SlideShare a Scribd company logo

Transform Your Cloud Validation Strategy from Cloudy to Clear

T
TechWell

Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform. Vandana Viswanathan shares an introduction to the five components of a sound cloud application validation strategy: cloud provider qualification process, validation strategy development, end-to-end risk-based testing approach development and implementation, governance through change management, and preparation for an organization audit/inspection. As a result, you can create an effective QA plan to verify the implementation of a cloud-hosted solution. Vandana provides tips for developing a tactical approach to ensure your organization is audit/inspection ready and meets the criteria for business, security, and data privacy requirements for both regulated and non-regulated business critical applications.

Software
1 of 27
Download to read offline
        T22   Cloud  Testing   10/6/16  15:00             Transform  Your  Cloud  Validation   Strategy  from  Cloudy  to  Clear   Presented  by:         Vandana  Viswanathan       Cognizant  Technology  Solutions     Brought  to  you  by:                 350  Corporate  Way,  Suite  400,  Orange  Park,  FL  32073     888-­‐-­‐-­‐268-­‐-­‐-­‐8770  ·∙·∙  904-­‐-­‐-­‐278-­‐-­‐-­‐0524  -­‐  info@techwell.com  -­‐  http://www.starwest.techwell.com/            
    Vandana  Viswanathan       Vandana  Viswanathan  is  a  solutions-­‐driven  information  technology  leader  with   more  than  fifteen  years  of  experience  providing  consultative  management  in   regulatory  compliance,  intelligent  process  automation,  program  and  quality   management,  SDLC/QA  transformation,  testing  account  management,  and  client   relationship  management  services  for  clients  worldwide.  Her  consulting  industry   experience  spans  across  life  sciences,  healthcare,  and  insurance  verticals.  Vandana   has  designed  intelligent  automation  solutions  for  large  clients  and  pioneered  best-­‐ in-­‐class  quality  assurance  frameworks  for  cloud-­‐based  and  COTS  systems.  Vandana   has  led  and  implemented  PMO,  change  management,  and  SDLC  &  QA  process   transformation  for  large  corporate  clients.  
© 2016 Cognizant1 © 2016 Cognizant How to Transform Your Cloud Validation Strategy from Cloudy to Clear Vandana Viswanathan Associate Director, Process & Quality Consulting Vandana.Viswanathan@Cognizant.com
© 2016 Cognizant2 Cloud Hosting Overview Challenges for Cloud Adoption and Validation Introduction to Cloud Hosting Context for Validation Framework for Cloud Hosting Validation and Framework for Cloud Cloud Provider Assessment Validation Strategy End-to-End Risk Based Testing approach Change Management in Cloud Audit/Inspection readiness Stages for a Sound Cloud Application Migration/Implementation Strategy Next Steps, Benefits and Summary Agenda Case Studies
© 2016 Cognizant3 Cloud Computing Model Definition (NIST) • Enabling convenient, on-demand network access to a shared pool of configurable computing resources • Can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud Hosting Overview Five Essential Characteristics Resource pooling Broad network access Rapid elasticity On-demand self-service Measured Service Small initial investment and on- going cost Acquire computing and development services as needed and on demand Open Standards Sustainability Key Drivers for Moving to Cloud
© 2016 Cognizant4 4 Cloud Hosting Overview (Cont.) Cloud Services Delivery Model Application Platform Virtualization Hardware Application Platform Virtualization Hardware Application Platform Virtualization Hardware Vendor ClientResponsibility IaaS PaaS SaaS Infrastructure as a Service : Providers offer computers – physical or (more often) virtual machines – and other resources. Platform as a Service: Providers deliver a computing platform, typically including operating system, programming-language execution environment, database, and web services. Software as a Service: Users gain access to application software and databases. Priced on a pay-per-use basis or using a subscription fee.
© 2016 Cognizant5 Client Challenges driving Cloud Agenda What we are hearing from our clients & our readiness to help them • Regulatory Compliance (e.g., Sox, FDA, HIPPA) • Data Security and Privacy – PHI • Reliability and Performance • Governance & Change Management • Legacy IT • Existing investment in the On-premise IT • Lack of resources/ expertise CLOUDADOPTIONISSUES CIOCHALLENGES • Business asking to do more with less • Regulatory requirements e.g. GxP, HIPAA guidelines & audits • Addressing CSO concerns • Organizational silos and varied interest • Building a case for transformation • Business demands e.g. Release faster • Operations Efficiency • Business Transformation • Innovation CLOUDLEVERS * Lack of resources / expertise is the #1 cloud challenge in 2016 Source: RightScale 2016 State of the Cloud Report
© 2016 Cognizant6 Challenges for Cloud Validation Risk Control - Share Responsibilities between Client and Vendor for Above Reliability and Performance Compliance Operating Control Compliance to external regulations Compliance to internal Policies Data Privacy: Control of PII data in Global environment Inspections and Audits Upgrading at Various Levels and Change Management Incident Management Performance Monitoring Logging, Audit Trails and Reporting Service Availability Performance / Scalability / Elasticity Data Backup Disaster Recovery and Business Continuity Security Network security Host Security Application Security Data Security Identity and Access Management
© 2016 Cognizant7 Regulated, Non-regulated and Business Critical Applications  Regulated Applications: must meet regulatory requirements Cloud Adoption Statistics :82% of enterprises have a multi-cloud strategy and only 3% of enterprises have no plans at all. ( Survey of respondents with 1000+ employees) Source: RightScale 2016 State of the Cloud Report Specific Risks for Regulated Applications (Life Science as an example)  Impact on Patient Safety and Product Quality  Subject to Good Laboratory, Clinical and Manufacturing Practices (GLP, GCP, GMP) requirements  Electronic Records and Signatures Regulations (21 CFR Part 11)  End to End Validation is required across the entire System Development Life Cycle  FDA Inspections  Business Critical Applications: Business and Software requirements need to be captured and tested based on Business risks Banking and Financial Services: SOX Health Care: HIPAA Life Science: GxP
