Governance at Scale: Fixing Azure Decisions Before They Break with Vladimir Stefanovic [MVP-MCT]

1
00:00:00,000 --> 00:00:05,840
Hello everybody and welcome to another edition of the NC65 show.

2
00:00:05,840 --> 00:00:14,440
Today my guest is Vladimir Stefanovic and he is 20 years in 20 years plus in IIT.

3
00:00:14,440 --> 00:00:22,760
He is an Azure MVP, Microsoft Certificate Trainer, works on large scale Azure Architects

4
00:00:22,760 --> 00:00:25,520
and he is a governance specialist.

5
00:00:25,520 --> 00:00:28,720
So yeah, thank you for being here.

6
00:00:28,720 --> 00:00:37,720
Vladimir, why did you start with infrastructure and cloud?

7
00:00:37,720 --> 00:00:43,720
Yeah, before we start, thank you for inviting me, Mirko.

8
00:00:43,720 --> 00:00:46,720
And that is actually a long story.

9
00:00:46,720 --> 00:00:53,720
So you mentioned I am 20 plus years in 90 years and I am one of the old school guys,

10
00:00:53,720 --> 00:00:55,720
even though I do not feel that old.

11
00:00:55,720 --> 00:01:01,720
But I started as a guy from the neighborhood who was installing operating systems, setting up printers,

12
00:01:01,720 --> 00:01:09,720
so I find networks, burning DVDs, actually CDs, DVDs came very late.

13
00:01:09,720 --> 00:01:19,720
So worked from the very low level in IIT, which is quite important today,

14
00:01:19,720 --> 00:01:22,720
which new generations are missing.

15
00:01:22,720 --> 00:01:26,720
He immediately jumped into the cloud, jumping to some staff today, AI,

16
00:01:26,720 --> 00:01:29,720
so they do not know basics what is behind and so on.

17
00:01:29,720 --> 00:01:35,720
But actually my generation, we started in a very low and start moving up.

18
00:01:35,720 --> 00:01:42,720
And at some point in my career, I moved to more serious environment,

19
00:01:42,720 --> 00:01:44,720
servers and so on.

20
00:01:44,720 --> 00:01:48,720
Actually infrastructure, that was, I was more familiar with that.

21
00:01:48,720 --> 00:01:55,720
And somehow cloud came up as a good successor of that infrastructure.

22
00:01:55,720 --> 00:02:00,720
When I started working with cloud, that was, let's say, in early ages,

23
00:02:00,720 --> 00:02:06,720
not from the time where Azure was in a service model,

24
00:02:06,720 --> 00:02:13,720
actually started in 2015, '16, something laid out, I do not know exactly,

25
00:02:13,720 --> 00:02:18,720
when I was in Serbia at that point, without that many opportunities,

26
00:02:18,720 --> 00:02:25,720
many projects, more inforiented workloads.

27
00:02:25,720 --> 00:02:37,720
And that is how I ended up over time and was climbing slowly to the position where I am right now.

28
00:02:37,720 --> 00:02:43,720
And, yeah, you're an MVP and MCT, and I think MVP is something you,

29
00:02:43,720 --> 00:02:47,720
yeah, you must be still excited what you're doing.

30
00:02:47,720 --> 00:02:56,720
After 20 years in IT, how still you, yeah, what's still exciting you today to do this?

31
00:02:56,720 --> 00:03:02,720
Yeah, yeah, the definitely so I'm MCT from the 2014,

32
00:03:02,720 --> 00:03:07,720
so right now, when I say 2014 and right now, in 2022, 2026,

33
00:03:07,720 --> 00:03:13,720
so develop full ears, I'm Microsoft certified rare for a couple of rounds.

34
00:03:13,720 --> 00:03:18,720
I was also regional lead for the Serbia, actually, Balkan countries,

35
00:03:18,720 --> 00:03:21,720
and a little bit more here in the Netherlands.

36
00:03:21,720 --> 00:03:27,720
And from the 2019 Microsoft Azure MVP, which is actually,

37
00:03:27,720 --> 00:03:35,720
when I became Microsoft Azure MVP in the world, we're only 500 MPs for Microsoft Azure.

38
00:03:35,720 --> 00:03:39,720
So actually, that was relatively early, but yeah, my focus was completely there.

39
00:03:39,720 --> 00:03:42,720
And it's still exciting.

40
00:03:42,720 --> 00:03:48,720
Of course, not that high excitement, like five years ago, six years ago.

41
00:03:48,720 --> 00:03:52,720
So that is, that is expected because you're getting,

42
00:03:52,720 --> 00:03:56,720
you're getting more familiar with what is there.

43
00:03:56,720 --> 00:04:01,720
Sometimes more busier than you do not have that enough time to be that excited.

44
00:04:01,720 --> 00:04:09,720
But yeah, still it's very good to be a Microsoft Azure MVP, actually Microsoft MVP.

45
00:04:09,720 --> 00:04:14,720
My category is just filling into Azure because you can, you can talk with product groups.

46
00:04:14,720 --> 00:04:17,720
You can talk with other MVP peers.

47
00:04:17,720 --> 00:04:19,720
You can share knowledge on a higher level.

48
00:04:19,720 --> 00:04:21,720
You can share your vein.

49
00:04:21,720 --> 00:04:24,720
You can share ideas with product groups.

50
00:04:24,720 --> 00:04:31,720
Because it means they will always take it in consideration because one world is not enough for a lot of stuff.

51
00:04:31,720 --> 00:04:34,720
But yeah, yesterday I had quite a good conversation with a far,

52
00:04:34,720 --> 00:04:38,720
a little far, far, well product team because I was very loud last time.

53
00:04:38,720 --> 00:04:43,720
And when we discuss about something that doesn't work, so we had very constructive discussion.

