The inaugural Capital Health Tech Summit on June 15, 2017 is less than a month away! You’ve come to the right place for the latest updates on the Summit.


Final Logo Capital Health Tech Summit NVTC (2)NVTC is excited to announce a new keynote for the Capital Health Tech Summit: Office of the National Coordinator for Health IT (ONC) National Coordinator for Health Information Technology Dr. Don Rucker. Dr. Rucker joins Senator Tim Kaine and University of Virginia Executive Vice President, Health Affairs Dr. Richard Shannon in the keynote lineup.

Dr. Rucker comes to the Office of the National Coordinator for Health IT (ONC) from the Ohio State University where he was clinical professor of Emergency Medicine and Biomedical Informatics and Premise Health, a worksite clinic provider, where he served as chief medical officer.

Donald W. Rucker, MDDr. Rucker started his informatics career at Datamedic Corporation where he co-developed the world’s first Microsoft Windows based electronic medical record. He then served as chief medical officer at Siemens Healthcare USA. Dr. Rucker led the team that designed the computerized provider order entry workflow that, as installed at Cincinnati Children’s Hospital, won the 2003 HIMSS Nicholas Davies Award for the best hospital computer system in the US. Dr. Rucker has served on the Board of Commissioners of the Certification Commission for Healthcare Information Technology and Medicare’s Evidence Development and Coverage Advisory Committee (MEDCAC) and has extensive policy experience representing healthcare innovations before Congress, MedPAC and HHS.

He has practiced emergency medicine for a variety of organizations including at Kaiser in California; at Beth Israel Deaconess Medical Center in Boston where he was the first full-time Emergency Department attending; at the University of Pennsylvania’s Penn Presbyterian and Pennsylvania Hospitals; and most recently at Ohio State University’s Wexner Medical Center.

Dr. Rucker is a graduate of Harvard College and the University of Pennsylvania School of Medicine with board certifications in Emergency Medicine, Internal Medicine and Clinical Informatics. He holds an M.S. in medical computer science and an MBA, both from Stanford.

Click here to learn more about the other keynotes and speakers headlining the Capital Health Tech Summit.

Check out the Summit preview video!

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Is your organization DFARS cybersecurity compliant? Read on for more information on how your organization can stay compliant and be ready to handle cyber-attacks in CohnReznick’s new member blog. CohnReznick provides clients with forward thinking advice that helps them navigate complex business and financial issues.


cohnreznick-logoCyber-attacks on organizations, including government contractors and federal agencies, have been rapidly increasing over time. With a lack of defined security policies, processes and controls, many government contractors are ill-equipped to effectively handle potential cyber-attacks that could severely undermine business operations and swiftly lead to insurmountable damages as data and records are destroyed.

To mitigate the risk that businesses face, cybersecurity standards are becoming more prevalent. In particular, organizations with government contracts need to demonstrate compliance with cybersecurity standards as specified in contract requirements and regulations. For example, defense contractors that provide services to Department of Defense (DoD) agencies related to building, maintaining and managing DoD systems, networks, programs, or data may be required to demonstrate compliance with Defense Federal Acquisition Regulation Supplement (DFARS) Safeguarding rules and clauses.

In 2015, the DoD issued a ruling that requires defense contractors and subcontractors to demonstrate cybersecurity compliance with regard to the protection of Covered Defense Information (CDI), also known as Controlled Unclassified Information (CUI), or Unclassified Controlled Technical Information (UCTI).

How Can A Defense Contractor Demonstrate DFARS Clause Compliance?

GovCon Article Graphics1bDefense contractors and sub-contractors must implement and continuously assess security requirements, thereby demonstrating adequate cybersecurity measures are in place to safeguard CDI information from unauthorized access and disclosure. Additionally, such security measures can help identify, prevent, detect and report cyber-related intrusion events that affect defense contractors’ unclassified information systems. The security requirements are specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

Security requirements are categorized into 14 control families as listed in the graphic to the right. In addition to implementing the 14 security requirements, defense contractors and sub-contractors must have processes in place to identify a cybersecurity incident and report the incident no later than 72 hours upon discovery of the incident/breach. Reporting of the incident requires addressing elements, as outlined on the cyber incident reporting form, and providing necessary supporting documentation and evidence related to the incident. The incident can only be reported using a DoD-approved medium assurance certificate.