© 2016 Cognizant8 Cloud Adoption – Validation / Testing Context    • Cloud adoption in regulated applications lags behind • Compliance accountability cannot be outsourced • Lacking regulatory guidance • Cloud adoption changes the risk profile of the application • A risk based Validation approach is required •Relationships with many cloud providers - a unique, cross-market insight Cloud Providers and Regulations •Disparity between marketing claims and actual understanding / competence Consumers in Regulated Areas •Wide variation in approach to Risk Management: • Regulatory concern need not prevent adoption • Existing guidance on Risk Management adequate – leverage to overcome barriers to adoption • Strategic use of Audit/Assessment and SLA monitoring to manage risk and minimize cost of compliance Background Experience Lessons Learned • Lower costs • Infrastructure and application optimization • Faster time to market • Accelerated innovation • Enhanced collaboration • Better and faster disaster recovery management Benefits
© 2016 Cognizant9 Validation/Testing Framework for Cloud Hosting Vendor Assessments Qualify Provider Risk-based Validation Validation Strategy Functionality, Performance, Security, Installation, Migration Testing Change Control User Access Control Governance Documentation, Logs & Audit Trails, Record Retention Inspection Readiness Methodology SaaS PaaSI a a S Technology The Transformation Solution Testing Approach
© 2016 Cognizant10 Objective 1: Cloud Provider Assessment Application MaintenanceAssessments Align Client QMS / Gap Analysis Risk Control & Mitigation Measures Report & Recommend Contract & SLAs Security & Privacy Policies & Controls Operating Procedures SDLC Inspection Support - Network, Host and Application Level Security - Data Security / Encryption - User Management and Access Control - Data Privacy Measures (PII data) - Data Backup and Disaster Recovery - Performance Monitoring - Incident Management - SDLC Standards, Procedures - SDLC Documentation - Release Management - Availability of documentation, electronic records, metadata, logs and audit trails during Inspection/Audits - Record Retention Focus Areas during Assessment
© 2016 Cognizant11 Objective 2: Risk-based QA/Validation Strategy  Information Security and Data Privacy controls  Overall testing requirements and level of testing  Stage gates and release strategy  Documentation and deliverables  Requirement tracing approach  Required Standard Operating Procedures  Vendor Management and Communication Plan Arrive at an End to End QA / Validation Strategy Perform Risk Assessment  Information Security Risks  Data Privacy Risks  Regulatory Risks  Business Criticality and Risks Define Responsibilities  Boundary of QA - Responsibility between Cloud Provider & Client Organization  QA Handshake Protocol Risk Profile
© 2016 Cognizant12 Objective 2: Risk-based Validation Strategy (Cont.) Shared Responsibility PaaS SaaS IaaS Risk-based UAT performed by the client prior to go-live Client performs software development as per their SDLC Client manages Installation testing for any software / platform hosted Client performs design, configuration, testing and deployment of virtualized infrastructure Development phase is black box to the client Vendor provides environments - Test and Production Platform maintenance and Installation / Configuration Testing are managed by Vendor Platform policies must align with Client’s privacy and security policies Vendor’s policies must align with client’s infrastructure Management procedure Pre-defined change control process for improved scalability of infrastructure Client Organization Cloud Provider & Partner
© 2016 Cognizant13 Objective 3: Risk-Based Cloud Testing Approach Risks: • Unauthorized Access • Malicious Attacks • Insufficient Encryption Functionality Testing • Network Security • Authentication and Authorization • IAM • Data Encryption • Testing log files and Audit Trails • Vulnerability Scan • Scalability or Elasticity Testing • Response Time • Load and Stress Testing • Endurance Testing • System installed / configured per pre- approved Specifications • Availability to users • Connectivity to interfaced systems / services • Data Backup, Disaster Recovery • End-to-End Business Processes (User Acceptance) • Interface with other systems / services within or outside the Cloud (Integration Testing) • Usability Testing • Tracing to Business and Functional Requirements Installation / Availability Testing Security TestingPerformance Testing Risks • Critical Requirements not met • Integration with systems outside the Cloud Risks: • Installation, Configuration and Connection errors • Loss of Data during Disaster Risks: • Capacity not scalable. • Response Time increases at peaks 13
© 2016 Cognizant14 Objective 3: Risk-Based Cloud Testing Approach (Cont.) Installation / Configuration Testing • Infrastructure Layer Testing • Virtualization Level Testing • Platform Layer Testing • Application Layer Testing • Separation of responsibility depends on Cloud Delivery Model (SaaS, PaaS, IaaS) Data Migration • Data Cleanup • Correct Data Conversion • Tracking Migrated Data (audit trail) • Sampling, Record Counting and Business Verification • Parallel Runs and Cutover Regression Testing • Critical Business Processes • Integration with other systems in Cloud • Integration with other systems On-premise • Integration with third-party service providers (IAM etc.) Testing Strategy for Migration to Cloud
© 2016 Cognizant15 Object 4: Governance - Change Management in the Cloud Identify Change Impact Analysis Define Responsibility Implementation and Validation In which layer the change occurs? • Infrastructure • Virtualization • Platform • Application • Technical Impact • Businesss Impact • Compliance & Regulatory Impact • Identify Change Management Procedures from cloud provider • Identify Change Management Procedures from Client • Determine the boundary of responsibility between Client and cloud Provider • Determine handshake protocol between Client procedures and Cloud provider procedures • Installation & Configuration Testing • Regression Testing of impacted areas • Regression Testing of critical business processes • Regression Testing of interfaces with other systems Approval Impact Assessments Implementation & Testing Strategy Evidence & Change Summary Document
© 2016 Cognizant16 Objective 4: Governance - Change Management in the Cloud (Cont.) Technical Impact Assessment Test Planning Test Execution Application Patch Release App Update? Application Update No Platform Patch Doc Update Yes Sanity Test Platform / Infrastructure Update As an Example