54
00:04:43,720 --> 00:04:53,720
So that is something that will pump your ego a little bit when you have chance to talk with someone who is in a high position.

55
00:04:53,720 --> 00:05:00,720
Even you know that, okay, they will not fix that tomorrow because that is quite a bigger environment than we can think about.

56
00:05:00,720 --> 00:05:05,720
But yeah, so that is, that is still interesting.

57
00:05:05,720 --> 00:05:17,720
And we will talk today a little bit about the governance, what is the specific moment where you realize governance become critical at scale.

58
00:05:17,720 --> 00:05:39,720
That is like if you want to build house and you start thinking about your foundation three months later, but you will first start thinking about tiles and what kind of in any bedroom or what will be your kitchen or what will be color of your room or officer whatever.

59
00:05:39,720 --> 00:05:51,720
So, and unfortunately still even we are living in 2026 still a lot of a lot of companies start doing some stuff doesn't matter how they are bigger.

60
00:05:51,720 --> 00:05:58,720
And that is a pattern that you can see in startups in SMB companies in mid size in enterprises.

61
00:05:58,720 --> 00:06:02,720
They will start doing something.

62
00:06:02,720 --> 00:06:11,720
Few years later, depends on how growth is big few years later, they decided, oh, we cannot do that anymore on this way, what we need to do right now.

63
00:06:11,720 --> 00:06:19,720
So when we talk about governance, but in overall planning, you need to start that from the day one.

64
00:06:19,720 --> 00:06:30,720
So when we start building something, we need to have as much as possible things on an unavoid board on a paper that we can start planning.

65
00:06:30,720 --> 00:06:44,720
That doesn't matter if you did something that is not based, build on a base practices or or align with some standards that you cannot do that later in most cases you can.

66
00:06:44,720 --> 00:06:49,720
But working on a brown field or live production environment is more complex tomorrow.

67
00:06:49,720 --> 00:07:11,720
Then if we start planning today, so that is that is something that I spoken on last week on a cloud summit, how we can approach that one where we need to pay attention how we need to think about cloud adoption framework, well, our head of the frame or blending zones where to pay attention and what things we can change later adopt later and a little bit.

68
00:07:11,720 --> 00:07:18,720
So, yet we need to start thinking about that on a day zero.

69
00:07:18,720 --> 00:07:28,720
It's something I have a little bit prepared for this podcast session and I see you often say is fail.

70
00:07:28,720 --> 00:07:33,720
Yeah, the systems fail because of early decisions.

71
00:07:33,720 --> 00:07:38,720
What kind of decision are most dangerous in your perspective?

72
00:07:38,720 --> 00:07:53,720
There is no, there is no any put there and it really depends on what is the what is the nature of the business and what is the environment, what kind of environment you have right now what you want to have in the future.

73
00:07:53,720 --> 00:08:02,720
So, a lot of questions will be on the table before we start thinking about saying one of the previous company where I used to work.

74
00:08:02,720 --> 00:08:16,720
We had actually for every new project three to six months of workshops with client until we put something on the table as a potential solution for to discuss with with the customer.

75
00:08:16,720 --> 00:08:30,720
So, if you choose a wrong networking model, if you choose just a simple one subscription and we will put everything there are two subscriptions and then we will start growing or we.

76
00:08:30,720 --> 00:08:42,720
We got some investors that will fill money in and we will grow very fast then okay, how we can do that and problem is not really from on the technical side as well.

77
00:08:42,720 --> 00:08:48,720
So, yeah, we can fix a lot of stuff still there are a lot of things that we cannot fix.

78
00:08:48,720 --> 00:08:51,720
In Azure, you cannot move all of those resources.

79
00:08:51,720 --> 00:08:57,720
You cannot easily migrate or something bad do not talk about technical side.

80
00:08:57,720 --> 00:09:15,720
What if we can do that we want to redesign everything but we are growing too fast that we cannot do that we do not have enough time and you know how things works if we are in a business and we need more sites or more features or whatever.

81
00:09:15,720 --> 00:09:35,720
And that is always priority higher than cleaning up stuff, doing maintenance and those kind of things and then you can easily be in a position that you know what needs to be done but you do not have enough time you do not have enough hands available to do work on that you do that.

82
00:09:35,720 --> 00:09:49,720
And you need to just continue with growth and that happens I I I I I I I found out a few times on my project that we started on a low scale.

83
00:09:49,720 --> 00:10:04,720
We tough that will be big that's good but then we got in a running train that was running very fast like Japanese silver bullets friends and then we cannot get out we cannot bring anyone in.

84
00:10:04,720 --> 00:10:10,720
Because we do not have enough time and then that is a problem.

85
00:10:10,720 --> 00:10:14,720
Okay, it's a time problem problem.

86
00:10:14,720 --> 00:10:18,720
But why do companies.

87
00:10:18,720 --> 00:10:24,720
Yeah, I start or start with Azure governance.

88
00:10:24,720 --> 00:10:28,720
Yeah, you know, most units it's it's too late.

89
00:10:28,720 --> 00:10:36,720
That is not something that you can explain easily to sea level.

90
00:10:36,720 --> 00:10:41,720
Because majority of people do not see a big benefit of that.

91
00:10:41,720 --> 00:10:45,720
So if I try to sell to sea level.

92
00:10:45,720 --> 00:10:57,720
Okay, we need to work either to three months with three FTE full time engineers on a proper governance for the our infrastructure.

93
00:10:57,720 --> 00:11:05,720
So set it up landing zones, government and in a proper way everything will be automated and so on.

94
00:11:05,720 --> 00:11:15,720
Or we will build three new apps or three new sites or whatever that will start generating money.

95
00:11:15,720 --> 00:11:24,720
Then business will easily move to the things that will start generating money.

