Why the Cloud is integral to a modern digital approach
"The security is actually more stringent and more secure, even though from a practical sort of perception standpoint, it may not seem that way at, at first glance. But when you peel back the onion layers, you'll realize this way of operating, yeah, it's different, but it's actually much more secure and it gives the users a much better experience."
The modern digital landscape requires a new way of thinking about both cybersecurity and user experience. Cloud technology offers the solution for both of those things while not sacrificing efficiency. David Chou is the Director of Cloud Capabilities at Leidos. He joins to tell us about how the cloud works, why it's the safest option, and why it's crucial when working with Zero Trust or Beyond Compliant strategies.
On today's podcast:
- What Digital Modernization is and where the Cloud fits in
- The differences between the Cloud and on-site servers
- How the Cloud makes modern security approaches possible
David Chou: The next level of Cloud is really, "How do I leverage the digital platform approach to Cloud and adopting technology as it changes over the years?"
Shaunté Newby: At Leidos, a question we ask ourselves a lot is how can we modernize technology for organizations in a way that meets their needs and serves their visions? Sometimes that can mean different things, but when it comes to digital modernization, Cloud computing is a no-brainer. Migrating to a Cloud can be a big shift. It's a completely different way of doing things, but the end result is a more secure tech ecosystem and also easier to use.
David Chou: This way of operating, yeah, it's different, but it's actually much more secure and it gives the users a much better experience.
Shaunté Newby: David Chou is the director of Cloud Capabilities at Leidos. In today's show, he takes us through the benefits of security the Cloud brings, how it works with other mindsets, such as Zero Trust, Leidos' approach to digital modernization, and a lot more. My name is Shaunté Newby. This is MindSET, a podcast by Leidos. In this series, our goal is to have you walk away from every episode with a new understanding of the complex and fascinating technological advancement going on at Leidos. From space IT, to trusted AI, to threat-informed cybersecurity, we've got a lot going on and we're excited to share it with you. All right, David, so tell me what you do at Leidos.
David Chou: So at Leidos, I work under an accelerator group called The Digital Modernization Accelerator. It's made up of a couple of technology pillars. My pillar specifically is Cloud computing. So what that means is our group works across all our lines of business within Leidos. We support programs and look at technology trends and see how we can develop new solutions with new technologies applied to our customer's missions.
Shaunté Newby: Can you start by explaining, more broadly, what digital modernization is?
David Chou: So to me, when people ask me what digital modernization is, from a Leidos' perspective, the typical perspective I give is basically applying and identifying discriminating technologies combined with a strategic road map of how you would adopt this new technology, the systems, the platforms, and the software that come with it.
Shaunté Newby: And how big of a part does updating to a Cloud structure play in this?
David Chou: It plays a pretty significant role. Cloud has been around since 2008. Since then, it's got a lot more momentum behind it. A lot of people realized the value in the Cloud. I typically tell folks, "When you think of Cloud and the importance it plays in the overall structure, in your operations, you should think of it as the foundation of your house." You need to move to a more modern, digital foundation, and that's what Cloud is. It enables a lot of innovation and also lowers the barrier to technology. Before, if you think about it, in the old days, if I wanna do technologies, I would have to buy hardware, I'd have to buy software, I'd have to install it. I'd have to run my own data center. I'd have to manage it. That's a lot of overhead. That's a very large barrier to entry in terms of adopting and getting access to advanced technology. With Cloud, that drops significantly. Anyone can sign on, create an account, and start using these technologies and experimenting with them right off the bat, so it plays a very significant role in any enterprise or organization.
Shaunté Newby: So I heard savings in there, 'cause there's a lot of re-use and not necessarily having to reinvent the wheel every single time, right?
David Chou: That's right.
Shaunté Newby: And so why is this important for customers to embrace?
David Chou: For our customers specifically, it really is how they can drive growth and innovation in their organizations. I'll give you a good example. McKinsey, back in 2021, did a survey and they found that approximately 75% of the Cloud's core value comes from boosting innovation, and approximately $700 billion is through innovation-driven growth. So if you wanna expand your business, improve your mission, the large chunk of it comes from innovation and more rapid innovation. Only $430 billion come from reducing costs and reducing risk. So of the two areas, the growth and innovation part is a significant value of the Cloud. That's where our customers are looking to solve the hard problems that they're faced every day in mission. And that's the area where Cloud has seen the most impact. What we've seen, when we implement solutions and we find innovative and novel solutions to their challenges, is in the innovation piece, how do we deliver a better digital experience to our end users? How do we deliver services and capabilities better to our warfighters downrange? All of those are really driven by the speed of innovation that Cloud brings.
