have really thoughtthrough and really wanted to make sure that everyone in your organization really understood. Can you tell me a little bit about how that worked at ThoughtWorks?
Phil Ibarrola: Yeah. So, ThoughtWorks is a very consensus driven, decision making organization. We tend to over communicate and try and win hearts and minds rather than just have mandates from on high. So, when we went to start our cloud for strategy, there were a lot of people who were skeptical, myself included. And, I think it takes time for people to adjust to that cloud mentality. And, we were fairly open and transparent with a lot of people at the time. We didn't know what was gonna happen.
We knew roles were gonna change. We knew skillsets were no longer gonna be as necessary. We don't need someone to swap out the blue box of tapes anymore. So, what else are they gonna be doing? These are people's job's responsibilities. And, they wanted assurances that in this new cloud world that they would have opportunities so we made sure that we communicated to them that we were dedicated to their success and we're dedicated towards retraining them in this new cloud versed world.
And, I think that went a long way towards easing people's minds and helping them through that transition.
Daniel Lu: And, Stephen, at Vevo, I wanted to get your take on that. You are the decision maker in many regards from the IT perspective. How did your organization react to your decision to move as much as possible to the cloud?
Stephen Bruno: Well, I think they were just begging for it, basically. The end users, as mentioned, were already adopting these technologies. We are a very young company. Our average employee is probably 25, 26. So, they were already on the cutting edge. They already knew what they wanted. And, I've been fortunate to have leadership support these decisions and a lot of our CEOs have come from tech and so they were with me the whole time. It was super easy for us.
Daniel Lu: Cool. Mishaal, I wanted to get your thoughts as a consulting service who helped other organizations move to the cloud, what is your IT philosophy? When maybe some of your consultants work with your customers and clients, I'm sure it's very, very cloud forward, and you guys again, eat that dog food in some regards. So, can you tell me a little bit about your guys' philosophy and maybe share some of that background to help our audience to understand where you come from and what you hope to achieve with that?
Mishaal Jamil: Well, any company that makes a decision to go to the cloud, they've got to really understand their infrastructure. Sit down, have an x-ray of all the apps, all the software, everything that you have and how it's interconnected.
Once that is done, then the business needs to decide what their strategy is, whether they'removing a small part of their systems to the cloud or whether they're moving everything. Once that decision is made, there's two parts to the next step. One is, the technology aspect. And, the other is, the human aspect.
I'm gonna touch up on the technology aspect first. In the technology aspect, you need to understand the benefits of the cloud. If you're just doing the lift and shift approach where you're grabbing an on prime system and putting it on AWS, for example, you're moving to the cloud, don't get me wrong, but you're not fully utilizing the benefits of the cloud.
You're still holding yourself back. Now, that's the technology aspect. Of course, there's gonna be hurdles. You're gonna go back and forth. There's stuff that needs to be fixed. But, once it's stable, it's fine, it's working.
The other aspect is the human aspect. As a company, people need to be excited about change. You need to get people motivated. And, this is before the change happens, while the change is happening, and after the change has happened. Because, people will be skeptical, they will, back to Phil's point, people don't know if they will have a job or not. So, you need to make sure that your employees know that this is a change, this is a move into the future, this will improve their skillset, and hopefully the executive team can get them excited about this change.
Daniel Lu: Phil, I wanted you to add on that because I know that ThoughtWorks, again, has a very open, as you mentioned, very open communicative culture. What is ThoughtWorks' IT philosophy in this?
Phil Ibarrola: There's a couple of themes in our philosophy. One of the themes is supporting openness and transparency, like you said, but I would say, supporting open standards. We use a lot of Open Source tools, we like to partner with organizations that support open standards. And, not just support those open standards, but also drive those standards. Similar to what Okta has done for SAML and is doing now for standards like Skim and Open ID Connect.
We like partnering with organizations that think about those open standards because by supporting those open standards, I think it allows the industry as a whole to move forward much more quickly rather than having these little enclaves of proprietary systems. So, wereally move forward with open standards.