Pair DFARS Compliance Assessment With Advanced Breach Detection Solutions

GovCon Article Graphics2_WithTitleA critical component of DFARS regulation, as well as an area where we have found contractors to continually lack capabilities, is in breach detection. That is why it is important to have advanced solutions combined with appropriate governance and mature processes to enable contractors to rapidly detect devices of interest and indicators of compromise (IOC).

CohnReznick utilizes a holistic solution designed explicitly to fill this gap with clients. Our solutions can analyze thousands of protocols and hundreds of new attack vectors each day to find breaches and anomalous behavior on the defense contractor network. X-ray visibility into your environment is achieved by continuously analyzing application-based metadata ― combined with user information and the latest threat intelligence, against past, current, and future network activity ― to detect any previously unidentified breaches. Defense contractors and sub-contractors can be assured of accelerated compliance with DFARS requirements for incident response, risk assessment, and system and communications protection.

Moreover, IOCs and compromised device behavior can be pinpointed through behavioral analysis conducted on the network communications. Such IOCs and compromised device behavior could include:

Anomalous internal file transfers

Unexpected protocols

Suspicious or illegitimate connections

Encrypted communications

Unauthorized credential usage

Use of anonymizing applications

Risks from bring your own device (BYOD) policies

Beaconing

Exfiltration

Non-standard ports

Remote access tools

Suspicious downloads

File type mismatches

What If I Can’t Demonstrate DFARS Clause Compliance?

The defense contractor is required to notify the DoD CIO within 30 days of contract award if the defense contractor and their sub-contractors are not in compliance with all of the security requirements. Contractors have until December 2017 to attain compliance with all of the security requirements in NIST SP 800-171. Non-compliance can lead to cure notices, adverse past performance, fee reduction penalties, and possibly civil False Claims Act (FCA) implications, as well as reputational risk and responsibility issues, which could lead to loss of awards.


About CohnReznick’s Technology Risk and Cybersecurity Services

CohnReznick provides cybersecurity solutions that are dynamic, scalable, and tailored for growth companies. CohnReznick’s security professionals average more than 15 years in the field and hold key certifications. Our professionals have deep experience assisting organizations in implementing and complying with information and cybersecurity requirements using NIST 800-53, DIACAP, ISO 27001, COBIT and other industry leading standards and frameworks. Learn more.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC’s Spring 2017 The Voice of Technology magazine cover story, “Past is Prologue,” highlighted the Internet2 networking consortium and its role in supporting the early stages of the Internet, as well as its continued impact in connecting universities, government agencies, libraries, healthcare organizations and corporations today.

As a follow up to the article, University of Maryland Associate Vice President for Corporate and Foundation Relations Brian Darmody discusses University of Maryland’s role in early Internet development below in their new member blog post.


Did you know the nation’s first Internet exchange point was established at the University of Maryland (UMD)?

UMD Blog v2UMD and UMD Professor Glenn Ricart played a strong role in the start of the interconnected Internet that we know of today. Prof. Ricart developed the nation’s first Internet exchange point at UMD in 1988, which connected the original federal TCP/IP networks and the first U.S. commercial and non-commercial networks. Arguably, this was the world’s first ISP as a commercial vendor joined the previously university-only network. This exchange point was called the Federal Internet Exchange (FIX), then FIX-East and then MAE-East.

Later, Prof. Ricart would go on to help UMD establish the nation’s first TCP/IP university campus-wide network.  For these and other accomplishments, Prof. Ricart was inducted into the Internet Hall of Fame in 2013.

Prof. Ricart’s early work in laying the foundation for the Internet continues today in the Mid-Atlantic Crossroads in the UMD Research Park, which is one of the nation’s most robust regional high-speed connectivity networks for research and service to K-12 schools, universities, nonprofits, federal research agencies and the private sector, including counties in Virginia, companies in D.C. and federal agencies in Maryland.

In 1994, UMD’s alumni magazine featured an article on the early work UMD did in computer networking in the 1980s, which featured one of the first computer messages that was delivered from UMD to George Washington University. It is interesting to read the article now given the ubiquity of computer networking today, but is a proud illustration of our region’s role in pioneering the early computer communications infrastructure. Check out the article below:

 

Internet Network Is Born (Fall 1994, UMD Alumni Magazine)

UMD Blog 1At the annual Computer Science Center Christmas party in 1986, the champagne glasses were clinking, the holiday music was humming and Jack Hahn, project director for the newly formed Southeastern University Research Association network (SURAnet), was “walking on air.” On that day, an electronic message was sent from the University of Maryland at College Park to George Washington University — the first on a network whose technology would become the model for what Hahn calls, “one of the most powerful intellectual tools that mankind has ever had at its fingertips.”