96
00:11:24,720 --> 00:11:47,720
It's not easy to explain, but that is some pattern that you will see that you will definitely see everywhere and always it's the only one difference between environments is do we have to engineers three engineers or 10 if we have 10 maybe we can reshuffle a little bit of their times a lot to our.

97
00:11:47,720 --> 00:11:57,720
We're engineers weekly and then we can start moving forward a little bit because if you want to do something that is not directly visible.

98
00:11:57,720 --> 00:12:14,720
Then is very hard to justify to level who will this bit in decision mode for that and he's not technical level so that is something that I.

99
00:12:14,720 --> 00:12:37,720
Hearing all the time on the conferences where on a last year I was on a Microsoft ignite was on a Microsoft boot for three days and in a middle of the center of the expo for ignite and 15,000 people I was there and I was talking with people and 70% of them were in that.

100
00:12:37,720 --> 00:12:52,720
More or less in that that position and what could be the first warning signals of I call it cloud cars.

101
00:12:52,720 --> 00:13:16,720
And the first place definitely will be some security issue and a second place will be cost is if you have security issue you have some breach that will affect sometimes business business can stop completely if you have cost issue you will pay more but that will you will continue.

102
00:13:16,720 --> 00:13:30,720
So to operate but those two things can be triggers for upper management to think a little bit about that if they are very.

103
00:13:30,720 --> 00:13:54,720
And I want to all those questions that are getting over the time from the engineering level so definitely those two things I would put in a top two maybe we can discuss about third fourth fifth place but security bridge we got a lot of clients over my career when they had a security bridge and a cost definitely so if I can save you.

104
00:13:54,720 --> 00:14:09,720
1000 monthly which is 12,000 yearly then probably you will pay my fee to do assessment and help you doesn't matter if that my fee is three or four thousand whatever you can see benefit that you will start saving money.

105
00:14:09,720 --> 00:14:26,720
But if I tell you we will optimize that so then you can work a little bit more efficient you will have you will prevent some things and so on and that will cost money but you will get nothing immediately that is sometimes very hard to justify.

106
00:14:26,720 --> 00:14:55,720
I think it's it's it's hard to explain to a lot of people they only see I think often I see when companies start with a cyber security insurance then then they first start seeing oh I can get save money and they don't understand they are losing I don't know they can lose a lot but what they definitely lose is the trust.

107
00:14:55,720 --> 00:15:05,720
Because the trust of the clients when they get a security bridge and it's costs a lot I think yeah trust is something build over yes.

108
00:15:05,720 --> 00:15:20,720
If you are provider if you're MSP or whatever and you're providing some services and you do something wrong and that can they can map security security issues directly to you then you will definitely lose a lose trust.

109
00:15:20,720 --> 00:15:48,720
But also companies they have their internal it is they are not ID companies they have internal it is always easier to justify security stuff doesn't matter what is the cost of those security projects things whatever it's very easier to justify then justify proper governance layer proper landing zones proper all based access control proper things around

110
00:15:48,720 --> 00:16:11,720
that we can do and we do not really need any special security measures if you do do a proper way on a on an infrastructure and architecting layer that you implement just the basic stuff that definitely should be involved everywhere you will decrease for 70 80% potential

111
00:16:11,720 --> 00:16:31,720
escape landscape where you can get some attack so that definitely that one and also as I mentioned cost so that those two triggers will always be enough for on a first to place if you ask me for for something all the modern money.

112
00:16:31,720 --> 00:16:39,720
What would you say separates good edge on networking from a bad edge on networking.

113
00:16:39,720 --> 00:17:07,720
Again really depends on what is the workload so that there is no one simple answer that can fit all so there is no solution that can fit all if you have hybrid environment that is completely different approach then if you have just a local environment local I mean just a cloud environment if you have hybrid and you need to think about a lot of

114
00:17:07,720 --> 00:17:29,720
interconnectivity between your locations doesn't matter right now is really important to think about how many locations we have how many locations we will have what kind of networking needs to be between those locations what is the management that we need to put in place so what I see

115
00:17:29,720 --> 00:17:58,720
not that often but I see that that people will be how we would do not want to use Azure Firewall we do not use a virtual one regardless of pros and cons we will use the classic we will manage we will do that that's okay and then at a certain point they will find out that they do not have a proper people in house who can manage that if you have a proper people you have a bunch of network engineers architects who understand how

116
00:17:58,720 --> 00:18:19,720
as your work then you can manage NVAs or actually the on-prem stuff in cloud if you do not have the and you have on the other side very knowledgeable as a ring for guy who understand that for king you can manage everything if you go to pass services then how is important connectivity between

117
00:18:19,720 --> 00:18:48,720
the outside location in cloud is very important to be up and running all the time if it's not how long we can survive without that so then question will we go with express route or just VPNs or a lot of questions needs to be answered needs to be on a table before we start planning something if you have just cloud workload then you have even more options and you can use

118
00:18:48,720 --> 00:19:11,720
the VPNM you can use just happens poor if you have less than 10 networks that is super easy to manage in any kind of of those approaches so it really depends what we need to do and what an always my first question always will be what is the end goal for everything what is the end goal what we want to achieve

119
00:19:11,720 --> 00:19:39,720
but not where we will start what we want to achieve then we can start thinking about our starting point and actually in a few hours we can map what we need and that is the first breaking point in discussion so if you want to achieve I don't know you want to have fully scalable fully automated network sustainable self healing and everything around and you

120
00:19:39,720 --> 00:20:06,720
have nothing at the moment so you plan to move to that direction to cloud then is very easier because we will build everything from scratch but if you already have something and that is not built properly then we need to any that is production workload then we need to restructure everything inside or in parallel then move workload plan a lot of stuff and then at that point that is the first