Shaunté Newby: All about that speed. Yes, indeed.
David Chou: That's right.
Shaunté Newby: The digital world has come with a lot of conveniences and advantages, but there's still a lot of inclination towards having physical access points. What are the benefits of a Cloud structure?
David Chou: So when you think of Cloud, and why it's better than your own servers, it's really how we talk about before. Previously, everyone had their own data centers or plural, data centers, or a bunch of closets actually of servers and software that required a bunch of people to maintain and update and patch and make sure it's secure. And what you see, when you start analyzing, assessing all these deployments is the security isn't consistent. Some are more consistent than others, certain data centers are more secure than others. Not everyone has the staff or the funding to support such a large staff, to manage their data center deployments. With the Cloud, all that sort of... What you'll hear sometimes called toil is given to our Cloud service providers. Today you have Amazon, Google, and then Azure. They provide sort of all that overhead, and all you have to do is use it like electricity. You just pay for what you use. When you look at electricity, you don't worry about the transformers, you don't worry about the generators, you don't worry about the power lines. None of that. It just comes to your house, and you use it as you need it. That's the same sort of operating paradigm for Cloud now, especially with software as a service and platform as a service. You don't have to worry about all that overhead. You don't have to worry about buying more servers or buying more software and patching and updating. All of that is already taken care of for you.
David Chou: It's a very new way to look at the operation of your IT infrastructure. It's the very core paradigm shift of a shared responsibility model, which really means you trust Amazon or Azure to run secure data centers, to secure those physical servers. They don't show this, but a lot of times when we've taken a look at their data centers, the security around their data centers surpasses anything we've ever seen. Key cards for access, key cards again to access the actual rack that you're in, multi-factor authentications to get in, lots of layers of security, they make sure that the hardware is secure, and the physical structures are secure, and you only have to secure your application. It's really moving your expertise of your folks to where they're best suited, which is developing applications and capabilities, and not worrying about infrastructure.
Curb Your Enthusiasm Clip: Don't worry, I locked the door.
Shaunté Newby: When it comes to security, there's something comforting in the old-fashioned physical lock and key. For instance, if you could see me now, you'd notice I'm holding my thumb drive, it's currently storing a presentation I need, but I now have to upload it to the Cloud where it will no longer be in the protection of my hands. Initially, that feels like the last thing I would think is best for the safety of my data, but that's not the case. I'm going to tie this back to a previous episode of the show where we spoke with Jeff Mims, a Leidos Chief Technologist about Zero Trust.
Jeff Mims Clip: Zero Trust is, it's a whole new way of approaching cybersecurity, starting with, very appropriately, the mindset. This philosophy is, it's very different from traditional thinking, which is if we build a wall big enough, we can keep all the bad guys out. Well, eventually the bad guys will master flight and make it over our walls, and then what? Well, that's where Zero Trust philosophy says, "Protect the inside, just like we do outside the walls."
Shaunté Newby: So there are the cliff notes on what Zero Trust is. If you want to get deeper into that topic, go check out that episode when you're done here. Thinking back to that conversation with Jeff, it becomes clear that the Cloud is very connected to the Zero Trust mindset. My hand holding my thumb drive is that outer wall, but if I drop it or forget it, or if it gets in the wrong hands in any way, my data is up for grabs. So, is Cloud the answer? That's something I asked David.
David Chou: That's a good analogy. So, yes, you're correct when Cloud came on the scene back in 2008, around that time frame, a lot of people just expressed the same sort of view of, "Hey, I can go and touch my server, I know where it is, I could key card myself in and I could physically go and touch my server and I know where it sits. So when I say I put something into the Cloud, it's a physical server that I can touch." And so, what we need to think about is, how to reference before, how Cloud enables technology and lowers the barrier to access this technology, it's perfectly acceptable, apply to Zero Trust. Now, Zero Trust, like Jeff talked about, it is the notion that every system component no longer trust each other just because you're in the same data center, or on your same network. So to your point, when you hold your USB key in your hand, you trust it because it's in your house and you can hold it, in a Zero Trust framework, that's not the case. You have to assume that a stranger gave you that USB key, and that... Yes, you hold it, but you don't actually trust it because you don't know who the person is that gave it to you.