© 2016 Cognizant17 Objective 4: Governance - User Access Control Determine Responsibilities User Management Align Procedures • User Provisioning and De-Provisioning • Credential Management • Authorization Policies • Identity Federation Monitoring • Logs and Audits • Authentication & Authorization Records • Reports of Access Activities Review • Periodic Review of User Accounts • Periodic Review of Access Rights and Privileges Client Organization Cloud Provider 3rd Party IAM Service Provider Access Management Procedures
© 2016 Cognizant18 Objective 5: Audit / Inspection Readiness State of Control - Infrastructure - Platform - Application Risk Assessment and Controls Operational Phase Procedures Operating Records Training Records Application Development and Testing Documentation Documented Evidence
© 2016 Cognizant19 Objective 5: Audit / Inspection Readiness (Cont.)Objective 5: Audit / Inspection Readiness (Cont.) Client Organization is accountable for Compliance. Via Vendor Audit/Assessment and Contractual Agreements, Client Organization should ensure Cloud Provider maintain key Records, Report and Audits Examples of Cloud Provider Records IAM Users / Groups / Roles IAM Providers (for example, for SAML & OpenID Connect) Records if applicable Resource Based policies in other services (for example, Storage Services) Security Configuration Monitor activity in cloud accounts Operating Logs and/or Audit Trails Application validation records (SaaS) Virtual infrastructure Installation / Configuration records End User account info & training records Technical support cases IT Training records Cloud Account credentials
© 2016 Cognizant20 Next Steps – Adoption  Establish goal/objective for cloud adoption  Initiate a workshop with vendor to discuss requirements  Discuss prospective areas/candidate systems  Develop implementation roadmap Starters  Finalize pilot projects for implementation  Share insight/experiences with vendor on provider data gathered  Finalize implementation schedule and initiate Statement OW  Initiate supplier assessment with vendorEarly Adopters Pioneers  Identify additional divisions/areas of the organization for cloud adoption  Select systems to be hosted  Collect and analyze key performance metrics on currently hosted solutions , partner performance and cost benefits  Partner with vendor and share key organizational goals  Develop implementation roadmap
© 2016 Cognizant21 Benefits Compliance Assurance Ensure System is developed in Compliance with:  Regulatory Requirements  Organizational SDLC, Information Security, and Data Privacy Policies, Standards and Procedures  Industrial Best Practices Benefits to Client Organization Efforts and Cost Saving  Validation and Testing are risk-based, hence efforts and cost are optimized  Saving due to shared responsibility and leveraging Cloud Provider’s testing and documentation State of Control  Governance in place for Change Management and Access Control to ensure System is maintained in a State of Control post go-live to meet changing business needs  System is ready for any potential Audit / Inspection
© 2016 Cognizant22 Summary of Cloud Validation Strategy Security, data privacy, and regulatory compliance are critical factors when defining a QA / validation strategy for moving business applications from in-house client hosted environments to a cloud platform. An appropriate level of risk assessments must be performed. Cloud validation and verification strategies should be risk-based to optimize efforts and costs. Cloud validation and testing are shared efforts between client organization and cloud provider. The responsibilities should be clearly defined based on cloud delivery Model. Cloud validation should ensure governance is in place for change and access management to maintain a cloud hosted system in a state of control that is ready for audits / inspections.
© 2016 Cognizant23 Case Study 1: Cloud Hosting Validation for a Fortune 100 Pharmaceutical Company  Client is a top fortune 100 global Pharma company based out of the US.  The Scope was to validate a Patient Data Management platform hosted on the cloud (Oracle Managed Cloud Services and Accenture Life Sciences Cloud).  Conducted Cloud Provider Assessments  Conducted InfoSec, Data Privacy and Regulatory Risk Assessments  Defined a cost-effective validation strategy based on risk assessments  Leveraged vendor testing  Built a Testing strategy focusing on end-to-end systems integration (within and outside the Cloud)  Ensured operating procedures are in place for Change Management, User Access, Performance Monitoring and DR and the Client procedures and Cloud Provider procedures were fully aligned. Business Needs Challenges  Average cost savings of 20% for the overall program due to the risk- based validation strategy that optimized the validation efforts  Average resource cost savings of 30% achieved by implementing the risk- based testing model and performing collaborative testing with the Cloud Provider and leveraging testing documents from Cloud Provider.  Passed a regulatory compliance audit with zero major findings  The Platform consisted of 10+ GxP regulated applications on premise and on the cloud  Cloud Applications needed to be integrate with each other and interface with existing legacy applications On Premise  Budget constraint and tight timeline Solution Benefits
© 2016 Cognizant24 Case Study 2: Cloud Application Validation for a Top 10 Pharmaceutical Company  Client has developed a VPC platform, which is a framework of automated controls and tools, that allows provisioning of GxP applications on AWS cloud.  In order for VPC to host regulated workloads, the Platform and its underlying infrastructure components need to be evaluated for conformance with GxP requirements  Performed an assessment of AWS controls and processes, by mapping SOC report controls against client’s SDLC requirements and SOP standards  Assessed current SDLC deliverables and operating processes for VPC platform and identified gaps with provided recommendations  Documented end-to-end process for Infrastructure provisioning and application installation  Performed security assessment and analysis of controls and automation across AWS and the VPC platform Business Needs Challenges  Established a framework to validate client’s VPC environment for GxP workloads  Set precedence to onboard additional GxP applications onto cloud infrastructure  Qualification of cloud platform for GxP workloads will enable other applications to leverage the high scalability, flexibility, and low-cost aspects of AWS cloud services  Maintain compliance with regulatory requirements  Identified and remediated gaps in VPC documentation  AWS policies and procedures have not been shared with the client organization  AWS procedures for Identity and access management have not been audited by client Solution Benefits
Thank you Vandana Viswanathan Vandana.Viswanathan@Cognizant.com