121
00:20:06,720 --> 00:20:21,720
moment where things can start in discussion breaking not technically because we still didn't touch anything what is the goal and then we can based on goal then everything

122
00:20:21,720 --> 00:20:45,720
you are also a little bit deep dive in the prevalence of frameworks and you are also the C.A.F.W.A.F. expert what will you say but what parts are organizations misunderstand here often

123
00:20:45,720 --> 00:21:14,720
that is very interesting question and there is no there is no that easy answer yeah I collaborated with the latest C.A.F.W.A.F. version but what is there actually C.A.F.A.F. is pretty well done white solid framework

124
00:21:14,720 --> 00:21:37,720
I like to say and I'm saying that do not get as a holy grail use that as a best practice take the best out of that there are certain things that you should follow completely as much as possible there are certain things that you can change and you should change if your environment is different

125
00:21:37,720 --> 00:21:59,720
but the biggest problem definitely what I see and seeing and probably will continue seeing that all over the time is that people think that a proper design and proper implementation is easy if they just follow the

126
00:21:59,720 --> 00:22:26,720
documentation so even though we know okay I want to build house I need foundation I I know where my rooms will be and okay we will do that but still I don't know what I need to do for the proper ground and what is the type of soil do I need to do some enhancement what that is it they will take look like if you want to do something at your home you don't

127
00:22:26,720 --> 00:22:50,720
want to pay for any expert for that but you will go to find YouTube video how to fix something and probably you will fix no problem but you don't know if that is good if that is proper fix or lot of things around the pretty same thing happens yeah that is done that will work you can find

128
00:22:50,720 --> 00:23:05,720
the automation you can find a lot of videos on YouTube a lot of online trainings you will get certain level of knowledge but when we start touching points we are not explained in that video then you are in dark

129
00:23:05,720 --> 00:23:32,720
yeah and I actually had that few months back when I explained to one of the my colleagues from Serbia explained to him and how things work and he started he stopped following me after five minutes because after five minutes of my explanation all those information were not in any document that was based on experience

130
00:23:32,720 --> 00:24:01,720
and that is a quite quite big difference where their experience we are starting adding value so getting that is easy cake because a lot of things are documented is a weakest point at some point so question is not if that will be question is when that will be a big problem for us if we start growing of course if you have two

131
00:24:01,720 --> 00:24:25,720
virtual machines one network or one website no problem that will work so that is what we talk about enterprise I have a little bit look at yeah as a group and so on and especially when talk about governance and that's a say possible policy driven governance

132
00:24:25,720 --> 00:24:48,720
when you say yeah it's realistic or it's still too hard for many teams actually it could be hard but can be very easy because if you are proficient with automation then it can build a lot of stuff relatively easy

133
00:24:48,720 --> 00:25:11,720
and why I like to say relatively easy yeah there are a bunch of policies around that you can use but some statistics says that the average company will use 20 to 30 policies at all for all organization if they are well well designed and put on a proper place and 80% of things is covered

134
00:25:11,720 --> 00:25:38,720
and when you start looking you can build a lot of stuff but always the most complex solution and most harder solution are the most simplest solution that you will implement so do not over engineer do not over complicate use basics and then probably you will drop down to I don't know 20% uncover things that you can start doing over the time

135
00:25:38,720 --> 00:25:57,720
so it's not that complex if you wanted there are a lot of products around one of the this gold standard is a enterprise policy scale that is kind of community product that works but you can build that alone so that is not that big problem

136
00:25:57,720 --> 00:26:11,720
if you are proficient and you don't want to go to that product to follow all all standards from their side you want to build something on your own yeah that's possible but you just need to take care of everything

137
00:26:11,720 --> 00:26:23,720
so I wouldn't say that is a big problem is time consuming to kick off that product doesn't matter if you use something or you will build something that is a product

138
00:26:23,720 --> 00:26:40,720
it's just time consuming to kick off then maintenance later is part of any kind of maintenance but yeah again when we start back go back to the landing zones and governance when you build it properly then it's easier to implement

139
00:26:40,720 --> 00:26:46,720
if you start doing that in a very complex way then it will be complex later

140
00:26:46,720 --> 00:27:04,720
we have talked about the management and the money so which governance mistakes becomes the most expensive and long term from your perspective and how can we settle or can settle to the sea level

141
00:27:04,720 --> 00:27:21,720
there are two things if you do not set up on a governance through the governance if you do not set define properly all of those landing zones groups management groups and everything and set up proper permissions

142
00:27:21,720 --> 00:27:28,720
then you can easily get the incitation that someone will have more permission than needed

143
00:27:28,720 --> 00:27:36,720
if someone have more permission than needed then you potentially have quite a big problem doesn't mean yet that will happen

144
00:27:36,720 --> 00:27:50,720
no maybe I will have a full owner on tenant level and we'll do nothing but that is something that we definitely need to start avoiding as much as possible

145
00:27:50,720 --> 00:27:58,720
because that is something that will also come before we start talking about governance and approach and whatever

146
00:27:58,720 --> 00:28:08,720
when there is something that comes from the mindset perspective and approach how we will do so if we treat automation as a first class citizen

147
00:28:08,720 --> 00:28:23,720
if we have a for a principle if we want to do and aiming to do everything through the code then we do not need to have any kind of special access, special permission

148
00:28:23,720 --> 00:28:33,720
so that is one level where if you do not plan that properly we can be more exposed and more vulnerable

149
00:28:33,720 --> 00:28:43,720
and on the other side if you do not prevent that access then people will have certain level of access and they will start building stuff

150
00:28:43,720 --> 00:28:54,720
that is something that I remember that was almost 10 years ago when a friend of mine told me no one can deploy anything

151
00:28:54,720 --> 00:29:09,720
they will just fill a request and when we approve automation will take care and deploy and that was company of 2,000 developers and just 5 Azure Admin engineers