Daniel Lu: Yeah. And, Stephen, do you have any kind of thoughts on that? How Vevo thinks about their IT philosophy in terms of managing their organization in their environment?
Stephen Bruno: Yeah. We're as lenientand trust based, as you you, I'm sure, I like to put the onus on our user based to kind of help IT drive innovation. It shouldn't be our way or the high way. I've learned, actually, a lot from new employees coming in. They're like, hey, I used this awesome tool at this previous company, and so, I'd like to really rely on our end users to really help us drive innovation and ultimately support themselves.
There's some things, some basic tasks, that they come to IT for that they just could be doing themselves and that's what I think they should do.
Daniel Lu: And so, if one of your users comes and says, "Man, I really need to get this on trend software. I just can't find it online." How does your philosophy play into that discussion?
Stephen Bruno: I've mentioned before, it's SaaS or bust for us. I think we ... or SAML or bust.
Daniel Lu: SAML 2.0 or bust?
Stephen Bruno: Yeah. It's gotta be Okta compatible, number one, obviously. It's gotta come in at the right price.
Daniel Lu: That's always good. A goodprice.
Stephen Bruno: So, those are the two biggies if someone wants a new piece of technology. But, as you mentioned, there's an app out there out there for everything now.
Daniel Lu: And, I know that, Phil, at ThoughtWorks, this discussion comes up hereand there as well. How have you guys managed that in the past?
Phil Ibarrola: We're pretty much SAML or bust as well. And, what we've come to do is we've started looking at the application network as kind of like an app store. So, if we're trying to find a service and we want to make sure that it's Okta supported, so the Okta network is one of our first stops. If someone says we want to bring in this new tool, one of the first things our Okta admins will do is go into the OAN and make sure that it is supported. And, if it has a provisioning integration as well, that's bonus.
Daniel Lu: Yeah.
Phil Ibarrola: So, that's pretty much table stakes now.
Daniel Lu: Yeah. And now, with the new announcement with the businesses at work, I think everyone can kind of figure out what are the top fast growing apps. Interesting apps that we want to bring on. So, I'll kind of ask another question. And, just to set up the conversation, please start to think about some of your questions that you want to ask our panelists as they've gone through this journey. We have some mic runners coming up and down.
But, just to end my portion of it, what's some advice that you might have? Going 100% cloud is not easy. We were very aware of the realities and the challenges of getting there and migrating as much of your on prime infrastructure and off prime as possible, but you guys have gone through it in different stages of your organization.
What is your advice to our audience who is maybe just taking baby steps? We saw a lot of people raise their hands saying that they're already on this journey. Maybe they want to go further along in that journey. What is your advice to them?
Phil Ibarrola: I think the first thing is don't underestimate the human aspect, the cultural aspects, of this type of change. It is a big mind shift for many people. And, oftentimes, it's not the technology that stalls these things. It's the organizational or the fear of change that stalls these things. I already said it, but stick to open standards. If you have applications that support SAML, you can take it to any single SAML provider and not just Okta. So, I think having support for open standards gives you more choice and more flexibility in how you proceed. I think those would be the two big ones.
Daniel Lu: Stephen?
Stephen Bruno: Keep it basic. Dive right in. The pool's warm. Just make sure you've got a big fat internet pipe and redundancy.
Daniel Lu: Mishaal?
Mishaal Jamil: I would say be skeptical. Ask the questions. Don't make the move until you're 100% sure this is what you want because until you're certain of moving to the cloud, you won't be able to get your team excited, your employees excited, and you won't be willing to accept that change. And, it doesn't matter what your strategy formoving to the cloud is. There's a flavor of cloud for every move.
Daniel Lu: Yeah. I think that along this journey, you can kind of dip your toes into this or you can go full fledge like what you guys did. Thanks for those answers. I wanted to start to see if there's any questions in the audience because I know that there's a lot of interest in understanding what they've been doing and what they've been working on. Don't be shy. It's all good. We gotta get a couple of questions.
We've got a question right here. Perfect.
Speaker 6: Yeah. We're moving off a lot of our mainframe applications up to the cloud, which is a huge challenge. And, we're using scaled agile methodologies. I was kind of wondering what methodologies you guys use internally to start to move stuff of your prime on to the cloud.