Recommended

Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
seven steps to dataops @ dataops.rocks conference Oct 2019
seven steps to dataops @ dataops.rocks conference Oct 2019seven steps to dataops @ dataops.rocks conference Oct 2019
seven steps to dataops @ dataops.rocks conference Oct 2019DataKitchen
 
Challenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyChallenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyCloudHealth by VMware
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Cloud Training Powerpoint Presentation Slides
Cloud Training Powerpoint Presentation SlidesCloud Training Powerpoint Presentation Slides
Cloud Training Powerpoint Presentation SlidesSlideTeam
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud pptSana Nasar
 
Turnkey Network Services - Aviat Networks
Turnkey Network Services - Aviat NetworksTurnkey Network Services - Aviat Networks
Turnkey Network Services - Aviat NetworksAviat Networks
 
Trucks on a Graph: How JB Hunt Uses Neo4j
Trucks on a Graph: How JB Hunt Uses Neo4jTrucks on a Graph: How JB Hunt Uses Neo4j
Trucks on a Graph: How JB Hunt Uses Neo4jNeo4j
 

Recommended

Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
seven steps to dataops @ dataops.rocks conference Oct 2019
seven steps to dataops @ dataops.rocks conference Oct 2019seven steps to dataops @ dataops.rocks conference Oct 2019
seven steps to dataops @ dataops.rocks conference Oct 2019DataKitchen
 
Challenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyChallenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyCloudHealth by VMware
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Cloud Training Powerpoint Presentation Slides
Cloud Training Powerpoint Presentation SlidesCloud Training Powerpoint Presentation Slides
Cloud Training Powerpoint Presentation SlidesSlideTeam
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud pptSana Nasar
 
Turnkey Network Services - Aviat Networks
Turnkey Network Services - Aviat NetworksTurnkey Network Services - Aviat Networks
Turnkey Network Services - Aviat NetworksAviat Networks
 
Trucks on a Graph: How JB Hunt Uses Neo4j
Trucks on a Graph: How JB Hunt Uses Neo4jTrucks on a Graph: How JB Hunt Uses Neo4j
Trucks on a Graph: How JB Hunt Uses Neo4jNeo4j
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To GuideAmazon Web Services
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesChaitanya Atreya
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
 
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...Neo4j
 
Chapter 6
Chapter 6Chapter 6
Chapter 6Vipin Pachauri
 
Cloud Computing Fundamental
Cloud Computing FundamentalCloud Computing Fundamental
Cloud Computing FundamentalDony Riyanto
 
Cloud
CloudCloud
CloudNone
 
AWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryAWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryTom Laszewski
 
cloud-migrations.pptx
cloud-migrations.pptxcloud-migrations.pptx
cloud-migrations.pptxJohn Mulhall
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud MigrationAmazon Web Services
 
MULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMaganathin Veeraragaloo
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Bluewolf
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR ProgramSchellman & Company
 
VMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration PlatformVMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration PlatformVMware Tanzu
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Performance Testing Cloud-Based Systems
Performance Testing Cloud-Based SystemsPerformance Testing Cloud-Based Systems
Performance Testing Cloud-Based SystemsTechWell
 
Using DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudUsing DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudTechWell
 

More Related Content

What's hot

Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesChaitanya Atreya
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluentconfluent
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
 
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...Neo4j
 
Cloud Computing Fundamental
Cloud Computing FundamentalCloud Computing Fundamental
Cloud Computing FundamentalDony Riyanto
 
Cloud
CloudCloud
CloudNone
 
AWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryAWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryTom Laszewski
 
cloud-migrations.pptx
cloud-migrations.pptxcloud-migrations.pptx
cloud-migrations.pptxJohn Mulhall
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud MigrationAmazon Web Services
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Bluewolf
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
 
VMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration PlatformVMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration PlatformVMware Tanzu
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 

What's hot (20)

Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case Study
 
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
Knowledge Graphs & Graph Data Science, More Context, Better Predictions - Neo...
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Cloud Computing Fundamental
Cloud Computing FundamentalCloud Computing Fundamental
Cloud Computing Fundamental
 
Cloud
CloudCloud
Cloud
 
AWS Private Equity Transformation Advisory
AWS Private Equity Transformation AdvisoryAWS Private Equity Transformation Advisory
AWS Private Equity Transformation Advisory
 
cloud-migrations.pptx
cloud-migrations.pptxcloud-migrations.pptx
cloud-migrations.pptx
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration
 
MULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTURE
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
 
Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012Cloud Governance Presentation Dreamforce 2012
Cloud Governance Presentation Dreamforce 2012
 
The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?The Ideal Approach to Application Modernization; Which Way to the Cloud?
The Ideal Approach to Application Modernization; Which Way to the Cloud?
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
VMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration PlatformVMware Tanzu Application Service as an Integration Platform
VMware Tanzu Application Service as an Integration Platform
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 

Viewers also liked

Performance Testing Cloud-Based Systems
Performance Testing Cloud-Based SystemsPerformance Testing Cloud-Based Systems
Performance Testing Cloud-Based SystemsTechWell
 
Using DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudUsing DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudTechWell
 
Using the Cloud to Load Test and Monitor Your Applications
Using the Cloud to Load Test and Monitor Your ApplicationsUsing the Cloud to Load Test and Monitor Your Applications
Using the Cloud to Load Test and Monitor Your ApplicationsTechWell
 
Testing Applications—For the Cloud and in the Cloud
Testing Applications—For the Cloud and in the CloudTesting Applications—For the Cloud and in the Cloud
Testing Applications—For the Cloud and in the CloudTechWell
 
Continuous Testing in the Cloud
Continuous Testing in the CloudContinuous Testing in the Cloud
Continuous Testing in the CloudTechWell
 
Move Your Selenium Testing to the Cloud
Move Your Selenium Testing to the CloudMove Your Selenium Testing to the Cloud
Move Your Selenium Testing to the CloudTechWell
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the CloudJosiah Renaudin
 

Viewers also liked (7)

Performance Testing Cloud-Based Systems
Performance Testing Cloud-Based SystemsPerformance Testing Cloud-Based Systems
Performance Testing Cloud-Based Systems
 
Using DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the CloudUsing DevOps to Improve Software Quality in the Cloud
Using DevOps to Improve Software Quality in the Cloud
 
Using the Cloud to Load Test and Monitor Your Applications
Using the Cloud to Load Test and Monitor Your ApplicationsUsing the Cloud to Load Test and Monitor Your Applications
Using the Cloud to Load Test and Monitor Your Applications
 
