A healthy culture is a key engagement factor at Solita Cloud Community

While Solita keeps growing and expanding its business, it also continues investing in a caring culture where people and their well-being are top priorities. This approach has proven rewarding even when times are turbulent in the external environment.


Caring is one of Solita’s key values, and it’s very visible in the Cloud Community. Caring starts from viewing people holistically. People are seen as human beings with all different sides, and their well-being is a top priority.

The strong culture even protects people from themselves. That happens through open and honest communication, vulnerability, and respect for employees’ boundaries.

“We completely lack superhero culture here, where people who overwork and are available until midnight are celebrated. People are genuinely interested in how I’m doing, and we talk and deal with all kinds of emotions in our team,” says Petrus Lehtimäki, Senior Cloud Consultant in the Cloud Community.

A healthy workload is a transparent goal at the Cloud Community, and employees are not expected to work overtime or answer emails in the evenings. A healthy way of working is advocated in different teams and discussed with customers when needed. That is reflected throughout the company, and the numbers speak for themselves. Peakon survey score for workload at Solita is 8,7, which is way above the industry average (7,7).

Solita hasn’t been affected much by the economic downturn, and the people-first approach seems to bear fruit also during tough times. It comes down to leaders who make long-term decisions and grow the company responsibly.

“It feels like we can make more revenue with less forcing and pushing compared to some other companies. We don’t have to kill ourselves with the workload, but Solita keeps growing, and it’s a highly profitable company,” Lehtimäki continues.

People are encouraged to have a life also outside of work 

A healthy culture is also reflected in how different life situations are considered in the Cloud Community. Petrus wanted to stay home with his youngest daughter for six months, and it was clear from the first discussion that the company supported this decision fully.

A true intention is to make work match employees’ other interests and life in general. Part-time work is another example.

“I was able to work part-time without any justification. In 2022 I wanted to work remotely from Spain for a month. It worked out, and I was also allowed to lower my part-time work from 80 % to 60 % during that month”, says Eveliina Miikkulainen, a Project Manager at Solita Cloud Community.

Solita also scores high in flexibility (9.0) according to Peakon survey results. People generally have a lot of flexibility in planning their work and schedules. Practicalities are discussed with the project team; as long as work gets done, there is plenty of autonomy in organizing one’s work. Also, vacations and days off can be booked without bureaucracy, and in most cases people can take time off when they want to.

“Here you are asked what you want to work with, and your wishes are considered as much as possible. We also have fantastic occupational health services.” (Solita Cloud Platform Employer Brand Survey)

The level of autonomy is high at Solita, and it’s exercised at all levels in the Company. Autonomic decision-making makes the company feel small, even though it’s over 1600 people in six different countries. The Cloud Community consists of almost 100 Cloud Professionals but also feels like a small team.

A community without a pecking order

“At Solita Cloud Platforms, we have a fun and open culture where you can truly be yourself. On top of this, things get done, and the customer is happy.” (Solita Cloud Platform Employer Brand Survey)

The culture also embraces authenticity, and people are encouraged to show up as they are. Diversity and inclusion are big topics within the company, and there is a real sense of equality. That means that there is no pecking order; everyone’s voice is heard and appreciated.

“Ideas are evaluated based on their quality, not based on who is sharing them,” adds Miikkulainen.

Shared responsibility and accountability are also aspects that contribute to a healthy culture. People are passionate and want to do their best work, grow, and help their colleagues. Help and support are always available, no matter what the problem is.

Want to hear more about our culture?
Contact our Talent Acquisition Owner Saila Karonen, saila.karonen@solita.fi (Finland)

Talent Acquisition Specialist Kajsa Törnroos (kajsa.tornroos@solita.se) (Sweden)

Or Apply here (FIN)  or here (SWE)!



Solita achieves Google Cloud specialization: Infrastructure – Services

Solita has achieved Google Cloud specialization, demonstrating our competency in building infrastructure and migrating workloads to the Google Cloud Platform.

Solita and Google share a longstanding partnership, with multiple significant real-time, data-intensive services running in production. Solita boasts a growing number of certified professionals and possesses unique skills in developing complete services on the Google Cloud Platform, not just in developing and operating the cloud infrastructure.

As a Google Cloud Platform Partner, our partnership aims to accelerate the pace at which our clients can capitalize on digital opportunities.

Our expertise is evident in our CloudBlox offering, but Solita’s know-how extends beyond our cloud infrastructure services to encompass software development, data analytics, and integration services as well. This specialization, therefore, reflects Solita’s comprehensive capabilities as a whole, demonstrating our ability to provide a wide range of solutions for our clients.

We are excited about the prospect of further tightening and deepening our partnership with Google Cloud in the future. Our continued collaboration will undoubtedly bring more innovation, growth, and success for both parties while offering enhanced value to our clients.

Disobey 2023

A retrospective of major cybersecurity events. A glance in the AI and Cloud crystal ball. Looking inside for industry introspection.

We were eager to attend Disobey after a long hiatus. The pre-published program seemed to offer a nice mix of high and low level presentations.

Mental health and cybersecurity – a match made in hell?

Friday’s keynote by Antti Kurittu focused on the most relevant Finnish cybersecurity incident of the last few years: Vastaamo. However, since the leak has already been examined in the media, it didn’t surface so much in other presentations.

A later presentation by Juho Jauhiainen definitely stood out from the rest. It focused on an individual’s journey in cyber security: how the competitiveness of the industry impacted their mental health and what really matters in the end. This was undoubtedly an eye-opener for many that suffer from the same pressure. It should be noted that while the talk was done from the cybersecurity perspective it also applies to the other areas of IT as well. A huge thanks to Juho and we need more sessions like this!

