• Like
How to Integrate Your Operations Group with a Cloud-based Services Group
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

How to Integrate Your Operations Group with a Cloud-based Services Group

  • 175 views
Published

David Miller, Chief Security Officer …

David Miller, Chief Security Officer
Covisint, a Compuware Company
Location: Cloud Alliance Congress 2012

Published in Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
175
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
11
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. How to Integrate Your Operations Group with a Cloud-based Services GroupSession #33November 8, 20121:45 – 2:45 PMDavid Miller, Chief Security OfficerCovisint, a Compuware Company
  • 2. MIS Training Institute Session #33 - Slide 2© COVISINT, A COMPUWARE COMPANY
  • 3. Discussion Topics  What kind of cloud have you chosen?  Interface points  Before You Buy  Governance  Procurement  Innovation  Implementation  After You Buy  Operational Integration  EventIncident Management  Managing AuditsMIS Training Institute Session #33 - Slide 3© COVISINT, A COMPUWARE COMPANY
  • 4. What Kind of Cloud Have I Chosen? Services Software-as-a-Service Business Applications Users & SaaS delivers provider-owned application capability as (CRM, ERP, UC) Business a plug-in and go experience with SLAs Apps or Web Processes SaaS App Services Services run on the provider’s infrastructure ISV Web Srvcs Platforms & Compute Platform-as-a-Service Services Platform PaaS delivers application run-time infrastructures as a Frameworks Policy, Control DB Msg DNS IDM and Portal frameworks with SLAs Infrastructure-as-a-Service IDM Mobility Portal IaaS delivers standardized virtualized computing Information environments as plug-in and go experience with SLAs Technology Network Cloud Backbone Delivers connectivity to global virtualized service resources as a plug-in and go experience with SLAsCommunications Operates at Internet scale, with Ethernet flexibility and optical performance MIS Training Institute Session #33 - Slide 4 © COVISINT, A COMPUWARE COMPANY
  • 5. Public/Private or Hybrid Public Cloud Virtualized Apps #3 SAP cluster #3 Hosted UC SaaS Engines #1 Virtual Desktop #3External #2 Hybrid Private Cloud CloudInternal Leasing Public Virtual Private SaaS Extending Private Resources Resources Cloud Access Enterprise Cloud Aware Enterprise Enterprise BO/HO Data Centers BO/HO BO/HO VPN VPN Network Enterprise #1 Enterprise #2 Enterprise #3 Traditional IT & Public Cloud Private Cloud Virtual Private Cloud MIS Training Institute Session #33 - Slide 5 © COVISINT, A COMPUWARE COMPANY
  • 6. Touch Points Before you buy After you buy Operational Event/Incident Managing Integration Management Security Governance Technology Innovation IT Operations Legal Liability Cloud Technology CIO Implementa- Service Value tion/Adoption Financial CFO Measures Operational SLA’s Customer ProcurementMIS Training Institute Session #33 - Slide 6© COVISINT, A COMPUWARE COMPANY
  • 7. Before You Buy  Manage Governance  Cloud Executive Steering Committee  Establish/Manage Communities of Practice and Working Groups  Create a Could Policy and Strategy Document related to Cloud Computing activities (e.g. Security, Records Management, eDiscovery, etc.)  Establish a Cloud Audit Process  Procurement  Develop contract vehicles to ease procurement of Cloud Computing Solutions  Coordinate across the organization to ensure adoption and implementation of cloud-related procurement policies and processes  Facilitate adoption of the Cloud Computing Storefront MIS Training Institute Session #33 - Slide 7 © COVISINT, A COMPUWARE COMPANYThis information is draft and has not been published, please do not disseminate
  • 8. Before You Buy  Cloud Technology Innovation  Identify common cloud services and foster standards development and security policies  Develop architectures that allow groups to more effectively implement and leverage cloud computing services  Establish, manage and coordinate Cloud Computing Developer Communities and Application Libraries  Enable the reuse, modularity and interoperability of Cloud Computing Service interfaces  Create a Cloud interface group to share new technology plans  Implementation and Adoption  Implement and roll-out cloud solutions  Identify Partners for pilot activities  Assess and implement services  Disseminate Cloud Services Operating and Business Models MIS Training Institute Session #33 - Slide 8 © COVISINT, A COMPUWARE COMPANYThis information is draft and has not been published, please do not disseminate