152
00:29:09,720 --> 00:29:19,720
and then the question was okay but just 5 of you you need to evaluate a lot of things and how you can do that with there are 5,000 developers

153
00:29:19,720 --> 00:29:37,720
and then he said yeah but if you have 5,000 developers and each developer deploy only one that's up at that point that costs 50 euros monthly then that will be 250,000 monthly for nothing

154
00:29:37,720 --> 00:29:49,720
so they will just fill request we will evaluate if that is approved I will click button approved and automation in the back end will pick up and deploy everything

155
00:29:49,720 --> 00:30:00,720
so if you have that mindset that you should work in automated way you have a for a principle which means all processes are there

156
00:30:00,720 --> 00:30:14,720
so there is no any push from branches only from the main or a lot of things around then you can decrease enormously food free and potential issues that you have

157
00:30:14,720 --> 00:30:23,720
and when I talk right now that sounds very easy but when we come to the moment that we need to discuss about implementation

158
00:30:23,720 --> 00:30:32,720
I didn't have any situation in my life that was smooth that was always was very harsh from the different angles

159
00:30:32,720 --> 00:30:40,720
oh implementation is very hard just give the data guy access he will need to fix that or they do not engineering teams or ops teams

160
00:30:40,720 --> 00:30:50,720
it doesn't have that level of knowledge you need to spend time to teach them or a lot of things around but all people will start noting yeah that is perfect

161
00:30:50,720 --> 00:30:58,720
great we will go that way that's fantastic and so on DevOps DevSecOps DevOps DevOps DevOps

162
00:30:58,720 --> 00:31:14,720
everything is ops perfect on paper but implementation then we can see quite big issues in starting steps to implement something

163
00:31:14,720 --> 00:31:24,720
okay I think a little bit about I'm more in power platform for the IHLsod

164
00:31:24,720 --> 00:31:40,720
engineering and but sometimes is under engineer how do you prevent to or how do you balance governance to being over or under engineer

165
00:31:40,720 --> 00:31:52,720
it depends who you have team so that is the main point you need to call in a certain extent you need to collaborate with cybersecurity

166
00:31:52,720 --> 00:32:05,720
usually so security cybersecurity teams that doesn't matter what is a name of those teams but again start with small steps start with the basics

167
00:32:05,720 --> 00:32:17,720
and when you implement basic stuff few days ago I spoke with friend from the cananda and he told me oh I didn't find anywhere any kind of golden rule

168
00:32:17,720 --> 00:32:35,720
what to implement and where should you have any idea okay let grab a paper and pen and we will just draw right now what you need block public IP addresses block big skews for virtual machines and so on

169
00:32:35,720 --> 00:32:46,720
that is very costly deploy these deploy that logs and everything and we got the list of 10 15 policies and we actually covered more than 60

170
00:32:46,720 --> 00:33:01,720
percent of important stuff in just 15 minutes on a paper not implemented of course so if you start planning that that is easy but if you see oh this guy did a very good stuff

171
00:33:01,720 --> 00:33:13,720
so but I want to do that in a more complex way because I'm seeing that for younger generation especially who want to do that something and actually they are doing smart they are knowledgeable

172
00:33:13,720 --> 00:33:24,720
they know more languages than I knew at that time and so on but why complex why you're reinventing will if something already exists

173
00:33:24,720 --> 00:33:37,720
so that is the point you need to have sounds maybe hers but you need to have experience and there is one funny it's not mean that it's not quote like a small story

174
00:33:37,720 --> 00:33:54,720
and one guy was was interviewed and they asked him okay how you got to that position in your life yeah two words which ones good decisions okay but how you got to good decisions

175
00:33:54,720 --> 00:34:03,720
one word give each one experience okay but how you got experience he said two words which one better decisions

176
00:34:03,720 --> 00:34:15,720
so if you have that flow yeah you need to make mistakes all of us are making mistakes I like to say regular people make mistakes but seniors make disasters

177
00:34:15,720 --> 00:34:28,720
I will not make small mistakes when I make mistakes that will affect a little bit the broader audience but yeah you need to make mistakes and you will learn best for mistakes

178
00:34:28,720 --> 00:34:40,720
and if you have a good team that you can share your mistakes then you will get knowledge base of mistakes that you will not make any time then that's called experience

179
00:34:40,720 --> 00:34:46,720
we have experience you're seeing that and when you if we have experience then we can make a good decisions

180
00:34:46,720 --> 00:35:00,720
and that is sometimes why you will when you hire someone who is very expensive as a consultant and will provide to you with a solution relatively short

181
00:35:00,720 --> 00:35:07,720
and that's not how we could get that one because you do not have experience so that is that is quite a big difference

182
00:35:07,720 --> 00:35:23,720
maybe you have experience in the different field that I can experience in this field and amount of people that go through through my classroom probably no one from the sea level will see in their life

183
00:35:23,720 --> 00:35:30,720
and then I can evaluate people way faster than they can and I prove that a lot of times

184
00:35:30,720 --> 00:35:41,720
so experience will lead to good decisions and good decisions will save you from over complicating and over engineering decisions

185
00:35:41,720 --> 00:35:52,720
so in every single doesn't matter that is IT or plumbing or building house the pretty same thing experience will go to decisions

186
00:35:52,720 --> 00:36:06,720
and I work more on productivity apps and power platform and fabric and I see a lot of companies they do the simple things wrong or nothing

187
00:36:06,720 --> 00:36:13,720
like naming convention and targeting strategies how important is it in Asia?