Another great presentation worth mentioning was held on Friday evening. The presentation was a case study on whether it is possible to pick the Abloy’s “EASY” mechanical lock model, which was released in 2021. While the topic is in itself interesting, what made the presentation awesome was that the presenter Petri Maksimainen (also known as Idanhurja) delivered it in his own personal and positive way. The presentation also slightly touched on cyber security penetration testing and how testers can keep their own morale up by adding encouraging message prompts into their scripts!

Year of the Linu^H^H^H Skynet

Producing high-quality deepfakes is not yet trivial, it requires various resources like (voice) actors, good production values, time, etc. At the moment individuals do not need to worry about being the target of deepfakes, as credible productions require a large amount of available video and audio material of the subject. Nevertheless, the impact of a successful deepfake can be very damaging. Mika Juuti examined deepfakes with scientific precision in their presentation “Deepfakes through the lens of an adversary model”, a definite recommendation!

ChatGPT has been in the news for being an enabling tool for hackers. It was also featured in Disobey, where there was a large amount of hype associated with it. One statement is that it enables cybercrime by working as a malware generator. However, most of the examples spat out by ChatGPT are clearly broken or non-functional, requiring programming and/or hacking experience. Currently, ChatGPT has already been severely limited in its ability to produce exploits or malware.

Adversarial AI was largely only speculated upon with “Attacking AIs fighting defending AIs” so sadly no concrete examples of adversarial AIs weren’t seen. Maybe not surprisingly, there was no mention of methods to protect against AI attacks either.

We are not trying to downplay AI as it will be the most transformative tool of our time. Rather we want to point out that AI is not (yet) the bringer of the cybersecurity apocalypse, but its definitely a thing to keep your eye on.

Get your sh*t together

The term “Shadow API” popped up in a presentation. However, we saw it only as another term for improper asset management. Despite what term one uses, asset management remains an important process, which nowadays should include listing of exposed interfaces, no matter whether those are related to production, testing or some other environment.

In the modern times security is everyone’s business and it should be put into practice in every project, preferably earlier than later. For this purpose, threat modeling is the right process. Threat modeling ensures that project assets are recorded, the architecture is up to date, threats as well as threat actors are charted and responsibilities are assigned for implementing contingency measures.

Cloud stuff

Cloud Security was discussed in multiple presentations. One key takeaway was that attackers are now well-equipped to both find and exploit vulnerabilities in the cloud. Note that this is not proof of inherent insecurity of the cloud but rather of its incorrect usage.

The second takeaway was that your CI/CD environment should be guarded like your life depends on it. Compromising it gives the attacker keys to your kingdom. Attackers know this and are focusing their efforts especially on CI/CD. As always, protective controls are mandatory, but in addition to them detection controls should be implemented to ensure that unusual activity within environments is noticed, which allows fast response and mitigation. Another mitigation practice is to separate environments from each other as well as utilize principles of least privilege and zero trust to minimize the so-called “blast radius” from a possible breach.

See Nick Jones’ presentation Stormy skies: Modern cloud attacks and their countermeasures and Dangers of service as a principal – AWS by Matthew Keogh and Tom Taylor-MacLean.

Hope you found Disobey as entertaining and informative as us, see you there next year!


Exploring inspiring possibilities drives innovation

Solita has grown a lot during the recent years and that means a lot of new Solitans. We have placed effort on diversity but it is not difficult to point out one common characteristic that we all share. It is curiosity. Dynamic business environment requires curious people and we definitely have that kind of culture here.

Solitans have a long history of attending events and conferences. That is something which has never been questioned. Attending events and meeting new people, discussions, interactions or just exploring the new environment are the seeds that quite often enable us to reach novel ideas. During the recent couple of years the number of on-site events had been negligible. Currently after the main Covid era a lot of events and summits with real-life interactions have been restored. People are getting together like before. One of those huge events is the annual AWS re:Invent at Las Vegas, NV.

Among many other developers and cloud enthusiastics, we also participated in AWS re:Invent last November. AWS re:Invent was full of sessions, workshops, and chalk talks from all aspects of cloud. If you are interested in the content of the re:Invent, please check Heikki’s blogs (here, here, here and here). Solitans are rather autonomous individuals. That explains why we attended without structured planning mainly on different sessions. Just based on the interest of our own. For example Tero’s curiosity was towards migrations and creation of business value enabled by cloud and Joonas focused on governance and networking.

Key takeaways by Tero and Joonas

Tero’s interest towards migration was fulfilled with handful workshops. Those addressed widely AWS’s migration services, such as AWS Application Migration Service and AWS Migration Hub. Sessions strengthened the understanding about AWS migration services as a whole. In particularly, those seem to include lots of interesting features that make migration smooth and nice. At least within the workshops’ sandboxes ☺. In addition to the migration related themes, Tero attended sessions on Leadership-track. There he heard inspiring user cases where various kinds of benefits have realized based on cloud transformation.

Joonas participated mainly in chalk talks and workshops that provided deeper insights to existing services such as AWS Backup and AWS Control Tower. At re:Invent AWS usually launches new services and features to existing ones. This was also the case this time. The event provided a first glance to some new releases and perhaps the most interesting was VPC Lattice. Also useful features were introduced in sessions, some that might have been released earlier. For governance level some newer AWS Control Tower features have potential. The amount of information gathered in a week was quite overwhelming.

Looking forward to 2023

The variety of interests among Solitans and the possibilities to explore novel ideas are not going to decrease. The current year 2023 is full of interesting events. Naturally the AWS re:Invent will be among the conferences where you can find Solitans. In addition to re:Invent, most likely Solitans can be spotted at almost every main event that address cloud, novel technologies and value creation. We are a rather big group with a variety of interests. Come to say hey to us. We are pretty nice people to hang around with ☺. Solita is a growing company. The growth is based on a combination of people with various backgrounds and passions. It is expected that our curious culture will draw positive attention and more people will join us during the year.