Testing Applications—For the Cloud and in the Cloud
Testing Applications—For the Cloud and in the CloudTesting Applications—For the Cloud and in the Cloud
Testing Applications—For the Cloud and in the Cloud
 
Continuous Testing in the Cloud
Continuous Testing in the CloudContinuous Testing in the Cloud
Continuous Testing in the Cloud
 
Move Your Selenium Testing to the Cloud
Move Your Selenium Testing to the CloudMove Your Selenium Testing to the Cloud
Move Your Selenium Testing to the Cloud
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
 

Similar to Transform Your Cloud Validation Strategy from Cloudy to Clear

Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating CloudsBMC Software
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire ServicesMarlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire ServicesMarlabs
 
Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire Services Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire Services Marlabs
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trendsArun Kulkarni
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Marlabs Services Capabilities Overview
Marlabs Services Capabilities OverviewMarlabs Services Capabilities Overview
Marlabs Services Capabilities OverviewMarlabs
 
Perennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial Systems
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudGoogle
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting PresentationChristian_A_Breaux
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...Amazon Web Services
 
1cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01CloudStar
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Eraaccenture
 
Which Cloud? It All Starts with Assessing Application Readiness
Which Cloud? It All Starts with Assessing Application ReadinessWhich Cloud? It All Starts with Assessing Application Readiness
Which Cloud? It All Starts with Assessing Application ReadinessGravitant, Inc.
 

Similar to Transform Your Cloud Validation Strategy from Cloudy to Clear (20)

Practical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud ComputingPractical Guide to Hybrid Cloud Computing
Practical Guide to Hybrid Cloud Computing
 
Building and Operating Clouds
Building and Operating CloudsBuilding and Operating Clouds
Building and Operating Clouds
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire ServicesMarlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire Services
 
Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire Services Marlabs Capabilities Overview: Guidewire Services
Marlabs Capabilities Overview: Guidewire Services
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trends
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Marlabs Services Capabilities Overview
Marlabs Services Capabilities OverviewMarlabs Services Capabilities Overview
Marlabs Services Capabilities Overview
 
Perennial systems corporate overview presentation
Perennial systems corporate overview presentationPerennial systems corporate overview presentation
Perennial systems corporate overview presentation
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Mindshare Hosting Presentation
Mindshare Hosting PresentationMindshare Hosting Presentation
Mindshare Hosting Presentation
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
 
1cloudstar cloud track.v1.0
1cloudstar cloud track.v1.01cloudstar cloud track.v1.0
1cloudstar cloud track.v1.0
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Financial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital EraFinancial Services - New Approach to Data Management in the Digital Era
Financial Services - New Approach to Data Management in the Digital Era
 
Which Cloud? It All Starts with Assessing Application Readiness
Which Cloud? It All Starts with Assessing Application ReadinessWhich Cloud? It All Starts with Assessing Application Readiness
Which Cloud? It All Starts with Assessing Application Readiness
 

More from TechWell

Failing and Recovering
Failing and RecoveringFailing and Recovering
Failing and RecoveringTechWell
 
Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization TechWell
 
Test Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTest Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTechWell
 
System-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartSystem-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartTechWell
 
Build Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyBuild Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyTechWell
 
Testing Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTesting Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTechWell
 
Implement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowImplement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowTechWell
 
Develop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityDevelop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityTechWell
 
Eliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyEliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyTechWell
 
Transform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTransform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTechWell
 
The Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipThe Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipTechWell
 
Resolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsResolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsTechWell
 
Pin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GamePin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GameTechWell
 
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsAgile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsTechWell
 
A Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationA Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationTechWell
 
Databases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessDatabases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessTechWell
 
Mobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateMobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateTechWell
 
Cultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessCultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessTechWell
 
Turn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTurn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTechWell
 

More from TechWell (20)

Failing and Recovering
Failing and RecoveringFailing and Recovering
Failing and Recovering
 
Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization Instill a DevOps Testing Culture in Your Team and Organization
Instill a DevOps Testing Culture in Your Team and Organization
 
Test Design for Fully Automated Build Architecture
Test Design for Fully Automated Build ArchitectureTest Design for Fully Automated Build Architecture
Test Design for Fully Automated Build Architecture
 
System-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good StartSystem-Level Test Automation: Ensuring a Good Start
System-Level Test Automation: Ensuring a Good Start
 
Build Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test StrategyBuild Your Mobile App Quality and Test Strategy
Build Your Mobile App Quality and Test Strategy
 
Testing Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for SuccessTesting Transformation: The Art and Science for Success
Testing Transformation: The Art and Science for Success
 
Implement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlowImplement BDD with Cucumber and SpecFlow
Implement BDD with Cucumber and SpecFlow
 
Develop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your SanityDevelop WebDriver Automated Tests—and Keep Your Sanity
Develop WebDriver Automated Tests—and Keep Your Sanity
 
Ma 15
Ma 15Ma 15
Ma 15
 
Eliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps StrategyEliminate Cloud Waste with a Holistic DevOps Strategy
Eliminate Cloud Waste with a Holistic DevOps Strategy
 
Transform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOpsTransform Test Organizations for the New World of DevOps
Transform Test Organizations for the New World of DevOps
 
The Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—LeadershipThe Fourth Constraint in Project Delivery—Leadership
The Fourth Constraint in Project Delivery—Leadership
 
Resolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile TeamsResolve the Contradiction of Specialists within Agile Teams
Resolve the Contradiction of Specialists within Agile Teams
 
Pin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile GamePin the Tail on the Metric: A Field-Tested Agile Game
Pin the Tail on the Metric: A Field-Tested Agile Game
 
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile TeamsAgile Performance Holarchy (APH)—A Model for Scaling Agile Teams
Agile Performance Holarchy (APH)—A Model for Scaling Agile Teams
 
A Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps ImplementationA Business-First Approach to DevOps Implementation
A Business-First Approach to DevOps Implementation
 