Although no one seems to recall just what that historic message was (“probably, something like ‘hey, is this thing working?’” says Hahn), the first few keystrokes were the culmination of years of work initiated by Glenn Ricart, director of the university’s Computer Science Center.

The idea was to link the 14 SURA institutions into a communications network so that information could be trans-ferred between academic departments on each campus. It was such a novel idea at the time that, when Ricart brought his proposal to the National Science Foundation, they couldn’t tell him which office to send it to. “Nobody had ever done a network like this before, and it wasn’t clear that this was science and how this would help science, so NSF really didn’t know what to do with it,” he says (the NSF ended up establishing an entire division for networking and computing and solicited similar proposals).

In the meantime, Ricart, Hahn, Mark Oros, network operations supervisor, and Mike Petry, manager of communication  software, retreated to the nondescript basement of the Computer and Space Sciences building and began wiring the circuits that would link an entire region.

By late spring of 1987, connections to the original SURAnet universities were up and running. Colleges and universities from other regions recognized a good thing and began flocking to College Park to see the new technology. The National Science Foundation then decided to link all the regional networks using something called “fuzzball technology” developed by Dave Mills, an adjunct professor at College Park, and the humble beginnings of what would become known as the present-day Internet were formed.

Hahn originally monitored the fledgling network from his basement. “I used to say SURAnet has a network information center and a network operations center — a nic and noc — and you’re talking to both of them,” he says.

Adding more universities, federal institutions and commercial networks, SURAnet grew too large to remain on campus and now employs 40 people in a “somewhat secret” location on Route 1 in College Park. Over 400 organizations across 13 states and the District of Columbia are supported by the network, ranging from the Enoch Pratt Free Library in Maryland to the U.S. Department of Natural Resources and state and local governments in the region.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Final Logo Capital Health Tech Summit NVTC (2)Explore how technology is transforming and disrupting the delivery of health at the inaugural Capital Health Tech Summit on June 15, 2017 at the Inova Center for Personalized Health.

The Capital Health Tech Summit will showcase how the intersection of commercial, government and academic assets makes Greater Washington the epicenter for innovation and opportunity in the health technology sector. Keynote speakers include Senator Tim Kaine, ONC National Coordinator for Health Information Technology Dr. Don Rucker and University of Virginia Executive Vice President of Health Affairs Dr. Richard Shannon.

The Summit will cover such exciting health tech topics as data analytics in the continuum of health, cybersecurity, pharmacogenomics, telehealth and remote patient monitoring.

Just this week new speakers from Carilion Clinic, FDA, HHS and Translational Software have joined the Summit lineup. We’re adding new speakers everyday so check the Capital Health Tech Summit agenda often!

Learn more about the Summit in our new preview video!

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This week’s NVTC member guest blog is by Telos Corporation CEO and Chairman and NVTC Board Member John B. Wood. Telos Corporation is an information technology leader that offers solutions to empower and protect the world’s most security-conscious enterprises.


telos-logoWith the May 11 signing of the “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” our nation took a major step forward in improving our overall cyber posture.

As I said in the hours after the President signed the order, even the most rigorous processes for managing modern cyber threats require a foundation of modern technology. That’s why I was encouraged to see that the executive order specifically instructed federal agencies to show preference in their procurement for shared IT services, including the cloud. A growing number of federal agencies have realized that the cloud offers them secure and cost-efficient computing capabilities, but many others have been hesitant to make the move. This executive order provides the needed boost for all agencies to look towards the cloud.

With this executive order and the latest version of the Modernizing Government Technology Act (MGT) legislation moving through Congress, I believe we have reached a tipping point where the federal government will have the White House support and the financial means to truly tackle IT modernization and make it a top area of focus for every agency. In unveiling the order, the White House also showed vision by saying that planned federal IT modernization will include transitioning agencies to one or more consolidated networks, with the goal being to view “our IT as one federal enterprise network.”