At the moment we have over 1600 colleagues and we are spread over 6 different countries. We Solitans are different but at the same time, we are sharing at least one common aspect. Curiosity. Learning new and evolving by attending, summits, and conferences is very typical for us. These participations are considered as elements that drive us to find the innovative and best solutions for complex situations. We are curious to find solutions that have an impact that lasts.

Check out our open positions.

Visiting Gartner IT IOCS conference (part 3/3)

Latest insights from Gartner IT Infrastructure, Operations & Cloud Strategies conference.

Greetings again dear reader! I hope you have enjoyed my last few posts visiting Gartner IT IOCS conference part 1 and part 2. This is the third and final part of the blog series. As mentioned in the part 2, sessions I planned to visit during the second day were as follows:

  • Part 2
    • The Future of Cloud: Prepare for 2027
    • Kick Your Infrastructure-as-Code Journey Into High Gear
  • Part 3 (THIS ARTICLE)
    • Cloud Platform Operations: How to Deliver Services Like a Cloud MSP
    • From Cutting Costs to Measuring the Value of Cloud Deployments

Again, in this article, I will summarize some key takeaways per session from my point of view.

Cloud Platform Operations: How to Deliver Services Like a Cloud MSP

Next session I was attending touched the topic of Cloud Platform operations in an organization as an in-house function. The role model was taken from how Cloud Managed Service Providers (MSP) are running the operations. Yes, thats like we 🙂

Cloud MSP Advantages

The main point was why is it beneficial to operate like an MSP and how to transform in-house cloud platform operations to MSP like cloud platform operations? Three key benefits were presented that make an MSP approach to Cloud platform operations attractive. They were as follows:

  • Automation
  • Customer-centric Mindset
  • Product Management

First, automation helps to scale and therefore improves speed, quality and lowers unit costs. This can be achieved with Infrastructure-as-Code (IaC), orchestration and software engineering practises (code, test automation, CI/CD, etc.).

Second, customer-centric mindset promotes service attitude. The better service attitude, the better experience users/customers have. Also customer-centricity helps to prioritize where you need to put focus: what is important and what is not for the users or customers.

Third, product management improves professionalism. It makes service offering visible, structured and understandable. Moreover, it makes the management and delivery of the services more professional.

Adopt Cloud MSP approach

Finally, the guestion how to adopt an MSP like Cloud platform operations? To summarize, the steps to adopt the approach were as follows:

  1. Appoint product leadership
  2. Create a vision
  3. Recruit staff
  4. Launch MVP (minimum viable product)
  5. Iteratively improve
  6. Measure success

There were not any examples how organizations have succeeded in adopting an MSP like Cloud platform operations. It would have been interesting to hear success stories and also to know what size of companies and from which industries have succeeded.

Meanwhile, you can always check success stories of Cloud platform operations delivered by an actual MSP like Solita 😉 if you are interested, here are a few:

Then a short tea/coffee break and preparing for the final session.

From Cutting Costs to Measuring the Value of Cloud Deployments

Last but not least, a very insightful topic about cloud costs. Yesterday there was a session wheter Cloud is cheaper than on-prem. However, this session was about how to measure applications’ cloud spending from a value point of view instead of a cost point of view.

Cost-Centric Approach

Cost centric approach is the most popular approach. It is easy to do but it is not the best one from the business point of view. It can be even harmful if followed strictly. Few limitations that were raised were as follows:

  1. It focuses on optimizing the cloud resources usage
  2. It has fixed spend expectations (works by the way in on-premises!)
  3. success metrics are not optimal for digital service experience

First, if the focus is in optimizing the cloud resource usage, it may have bad effects to the performance of the applications. The best utilization by the means of resource usage may not be business wise the most optimal.

Second, if the focus is in fixed spend expectation, it may ruin the user experience. For example, think an online shop during the Black Friday. If the online shop is able to autoscale to serve all those users who want to buy from your online shop, it will mean that the costs will scale up. Then the team will get an alert “estimated budget level for this month will be exceeded, please optimize costs”. Instead, you should be happy that you have more customers than expected and scaling up is more than welcome.

Third, success metrics or KPI’s may lead you wrong. Once you only focus on the costs, you may ruin you application’s performance, availability (up-time) or even productivity.

Value Based Approach

While cost-centric approach is easy to perform, value based requires more efforts. Value based approach requires the understanding of the Unit Cost. The Unit Cost is calculated as follows:

Once you know the Cloud Costs and the Business Value Metric you can calculate the Unit Cost. The Cloud Cost is rather easy to collect, since that you can collect from the invoice. Business Value Metric, in contrast, requires the understanding of the business context. Some examples include e.g. 1) e-commerce: number of items sold, 2) airline: number of billable air miles per seat or 3) government: number of citizen served and so on.

Once you know the values and you are able to calculate the Unit Cost. In the session the following graph was introduced to illustrate Unit Cost over time.

As you can see, the total cost may vary quite a lot (Daily Cloud Spend). This is not triggering an alert however, since the Business Value Metric is also greater during that time. This means the increased Cloud Cost is acceptable because it also generates more business value!

Morover, very interesting idea was that while the unit cost is under the threshold (Max Expected Unit Cost), the team can focus on new feature development. Whereas, while the unit cost is over the threshold, the team need to focus on optimizing the application and cloud resources it is using. Quite catchy?

Can you link these approaches to any trend? Hint: compare the content of the session to evolution of financial operations of Cloud. The first example of cutting cloud costs is close to traditional Cloud cost management. Whereas, the second example of measuring the value, applies very much to FinOps. Is your organization capable of utilizing the value of cloud deployments instead of just focusing on cutting costs?

That was the final session for me. Sadly, I had to skip final key note to catch my flight. The topic of the key note was: “The Poker Game of Life: Using Poker to Enhance Thinking and Decision Making!”. Would have been very intresting to listen to the topic.