188
00:36:13,720 --> 00:36:32,720
naming convention but I think that is one of the super important stuff and very well underrated in the designs and I do not like honestly from the cuff a naming convention that is kind of best practice

189
00:36:32,720 --> 00:36:41,720
I really do not like so I believe that if you have a proper naming convention then you do you can automate things in a better way

190
00:36:41,720 --> 00:36:50,720
if you have standardized environments at the company I work right now we have their houses all around the world and naming convention and workload

191
00:36:50,720 --> 00:36:59,720
actually workload is standardized is exactly the same and YouTube good naming convention and good automation around

192
00:36:59,720 --> 00:37:08,720
if you provide just for letter acronym that belongs to site we have full automation and full lending zone will be deployed completely

193
00:37:08,720 --> 00:37:18,720
it is very important and tagging as well tagging is a little bit more complex topic to talk depends on how big environment is

194
00:37:18,720 --> 00:37:31,720
do you have more different workloads what you want to how you want to attack but yeah those things are part of the governance actually underrated

195
00:37:31,720 --> 00:37:46,720
and very important to build around all other stuff to believe in or you can do have a super good automation super simple automation if you have a proper naming convention

196
00:37:46,720 --> 00:37:56,720
and then if you have a proper naming convention that belongs to deploying lending zones then it literally changing one parameter file

197
00:37:56,720 --> 00:38:11,720
will trigger new deployment that will be exactly the same to the previous one so quite important but people need to understand that any to build a proper naming convention

198
00:38:11,720 --> 00:38:31,720
when you look a bit a little bit about yeah I think maturity models are something how many now how major are companies today with with other policy policies in your perspective

199
00:38:31,720 --> 00:38:51,720
I do not have that many experience with smaller companies that what I see in her from the other MVP is usually not that mature

200
00:38:51,720 --> 00:39:07,720
so still all of the things are somehow connected so I presented with an conference with one of the one of the big was automation and was maturity scale of automation

201
00:39:07,720 --> 00:39:23,720
if you do everything through the portal a lot of click ups stuff yeah you can you can do a lot of stuff you can do almost everything but in a small scale when you start getting bigger than that is not sustainable that much

202
00:39:23,720 --> 00:39:39,720
and then you'll start forgetting and when you start implementing policies then you cannot fix a lot of stuff so that does come directly from the technical that's implementation that comes from the idea

203
00:39:39,720 --> 00:39:55,720
because you cannot plan and build something that if you do not know that that exists so that's the point so if you have a company who started with Asia they didn't have a short attack they started

204
00:39:55,720 --> 00:40:11,720
and they said yeah we know just something we listen something we show blood and conference blah blah blah and they will start building and two years later they have workload that is 40,000 monthly and no one planned that properly

205
00:40:11,720 --> 00:40:25,720
then you need to redesign new structure everything so maturity comes from the early decisions if you plan early on everything what you need at least to build design properly

206
00:40:25,720 --> 00:40:35,720
and then later you can you can assign a lot of stuff around including policies for all based access control or custom roles and everything what is what is needed

207
00:40:35,720 --> 00:40:53,720
yeah the company is or have overcomplicated or they do have very small of course there are a lot of companies they have that in a proper way but that is not some kind of standard that we see

208
00:40:53,720 --> 00:41:15,720
I think also there it's when when we talk or Microsoft the Microsoft has their key notes there it's especially when we talk about governance or security there's one thing I think it's every time they say 10 times zero trust

209
00:41:15,720 --> 00:41:19,720
think you zero trust is still misunderstood

210
00:41:19,720 --> 00:41:35,720
no but that's a very broader topic when we talk about zero trust and as many other things should be planned upfront with many other things

211
00:41:35,720 --> 00:41:47,720
but that's not that big focus today because today every all focus is an AI but zero trust definitely was two years ago that was security and zero trust

212
00:41:47,720 --> 00:42:01,720
the two buzzwords that were on every single every single conference but yeah you need to plan that one so we need we need to protect identities we need to protect everything because everything is evolving today

213
00:42:01,720 --> 00:42:13,720
so if you if you live in a world where you think that just blocking your IP address from a connecting to certain service will save you

214
00:42:13,720 --> 00:42:27,720
you're already very behind because that is the easiest way to manipulate if someone wants to hack here but also if we even if we have full MFA and everything everything all things around

215
00:42:27,720 --> 00:42:39,720
a lot of things can be hacked question is are you interested to have something interesting for hackers or not so everything is possible

216
00:42:39,720 --> 00:42:51,720
I had a discussion recently for the some some fabric project and that was okay how we can share that yeah if you ask me if that is possible to to be misused yeah of course

217
00:42:51,720 --> 00:43:07,720
but the question is how will decrease that footprint and vulnerability yeah everything is possible but we are doing the best thing to minimize everything to have that in place

218
00:43:07,720 --> 00:43:23,720
zero trust identity private endpoint and so a lot of rules and everything but still one wrong click somewhere and one very disappointed employee who have had some access

219
00:43:23,720 --> 00:43:35,720
can make a quite disaster which I had one time once in a case in my my career that one disappointed the belief of start making a lot of

220
00:43:35,720 --> 00:43:55,720
not that smart moves yeah you say the actually buzzword is is is AI has AI an impact on on the on Azure especially when we talk at governance at scale

221
00:43:55,720 --> 00:44:13,720
no directly it there is no answer yes or no so AI is definitely part of everything today is part of Azure can help you there is a copilot there is a

222
00:44:13,720 --> 00:44:41,720
clue that there is an open AI no anthropics when you put everything in the mix yeah you can have quite a good thing you can have quite a bad thing so that's okay can help you it's evolving all is good except one thing if you're not knowledgeable and experience and you cannot validate what is proposed by AI how you know that is good for bad thing

223
00:44:41,720 --> 00:44:59,720
so that is a point there is can help you a lot can help you with some idea sometimes something that probably you will gotten on a time but if you cannot validate how you can prove that is that is a good solution