Another very interesting aspect of the order, which I was likewise encouraged to see, was the direction for all federal agencies to immediately begin to use the NIST Cybersecurity Framework (CSF) to manage their cybersecurity risk.  At Telos, we have long advocated for a common language when it comes to cybersecurity so stakeholders in all areas of the organization can communicate about cyber risk, which ultimately leads to more informed decisions about what security investments need to be made. The CSF is a powerful framework for enabling improved risk management throughout the government enterprise. Replacing outdated legacy systems, and making adoption of the framework more efficient with automation, will only strengthen our government’s cybersecurity defenses.

In the near-term, I will be paying close attention as agencies work to provide their own 90-day plans for implementing the NIST CSF, as required by this executive order.

Locally, this order should be welcome news to the vast number of technology and cybersecurity companies in Northern Virginia who work with the federal government. For those of us in this field, the executive order is exactly the type of nudge that federal agencies have needed to make the necessary improvements to their IT infrastructure and cybersecurity posture. However, for this executive order to truly deliver value, it will be contingent upon industry and government working together. I have no doubt that industry will step up to ensure success.

Overall, the cybersecurity executive order constitutes a long-overdue move by the federal government to take the steps necessary to better protect its networks and data. Moreover, the order sends a powerful message that our nation’s cyber defenses must continuously be monitored, evaluated and improved, and that this effort will be a key priority for this administration over the coming months and years.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Over 100 members of the NVTC Data Center and Cloud Infrastructure Committee attended a special tour of DigitalRealty’s Ashburn campus on May 4. Attendees also enjoyed a networking reception after the tour. Thank you to event host and new patron sponsor DigitalRealty! DigitalRealty’s campus is one million square feet and growing fast!

Check out photos from the event (click to enlarge)!

May 4 event photo 3  May 4 event photo 4  May 4 event photo 5 May 4 event photo 6  May 4 event photo 7  May 4 event photo 8 May 4 event photo 9 May 4 event photo 2 May 4 event photo 1

Stay in the loop! Follow the Data Center and Cloud Infrastructure Committee on Twitter!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Does your organization have a mentoring program? Have a well-structured employee mentoring program in place is a vital component to the mentoring experience. Read on for important tips from Insperity for shaping your organization’s mentoring program.


insperity v2Mentorship can play a critical role in the successful onboarding of new employees and the long-term development of existing team members. But how do you determine the right mentor for a particular mentee?

Should they be like-minded or in similar roles? Or, should the mentor be strong in the skills that the employee needs the most growth in? What role does personality fit play?

First, a definition: A mentor is not another boss, but a helpful confidant who gives relevant, occasional feedback and guidance that helps the employee gain needed skills.

Mentoring is different from performance management. A mentor program targets those employees who are already performing well and need extra input to grow and reach their full potential.

Mentoring is not remedial learning. If an employee is underperforming or has some other workplace problem, their manager must tackle the issue through coaching and other performance management techniques, not by selecting a mentor.

Know what you want to accomplish

The type of mentor you choose for an employee depends on your business goals. Does the employee in question need help with technical skills or leadership skills? Is this a new employee or a long-term employee?

You first need to know what you want to accomplish to successfully pair a mentor and mentee.

For instance, a new employee will probably benefit from a mentor who helps them learn about your business’s cultural norms and processes. This mentor should have an open mind and an open ear to candidly speak about processes and the best ways to navigate the environment.

They should also be experienced and organized enough to explain key procedures, and communicate clearly and consistently.

On the other hand, if you’ve identified a junior machinist who needs to learn a particular technical skill, you’ll want to pick a mentor who has that skill and who also communicates well.

If a junior executive wants to become a senior executive, the mentor should be able to offer guidance on cultural norms and processes, look for ways the mentee’s potential can benefit the organization and facilitate getting the mentee connected to these new opportunities.

A mentor should have the necessary communication skills and desire to be a continual learner, not someone with a tired or know-it-all attitude. Mentors should also be willing to share ownership and accountability for the work, giving the mentee credit when it’s due. Remember, mentoring is a two-way street, so pick a mentor who is willing to listen, give good counsel and learn from their mentee.

Another aspect of that two-way street: Not all mentors have to be older, long-time employees. Maybe one of your younger employees can help an older one gain confidence in using new software or social media for work or offer up-to-date information on the latest business technologies and workplace trends.

Yes, pairing employees with similar viewpoints, life experiences and work styles may help the relationship succeed, but ultimately the match should be determined by your organization’s needs.

Success requires structure

Larger companies often build significant structure around their mentor programs, with formal pairings, training and reporting required. That sort of structure may not be practical for a smaller business, but to be successful your mentor program will still need some definition.