  • 9. After you Buy  Operational Integration  Scope of Services and Resource Training  Process integration  Manage your costs  EventIncident Management  Process  Black Box  Extend your team  Managing Security  Don’t forget the basics  Ensure you have your audit controls covered  Manage your dataMIS Training Institute Session #33 - Slide 9© COVISINT, A COMPUWARE COMPANY
  • 10. Scope of Services  A successful Cloud solution requires:  Clearly defined Service Description  Well documented and concise Service Level Agreement  Clearly defined scope of the Support Agreement  Understanding scope of your Cloud Component  Where does your piece end and theirs begin?  Avoiding grey areas is crucial  Build a detailed RASIC and get buy in from your new partner  Identify your partner team dedicated and shared and your counter point  Understand their org chart and escalation matrixMIS Training Institute Session #33 - Slide 10© COVISINT, A COMPUWARE COMPANY
  • 11. Resource Training  Resource Training goes beyond operations  Educate all disciplines in your company  Make sure your operational resources understand the new cloud components  Ensure your developers and business teams understand for use in future products or solutions.  Instill understanding of how Virtual Technology works  Highlight differences between cloud components and traditional physical server architecture  Key Leads and Managers should visit your new provider and tour their facilities and NOC  A day of training on operations and processes  Specific examples of successful integrations with other clientsMIS Training Institute Session #33 - Slide 11© COVISINT, A COMPUWARE COMPANY
  • 12. Process Integration  Identify/integrate key processes that will be changing or impacted  Helpdesk  Will this be transparent to your customer or will you be leveraging a cloud based service for Level 1?  What changes for your Level1 support model? – Do their contact points change? – Do they have access to any new tools? – How will they escalate?  24x7NOC  This is typically your command and control and the most crucial point of integration  How will the cloud impact your process of command and control – Notification – Event correlation – Tracking  Level 2 or Level 3 Support  Remote access and support  DeploymentsMIS Training Institute Session #33 - Slide 12© COVISINT, A COMPUWARE COMPANY
  • 13. Process Integration  Identify/integrate key processes that will be changing or impacted (cont.)  Monitoring  Who owns monitoring for which points – Infrastructure (CPU, Network, Memory, Disk Etc.)  How will you monitor your cloud provider?  Can you leverage or integrate their tools with yours?  Single pane of glass?  Change Management  How does this change your process internally?  How do you manage your partners changes?  Can you integrate your change management tools?  How do you ensure their changes are managed as part of your availability commitments?  Development  How does the cloud impact your SDLC?  Does it impact any deployment or version control tools?  How do you give developers needed access but still keep them out of production? .* When process integration is an afterthought of Cloud outsourcing services you lose control of your ability to measure service levels end-to-end and end up with a fragmented solutionMIS Training Institute Session #33 - Slide 13© COVISINT, A COMPUWARE COMPANY
  • 14. Managing Costs  Understand your Contract and Billing  Billing by items and timing  One time fees, Storage, Active Inactive, etc.  Understand your Billing  Every provider bills differently and the calculations are almost always complex and confusing  Review each bill ask questions and challenge anything that seems odd or wrongMIS Training Institute Session #33 - Slide 14© COVISINT, A COMPUWARE COMPANY
  • 15. Managing Costs 1. Manage the Churn  Cloud means faster and easier – but must be controlled  The rules are changing monthly in the industry  Business teams and developers are not the best at policing their consumption – Watch for waste – Track by business unit and use bill back – Developers like sandboxes or spares » Run utilization reports and look at usage 2. Cloud pricing comparisons: things change, and they change quite often and without much notice 3. Make sure you understand whether you are being billed for VMs that are only up and running, or all the timeMIS Training Institute Session #33 - Slide 15© COVISINT, A COMPUWARE COMPANY