224
00:44:59,720 --> 00:45:09,720
there are a lot of memes right now yeah you can get that mushroom and then next picture yeah sorry that mushroom was poison but do you have any other questions about mushrooms

225
00:45:09,720 --> 00:45:35,720
something like that if you can validate if you have knowledge certain level of fraudulent experience then you can benefit a lot if you do not have then it's a little bit tricky depends on what level of health we need from AI can help you probably can do a lot of automation for you around that you can just deploy

226
00:45:35,720 --> 00:46:03,720
that I would be very cush with those kind of things I am but will be even more in a future because I heard a lot of very scaring stories people gave access to AI to MCP service and so on and they misunderstood and misinterpret request which was not so clear

227
00:46:03,720 --> 00:46:13,720
then we're not making mistakes in cleaning up stuff and so on so yeah is there can help us but we need to understand actually what is there

228
00:46:13,720 --> 00:46:29,720
I think it's more risky to use AI instead of I don't know I create an app or something then okay the app could be shit but it doesn't destroy the whole infrastructure I think when I do

229
00:46:29,720 --> 00:46:45,720
there is something wrong I have seen it's I think Copilot for security product but I only have cdashport for this I don't know what this was the right name

230
00:46:45,720 --> 00:46:59,720
so there's something I think when we will get money from the management some topic is fine odds and there's a tool the cost management tool from Azure

231
00:46:59,720 --> 00:47:06,720
I never can use it because I have educational licenses this is not working with it

232
00:47:06,720 --> 00:47:20,720
yeah what what or how can we use this data to sell the governance for what exactly mean for for the cost

233
00:47:20,720 --> 00:47:33,720
yeah can can we find yeah I think gaps I don't know unused nice and or running machines with low workload or something

234
00:47:33,720 --> 00:47:54,720
yeah that is that is a pure cost management thing is so the governance cannot help us that much that much in that because governance is way more above than then cost can help you to settle all cause decisions properly but not on that scale

235
00:47:54,720 --> 00:48:20,720
that's for instance something that where AI can help you a lot so if you have agent today that you can build inside on your environment that you can give read access to building or whatever that can pull data and analyze and everything that is something that then you can get inside of what is not aligned

236
00:48:20,720 --> 00:48:44,720
if you take look back up to affairs and still exist of course but that is similar to what Azure advisor will tell you all you have unused VM or whatever or under utilize or over utilize or something that that is for instance something if you build your local agent that inside of your environment in found

237
00:48:44,720 --> 00:49:11,720
whenever has some kind of can pull data can analyze and present in some dashboard or even you can have a chat with the agent and so on so that is where AI can be very very very beneficial for all the level to see inside of the company that you do not need to go to search if you before AI you had to build a lot of your own dashboards to work on that

238
00:49:11,720 --> 00:49:36,720
but right now that can be beneficial but the governance doesn't have any direct relationship with that digging into cost can guide us little provide us some guard rails how we can do it and what we should do but if you already slipped out from the certain scales no, no that much

239
00:49:36,720 --> 00:49:56,720
I have for three weeks I have seen the new Azure tool map and there are actually 1000 100 plus different tools in the Azure cloud is it becoming too complex

240
00:49:56,720 --> 00:50:08,720
>> That's right. >> Chat, not all of those services that we have there are that relevant for every workload.

241
00:50:08,720 --> 00:50:24,720
It is evolving yes you need to pay attention to that you need to be completely aligned with everything what is there what is building what is new new features and everything which is pretty hard sometimes

242
00:50:24,720 --> 00:50:38,720
but I wouldn't say that is getting right now that fast yeah it's evolving and certain errors are getting bigger with more services very fast and so on but

243
00:50:38,720 --> 00:50:53,720
if you are in let's say networking part yet things are not that fast like probably in AI it's really depends because Azure is very broad you can say yes I'm an Azure architect and someone will ask me

244
00:50:53,720 --> 00:51:10,720
to design fabric in those kind of things which is not I have no idea about that that much so that is very broad you need to narrow down a little bit actually my specialization is infrastructure networking and those kind of parts hybrid

245
00:51:10,720 --> 00:51:31,720
I will never touch data data design data data things power for may I on that level yet that is graph on the top but not deep dive because you cannot be experts for everything so that's that's quite you cannot be experts for everything if you are experts for everything you're actually expert for nothing

246
00:51:31,720 --> 00:51:57,720
yeah I think we need people expert in a special topic but we also need people they have an overview of of errors so I see often there is a they built here something and then they build that there's something and they don't bring it together and they often yeah I think

247
00:51:57,720 --> 00:52:16,720
process are the same they they take truck data from from from the same place and different services and I think a little bit over you so bad and but yeah I think yeah you are not not a specialist you cannot be a specialist in everything

248
00:52:16,720 --> 00:52:35,720
yeah we call it we call it that as a t-shape engineer so if you if you have reverse t letter so you have will so you have a broader knowledge for a lot of topics but then you have specialization in one or more field depends on so if you

249
00:52:35,720 --> 00:52:54,720
have a very broad knowledge and you do not have deep knowledge for anything so yep you can cover a lot of stuff but very easily will hit a level what you can do and where that will go over the fence where your knowledge is but if you have only

250
00:52:54,720 --> 00:53:15,720
the very narrow specialization to one thing yet that's good so the real expert but then you do not see things around but if you are t-shape engineer then you have broad knowledge you understand stuff around but then you're expert in a certain field

251
00:53:15,720 --> 00:53:33,720
and then you can understand whole picture so I understand how work network how work on prem network how work hybrid how work everything around how work Linux and those kind of things but I and I I can set a lot of stuff up to the certain level that

252
00:53:33,720 --> 00:53:50,720
above a certain level then I need expert there and that is very helpful when you when you have a team of t-shape engineers where you have few of them then they're quite often a very complementary work together and they can fix for