Daniel Lu: Do you guys have any thoughts? Methodologies, just to repeat, just kind of the methodologies of moving.
Phil Ibarrola: ThoughtWorks is very much into agile methods so we try to apply those as much as possible. So, do small experiments to see how it works, and then kind of iterate, and approve on those. But, at some point, you need to flip the switch and you can't continue doing these small experiments. With a lot of these things ... You can try to apply agile as much as you can, but at some point the bandaid has to come off.
Daniel Lu: Any other thoughts?
Mishaal Jamil: Yes, I agree with Phil on that. The bandaid has to come off. Test, test, test. But, at some point, you have to flip the switch.
Daniel Lu: All right.
Speaker 7: I have a question here. You talked about being responsive to the business and allowing them to come up with new apps and new tech, how do you prevent fragmentation and having 50 apps for the same things for a small organization versus having one or two things that do it really well?
Stephen Bruno: That's a very good point. So, that seems to happen a lot. Fortunately, when people need to get something done, they come to me and say, "Hey, what do I need to get this done?" Or, "Hey, I'm using this tool right now, I think it's really great, but we need to buy it."
And, I say, "Well, what are you using it for?"
And, most of the time, I'm like, "Well, we use this internally. This is what you could be using."
But, a lot of times there are folks that are like, "Well, it doesn't do this. I don't like the log in screen." And, they don't like that it doesn't have this feature that the other one has. And so, typically, I will allow them to use it department wise. So, if it's cost permitting, I'll say, you know what? You guys use it. You're the admin now. You're in charge.
It needs to be Okta compatible, number one. And, if it's not, typically these companies have you pay a lot more to make it SAML compatible. So, I'll say, look if it starts to grow organically within the organization, which a lot of the times it does, I'm like, all right. Let's pay for the extra capabilities and bring it into Okta. And, that's how we do it typically.
Phil Ibarrola: I was gonna say that there's always a struggle between optimizing for the whole organization and optimizing for a subset of the organization. And, a lot of times, it's just a negotiation similar to what Stephen was saying. There may be a department that's gonna get a lot of value of that application because it has some feature that the organization wide application doesn't support or doesn't have. So, it's always a tension between optimizing for those use cases. Overall, ThoughtWorks tries to optimize for the whole and for the many at the expense of someof the pockets. But, it is always a negotiation. There is always a certain amount of tension with that.
Stephen Bruno: You never get 100% acceptance.
Daniel Lu: I think I saw a question back there.
Speaker 8: What's the user experience for logging on to the computer and SSO with no directory?
Stephen Bruno: Well, I'll talk first. Basically, when we did rip AD out, off like a bandaid, I remember helping a few people out, or a few of my neighbors out, with a minor issue they were having and I asked what's your password? And, they were like, "It's Vevo".
I was like, "Your password is Vevo. Okay."
And, I help somebody else out and their password was no password. It was just blank. So, that was a major, major issue that we saw and we lost control of our endpoints to a certain extent. Yes, we were 100% in the cloud, but the endpoints were just pretty unmanaged. So, I ended up implementing ... Well, thanks to Windows 10, we can now, and Mac OS 10, we can now manage these endpoints as MDM devices.
I accomplished that through two products. AirWatch for PC and Jamf Pro for Mac. And, it's been very successful.
Mishaal Jamil: For Appirio, I would say that our employees, employee onboarding, we've gotten so many emails from just new employees who are just amazed by how seamless and how simple their onboarding experience has been. They log in on day one and they have access to everything. They don't have to wait for IT to turn on access for a certain systems. It's just seamless. It works. And, they're really happy.
Daniel Lu: How does device management work at ThoughtWorks?
Phil Ibarrola: We use a very much a trust, but verify approach. We employ very smart people and we trust them to do the right type of things, like encrypting their laptop, etc. But, we would like to have visibility into that. But, in terms of answering the question, it is a very seamless experience. People log into their laptop. They go to Okta and they get access to all their applications on day one. It's a fairly nice and seamless experience as opposed to what happened in the past. Did that answer your question? You seemed to have a follow up.