What that structure looks like will be determined by the business goals you identified earlier. But, you still need to define goals, expectations and schedules. You also need to make sure both the mentor and mentee have time to accomplish the goals you set.

For example, if the mentee needs to gain technical expertise, the mentorship may consist of the mentor teaching specific skills and the mentee practicing at consistent times followed by question-and-answer periods. A mentor-mentee pairing like this may only last a few weeks or months, with a clearly defined goal that technical expertise will be attained by a certain date.

Follow-up is important too. Ask questions such as:

  • Did the mentorship help you learn that new skill or refine an existing skill?
  • Did the program help you get more comfortable in your new job?
  • Was it a good use of your time?
  • Do you feel better prepared to handle the work ahead?

Answers to these questions will help you determine whether your mentor-mentee pairs are a good fit. If they’re not, don’t hesitate to break up a pair and reassign them to other people. Mentor pairs are as individual as the people involved, and not everyone will be compatible.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

By John Shaw, NVTC Research and Strategic Initiatives Manager

In a continued effort to address the talent needs of NVTC members and the Greater Washington technology community, NVTC’s Tech Talent Initiative (TTI) is partnering with the Business-Higher Education Forum (BHEF) to address the development of cybersecurity, data analytics and engineering competencies through curriculum that aligns with the skills used by government and industry practitioners, amongst other activities.

BHEF’s work focuses on three main approaches: building partnerships, strengthening talent initiatives, and identifying actionable trends and insights.

Through this multi-pronged approach, BHEF uses evidenced-based practices to meet business’ needs, correcting misalignments in a region’s workforce through strengthening efforts to develop highly-skilled, engaged professionals. These regional talent pathways help create undergraduate programs that produce a diverse pool of enabled, workforce-ready graduates with the right skills and competencies for today’s high-skill jobs.

In Greater Washington, BHEF has created the Future Cyber Leaders Program, which brings together defense sector industry leaders and government agencies to select undergrads from sponsoring defense sector organizations to participate in a seven-week program focused on cybersecurity development. BHEF has also applied its National Higher Education Workforce Initiative across Greater Washington (HEWI), and has published a case study on their work in Maryland, which shows clear results in moving the needle in developing graduates that have the needed skills and competencies to enter the cybersecurity workforce upon graduation.

NVTC’s partnership with BHEF is one part of their HEWI work in Greater Washington, and will focus on competency mapping in data analytics, cybersecurity and engineering. NVTC is taking on the role of convener, and is currently gathering practitioners for two roundtables during which practitioners will review and update existing straw man competency maps specific to data analytics and engineering, as well as cybersecurity and engineering. The data analytics and engineering session is scheduled for Wednesday, May 10 from 9:00 a.m. to 1:00 p.m. in Reston, Va., and the cybersecurity and engineering session is scheduled for Wednesday, May 24, also from 9:00 a.m. to 1:00 p.m. in Reston, Va. For more information on these sessions or to participate, please contact me by clicking here: John Shaw.

We are also staging an Internship Roundtable for Emerging and Technology Fields on Wednesday, June 7 from 9:30 a.m. to 12:00 p.m., again in Reston, Va. This session will address how developing early professional relationships with students can give companies a competitive advantage in building a qualified workforce and will help NVTC and BHEF develop best practices for recruiting, mentoring, hiring and retaining students in high-demand tech fields. For more information or to participate for the internship roundtable, please contact me by clicking here: John Shaw.

Click here to learn more about NVTC’s Tech Talent Initiative and here to access BHEF’s published content.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

1704 Titans Larry Prior 435a (2)On April 7, over 400 members of the region’s technology community came together at The Ritz-Carlton, Tysons Corner for an NVTC Titans breakfast featuring Larry Prior, president and CEO of CSRA, a leading provider of next-generation IT solutions and professional services for U.S. government agencies and programs.

Prior highlighted the “fundamental refresh” occurring in tech today, being driven by demand for the cloud and processing capabilities at the edge. This next-gen IT revolution isn’t just happening in the commercial sector; government clients are also expecting automated workflow and agile network systems that function like the apps on their personal devices.

Prior also discussed  last year’s merger between CSC and SRA to form CSRA. He shared how the merger has allowed CSRA to scale its business to meet the government’s IT needs. Through increased financial investments in R&D, leveraging a newly-expanded talent pool and bolstering partnerships, CSRA has been able to scale its business. Prior also noted how consolidations and mergers are becoming a more common trend in the tech industry.