So, that was the last part of the second day, and at the same time, the last day of the conference. There were many interesting topics, some of them futuristic but some of them very pragmatic. To put it into a nutshell, let my briefly summarize the output for the last part of the second day sessions:

Cloud Platform Operations as an in-house function is not an easy job. Organizations having in-house approach to Cloud Platform Operations may take a role model from Cloud Managed Service Provider’s (MSP) way of working. Strenghts of MSP approach include 1) customer-centric mindset, 2) use of product management practises and 3) high utilization of automation.

Optimizing Cloud costs can be done either by focusing on 1) cutting costs of Cloud or by 2) measuring the value of Cloud deployments. Cutting costs is easy to perform, however it does not bring business value directly. Whereas, measuring the business value and correlating the costs against the value is better way to measure the actual Cloud cost.

That’s it! Now it’s time to take a cab to the airport and get back to home.  Again, I hope you got new insights and ideas from this article. All the best to your organization’s Cloud journey! Thanks again for reading!

Visiting Gartner IT IOCS conference (part 2/3)

Latest insights from Gartner IT Infrastructure, Operations & Cloud Strategies conference.

Greetings again dear reader! I hope you enjoyed my last post, visiting Gartner IT IOCS conference part 1. Now it’s time for the second day and part 2. Sessions I planned to visit during the second day were as follows:

  • Part 2 (THIS ARTICLE)
    • The Future of Cloud: Prepare for 2027
    • Kick Your Infrastructure-as-Code Journey Into High Gear
  • Part 3
    • Cloud Platform Operations: How to Deliver Services Like a Cloud MSP
    • From Cutting Costs to Measuring the Value of Cloud Deployments

Again, in this article, I will summarize some of the key takeaways per session from my point of view. But before going into that, first quickly insights from the first day evening.

First Day Evening

Once I managed to get out from the conference area, it was time to visit city of London. During my visit, I saw an Amazon Fresh crocery in one corner. Instead of cashiers there was only one guard next to the doors. I had to try it out!

I downloaded the app, added my Amazon account into it, scanned myself in at the gates and did shopping.

Once I had collected all what I need, I just walked away and that’s it! Credit card was charged based on what I collected from the store. And quess what? I tried if the system is so clever that it would recognize if I return a product that I had previously collected. It actually worked! I was only charged from the products I had with me when I walked out of the store. Awesome! 🙂

When I returned back to the hotel, I took a river boat to see what London looks like from the river. Below you can see the Tower Bridge.

Nice view from Thames, isn’t it? 🙂

Okay, but let’s get down to the business and start going through the sessions.

The Future of Cloud: Prepare for 2027

The first session was about Cloud predictions. What the future of Cloud looks like ? The main message was that Cloud is disrupting the scene. While Cloud has been a technology disruptor by this far, in the future it will be a business disruptor.

Cloud Journeys

Following this, organizations will have many different kind of cloud adoption journeys. Those who focus on “technology replacement” will have “replacement journeys” whereas organizations who target to “develop business and innovate” will have “business transformation journey”. It was highlighted that a business-driven strategy coupled with a pragmatic cloud adoption plan is critical for success. I totally agree this while being working with many organizations. Therefore, we have actually concepted “Business Driven Cloud Transformation” approach. The point is to keep the business focus in the cloud adoption journey. I can tell you, although it sounds easy, it is not! To succeed, we had to combine transformation and business competence with more technical application and cloud competence.

Recommendations for IT Leaders

Then there was some recommendations for IT leaders to focus on while preparing for the future. To highlight a few, Applications/Software
Engineering leaders were advised to 1) apply agile and DevOps, 2) avoid monolithic solutions, 3) promote joint business-IT development, and 4) promote low-code technologies. These are familiar topics that we are doing already with our customers. If you are interested, check for example how Terveystalo accelerates service development with Solita CloudBlox®.

Infrastructure and Operations leaders were advised to shift from centralized control to adaptive governance. Also building platform teams and capabilities was recommended. This is a trend I can see now already in organizations. Due to the challenge of talent shortage, many organizations have turned into us to provide cloud platform development and operations as a service.

Security and Risk leaders were avised to drive “policy as code” practise. Again, I can see this happening already now. It is a very powerful tool when you can have your cloud policies defined as code. Therefore we also included “policy as code” into our Solita CloudBlox® modern managed cloud services.

Future Figures

Finally, some figures that were presented during the session regarding the future:

  • Cloud business is predicted to be huge and it will exceed all other IT markets by 2026 globally reaching 1T$ of value.
  • Multicloud expectations of the organizations are going to change since many of the requirements will be unachievable.
  • Deglobalization trend will make the sovereign cloud a critical requirements for some of the organizations.
  • Industry cloud platforms will be used by 50% of the organizations to boost digital business initiatives.
  • Cloud-native development divides so that 70 % of the requirements are fullfiled by hyperscaler capabilities and 30% using containers.

There were also many other insights presented but to move forward I wanted to highlight these ones for you from the serving. Then it was time for a lunch.

Kick Your Infrastructure-as-Code Journey Into High Gear

After the lunch next session was about Infrastructure-as-Code or IaC and how to make most out of it.


Some basics about Infrastructure-as-Code (IaC) were first introduced. IaC tooling may have different meanings based on who you talk with. To clarify this, in the session IaC tooling was divided into two different categories and on top of that infrastructure orchestrations was introduced:

  1. Provisioning automation
  2. Configuration automation
  3. Infrastructure Orchestration

First, provisioning automation basically gives you the tools to e.g. define networks, firewall rules or setup virtual machines. Another example would be for example sending alarms to Microsoft Teams channel. Tools like Terraform, Pulumi, AWS CloudFormation, Azure Resource Manager and Google Cloud Deploy can be used for this purpose.

Second, configuration automation gives you the capability for example to define virtual machine configurations. Tools that can be used for this purpose include e.g. Ansible, Chef, Puppet, AWS Systems Manager, Azure Automation and Google Cloud Deploy.

Third, infrastructure orchestration helps to manage orchestration of IaC. That is, provisioning and configuration automation from one central place.  Tools like Morpheus Data, Cloudify or Quali can be used as infrastructure orchestration platforms.

Extend Use of IaC

But what is then the next step you can take to utilize infrastructure-as-Code (IaC) in your organization? Four add-on dimensions were highlighted as follows to extend use of IaC:

  1. IaC testing to validate and find possible errors in Infrastructure as Code (IaC).
  2. IaC security to detect, prevent and remediate security risks in Infrastructure as Code (IaC).
  3. IaC cost to automatically output the cost of resources and to show how that cost evolves from one deployment to the next one over time.
  4. IaC mapping to overcome common state management issues and to create IaC from manually-provisioned public cloud resources.

Adopting infrastructure-as-Code (IaC) is not a straightforward to do, albeit it brings a lot of benefits for the organization. The following challenges were raised that you need to be aware of:

  • hard to build necessary skills in Infrastructure and Operations teams
  • hard to have consistent coding practises for infrastructure
  • hard to know where to start due to the vast amount of different options

These challenges we at Solita have learned to overcome. Of course we don’t have the problem where to start. Still, however, we need to continuously train new people IaC skills and train how modern infrastructure development and operations is managed. You might have noticed yourself that it is not always easy to combine sysadmin, infrastructure and coding competences.

That was about the infrastructure-as-Code (IaC) session.


So, that was the first part of the second day! There were many interesting topics, some of them futuristic but some of them very pragmatic. To put it into a nutshell, let my briefly summarize the output for the first part of the second day sessions:

Public cloud, as we see it today, will considerably change its form during the next few years. Public cloud will spread from “public Internet” to the edge, on-premises, and eventually everywhere enabling so called “Distributed Cloud”.

Public cloud will not be just a technology disruptor anymore but will disrupt the businesses. This is due to the fact that competition and speed of innovation will eventually push Cloud hyperscalers to fight against commoditization. To meet the requirements of the speed of innovation, the abstraction level of public clouds will increase. This will mean that in the future the public cloud will be faster to configure (e.g. with Infrastructure as Code (IaC)) and they will provide “out-of-the-box” solutions for organizations in different industries.

Infrastructure as Code (IaC) based development and deployment will get closer and closer to the software development practises. This includes testing, versioning, releasing, orchestration and ways-of-working to name a few. Skills gap, however, prevents organizations to utilize the full potential of Infrastructure as Code (IaC).

First part of the second day (part 2) covered. Thanks for reading! I hope you got again new insights and ideas from this article. Next time I will go through the final part (part 3) of the blog series. Until then, bye!

Visiting Gartner IT IOCS conference (part 1/3)

Latest insights from Gartner IT Infrastructure, Operations & Cloud Strategies conference.

Greetings dear reader! It’s again the time of the year to travel to London to hear the latest insights from Gartner regarding IT Infrastructure, Operations and Cloud. What makes this journey exiting is that basically all conferences have been virtual or cancelled during the past few years since start of the Covid-19 pandemic. So, it’s time to pack the suitcase and head to London – physically!

The Gartner IT Symposium/Xpo has just been held in Barcelona. Few weeks after IT Symposium Gartner arranges a conference dedicated to IT infrastructure and Operations. This year conference carried the name Gartner IT Infrastructure, Operations & Cloud Strategies and it was arranged during 20th-21st November 2022.

Conference was held just next to O2 arena in InterContinental London – the O2. Place is easy to catch e.g. with an underground.

First registration and then to grab a cup of tea. While having a cup of tea and waiting for the Keynote to start, some autumn view from the window over Thames towards Canary Wharf.

Day 1 Agenda

Agenda that I build for the first day was as follows. Very interesting topics in the sessions, right?

  • Keynote: I&O Forward — Leading the Next Phase of Growth
  • Avoiding the Top Mistakes in Your Cloud Strategy
  • Leadership Vision for 2023: Infrastructure and Operations
  • Is Public Cloud Cheaper Than My Data Center?
  • How to Implement a Cloud Center of Excellence That Empowers, enables and Educates

In this article, I will summarize some main points per session from my point of view from each session. Let’s start.

Keynote: I&O Forward — Leading the Next Phase of Growth

First day started with Keynote with the topic of “I&O Forward — Leading the Next Phase of Growth”. The main message was that after the pandemic, world has changed and organizations need to rethink how they adapt to new normal to support next phase of growth. The solution was divided into four dimensions.

First, since digital pace of the organizations is increasing, it will set new requirements for collaboration between business and IT. The trend seems to be that technology skills are wanted more and more also outside of IT in the future. This trend will create a new type of a role in business called “Business Technologists”. They will utilize technology and work between business and IT. Digital business is a team work. These teams combining business and IT staff Gartner calls “Fusion teams”.

Second, in order to be fast and innovative, organizations must decrease complexity of platforms. To meet these needs, organizations will accelerate the adoption of intelligent automation and delivery of shared infrastructure platforms. Gartner calls this as a “platform engineering” approach. Yet another buzz word? Maybe – or maybe not. At least the focus of shared platform concept is nicely summarized: Stop focusing on tools – start building engines. As a side note, we have been helping our customer with similar approach using our Solita CloudBlox service offering. Additionally low-code/no-code was mentioned as one of the ways to increase pace and decrease time-to-market in digital development.

Third, for organizations to be competitive and attractive for new talent, they need to put focus on workforce reskilling and dynamic work management.

Finally, when all previous three themes are in place, organizations can establish “innovation engine”. This engine is powered by innovation labs that test and evaluate new technologies and opportunities. Then the best candidates will be further developed.

After the Keynote it was time to head to the first actual session.