Databases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery ProcessDatabases in a Continuous Integration/Delivery Process
Databases in a Continuous Integration/Delivery Process
 
Mobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to AutomateMobile Testing: What—and What Not—to Automate
Mobile Testing: What—and What Not—to Automate
 
Cultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for SuccessCultural Intelligence: A Key Skill for Success
Cultural Intelligence: A Key Skill for Success
 
Turn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile TransformationTurn the Lights On: A Power Utility Company's Agile Transformation
Turn the Lights On: A Power Utility Company's Agile Transformation
 

Recently uploaded

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownloadvrstrong314
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfOrtus Solutions, Corp
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageGlobus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsGlobus
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfAMB-Review
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024Ortus Solutions, Corp
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of ProgrammingMatt Welsh
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
 

Recently uploaded (20)

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 

Transform Your Cloud Validation Strategy from Cloudy to Clear

  • 1.         T22   Cloud  Testing   10/6/16  15:00             Transform  Your  Cloud  Validation   Strategy  from  Cloudy  to  Clear   Presented  by:         Vandana  Viswanathan       Cognizant  Technology  Solutions     Brought  to  you  by:                 350  Corporate  Way,  Suite  400,  Orange  Park,  FL  32073     888-­‐-­‐-­‐268-­‐-­‐-­‐8770  ·∙·∙  904-­‐-­‐-­‐278-­‐-­‐-­‐0524  -­‐  info@techwell.com  -­‐  http://www.starwest.techwell.com/            
  • 2.     Vandana  Viswanathan       Vandana  Viswanathan  is  a  solutions-­‐driven  information  technology  leader  with   more  than  fifteen  years  of  experience  providing  consultative  management  in   regulatory  compliance,  intelligent  process  automation,  program  and  quality   management,  SDLC/QA  transformation,  testing  account  management,  and  client   relationship  management  services  for  clients  worldwide.  Her  consulting  industry   experience  spans  across  life  sciences,  healthcare,  and  insurance  verticals.  Vandana   has  designed  intelligent  automation  solutions  for  large  clients  and  pioneered  best-­‐ in-­‐class  quality  assurance  frameworks  for  cloud-­‐based  and  COTS  systems.  Vandana   has  led  and  implemented  PMO,  change  management,  and  SDLC  &  QA  process   transformation  for  large  corporate  clients.  
  • 3. © 2016 Cognizant1 © 2016 Cognizant How to Transform Your Cloud Validation Strategy from Cloudy to Clear Vandana Viswanathan Associate Director, Process & Quality Consulting Vandana.Viswanathan@Cognizant.com
  • 4. © 2016 Cognizant2 Cloud Hosting Overview Challenges for Cloud Adoption and Validation Introduction to Cloud Hosting Context for Validation Framework for Cloud Hosting Validation and Framework for Cloud Cloud Provider Assessment Validation Strategy End-to-End Risk Based Testing approach Change Management in Cloud Audit/Inspection readiness Stages for a Sound Cloud Application Migration/Implementation Strategy Next Steps, Benefits and Summary Agenda Case Studies
  • 5. © 2016 Cognizant3 Cloud Computing Model Definition (NIST) • Enabling convenient, on-demand network access to a shared pool of configurable computing resources • Can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud Hosting Overview Five Essential Characteristics Resource pooling Broad network access Rapid elasticity On-demand self-service Measured Service Small initial investment and on- going cost Acquire computing and development services as needed and on demand Open Standards Sustainability Key Drivers for Moving to Cloud
  • 6. © 2016 Cognizant4 4 Cloud Hosting Overview (Cont.) Cloud Services Delivery Model Application Platform Virtualization Hardware Application Platform Virtualization Hardware Application Platform Virtualization Hardware Vendor ClientResponsibility IaaS PaaS SaaS Infrastructure as a Service : Providers offer computers – physical or (more often) virtual machines – and other resources. Platform as a Service: Providers deliver a computing platform, typically including operating system, programming-language execution environment, database, and web services. Software as a Service: Users gain access to application software and databases. Priced on a pay-per-use basis or using a subscription fee.
  • 7. © 2016 Cognizant5 Client Challenges driving Cloud Agenda What we are hearing from our clients & our readiness to help them • Regulatory Compliance (e.g., Sox, FDA, HIPPA) • Data Security and Privacy – PHI • Reliability and Performance • Governance & Change Management • Legacy IT • Existing investment in the On-premise IT • Lack of resources/ expertise CLOUDADOPTIONISSUES CIOCHALLENGES • Business asking to do more with less • Regulatory requirements e.g. GxP, HIPAA guidelines & audits • Addressing CSO concerns • Organizational silos and varied interest • Building a case for transformation • Business demands e.g. Release faster • Operations Efficiency • Business Transformation • Innovation CLOUDLEVERS * Lack of resources / expertise is the #1 cloud challenge in 2016 Source: RightScale 2016 State of the Cloud Report
  • 8. © 2016 Cognizant6 Challenges for Cloud Validation Risk Control - Share Responsibilities between Client and Vendor for Above Reliability and Performance Compliance Operating Control Compliance to external regulations Compliance to internal Policies Data Privacy: Control of PII data in Global environment Inspections and Audits Upgrading at Various Levels and Change Management Incident Management Performance Monitoring Logging, Audit Trails and Reporting Service Availability Performance / Scalability / Elasticity Data Backup Disaster Recovery and Business Continuity Security Network security Host Security Application Security Data Security Identity and Access Management
  • 9. © 2016 Cognizant7 Regulated, Non-regulated and Business Critical Applications  Regulated Applications: must meet regulatory requirements Cloud Adoption Statistics :82% of enterprises have a multi-cloud strategy and only 3% of enterprises have no plans at all. ( Survey of respondents with 1000+ employees) Source: RightScale 2016 State of the Cloud Report Specific Risks for Regulated Applications (Life Science as an example)  Impact on Patient Safety and Product Quality  Subject to Good Laboratory, Clinical and Manufacturing Practices (GLP, GCP, GMP) requirements  Electronic Records and Signatures Regulations (21 CFR Part 11)  End to End Validation is required across the entire System Development Life Cycle  FDA Inspections  Business Critical Applications: Business and Software requirements need to be captured and tested based on Business risks Banking and Financial Services: SOX Health Care: HIPAA Life Science: GxP