David Chou: So can I trust the security of this hardware that I'm holding in my hand, even though I'm touching it, I don't know who gave it to me, and I didn't buy it. So to access Zero Trust capabilities and technologies like that, you really need the Cloud. In the old day, you wouldn't be able to actually do Zero Trust in the legacy's tradition of data centers. You actually need the Cloud and the capability it provides in terms of its native services and the new operating models, and now it's able to support to do Zero Trust. 'Cause Zero Trust assumes that when you log in, it doesn't know who you are, you have to provide a password, you have to provide a token, these multi-factor authentication pieces need to happen at every transaction, especially between systems where there's no human in the loop and to do that you'd need the Cloud to do it fast enough so that when you're using the Cloud and you're uploading, even though it's doing Zero Trust in the background and verifying every single component to get your stuff loaded, or to stream from Netflix down to your house, this experience is seamless.
David Chou: You click on, "I wanna watch Netflix, I wanna watch a movie," it streams, but you don't know that in the background, it verified every single component every single time to stream that data into you so that you know that data is secure, there are no viruses, there are no threats coming down into your television or into your network. And to provide that seamless, fast performance and experience, you need Zero Trust, but to get Zero Trust, you need the cloud to do that.
Shaunté Newby: So you just made me think of something that confirmed again, why I think the Cloud is better too, 'cause I'm imagining entering an organization with my little thumb drive and I stick it in their device and they don't trust it, right? 'Cause, it's like, we don't know what this is, but they would trust me logging in to Google Drive or OneDrive, 'cause I guess they'll trust that a little bit more than my little loose thumb drive here, I guess.
David Chou: Let's peel that a little bit. When you log in to Google thumb drive or Google Drive, it asks for your password, right?
Shaunté Newby: Yes.
David Chou: And then now in the new Google, I think when you log in, it also sends like a login to your phone that you have to open YouTube to verify it's you.
Shaunté Newby: Yeah.
David Chou: I see you're nodding your head, right? That's multi-factor authentication, it's verifying two pieces of information that you have, that whole process is part of Zero Trust. You could never have done that in the old days. It's very difficult to build such an elaborate system, every company would have to build such an elaborate system and maintain it. It's much more effective cost-wise and operational-wise for Google to provide that service, and everyone gets to use it.
Shaunté Newby: So let's talk about the user experience a little bit. I think objectively, some of the greatest advancements that have come from our tech and our tech interfaces are that they've become more intuitive and user-friendly. You don't need to know a coding language or navigate a menu of rabbit holes anymore. I know in a previous conversation you had mentioned looking at the cloud as a platform, can you explain how using the cloud would create an ideal landscape for a platform?
David Chou: Sure. So what you'll see... If we look back a little bit before Cloud, you'll see that there are a lot of different types of technologies that were fractured and disparate, then came Cloud, and that only got worse. If you go and look at different solutions, you'll see a myriad of providers of all different types of technologies, all types of solutions, they're not cohesive, there's just... They're own little silos, their own little piece of the pie. And so if you look at Cloud from a, what I'll say, digital platform perspective, what you're looking at is, "How do I facilitate interoperability of all these solutions." And why do you care? Because current systems today run-on different data centers everywhere, and as you're going to the cloud, you're gonna want to use Amazon, you're gonna want Azure, you're gonna want to use Google. Whoever is the best suited for that solution, you're gonna need it to work together, and together means interoperable between systems for the user so that when they want to stream a service down, if they wanna open an app, it doesn't matter to them how many pieces it takes to make that right to them, it's a seamless experience end to end.
David Chou: The other piece is, if you look at it from a platform perspective, it allows us an easier access to data and data usage. And what that does is because now you have access to more data sources that are generated by all these parts and pieces, you can now apply artificial intelligence and machine learning. And that helps users be more effective at their job, it gives them a better experience, it augments their capabilities, making their jobs easier. It also provides a much broader array of solutions. That's how you get to a marketplace, like an app store where a user can potentially in the future, "Hey, I need a new capability for a mission. I can look at all the different options in an app store and I can put together a solution for myself." But you can't do any of that if it's not built on some kind of standard digital platform that allows the interoperability to happen, which then translates into you sitting at your desk or deployed down range and say, "Hey, I have a very specific challenge I need to solve right now. I can go to the app store; I can pick and cobble together a solution for myself very quickly without too much help from an engineer."
Shaunté Newby: Sounds like technology Legos.
