Lessons Learned Through Cloud Transformation CSA PRESENTATION 10-19-15
Download as PPTX, PDF1 like603 views
This document summarizes Jim Rutt's experience transforming the Dana Foundation's IT infrastructure to the cloud. Some key points: - The Dana Foundation moved locations in 2011, prompting a review of their on-premise infrastructure which faced issues like complexity, downtime, and resource constraints. - They migrated Exchange to Office 365 in 2011-2012, addressing these issues. They also implemented Okta for single sign-on and identity management across SaaS apps like Salesforce. - Other moves to the cloud included moving their ERP system to Azure and adopting Zendesk for help desk support. - Lessons included calculating risks carefully, crafting a governance model, and adopting next-gen security
Lessons Learned Through Cloud Transformation CSA PRESENTATION 10-19-15
- 1. LESSONS LEARNED THROUGH CLOUD TRANSFORMATION Jim Rutt Director of IT, Dana Foundation October 28, 2015
- 2. PERSONAL BACKGROUND • 20 years of client-side practioning in technology • Primarily in healthcare (payer/managed care) but also significant experience in financial and pharmaceutical. • As Director of IT for The Dana Foundation, responsible for all domains encompassing the use of technology (infrastructure, application development, data, network, etc.) • First experience in the non-profit sector
- 3. DANA FOUNDATION BACKGROUND • http://www.dana.org • Founded in 1950 • Endowment based foundation supporting brain research through grants, publications and educational programs • Chief importance centered around scientific inquiry (funding of research into neuroscience) and the engagement of the general public (publications and programs)
- 4. DECEMBER 2010: FIRST DAY
- 5. BEGINNING STATE • Traditional on-premise infrastructure with a limited amount of IaaS/private cloud • Limited human resources • No application lifecycle • No real strategy around risk, security, compliance • Traditional problems (too much time spent supporting infrastructure issues and not enough time developing new features and enhancing end-user experience)
- 6. MARCH 2011: TRIGGER EVENT • Foundation moved to new location • Opportunities for consolidation as well as re-thinking existing cloud environment, with an eye towards optimizing from a performance, security, and cost perspective. • Addressing macro trends affecting everyone in our industry (consumerization of IT, rise of mobile, demographic trends). • Time to test the waters with the first application…
- 7. OFFICE 365 • Existing Exchange Server environment: • Total of 15 VM’s, way too complex • Uptime way below five nines • All resources (CPU/RAM/storage) reaching 100% utilization • Active Directory environment supporting Exchange badly neglected with serious integrity issues. • Maybe an opportunity to embrace a new security model rather than pour significant resources into maintaining AD.
- 8. OFFICE 365: APRIL 2011-JAN 2012 • Migration considerations specific to governance: • Ruled out AD Federation due to previously identified issues with AD. • However, slightly complicating authentication model temporarily (going from AD pass through authentication to adding an additional Office 365 credential in addition to existing AD) • Already risking “password fatigue” with end users. • Time to look at a possible new solution for cloud-based identity…..
- 9. OKTA (ID AS A SERVICE) • Essentially a single sign on solution primarily for SaaS • Great leverage with web based SaaS offerings,also integratable with AD • Also streamlines provisioning/deprovisioning. • Clean user interface and simple administrative console • We began to see this model as the future.
- 10. SALESFORCE
- 11. GREAT PLAINS TO AZURE
- 12. ZENDESK • SaaS based Help Desk solution
- 13. COMPLIANCE/GOVERNANCE CONSIDERATIONS • No technology audits prior to 2010. • Using the new technologies and strategies we were able to craft a compliance structure, along with guiding our external auditors, that truly represented an actionable governance program, rather than just a checklist of useless items.
- 14. NEXT GENERATION SECURITY SOLUTIONS • Netskope (CASB) • Vera (hardening at the actual file level) • Menlo Security (malware isolation) • Ensilo (Exfiltration • Lesser reliance on legacy antivirus solutions
- 16. RETURN ON INVESTMENT • Signifigant security cost/risk mitigation now transferred to top tier providers (Microsoft, Salesforce, etc.) • Trust factor is this case resembles a reverse of the “prisoners dilemma” theory.
- 17. LESSONS LEARNED ALONG THE WAY • Calculated risk moving our most visible application (Exchange) to the cloud first, but mitigated by existing pain felt.
- 18. 2016 AND BEYOND • Eventual retirement of legacy AD • Harden end-user devices • Expansion of two factor authentication • Continue to adopt next generation endpoint security solutions.