  • 10. © 2016 Cognizant8 Cloud Adoption – Validation / Testing Context    • Cloud adoption in regulated applications lags behind • Compliance accountability cannot be outsourced • Lacking regulatory guidance • Cloud adoption changes the risk profile of the application • A risk based Validation approach is required •Relationships with many cloud providers - a unique, cross-market insight Cloud Providers and Regulations •Disparity between marketing claims and actual understanding / competence Consumers in Regulated Areas •Wide variation in approach to Risk Management: • Regulatory concern need not prevent adoption • Existing guidance on Risk Management adequate – leverage to overcome barriers to adoption • Strategic use of Audit/Assessment and SLA monitoring to manage risk and minimize cost of compliance Background Experience Lessons Learned • Lower costs • Infrastructure and application optimization • Faster time to market • Accelerated innovation • Enhanced collaboration • Better and faster disaster recovery management Benefits
  • 11. © 2016 Cognizant9 Validation/Testing Framework for Cloud Hosting Vendor Assessments Qualify Provider Risk-based Validation Validation Strategy Functionality, Performance, Security, Installation, Migration Testing Change Control User Access Control Governance Documentation, Logs & Audit Trails, Record Retention Inspection Readiness Methodology SaaS PaaSI a a S Technology The Transformation Solution Testing Approach
  • 12. © 2016 Cognizant10 Objective 1: Cloud Provider Assessment Application MaintenanceAssessments Align Client QMS / Gap Analysis Risk Control & Mitigation Measures Report & Recommend Contract & SLAs Security & Privacy Policies & Controls Operating Procedures SDLC Inspection Support - Network, Host and Application Level Security - Data Security / Encryption - User Management and Access Control - Data Privacy Measures (PII data) - Data Backup and Disaster Recovery - Performance Monitoring - Incident Management - SDLC Standards, Procedures - SDLC Documentation - Release Management - Availability of documentation, electronic records, metadata, logs and audit trails during Inspection/Audits - Record Retention Focus Areas during Assessment
  • 13. © 2016 Cognizant11 Objective 2: Risk-based QA/Validation Strategy  Information Security and Data Privacy controls  Overall testing requirements and level of testing  Stage gates and release strategy  Documentation and deliverables  Requirement tracing approach  Required Standard Operating Procedures  Vendor Management and Communication Plan Arrive at an End to End QA / Validation Strategy Perform Risk Assessment  Information Security Risks  Data Privacy Risks  Regulatory Risks  Business Criticality and Risks Define Responsibilities  Boundary of QA - Responsibility between Cloud Provider & Client Organization  QA Handshake Protocol Risk Profile
  • 14. © 2016 Cognizant12 Objective 2: Risk-based Validation Strategy (Cont.) Shared Responsibility PaaS SaaS IaaS Risk-based UAT performed by the client prior to go-live Client performs software development as per their SDLC Client manages Installation testing for any software / platform hosted Client performs design, configuration, testing and deployment of virtualized infrastructure Development phase is black box to the client Vendor provides environments - Test and Production Platform maintenance and Installation / Configuration Testing are managed by Vendor Platform policies must align with Client’s privacy and security policies Vendor’s policies must align with client’s infrastructure Management procedure Pre-defined change control process for improved scalability of infrastructure Client Organization Cloud Provider & Partner
  • 15. © 2016 Cognizant13 Objective 3: Risk-Based Cloud Testing Approach Risks: • Unauthorized Access • Malicious Attacks • Insufficient Encryption Functionality Testing • Network Security • Authentication and Authorization • IAM • Data Encryption • Testing log files and Audit Trails • Vulnerability Scan • Scalability or Elasticity Testing • Response Time • Load and Stress Testing • Endurance Testing • System installed / configured per pre- approved Specifications • Availability to users • Connectivity to interfaced systems / services • Data Backup, Disaster Recovery • End-to-End Business Processes (User Acceptance) • Interface with other systems / services within or outside the Cloud (Integration Testing) • Usability Testing • Tracing to Business and Functional Requirements Installation / Availability Testing Security TestingPerformance Testing Risks • Critical Requirements not met • Integration with systems outside the Cloud Risks: • Installation, Configuration and Connection errors • Loss of Data during Disaster Risks: • Capacity not scalable. • Response Time increases at peaks 13
  • 16. © 2016 Cognizant14 Objective 3: Risk-Based Cloud Testing Approach (Cont.) Installation / Configuration Testing • Infrastructure Layer Testing • Virtualization Level Testing • Platform Layer Testing • Application Layer Testing • Separation of responsibility depends on Cloud Delivery Model (SaaS, PaaS, IaaS) Data Migration • Data Cleanup • Correct Data Conversion • Tracking Migrated Data (audit trail) • Sampling, Record Counting and Business Verification • Parallel Runs and Cutover Regression Testing • Critical Business Processes • Integration with other systems in Cloud • Integration with other systems On-premise • Integration with third-party service providers (IAM etc.) Testing Strategy for Migration to Cloud
  • 17. © 2016 Cognizant15 Object 4: Governance - Change Management in the Cloud Identify Change Impact Analysis Define Responsibility Implementation and Validation In which layer the change occurs? • Infrastructure • Virtualization • Platform • Application • Technical Impact • Businesss Impact • Compliance & Regulatory Impact • Identify Change Management Procedures from cloud provider • Identify Change Management Procedures from Client • Determine the boundary of responsibility between Client and cloud Provider • Determine handshake protocol between Client procedures and Cloud provider procedures • Installation & Configuration Testing • Regression Testing of impacted areas • Regression Testing of critical business processes • Regression Testing of interfaces with other systems Approval Impact Assessments Implementation & Testing Strategy Evidence & Change Summary Document
  • 18. © 2016 Cognizant16 Objective 4: Governance - Change Management in the Cloud (Cont.) Technical Impact Assessment Test Planning Test Execution Application Patch Release App Update? Application Update No Platform Patch Doc Update Yes Sanity Test Platform / Infrastructure Update As an Example