253
00:53:50,720 --> 00:54:07,720
t-shape engineers can do more than 20 just regular engineers because they I will not wait for you to fix some small stuff for me because I understand that I can do that and I will move forward if you have silas and you have

254
00:54:07,720 --> 00:54:21,720
completely separated teams and sometimes you will wait some one two days that something will be unlocked that you can continue your your work so

255
00:54:21,720 --> 00:54:42,720
when we think about security governance topic I found an error there are so many tools for it yeah it starts from identity and access security and try to and it said I don't know how many more meals then we have threat protection I think

256
00:54:42,720 --> 00:55:10,720
that's a defender for nearly everything you have the same with sent in an and a remoneture and network security data protection is it yeah it's it did you think all these single tools will become one one big tool or makes it sense there's so many tools for governance security in error

257
00:55:10,720 --> 00:55:29,720
security is a normal topic and 10 years ago we were in a position yeah we were split it up then we got a renewal days are in 2014 and move forward their model and we say okay I can work with all things around one guy is guy for

258
00:55:29,720 --> 00:55:48,720
Azure right now we are back as fears back we are right now in a position where you cannot be one one stop shop for Azure you can for small environment but if you have bigger big environment security is full time job

259
00:55:48,720 --> 00:56:08,720
governance full time job I mean not 10 years full time job depends on but you have identity the pretty same thing yesterday I had a discussion with with the colleague where belongs identity and who need to take care of identity

260
00:56:08,720 --> 00:56:36,720
Azure team or modern workplace team m365 because no identity is on top of everything identity is a neighbor so you cannot have Azure without enter ID you cannot have 365 with enter ID they use different maybe different identities more users and so on but we use more service and service principles and manage the

261
00:56:36,720 --> 00:56:54,720
security it's very big topic and how to secure identity how to everything so if you want to do that in a proper way then you need to have two to three architects in a company only for identity governance and security

262
00:56:54,720 --> 00:57:21,720
it's quite big so that is when people say yeah we can fix it we can no problem it's not about fixing you need to manage that you need to maintain it you need to have a proper decisions so then what I so in the past very often and also today I'm seeing that default setup of m365 tenant allows any people to create teams

263
00:57:21,720 --> 00:57:45,720
they can create teams then K then in a back and will be created share point a lot of stuff if you do not have proper naming convention you will in a few months end up with a lot of stuff that you do not understand who created why what is there what kind of data and if if on the top of that we add a little bit of data policies

264
00:57:45,720 --> 00:58:09,720
data laws prevention and those kind of things then things are even more complex so a lot of things in a Microsoft cloud ecosystem that you're getting bigger and bigger and bigger and you cannot go with without proper knowledge understanding and write people in the right position

265
00:58:09,720 --> 00:58:35,720
so yeah so now I have an every show I have a part where I look for I have friends find out some quotes from guys in topic and yeah I read the read the quote and you say what comes in your mind when you hear this the first minus technology change fast principles age slowly

266
00:58:35,720 --> 00:59:01,720
that is definitely true and what we are seeing that the different areas of technology are going in a different pace forward so right now we have a normal space on AI but all other stuff a little bit slower

267
00:59:01,720 --> 00:59:29,720
but definitely principles are are not going that fast that is true complexity is easy simplicity is turned that is what they mentioned today is the most effective and most in the best solution is always the simplest solution which is not that hard to do

268
00:59:29,720 --> 00:59:45,720
the simplest solution which is not that hard to make every cloud environment reflects the decisions of its people

269
00:59:45,720 --> 00:59:57,720
and then when you when you when you meet those people then you can find out how to correlate who made what decision

270
00:59:57,720 --> 01:00:07,720
the best architect's design for the people who operates a system later

271
01:00:07,720 --> 01:00:21,720
but if you want to design that for people who will use later then you need to have your had your path that you you was in their boots

272
01:00:21,720 --> 01:00:31,720
if you never operate and works in operation you don't know what they need I like today to sit down with the team from the operations

273
01:00:31,720 --> 01:00:47,720
okay I think this is a good decision but what do you think about that is that okay why you need to manage that tomorrow if you think that is out of scope let's think about a little bit different that is too complex for you or you don't know how to manage let's talk about that

274
01:00:47,720 --> 01:00:53,720
but yeah I do not see that often me but is it's completely true

275
01:00:53,720 --> 01:01:11,720
okay well I'm over thank you for for answers this was a really nice session but my last question is when people listen to this episode I sing years from from now what is the one idea or mindset you hope stays with them

276
01:01:15,720 --> 01:01:31,720
definitely one thing that will never change is that you need to start build with a plan so that that was the same 20 years ago and probably a little bit 20 years up from

277
01:01:31,720 --> 01:01:41,720
so you need and that is again correlated with low bad decisions experience and good decisions but if you have experience

278
01:01:41,720 --> 01:01:53,720
if you know you will buy experience actually you cannot buy experience you will hire someone with experience who can teach you but start building things with a plan

279
01:01:53,720 --> 01:02:07,720
start building without plan that is not the long term sustainable can be sustainable in a very short term if you know yet we will buy it or use that one thing for a short term and then we will move

280
01:02:07,720 --> 01:02:23,720
bad unfortunately in a lot of cases test suddenly becomes production and then I'm not fond of that doing things for a very short time frame

281
01:02:23,720 --> 01:02:35,720
so plan like you will be a fortune 50 company even your starting is a startup because those decisions later can help you

282
01:02:35,720 --> 01:02:49,720
later can help you and arms yeah then I say thank you but in here this was awesome session and I think in the show notes if you find all the information above you

283
01:02:49,720 --> 01:03:01,720
and can contact you or LinkedIn and so on and yeah thank you so much for being here thank you as well for telling me this podcast was nice to talk to you