Scaling is happening at a regional level in Greater Washington, too, according to Prior. The region’s strengths in partnership-building, collaboration, commitment to mission and passion for customers gives organizations here a strong foundation and competitive advantage, particularly with government customers. Prior noted that Greater Washington is a “model for tomorrow” in improving technology and impacting change on a national level.

Check out video of Prior’s remarks:

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Interested in transitioning to the cloud? Wondering where to start? Then you’ll want to read this NVTC member guest blog from LeaseWeb’s Julia Gortinskaya first to get prepared for your cloud transition.


leaseweb-logoFrom both a business and an IT perspective, migrating to the cloud can be a good option for many businesses. But, it’s not something that can be done without the right research and preparation. If you want to be successful when migrating to the cloud, you need open communication with both your own team and hosting provider, as well as a clearly defined cloud migration strategy that is connected to your business needs. What follow are five tips to help you get started:

1. Share your roadmap

Setting goals is everything. Your goals for migrating to the cloud should be closely connected to your business goals. How fast do you want to grow (i.e. how scalable does your technology need to be)? Who in your organization needs what functionality in order to reach which goal?

Select a cloud partner who is open to discussion about your roadmap and its implementation. Together you can create a technology roadmap that best supports your ambitions. Ideally, your cloud partner is a trusted advisor who shares his or her expertise with you. Keeping in close contact with your partner and sharing the load will also enable you to divide tasks between you: while your cloud provider focuses on hosting a cloud platform and making sure your servers are up-and-running, you will be able to concentrate on creating more value for your customers.

The value of leveraging a third party can only be achieved when both sides understand their responsibilities and expectations. This means communication between you and your partner should be one of your top priorities.

2. Check certifications and compliance statements

Security and compliance are enablers, not obstacles. When migrating to the cloud, it is important to know in advance which certifications your cloud partner has, what exactly is covered and the independent auditor monitoring process. For instance, privacy and compliance certifications are necessary for organizations supporting compliant workloads.

Since security and compliance are shared responsibilities between you and your cloud provider, and perhaps other third parties as well, you’ll likely be able to benefit from the certifications your cloud provider already has in place. If your enterprise data is stored on servers in a datacenter owned by your cloud provider, the physical security of the datacenter is the cloud partner’s responsibility.

Make sure to find answers to questions such as ‘who has access to my data?’, ‘where is my data stored geographically?’ and ‘what are the export restrictions?’ You may prefer to store data in a specific region, but may also be bound to a location by customer contracts and/or privacy laws.

And don’t forget, certifications and regulations evolve over time. Cloud providers should follow developments closely and advise on any action you need to take.  While you may not want to come across as suspicious, you should ask your partner to deliver proof of any certifications.

3. Look for a partner who can scale quickly

When migrating to the cloud, there are different options and delivery models for specific workloads: private, public, hybrid, hyper-scale, on premise and off-premise. New ones are developed at a rapid pace. Explore the options (and the degree of service, the security and the expected costs) that are available for your needs.

Whichever partner you choose, select one that can act the moment you need to scale quickly. If your business requires you to add server capacity either temporarily or for a longer period, your partner should be able to provide the flexibility and speed that you need.

4. Train your people before, during and after

Most cloud projects require a different set of skills from your IT staff to implement and manage workloads (e.g. APIs, open source platforms).Traditional skill sets in server, network and desktop administration are not needed in a cloud environment as they are embedded in the service. In most instances, re-skilling employees in more DevOps centric areas can be wise.

Instead of acquiring engineering skills, your IT staff will have to learn to think more as a cloud architect (which will probably be more challenging than being an administrator anyway). And since tactical day-to-day support is managed by your cloud partner, IT staff should spend more time developing and delivering services and applications that demonstrate direct value to the business.

5. Consider changes in architecture

We have come a long way from ‘one server for one service.’ Cloud computing changes the way applications are deployed and resources are delivered. Your current architecture might work in the cloud, but may also need some changes. Some applications can be migrated to the cloud, while others might require adaptation, such as the decoupling of data. You might also benefit from taking a more service-oriented approach, from cloud services delivered through API’s. Try to design an architecture that will give you full advantage of native cloud features.

You can download the full checklist “10 Do’s and Don’ts When Migrating to the cloud” here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS