All posts by robertomircoli

Simplifying complex public sector environments through cloud: A guide

Government and public sector organisations continue to seek ways to improve services and mitigate the risk of migrating mission-critical applications to the cloud. Already, many organisations, focused on improving the citizen experience, have set their sights on the cloud. Flexible, agile and affordable, managed cloud can accelerate the agency mission.  Still, CIOs are cautious about which applications to prioritise and what steps they must take to ensure the reality fulfils the promise.

In the US, since the White House released the Cloud First Policy in 2011, organisations are prioritising the evaluation of cloud computing before making any new investments in IT infrastructure or software. Likewise in the UK, the government set out its plan to adopt a 'Cloud First' policy for public sector IT back in 2013. As a result, worldwide organisations have cautiously deployed sub-sets of applications in the cloud, like email, and an increasing number of organisations have undertaken projects to develop cloud-native applications. Successful deployments and more cloud choices are increasing public sector confidence in cloud.

The benefits of cloud are real

Originating with the government, mission-critical is a term now used by all organisations to describe the crucial dependency of an organisation on an application and its relationship with the business of governing. Delivering mission-critical applications more efficiently saves taxpayers’ money, strengthens security and enables government and public sector organisations to do more with constrained budgets. Migrating legacy workloads and applications to the cloud frees up the budget to tackle transformative new projects and programmes.

The financial incentives for migrating traditional applications to the cloud are real. Analysts estimate that in 2018, 70% of the $95.7 billion U.S. federal IT budget will be spent on operating and maintaining existing IT investments and that percentage figure will be similar here in the UK.

Migration speedbump: Reliance on core enterprise applications

While modern web-scale applications were designed to run in the cloud, most organisations still rely on a broad mix of existing mission-critical applications, many of which were not intended to operate in a cloud computing environment and some that were not designed to scale up or down on demand. Further complicating migration planning, applications may require stringent security or compliance controls to ensure that regulatory guidelines are met.

While organisations are increasingly eager to move to the cloud, many soon realise that it takes considerable time and resources to plan, re-architect and manage the new solution. The majority of today’s mission-critical workloads do not fall into the category that makes it easy for public sector organisations to migrate and gain authority to operate (ATO) quickly and cost-effectively. Most public cloud offerings do not allow these organisations to realise true IT transformation since the self-service nature of public cloud still requires organisations to perform most of the management activities themselves in order to support the workload and the end-user base.

Cloud – the public face of transformation

Public sector organisations need a better path to the cloud with secure and cost-effective managed cloud solutions that allow them to run the complex, mission-critical applications of today. Government and public sector organisations require a cloud that was built to handle mission-critical applications for the most complex, highly secure IT landscapes in the world.

Accelerate time to value

While public sector IT budgets remain stagnant or even decrease, expectations for new technology are continually rising. Public sector and government organisations need to increase the performance and reliability while simultaneously managing and containing costs from their most expensive and time-consuming mission-critical applications. Organisations must be able to step into the cloud today by deploying existing applications with minimal changes and gain ATO sooner, versus taking a giant leap to re-architecting every application from scratch to be cloud-native.

Security and compliance

Different applications have different use case characteristics and they have specific requirements which address these to enable them to migrate their mission-critical applications. This includes understanding stringent security and compliance requirements. They also require an approach to cloud which ensures continuity of operation and shortens time to value without compromising essential aspects like security and compliance.

Manage costs

Organisations need to maximise operational efficiency while increasing cost transparency and gaining the ability to allocate cost to specific programmes, allowing them to achieve improved financial flexibility to choose the right services and resources for the right workload. A true consumption-based pricing model allows government IT departments to only pay for what they use—improving economics beyond basic virtualisation, and freeing up budgetary funding to be allocated to other areas.

Offload management burden

Cloud platform infrastructure is only part of the mission-critical workload story. Organisations can experience true IT transformation through comprehensive IT management solutions that raise the bar on current operations and ensure that the most value and performance is gained from information infrastructures. Industry-leading methods and innovative tools now exist, providing real-time metrics to detect, diagnose, repair, and report on issues in the most complex business IT environments.

Focus on the mission

Government agencies can now effectively navigate the complexities of digital transformation and modernisation. Here at Virtustream our Federal Cloud capabilities allow public sector and government organisations to deliver mission-critical applications more efficiently, strengthen security while simultaneously enabling them to tackle transformative new projects and programmes.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

As the financial sector embraces cloud technologies – what are the critical factors for success?

Today, in order to maintain competitive advantage, financial institutions need to be increasingly agile and quick in how they respond to fast-changing customer expectations and ultimately beat their competitors.

To this point, last month the EBA – European Banking Authority  published a Report on the Prudential Risks and Opportunities Arising for Institutions from Fintech. The report provides an analysis of the risks and opportunities relating to the adoption of new innovative technologies, providing seven fintech use cases, one of which is focused on outsourcing core banking and payment systems to the public, hybrid and private cloud.

The report looked at how cloud computing, which is an important enabling technology, is being leveraged by financial institutions to deliver innovative financial products and services.  In particular it highlights that in recent years there has been increasing interest from institutions in working with cloud service providers. And although that interest was initially focused on migrating non-core applications to the cloud, the EBA found that many financial institutions are now exploring how to migrate core mission critical systems to the cloud.

The report goes on to talk about how flexibility, scalability and agility are seen as the main benefits of public cloud, but adds that most cloud services have been standardised in order to allow services to be provided to a large number of customers in a highly automated manner on a large scale.

The underlying concern of course is that in such a security‑intensive and highly‑regulated industry, no one size ‘cloud’ fits all. So while it’s key that cloud providers standardise to very high service standards, those who also provide specialised service offerings and keep themselves open to individual use cases and customers’ requirements – e.g., for mission critical workloads ‑ clearly have an edge. This is precisely what Virtustream was built for, combined with a very high level of automation which reduces human intervention in the most complex IT operation processes, increasing efficiency and lowering risk exposure.  

The EPA report goes on to outline two main criterion that need to be met to ensure financial institutions are making the move to cloud correctly. These include “choosing the right cloud service partner (CSP) on its journey” and “ensuring the internal organisation can meet the needs for this transformation alongside its CSP partner”.

Choosing the right CSP

Financial institutions must carefully select the CSP that is right and suitable for their needs. This will depend on the project in question, the institution’s overall strategy and the regulatory requirements that the organisation must meet. The organisation must also consider what data is appropriate and necessary to migrate to the cloud; remembering that they don’t necessarily need to take an ‘all or nothing’ approach to cloud services. Likewise any CSP that an institution works with must have a firm understanding of the relevant compliance landscape. It is important to be able to demonstrate that a judgment call can be made when required. For example this involves documenting the reasonable action that has been taken to prevent or mitigate a data breach or loss, creating a full ‘audit trail’ and evidence of the company’s compliance.

This is where the CSP must have the deepest and broadest expertise on what it takes to migrate complex mission critical systems to the cloud, as we know quite well at Virtustream, having undertaken thousands of such migrations including the creation of an L3 extension of our users’ private data centres into our cloud nodes and integrating with their existing system monitoring and management tools via a broad set of APIs.

Likewise it is really important that the CSP is not only experienced but has a robust methodology and operating model. For example, in addition to our advisory services at Virtustream we also take a greatly optimised approach to cloud onboarding, migration and operation that includes:

  • Assessment: Identifying all workloads across the application landscape, in order to analyse system configurations and interdependencies with an estimate of initial cost benefits
  • Onboarding: Project planning and management, documentation of all applications and workloads, determination of the move sequences and thorough testing in order to identify any risks and issues, in order to finalise a full cutover plan
  • Migration: The actual migration of production systems, technical checks for data consistency, conversion to production operations. GoLive™ migration checks, handover and transition to steady-state
  • Managed services: A range of flexible choices which include infrastructure managed services and application managed services.  We also have expertise in a wide variety of databases, these include physical‑to‑virtual and virtual‑to‑virtual migrations, and database management

The role of IT teams

The report also went on to outline how the role of IT staff in financial institutions could possibly undergo a significant transformation with increased cloud outsourcing services, whereby roles convert into support and consultation for cloud service selection, engagement and management. This is where the adoption of an enterprise‑class cloud provider with managed public cloud services that deliver private cloud attributes is really important, as this strategically enables a new operating model for IT; one that is based on business outcomes and has close alignment between IT and the business.

What I mean by this is having an operating model in place that delivers the ability to quickly implement new ideas so that the organisation can tap into new revenue streams and acquire new customers; a model that lowers complexity and – with that ‑ also actively improves the risk posture.

Adopting a cloud operating model across all areas of the business is probably the most difficult part of the transformation. The key aspect to remember here is that it means working more closely with the business; it means adopting an IT operating model that is services and software product-oriented, not technology or project-oriented.

Looking to the sky

As cloud services become more integral to the whole organisation, so CSPs are going to quickly become part of the financial/banking infrastructure. However the risks involved in outsourcing data to the cloud carry wider potential consequences for any financial institution. This is why it is so important that regulatory bodies such as the EBA are able to respond to changes in the use of cloud and can continue to place strict compliance requirements on financial institutions and their partners.

To their credit, many CSPs have started to accept this as part of their ‘joint responsibility’ when they engage with a financial institution, but as cloud adoption continues to grow, financial institutions will need to carefully plan for and monitor their compliance, while CSPs look to provide an adaptable framework – one that is agile and able to flex to meet the ever-evolving needs of the finance industry.

Editor’s note: Find out more about the report and read it here (pdf, no opt-in).

The key challenges of migrating databases to the cloud: Planning and performance

As enterprises continue to embark on their digital transformation journeys part of this change may involve migrating in-house applications, databases and data to the cloud.  But while all the benefits of cloud are widely understood, migrating a database or an application to the cloud is not always smooth sailing and there can be challenges to overcome when transitioning.  Here I wanted to highlight some of the steps enterprises should take to ensure their database migration is successful.

Why migrate to the cloud?

Let’s first look at why organisations might want to migrate their mission critical database to the cloud. As stated above, the benefits of cloud adoption have been widely documented over the last few years. Factors such as convenience, scalability, flexibility, and economic efficiency, all leading to improved productivity being the key takeaways. During the first wave of cloud adoption we saw that the main benefit was the cloud’s availability of low-cost IT infrastructure, which suited project-based development, Test & Dev, and DevOps. Now during the current wave of adoption, we are seeing more mission critical applications and a wider range of workloads migrating to the cloud. The net effect is a shift up the stack with an increased emphasis on application availability and assurance. Along with this, cloud environments are becoming more manageable, which enables companies to focus on more strategically relevant IT tasks such as defining transformative IT services for their internal and external users.

With the rise of remote working, the ease of access that cloud provides to its users is important. With cloud accessible from a multitude of devices, employees have access to vital information wherever they are located.  What we are seeing more often now is organisations migrating mission critical applications into the cloud including workloads with a variety of requirements. Furthermore, cloud migration enables very effective disaster recovery and high availability options for geographically‑distributed businesses.

Don’t migrate half-heartedly

Migrating workloads to the cloud is a strategic decision for an organisation, as it underpins the transformation towards a more agile and business-aligned operating model for their IT. Because of this, I would avoid migrating half-heartedly. If you are going to migrate to the cloud you should move over as much as possible. While a database can be migrated to the cloud independently, it usually makes more sense – technically and strategically – to also migrate with it the applications which are served and interact with it in order to take full advantage of the benefits of cloud.

If you are going to migrate a database to the cloud in isolation without its associated application, it’s crucially important to rely on specific expertise both for the migration and the following service management related to it. The migration should consider all the interdependencies and resource requirements to guarantee performance, availability and security in the cloud; and adequate service management skills are key to ensure proper configuration and change management. That’s why when it comes to a mission critical database, those serving an ERP system – a specialised enterprise‑class cloud provider which also provides managed services and SLAs – should be considered over general purpose or pure‑IaaS cloud alternatives.

