Posts Tagged ‘SLA’

Do You Know How To Lock Down A Cloud?

Wednesday, October 5th, 2011
Image Credit
A Cloud Is No Good If You Can't Lock It…

A Cloud Is No Good If You Can't Lock It…

Everybody loves the cloud. Or at least that’s pretty much how it seems if you’ve pick up any of the IT trade rags in the past 18 months. They are filled with articles talking about how the cloud is going to save IT departments tons of money and how it’s the next great thing. Well, not all CIOs are convinced of this and considering some of the humongous security issues that are popping up, you might want to rethink some of your cloudy thoughts…

That Darn Security Thing Wrecks Everything

Cloud computing is currently the NST in IT (that’s “New Shiny Thing”) and because of that a lot of organizations are making the leap and moving their mission critical applications into the cloud as fast as possible. Their motivation for doing this is because of the proven cost savings that cloud computing can offer to an IT department.

A study by Mimecast shows that 70% of CIOs who are already using clouds are planning on moving additional applications into the cloud during the upcoming year. The problem with this plan is that another study, this one by Cenzic, shows that 75% of cyber attacks are targeting internet applications. These attacks work just as well against a cloud based IT infrastructure as they do against today’s dedicated IT infrastructure.

How To Lock Down Your Cloud

This, of course, leads to the question of just exactly what a CIO should do. Clearly we’re all going to move into the cloud over time; however, what should we be doing to prepare for this move into an unsecured land?

The very first thing that a CIO needs to be doing is to be ensuring that all applications that are coming out of the IT department are being developed to security standards that are being enforced. This can include performing penetration testing and doing code scanning for known vulnerabilities.

Additionally, since your applications will be running in somebody else’s IT environment, you need to take the time to make sure that that environment is going to be secure. This means that you need to work wording into your service level agreements (SLAs) with your cloud providers that will ensure that they will do everything possible to protect your applications while they are running in the cloud.

What All Of This Means For You

Every CIO has to face reality: cloud computing is upon us. The financial benefits of switching from a dedicated IT infrastructure to a cloud-based infrastructure are so incredibly obvious that you won’t be keeping your CIO job for long if you don’t come up with a transition plan.

What too many CIOs appear to be overlooking is that the switch to cloud computing does not make your existing security problems go away. In fact it may actually add to your IT security challenges. To deal with this you need to implement secure coding standards and ensure that you have solid service-level agreements with your cloud vendors.

By itself, a cloud is not a bad thing. The problem is that it is a fat, juicy target for those people who want to do harm to your IT infrastructure. This means that as CIO you need to be sure to look before you leap and make sure that you’ve locked down your cloud before you make the big switch.

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that the benefits of cloud computing can be achieved if you use a private cloud?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

‘Tis the time of year that my CIO customers are starting to get itchy to try new things. The kids are out of school and greener pastures beckon. They keep asking me where they should be looking for their next CIO job. Is there any industry that will truly appreciate the value that a skilled CIO can bring to the job? It turns out that the answer is yes and right now I’m recommending one industry in particular: energy companies.

Tags: , , , , , , , , , , , , , ,
Posted in cloud computing | No Comments »

Hey IT – Forget ITIL, Say Hello To BDIM!

Wednesday, April 8th, 2009

There's A New IT Management Process In Town - BDIM

There's A New IT Management Process In Town - BDIM

The world of IT is changing once again, are you ready? We have evolved a great deal in the last thirty years and it looks like we’re getting ready to make another great leap forward. This time around we have a name for what’s going to happen and it’s called business-driven IT management (BDIM)!

Antão Moura and Claudio Bartolini have been looking at how IT is managed and they’ve discovered that we’re getting ready for another change. Back at the end of the 1980′s IT management was all about tracking boxes and routers. This was the era of IT infrastructure management.

Stability and control were the key drivers behind this effort. IT acted as a technology provider – IT folks were technical experts and their goal was to minimize down time.

In the past few years this style of IT management has changed. Now IT looks less at the infrastructure and more at the end user. IT now practices what is called IT Service Management (ITSM). The thinking is that IT services use groups of IT infrastructure components to help corporate users (and customers) to do business with the firm.

Viewed this way, IT has become a service provider. The downfall of this is that IT is still viewed as being separate from the rest of the business. The rest of the business believes that IT is mainly concerned with expense control. This has caused one of the firm’s greatest concerns to become the issue of business-IT alignment.

We’ve come up with a whole bunch of technical ways to keep track of how the IT infrastructure is performing in order to ensure that our services are meeting their performance levels. These tools include quality of service (QoS), service level agreements (SLAs), and when you combine both of these you get service level objectives (SLOs).

The arrival of the IT Infrastructure Library (ITIL) set of best practice standards has provided a way to deliver IT governance which seeks to ensure that IT risks are mitigated, IT is aligned with the rest of the firm, and that the expected results are achieved.

The problem with all of this is that the best practices, such as ITIL, are very useful, but they just don’t go far enough toward providing concrete solutions.

This has led to the creation of the business-driven IT management (BDIM) approach to IT management. The goal of BDIM is to move IT one step further and start to use a full business perspective to mange IT. This means that we would need to stop using technical metrics measured at the IT level.

This can get a bit difficult to grasp, so here are a few IT management questions posed in BDIM format:

  • Of all the IT incidents that are occurring RIGHT NOW, which is impacting the business the most and thus should be worked on now?
  • Which services should we invest in to improve business results?
  • How many standby servers should we have for our e-commerce site?

Since I know some you may still be struggling, here is a formal definition of BDIM:

“BDIM is the application of a set of models, practices, techniques, and tools to map and to quantitatively evaluate interdependencies between business performance and IT solutions – and using the quantified evaluation – to improve the IT  solutions’ quality of service and related business results”

BDIM is still in the development stages. Models have to be created, how it related to the ITIL processes will have to be worked out, and creating BDIM decision support related tools will have to be done. However, yet another IT management change is almost upon us – and it’s name is BDIM.

Does your IT shop still use the IT infrastructure management approach or have you moved on to the IT Service Management approach? Is your IT shop seen as separate from the rest of the business or do you think that you’ve achieved business alignment? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in alignment | 5 Comments »