David Chou: It's exactly like Legos. Each vendor, each solution is little Legos, and the best part is because you have a platform and you're looking at micro-services and they're built with APIs and they're using cloud-native services, it literally allows you to treat them like little Lego pieces that all connect together, and so you can build a starship or you can build a chair, but they're all still Lego pieces that work together. You need them to be interoperable to do that, and to get there is... The platform is the key.
Shaunté Newby: So is it possible for you to walk us through some of the other benefits that would come from building out a platform?
David Chou: Well, the platform... I talk about interoperability, I talk about combining and leveraging the different data sources, what you can start building, because the Legos is a solution specific to your mission. And it could be a mission that I just got assigned that's only gonna last four days. Instead of building these very complicated solutions, I can build custom solutions for the brigade, for the platoon, they can do it themselves to execute on their mission. The other piece is it allows us to introduce future technologies. Technology moves at a faster and faster pace these days, and with a digital platform, it is a way to facilitate ingestion and adoption of these new technologies, because if you think about it, as new technologies come on the scene and get proven out, you can build applications and solutions and Lego blocks essentially around these new technologies and make them available on the platform.
David Chou: So now that, even though you may not be technologically advanced, you may even not be a software engineer, you can still get access to these technologies and apply it to your use case and apply it to the problems that you're facing currently. And that really lowers that barrier to technology adoption and availability, and it really sort of democratizes advanced capabilities to a larger group of folks. And with a larger access to a larger group of folks, you have more innovation, you have more ideas, you have more experiments and tests you can do at much lower cost to everyone to see if it works. That's really where a lot of the value comes from. The next level of cloud is really, "How do I leverage the digital platform approach to cloud in adopting technology as it changes over the years?"
Star Trek Clip: Technologies are not always compatible.
Shaunté Newby: From what we've learned so far, it's clear that Cloud technology is vital for cybersecurity in the modern age. But whenever we shift forward, regardless of how great the new technology is, backward compatibility is often difficult. To give an easy example we'd likely all recognize, we weren't able to put a compact disc into a floppy drive. I asked David if this was an issue in his work, and if so, what he and his team at Leidos are doing to avoid those issues as best as possible.
David Chou: As we talked about, just with the platforms, interoperability is always a huge issue, especially with new technology. New technology typically isn't backward compatible with what you currently have, and so having those platforms, it helps... They should also think about... The other thing people should try to think about is try to build systems and architectures and solutions that are future-proof. And if you think of it that way, systems get very complex 'cause you don't know what technologies are coming in the next two to five years and trying to anticipate that is really gonna be a losing battle 'cause no one can tell the future. What you should think of it is, "How do I optimize my operation state with what I have today, but how do I reduce the switching cost later on?" But at some point, if you think about, "When new technology comes and it's proven, I'm gonna wanna switch or adopt it, so how do I build it now, so it gives me flexibility?" What people should be looking for is, "How do I build flexible architecture? How do I build flexible solutions knowing that a new Lego block will come in the future?" And to flip over, you have a switching cost, that's fine, but having a flexible architecture reduces that switching cost. There's no way to really get rid of the switching costs unless you can certainly tell the future.
Shaunté Newby: Backwards compatibility isn't the only challenge David faces in digital modernization. A lot of the other challenges come from outdated mindsets, for instance, with funding.
David Chou: We work with the federal government a lot, so a lot of our customers are in the federal space, as you're aware. And I think one of the top problems that we've seen start to repeat itself over the last year is actually the transition of our customers from a capital expenditure model to an operational expense model. So with the Cloud, it's based on subscriptions. That is an operational expenditure, you only pay for what you use, just like electricity. Previously, capital expenditures are, I plan what I need for the year in terms of hardware and software, and I go and buy that. So you have a large purchase at the beginning of the year, every year, but moving to a monthly or even annual subscription model is very difficult because of the way they do funding and budget allocations traditionally.
Shaunté Newby: Another major challenge in digital modernization is process. That's a piece that needs to be thought out in any instance of technology implementation. For David, it's something he thinks about a lot.
David Chou: We have a lot of engineers who are very good at building whatever you can literally imagine. What takes the brunt of the hit is the existing processes and the people and the skill set and the training that needs to happen that people don't consider. You should look at it from a Venn diagram. There are three pieces, there's technology, there are people and there's process, and where those three overlap is where you need to focus. And a lot of our customers and our experiences is people like to focus on technology 'cause it's fun and it's cool and it's new, but what really adds the risk and makes the adoption harder is on the process and the people side. Not giving enough credence to what is the user experience gonna be? What is the digital experience for end users? How do we facilitate that? How does that make their work different? Because if someone came in here and told you, "Shaunté, hey, I'm gonna use all new different applications to do this recording tomorrow." You're gonna be like, "I have this whole workflow set up, I have to change everything." [chuckle] And you're not gonna be a fan of, "Hey, I don't want you to mess up my house every single time some new tech comes on the scene."