  • 16. EventIncident Management Simplified Incident Management Process Incident CMDA Known Error Database Incident Management Service Desk First Line Support Second Line Support Nth Line Support No No No Resolved? Resolved? Resolved? Yes Yes Yes Time to Resolution Resolved? Problem Management Resolved Incident Management in the cloud is simplified right?  Number of integration points tolls and organizations make it more complex  Rapid growth creates frequent changes  Traditional ITIL process can be applied to your new cloud solutionMIS Training Institute Session #33 - Slide 16© COVISINT, A COMPUWARE COMPANY
  • 17. EventIncident Management  Making incident and event management simple is not so simple  Manage it like the contents of a black box: – Find quickest resolution to minimize impact – More levels of integration available for escalation - means we see more impact – Leverage your partner and integrate them as a single layer – If you try to manage your cloud partner as an extension of your teams and replace your teams in the matrix 1 for 1 you increase the touch points and the complexity – By establishing a single point of contact and allowing them to manage their teams within that box actually simplifies your processMIS Training Institute Session #33 - Slide 17© COVISINT, A COMPUWARE COMPANY
  • 18. EventIncident Management  Don’t blame the complexity of eventincident management on the Cloud  Stick to the basics - keep it simple  Don’t reinvent the wheel (what has worked before, will work with the cloud)  The integration points may change but the underlying principles remain the same – Clearly defined process and escalation points – Tool integration  Resist the urge to throw resources at a problem  Poorly architected software or business processes are still just that  Don’t neglect training – Education your internal teams on how your new cloud service works is crucial – If they don’t understand it they will tend to blame it – Treat it like a black box in process only. Making your cloud feel like part of your solution and integrating it into your documentation and WIKI’s or run books is critical – As far as your internal teams and groups are concerned, the cloud is just another department.MIS Training Institute Session #33 - Slide 18© COVISINT, A COMPUWARE COMPANY
  • 19. EventIncident Management  For any EventIncident Management solution to succeed you need to ensure the following:  Integrate all cloud processes into internal processes make your cloud provider an extension of your team  Measure and control your cloud partner services as another team in your org chart – Hold monthly SLA reviews – Meet regularly to review all incidents and root cause – Give them a performance review (like you would your own direct team members)MIS Training Institute Session #33 - Slide 19© COVISINT, A COMPUWARE COMPANY
  • 20. Managing Security  Do not forget the basics for security in the cloud  No matter who manages the individual components of your solution, you still own security  The methods and types of security do not change  In the cloud or out of the cloud you still need things like Virus Protection  If your new Cloud service allows your admins to control things like firewall rules don’t break your modelMIS Training Institute Session #33 - Slide 20© COVISINT, A COMPUWARE COMPANY
  • 21. Managing Security  Ensure you have your audit controls covered  Moving to the Cloud doesn’t change your rating or your controls for audit certification  Identify your existing controls and determine which ones may be affected  Cloud partner should be able to provide their own evidence or certification for the components they own (SOC, SAS, ISO, HIPAA, PCI or any other audit standard)  If your vendor maintains a SOC2 Type 2 certification (Same goes for SAS or ISO, etc.) this does not release you from having to attain your own – Your cloud partners certifications do not become your certifications – Your cloud partners certifications compliment your certifications and quite possibly will make it a lot easier for you on future auditsMIS Training Institute Session #33 - Slide 21© COVISINT, A COMPUWARE COMPANY
  • 22. Managing Security  Managing your data  Ongoing Debate - Cloud solutions revolve around data  Many different types of offerings and solutions  Should be a secure offering you are personally comfortable with  The debate is more around policy then it is around technology  There are ways to still leverage the cloud without compromising benefits  Consider using a hybrid model  Consider a private cloud- Internal or outsourcedMIS Training Institute Session #33 - Slide 22© COVISINT, A COMPUWARE COMPANY
  • 23. IBM Global Technology ServicesMIS Training Institute Session #33 - Slide 23© COVISINT, A COMPUWARE COMPANY © 2010 IBM Corporation