Avoiding the Top Mistakes in Your Cloud Strategy

The session went through some key mistakes Gartner had found out organizations are doing when developing their Cloud strategies. The top 10 mistakes were:

  1. Assuming It’s an IT (Only) Strategy
  2. Not Having an Exit Strategy
  3. Combining or Confusing a Cloud Strategy With a Cloud Implementation Plan
  4. Believing It’s Too Late to Devise a Cloud Strategy
  5. Equating a Cloud Strategy With “We’re Moving Everything to the Cloud”
  6. Saying “Our Cloud Strategy Is Our Data Center Strategy” or “It’s All in or Nothing”
  7. Believing That an Executive Mandate Is a Strategy
  8. Believing That Being a Shop Means That Is the Cloud Strategy
  9. Outsourcing Development of Your Cloud Strategy
  10. Saying “Our Strategy Is Cloud First” Is The Entire Cloud Strategy

I have witnessed same kind of “mistakes” organizations easily fall-into. Therefore, we have developed Business Driven Cloud Strategy, to ensure Cloud strategies are developed business needs in mind. You can check e.g this Crash Course on Business driven cloud adoption for a reference.

Leadership Vision for 2023: Infrastructure and Operations

Next session discussed what IT Infrastructure and Operations leaders are facing in 2023 and beoynd. In summary, session provided answers to the following questions:

  1. Top challenges facing Infrastructure and Operations leaders?
  2. Major trends
  3. What actions leaders need to take?

First, what are the top challenges Infrastructure and Operations leaders are going to face? Insufficient skills is the no. 1 challenge based on Gartner’s survey. Overall, Infrastructure & Operations leaders needs to fix the core capabilities of their units first. Then the next step is to reinvent Infrastructure & Operations, which means e.g. increase customer approach and change in culture and structures.

Second, what are the major trends Infrastructure and Operations leaders need to take into account? First of all, FTE increase was expected in Infrastructure and Operations in the next 12 months. Skill trends will be in understanding business, team collaboration, willingess to embrace change. Not forgetting more technical skills like automation, cloud, monitoring and platform operations skills. Top 3 skills Infrastructure and Operations will be investing: 1) Cloud, 2) Automation and 3) Advanced Analytics.

Third, what are the actions Infrastructure and Operations leaders need to take? Three actions were highlighted: 1) sense, respond and anticipate new business needs. Not an easy task, right? 2) Retain talent by focusing on e.g. in work-life balance. 3) Mature automation in Infrastructure and Operations to unlock innovation in the organization.

Next it was time for a lunch in exhibition area. Plenty of exhibitors were present.

Is Public Cloud Cheaper Than My Data Center?

After the lunch and exhibition area roundtrip, it was time to get back to the sessions. Have you heard debates wheter cloud is cheaper than data center? Yes, I thought so. So, next let’s take a look what I learned from this session.

Comparing cloud and on-premises/data center is not that straightforward task. There are many aspects you can neglect to get cloud or on-premises look more attractive. Instead, focus should in benefits, not only in costs. However, to calculate TCO one needs to calculate it e.g. for a five year period to capture all qualitative benefits and ROI figures. The final conclusion was that cloud brings cost savings compared to on-premises but it takes time, effort and skills to realize them. Therefore, a partner like Solita who manages digital business scene from strategy and design to creating digital services and managing and operating them, can help you succeed in your cloud journey!

Next it was a time for the the final session of the day.

How to Implement a Cloud Center of Excellence That Empowers, Enables and Educates

Last but not least, interesting topic about Cloud Center of Excellence (CCOE) and its latest trends. As a side note, we have run CCOEs together with our customers for years. We also included CCOE as a module into our Solita CloudBlox services to support our customers to succeed in their cloud adoption journeys. So, it’s interesting to see if something new can be adopted based on the session.

Cloud Center of Excellence (CCOE) is at the heart of Cloud Operating model, meaning that it plays a central role between steering and daily operations. I think the illustration of CCOE was now much more understandable in the organization context than previously. It highlighted CCOE key role as a enabler in “Cloud Enterprise Architecture” module. CCOE will co-operate with different councils, cloud community of practise, admin and support and cloud implementation side. 

It was also highlighted that CCOE is a temporary function in organization. The main driver for CCOE is to empower and enable the rest of the organization by spreading the cloud knowhow. Once organization is mature enough, a dedicated CCOE can be phased out and be absorbed to Enterprise Archictecture (EA) function or other architecture functions. How long is then temporary? I haven’t yet seen phased out CCOEs but I would assume it’s somewhere between 5-10 years. It depends heavily on how organization is able to adopt cloud knowhow widely. 

Final words

So, that was the first day. Full of interesting topics, lots of information, and great speakers! To put it into a nutshell, let my briefly summarize the output from the sessions:

Business units are more and more increasing their technology understanding as “technology users” that are able to utilize tech already themselves.

IT units need to increase collaboration with business and increase their understanding of the business.

Organizations have insufficient skills currently while they also need to increase the amount of workforce who will focus on the utilization of the technology. This sets new demands for recruiting talent and keeping them inhouse.

There is a big opportunity for organizations to modernize their business with public clouds. However, to be successful it requires a lot of skills and competence accross the organization. Therefore partnering with trusted technology, strategy and design provider will bring advantage to the cloud adoption journey.

Finally it’s time to grab some drinks and food in the networking dinner with other conference peers. Then time for a little rest and preparing for the day 2. Thanks for reading, I hope you enjoyed!

Solita Cloud Academy: a Fast Track to Cloud Business

Solita Cloud Academy is a three-month intense training for people who are familiar with IT business and want to work with cloud solutions. Students are employed by Solita from the first day of their training.

It’s not a secret that the competition for talent in the tech industry is tough and particularly challenging among cloud professionals. According to forecasts, the cloud market will multiply in the coming years. Nordic countries are leading the way in cloud adoption, and to keep the development going, there is a huge need for skilled people.

To meet the needs in the market, Solita came up with a solution: a carefully tailored training path for IT professionals who desire to become Cloud experts.