  • 19. © 2016 Cognizant17 Objective 4: Governance - User Access Control Determine Responsibilities User Management Align Procedures • User Provisioning and De-Provisioning • Credential Management • Authorization Policies • Identity Federation Monitoring • Logs and Audits • Authentication & Authorization Records • Reports of Access Activities Review • Periodic Review of User Accounts • Periodic Review of Access Rights and Privileges Client Organization Cloud Provider 3rd Party IAM Service Provider Access Management Procedures
  • 20. © 2016 Cognizant18 Objective 5: Audit / Inspection Readiness State of Control - Infrastructure - Platform - Application Risk Assessment and Controls Operational Phase Procedures Operating Records Training Records Application Development and Testing Documentation Documented Evidence
  • 21. © 2016 Cognizant19 Objective 5: Audit / Inspection Readiness (Cont.)Objective 5: Audit / Inspection Readiness (Cont.) Client Organization is accountable for Compliance. Via Vendor Audit/Assessment and Contractual Agreements, Client Organization should ensure Cloud Provider maintain key Records, Report and Audits Examples of Cloud Provider Records IAM Users / Groups / Roles IAM Providers (for example, for SAML & OpenID Connect) Records if applicable Resource Based policies in other services (for example, Storage Services) Security Configuration Monitor activity in cloud accounts Operating Logs and/or Audit Trails Application validation records (SaaS) Virtual infrastructure Installation / Configuration records End User account info & training records Technical support cases IT Training records Cloud Account credentials
  • 22. © 2016 Cognizant20 Next Steps – Adoption  Establish goal/objective for cloud adoption  Initiate a workshop with vendor to discuss requirements  Discuss prospective areas/candidate systems  Develop implementation roadmap Starters  Finalize pilot projects for implementation  Share insight/experiences with vendor on provider data gathered  Finalize implementation schedule and initiate Statement OW  Initiate supplier assessment with vendorEarly Adopters Pioneers  Identify additional divisions/areas of the organization for cloud adoption  Select systems to be hosted  Collect and analyze key performance metrics on currently hosted solutions , partner performance and cost benefits  Partner with vendor and share key organizational goals  Develop implementation roadmap
  • 23. © 2016 Cognizant21 Benefits Compliance Assurance Ensure System is developed in Compliance with:  Regulatory Requirements  Organizational SDLC, Information Security, and Data Privacy Policies, Standards and Procedures  Industrial Best Practices Benefits to Client Organization Efforts and Cost Saving  Validation and Testing are risk-based, hence efforts and cost are optimized  Saving due to shared responsibility and leveraging Cloud Provider’s testing and documentation State of Control  Governance in place for Change Management and Access Control to ensure System is maintained in a State of Control post go-live to meet changing business needs  System is ready for any potential Audit / Inspection
  • 24. © 2016 Cognizant22 Summary of Cloud Validation Strategy Security, data privacy, and regulatory compliance are critical factors when defining a QA / validation strategy for moving business applications from in-house client hosted environments to a cloud platform. An appropriate level of risk assessments must be performed. Cloud validation and verification strategies should be risk-based to optimize efforts and costs. Cloud validation and testing are shared efforts between client organization and cloud provider. The responsibilities should be clearly defined based on cloud delivery Model. Cloud validation should ensure governance is in place for change and access management to maintain a cloud hosted system in a state of control that is ready for audits / inspections.
  • 25. © 2016 Cognizant23 Case Study 1: Cloud Hosting Validation for a Fortune 100 Pharmaceutical Company  Client is a top fortune 100 global Pharma company based out of the US.  The Scope was to validate a Patient Data Management platform hosted on the cloud (Oracle Managed Cloud Services and Accenture Life Sciences Cloud).  Conducted Cloud Provider Assessments  Conducted InfoSec, Data Privacy and Regulatory Risk Assessments  Defined a cost-effective validation strategy based on risk assessments  Leveraged vendor testing  Built a Testing strategy focusing on end-to-end systems integration (within and outside the Cloud)  Ensured operating procedures are in place for Change Management, User Access, Performance Monitoring and DR and the Client procedures and Cloud Provider procedures were fully aligned. Business Needs Challenges  Average cost savings of 20% for the overall program due to the risk- based validation strategy that optimized the validation efforts  Average resource cost savings of 30% achieved by implementing the risk- based testing model and performing collaborative testing with the Cloud Provider and leveraging testing documents from Cloud Provider.  Passed a regulatory compliance audit with zero major findings  The Platform consisted of 10+ GxP regulated applications on premise and on the cloud  Cloud Applications needed to be integrate with each other and interface with existing legacy applications On Premise  Budget constraint and tight timeline Solution Benefits
  • 26. © 2016 Cognizant24 Case Study 2: Cloud Application Validation for a Top 10 Pharmaceutical Company  Client has developed a VPC platform, which is a framework of automated controls and tools, that allows provisioning of GxP applications on AWS cloud.  In order for VPC to host regulated workloads, the Platform and its underlying infrastructure components need to be evaluated for conformance with GxP requirements  Performed an assessment of AWS controls and processes, by mapping SOC report controls against client’s SDLC requirements and SOP standards  Assessed current SDLC deliverables and operating processes for VPC platform and identified gaps with provided recommendations  Documented end-to-end process for Infrastructure provisioning and application installation  Performed security assessment and analysis of controls and automation across AWS and the VPC platform Business Needs Challenges  Established a framework to validate client’s VPC environment for GxP workloads  Set precedence to onboard additional GxP applications onto cloud infrastructure  Qualification of cloud platform for GxP workloads will enable other applications to leverage the high scalability, flexibility, and low-cost aspects of AWS cloud services  Maintain compliance with regulatory requirements  Identified and remediated gaps in VPC documentation  AWS policies and procedures have not been shared with the client organization  AWS procedures for Identity and access management have not been audited by client Solution Benefits