Speaker 8: They have two passwords? A local password and an Okta password?
Daniel Lu: Do they have two passwords? A local password and an Okta password? Or, how does that work?
Phil Ibarrola: For us, yes, they do. Their laptop credentials typically are different than their Okta password.
Stephen Bruno: Same here. Yeah, you have two passwords to remember, but I have a feeling Okta is working on something there.
Mishaal Jamil: Yeah, same for us.
Daniel Lu: Good question. We have a question right here in the front.
Speaker 9: You all have talked about the importance of the cultural change and that change management getting not only the IT team excited about the shift of the cloud, but then also end users and employees. Love to hear from your perspectives on how you're driving adoption of different technologies. Obviously, Okta makes it easy to ensure that each employee has access to the tools they need, but I would love to hear a little bit more about the cultural shift. Things you did to get people excited to really help drive that adoption.
Phil Ibarrola: Our first cloud app was G-Suite. Or, Google apps back in the day. And, there wasn't much that we had to do to get people excited to move from Lotus Notes to Google Apps. So, sorry IBM. I think with our culture, we have a very curious and experimental culture. It's not so much drumming up excitement around that move, it's more that employees themselves are discovering new and interesting cloud applications that they want us to bring in. And, it trying to manage those expectations.
For us, we have a good situation where our constituents, our ThoughtWorkers are constantly pushing us to best-of-breed tools and bringing them to us, saying, we need this 'cause it serves that purpose. I think moreso, from an IT change management, that's where we've had challenges, at least initially. Where, I look after all these on premise infrastructure today and that's gonna be gone tomorrow. What am I gonna do?
And, we kind of talked about that already, but it's just assuring people that we're investing in them to make that transition from on premises to cloud. And, I think a lot of people were ... Like I said, I was skeptical at first, but I think I've come out the other side pretty well. And, I think a lot of people who stuck around for the journey are much happier for it. They're working on more interesting, complex, fulfilling challenges. Things that are morevaluable to the organization as opposed to what they were doing before, shuffling blue boxes of tapes around.
Daniel Lu: Yeah, we'll take one last question. We're a little bit out of time. But, one last question here. Oh, turn on the mic.
Speaker 10: I would love to rip AD out. Also, sounds very ...
Daniel Lu: Oh, mic went out again.
Speaker 10: But, you know, we're kind of addicted to jPOs. So, how do you guys deal with, besides the MDM portion, how do you deal with policy?
Stephen Bruno: Yeah. So, I can tell you that the tools that we use, AirWatch and Jamf Pro, put policies on all of these machines. So, we have a policy for encryption. We have a policy for computer block after 15, 20 minutes. We have a password complexity policy. You have to reset your password after so many days. So, I think the basic ones, we have locked down.
Phil Ibarrola: For ThoughtWorks, we didn't really leverage jPOs. So, we didn't have that dependency. Some of our offices and certain use cases use jPOs, but it wasn't a hard thingfor us to remove. And, again, we operate mostly on the trust, but verifies. So, we not going out with a sledge hammer to enforce policy. We trust that people are gonna encrypt their laptops and they're gonna have strong passwords on their devices. We wantto be able to verify that their devices are encrypted and things like that, but we're not gonna apply the sledge hammer approach to enforce that.
Daniel Lu: All right. Let's give our panel a round of applause. And, thank everybody here. If there's anything that you want to ask, come up, we'll be around. But, otherwise, thank you guys so much for your time. And, there's a lunch and learn tomorrow. There's Birds Of A Feather. We have a table for 100% cloud and mobile if you guys want to talk more.
As organizations commit to achieving a 100% cloud and mobile-first environment every day, forward-thinking IT departments must build a strategy to make it possible. Getting to that end state has its challenges, from migrating away from on-prem infrastructure, to enabling a BYOD environment, to automating onboarding and offboarding of employees and devices. Come hear real customers share the challenges they faced moving to 100% cloud and mobile strategies, and how they succeeded.