“The talent shortage is a real issue, so we decided to train people ourselves. We want to continue growing our cloud business and serve our customers with their digital transformations also in the future”, says Karri Lehtinen, SVP of Solita Cloud Platforms.

Solita Cloud Academy educates new public cloud specialists to work on Solita projects. Right now, the main focus will be on Microsoft Azure training and Solita Cloud Platforms Way of Working, including mastery of Solita CloudBlox.

Cloud Academy will be started several times during 2023, and two to four students will be recruited for each round. Academians will get 12 months membership in the Sovelto PRO program and will accomplish the Azure Solution Architect Path during the first three months. The program is designed together with Sovelto Eduhouse.

“The benefit of this concept is that people can join customer projects quickly after three months of training. We want to keep the groups small to ensure sufficient support and a clear track to customer projects”, says Saila Karonen, the Talent Acquisition Owner in the Cloud Community at Solita.

The demand for Azure know-how is very high right now, which explains the chosen technology. But it is very possible that some of the future academies will focus on other technologies. Each Academy is tailored based on the prevailing needs in the market.

Solita Cloud Academy is for people who already have experience in the IT industry

This Academy is specifically targeted at people with experience in the IT industry who are now willing to learn how to design and implement public cloud infrastructures with infra-as-code. The ideal candidates have worked on IT projects before and share Solita’s philosophy
about automation coming first.

“We’d like to see cloud-curious people who know the industry and understand tech. They could be, for example, software developers or system specialists who have at least a basic understanding of IT Infrastructure Platforms”, says Lauri Siljander, the Principal of Cloud Academy.

On top of technology training, students will go through full onboarding to Solita. They will be employed by Solita from day one and receive fair compensation during these three months of studying. After graduation, there will be a salary review and discussion.

A career path to Solita’s Cloud Community

The first group of Solita Cloud Academy students is in their second month, and the experience so far has been positive. Students have felt that it’s a good combination of guided and autonomous studying, with both peer and tutorial support at hand. People are participating from different parts of Finland, so the program is fully virtual and currently conducted in Finnish.

Solita Cloud Academy is a path to Solita’s Cloud Community, a unit of about 100 Cloud Professionals in Finland. The community is passionate about quality and cares for customers’ business results. It’s a workplace where people are encouraged to craft their own path based on their interests while being open to learning and sharing their knowledge with others.

Joining Solita Cloud Community means being part of a value-driven culture where people help each other and want to make a long-lasting impact – together.

Learn more about the upcoming Solita Cloud Academy here!

keynote vogels heikki

AWS re:Invent greetings from Thursday and Friday

People loves visualizations and spatial intelligence is the new norm soon. It was the last conference day for me. After re:Play and the night it was time to fly back home.

Today I woke up again without an alarm at 7 am. Sunny walk to the Venetian via the Caesar Forum. It is an easy 20 minute walk from the Paris hotel.

Dr. Werner Vogels Keynote (KEY005)

The keynote started with an extremely entertaining  and educational video about how the world is basically asynchronous. The video showed an example about a synchronous world when Dr. Vogels visited a restaurant. For example each customer walked in one at the time, order could be done only one item at the time, food was prepared one item at the time and so on. Basically a busy restaurant is a great example of how working asynchronously speeds up the service.

keynote vogels heikki

He reminded us world is asynchronous. The synchronising is just an illusion and a simplification. The most systems need to be event driven at least for background processing.

The announcement of the AWS CodeCatalyst was important. It is a Unified Software Development Service. Wait a minute, Why it is important? During the last few years GitHub’s ecosystem has risen to a dominant market position. More major player competition is needed strongly. GitHub also published their equal product called CodeSpaces a while ago. The whole idea of running development environments in the cloud can change development work dramatically in a few years.

Dr Vogels talked then about the new era of 3D modeling and the Unreal’s demos were impressive. The most natural language for humans is visualization. AWS wants to visualize everything. Spatial intelligence is another major thing. It allows us to think how objects react with the physical world, eg. trying out new shoes virtually.

To short visit to Expo

After the keynote I visited the serverlesspresso in the Expo area to catch a cup of cappuccino. It is a concrete sample of coffee shop where you don’t need to be in a queue and the running cost for software cost less than 100 USD per month. The first step is to scan coffee shop’s QR Code with your phone’s camera. Then you choose what to order, and finally pickup the order after a couple of minutes.


APIs: Critical for data transfer, but how do you keep them secure? (NET316)

AWS APIGW with edge-optimized is a good choice to publish APIs by default. It protects you automatically from the “internet noise” up to OSI layer 4 (TCP). To have more complete protection it is good to add Web Application Firewall (WAF) to have protection up to layer 7 (Application). For example it adds protection against malicious HTTP requests (SQL injection, XSS etc.), and block traffic from known bad ip traffics.

Here is two newest features on AWS WAF summarized by AWS:

  • AWS WAF Bot Control gives you visibility and control over common and pervasive bot traffic that can consume excess resources, skew metrics, cause downtime, or perform other undesired activities.
  • AWS WAF Fraud Control – Account Takeover Prevention is a managed rule group that monitors your application’s login page for unauthorized access to user accounts using compromised credentials.

I had missed the feature that WAF supports custom responses for blocked requests, eg. JSON response with 200 OK code.

Introducing AWS KMS external keys (SEC336)

Before we could use AWS managed HSM clusters (normal KMS CMK) or use our own AWS CloudHSM cluster. AWS announced support for external HSM providers (XKS). In XKS setup you can purchase HSM from any other HSM vendor that supports AWS open source XKS specification. The external HSM can work as a “kill switch” for all data in AWS. If you block key usage, AWS or any 3rd party cannot open the data anymore.

The KMS service will connect the external HSM directly via public interface or via customer’s VPC using customer’s managed XKS proxy service. The XKS Proxy can be a Fargate service where a customer runs an image provided by AWS. You can use any connection method towards the external HSM from the proxy, eg. direct connection or VPN service.