David Chou: So from a Leidos, we look at it from that perspective, from a holistic... The process and the people are just as important, if not more so than the technology most of the time because if they're unwilling to use it, it doesn't matter how fancy technology is, if they're unwilling to incorporate it and change their ways of working or modify their way of working, you won't be able to capture that value that you're looking for. And the third challenge we see the most is around security. With security in the Cloud, I earlier said that the Cloud is more secure, which is true. The security challenge comes from the fact that within the Cloud, you're operating within what's called a Shared Responsibility Model. So what that means is the Cloud provider ensures that the Cloud is secure from a hardware and network standpoint, but then that also means that the application owners are also responsible for securing their side of the environment and that sharing is where the challenge comes from. It becomes incumbent on the application owners to secure those applications sufficiently, even though the providers are providing an overall more secure environment to operate within.
David Chou: So when you're gonna audit an application or you're gonna audit an environment, previously in a data center, you can walk in there, you can see your data centers, you can see your servers, you can see your connections, and you can verify, "Yes, what you said is gonna be here is here and this is what it's doing." Within the Cloud, and if you're using, for example, serverless, those servers only exist when it's needed. So if no one's triggering it, it doesn't literally exist, so you can't see it, they're temporal. They just pop up when they need it and they disappear when you don't. So maintaining security in such an environment that's so dynamic is definitely a challenge our customers are facing and we're working with them to see how we still can integrate what the system looks like over time, and how we can provide different security measures, like Zero Trust, to ensure that even though systems come up and down and disappear and come on line when needed, that a combination of security monitoring and Zero Trust practices and principles will ensure a higher security posture for their systems.
Shaunté Newby: So what you just said, I was like, "I can imagine this being alarming to someone." You said, "It doesn't exist until you pretty much access it." So it disappears, nobody wants to hear that their data is disappearing. [chuckle] Right? So that's not what's happening though.
David Chou: Right, you make a good point. Like the data is persistent. The data is stored in a secure... It has the durability of 11 nines, so it's 99.999999999. So it is extremely durable, but what's coming up and down is the application. And it's actually more secure because if it doesn't exist until you need it, no one can attack it, 'cause it doesn't exist. So it only comes up, verifies who you are through Zero Trust, uses Zero Trust to access and secure and encrypt your data, when you need it, only when you need it and when you're done, all that shuts down. And so now, if your computer is turned off, a hacker can't get to it because it's off. Same concept. Security is actually more stringent and more secure, even though from a practical sort of perception standpoint, it may not seem that way at first glance, but when you peel back the onion layers, you'll realize this way of operating, yeah, it's different, but it's actually much more secure and it gives the users a much better experience. It's just whatever I need, whenever I need it, it is there instantly for me.
Shaunté Newby: Now I feel a little better. It's there when I access it. David's main focus with digital modernization is on the Cloud, but there's a lot of really cool stuff to look forward to. An absolutely mind-blowing technology on the horizon is quantum computing, that's something we're gonna dig a lot deeper into in an upcoming episode of the show, but for now, here are David's thoughts on it.
David Chou: It's a completely different way of computing. It's already starting to be investigated by the Cloud providers. There's hardware involved, so there's already hardware being built by companies like Intel. Leidos is looking into the art of the possible around quantum and how we can use quantum computing in a practical sense and how we can practically apply it to applications within our customer's mission space. I would definitely keep an eye out on the quantum space, it's gonna be here sooner than people think, and it has lots of implications on how we can expand our technology and use it in very creative ways in a mission.
Shaunté Newby: Cloud technology is an exciting modern way to approach computing. As we learned from David, it brings incredible advancements and security, and on top of that, it has better functionality for users. If you still want to learn more, you can visit leidos.com/cloud. Thanks again for joining this episode of MindSET, a podcast by Leidos. If you like this and want to learn even more about the incredible tech sector work going on to push humanity forward, make sure you subscribe to the show. New episodes will be live every two weeks. Also, feel free to rate and review. We're always excited to hear your thoughts on the show. My name is Shaunté Newby, I'll talk to you next time.