This can be a very important feature for sensitive private or public sector data. In most cases the AWS KMS CMK is more than enough service and it is certified for credit card, health care, etc. data.

re:Play and heading back home on Friday

The re:Play is the main festival of AWS re:Invent conference. The festival is held in the Las Vegas festival area 2 miles North from venues.

It is a massive transportation challenge to move tens of thousands of people in a short period of time. This year the transportation was a bit of a hassle. My friends were first in the line and were waiting still the bus for 30 minutes. My bus was waiting for 20 minutes for unloading. Finally our full bus was directed just to leave the unloading area accidentally. Finally we unloaded in the middle of the way out from the unloading area. All good after that.

At the festival area are multiple stages, game area, head-phone listening area with bar, food areas, you name it. Everything worked nicely in the area. The main show was DJ Martin Garrix. Awesome atmosphere in the main stage’s massive tent.

My flight leaves in 30 minutes (fingers crossed). The overall experience of the conference was extremely good, so much to see, learn and experience.

AWS re:Invent greetings from Wednesday

Most cloud users are developing apps on top of cloud platforms by a managed services provider (MSP). Solita provides MSP services with Solita CloudBlox for all major clouds. Behind the scenes is happening a lot, for example identity and network management. Today was all about this.

My Wednesday started with a small sunny walk to the MGM Grand Conference center for breakfast and sessions. It is remarkable how life changes just after a block from the Strip. Here is one picture where you can see hundreds of meters of wall of enormous 9 floor garage buildings.

Morning sessions

Architectural innovation for highly distributed edge workloads (HYB307)

The session was mostly about AWS Outpost instances located in on-prem. I missed the hybrid term when choosing the session. I was expecting to learn more about local zones etc. AWS Outpost is basically an extension for your VM related workloads to on-prem. For example data center cooling, networking and physical security are customer’s responsibilities in a shared responsibility model. AWS owns the device and provides 4h SLA service coverage for it. The Outpost connects to the AWS control plane via multiple VPN’s managed by AWS. It has local network connectivity. Basically it is good for some latency critical software or for regulatory purposes.

Reimagine the security boundary with Zero Trust (SEC324)

The first half we discussed the new AWS Verified Access (AVA) service. It provides an important solution to have “micro VPN” from the user’s browser up to the VPC’s private load balancer. The client is first authenticated via normal SSO (eg. AzureAD). Then the Chrome/Firefox browser plugin creates a secure connection to AVA endpoint. Finally the client can access private VPC ALB/NLB if the access is granted.
In AVA the access to applications can be controlled at a detailed level via access groups and their policies. Software defined perimeters (SDP) can be adjusted. The AVA service creates access logs in Open Cybersecurity Schema Framework (OCSF) format. Standardized log format makes integrations to SIEM service easy.
The pricing is something to notice. If we have an application which has three environments, the service will cost us 21 000 USD in three years plus 0.02 USD/GB for data transfer. Still I think the price is relatively high if your app is not truly a large scale enterprise app or you have multiple micro services = applications used by the client.
The other half we talked about basics. AWS has many fundamentally important services that people don’t associate with ZeroTrust services. AWS IAM eg. with AWS APIGW creates a solid managed solution to control service access. Inside a VPC, the usage of security group relationships (SG A can connect SG B’s port 443) makes a huge difference. PrivateLinks to share services between VPCs’ is again a solid structure. Also new AWS VPC Lattice a.k.a “consolidated service mesh” looks promising to great cross-account service mesh networking.
The lunch at Caesar Forum was great.

Afternoon and evening sessions

AWS network architectures for very large environments (NET303)

When you are using a single AWS account for multiple workloads you might end up with hard limits that 99% percent of AWS users don’t know exist. Before there was a 50 000 ip address limit under the hood (not public information). During that period AWS monitored each VPC’s IP usage. When the usage was over 10k AWS proactively contacted the customer to discuss needs and maybe to rethink the architecture a bit. Nowadays the limit is around 250 000.
It was time to move to Caesar Forum by the re:Invent shuttle service.

Network operations, management, and governance best practices (NET305)

The session highlighted four network operations categories: collect, monitor, troubleshoot and analyze. The price comparison can sometimes relieve strange things. For example VPC Reachability Analyzer costs 0,10€ per run and Transit Gateway Route Analyzer is free to use. If you would like to monitor your essential routes every 5 to 10 minutes even the smallest fee can cost a lot at the end.
NetDevOps stands for network development operations. It is a huge cultural change for many organizations. I guess more than 90 percent of networks are still managed by ClickOps method, in a good scenario including documentations.
In Solita CloudBlox development we believe strongly to devops culture. For example if I need to add a new route to AWS TransitGateway or create a new Route53 DNS Zone, I will make changes to a branch in the GIT repository. After the PR of the branch is accepted and merged, it will automatically trigger the CICD pipeline. In the end of the pipeline AWS organization is fully up to date including the latest changes defined.

Designing a multi-account environment for disaster recovery (ARC319)

The session was about business continuity (BC). The basic explained solution was to have a reserved organizational unit (OU in AWS Organizations). In the BC OU you will have one or more BC accounts with very limited access. Each solution must follow 3-2-1 pattern: (3) 1 primary and 2 secondary copies of data, (2) 2 accounts and (1) 1 cross-region (or outpost solution).
In case when one or multiple accounts gets compromised, you need to be ready to restore  accounts from ground up. In this kind of DR scenario you would need to retrieve secondary backup from BC account to newly re-created accounts. Old accounts would be locked and reserved for future investigations.

The cake vending machine

After a long day I decided to walk back to the hotel to write this blog post and to pack my luggages ready for Friday. Thursday is awesome re:Party again so I will be late at the hotel.
Every day I pass the cake vending machine twice in the Paris Hotel & Casino complex. Often there are a bunch of people using it. That’s all for today, bye!