Three key reasons why enterprises don’t migrate to the cloud

Enterprises are often cautious about putting their mission critical workloads into the cloud for very specific reasons:

  • Security and compliance. Often security burdens are so heavy that enterprises are cautious about considering alternatives
  • Performance degradation. Many enterprises cannot compromise on the performance of mission critical apps
  • Availability. If users cannot access applications, they are unproductive; workflows are stifled and the business is up in arms. That’s exactly what Enterprise‑class cloud providers which specialise in mission‑critical workloads effectively address, with a combination of ad hoc cloud architectures and cloud management tools as well as stringent operating principles and expertise.

For example, rather than using a general‑purpose cloud architecture, with Enterprise‑class cloud providers who specialise in mission‑critical workloads, enterprises can utilise dedicated individual VRF domains. VRF is a network virtualisation technique used by Telco Providers, the same one used to isolate MPLS circuits. This helps in isolating domains in a multi-tenanted cloud, with many benefits in terms of security, compliance, resource utilisation and optimisation of network topologies and segmentation. This option provides enterprises the freedom of the public cloud while still keeping it virtually private and as secure – or even more secure – than what they have on-premise.

Make sure you have a plan

With any large-scale programme of work like moving a mission critical application into the cloud, the first step is to devise a plan. By doing so, organisations can avoid the worst-case scenarios that may appear both during and after the migration. This plan should cover what features you require in the cloud and what steps are being taken to secure this data. It is also important to truly understand the cloud environment being used, whether private, public, hybrid or multi-cloud, as no one cloud does it all, and different use cases require specialised attributes. Therefore, preparing and understanding the use case is another important requirement.

There is another key aspect, which is the complexity of different application environments. They don’t live in isolation. There is a lot of interdependency between different application modules or between the applications and the databases. The way those interdependencies are sustainable in a private cloud environment is via very sophisticated network topologies through the use of VLANs, and so on. These are the driving principles which govern the network or VLAN configuration in a private environment. When you consider moving legacy applications to the cloud, you don’t want to disrupt those configurations, topologies and related private IP addressing schemes, as the ripple effect could be fatal. Lifting and shifting to a standardised cloud environment just won’t work here.

And finally – cost efficiencies

The biggest cost of mission critical applications and databases is not building them and starting them up, but rather the total cost of running them. Migrating a database to an enterprise‑class specialised cloud gives access to a set of automation tools and operating templates which reduce human intervention and improve speed and accuracy for most of these important tasks, while significantly reducing the associated operating costs.

Why cloud is the cornerstone of digital transformation in healthcare

Today every part of the business is subject to new expectations, competitors, channels, threats and opportunities. Every business has the potential to be a digital business. As the numbers of smart, connected devices from phones to cars to wearables are growing, companies that quickly deliver digital solutions or services, and use insights to rapidly optimise their value chain are gaining competitive advantage. Businesses that digitally transform will be able to connect more closely with customers, speed up the pace of innovation and, as a result, claim a greater share of profit in their sectors. In fact, according to a report earlier last year from IDC, the global economic impact of digital transformation to date already exceeds £14 trillion, a staggering 20% of global GDP.

Put simply digital transformation is the trend of enterprises shifting away from traditional systems in favour of digital options to enable major improvements in productivity and unlock new lines of business value creation.   In recent years digital transformation has been driven by the explosion of cloud computing, big data, and mobile technologies.

While big data and mobile have driven digital transformation, the cornerstone of it all is cloud.

Flexible, cost efficient and accessible from anywhere, the cloud has already been a transformative technology for many industries. However, while migrating to the cloud is a top priority for virtually all organisations embracing digital transformation projects, the path to get there involves navigating a great many obstacles, especially for those operating in highly-regulated industries. Healthcare, in particular, is at the top of the list.

Over the past few years, cloud adoption has been on the rise in the healthcare industry. To date, organisations have primarily been testing the waters by focusing on modernising the back-end of their systems, moving financial, operational and HR applications into the cloud. Now there is increasing demand for transforming core healthcare systems and applications in order to improve the quality of patient care with new digital services that empower patients to take control of their own health and reduce costs of operations as well as modernise infrastructure and create a more efficient environment in order to again take costs out.  In fact according to a recent study by Accenture, the healthcare industry stands to save over £44 billion in the long-term by making the right strategic technology investments today.

However, as anyone managing IT for a hospital or clinic can tell you, moving to the cloud is not as simple as signing up for a public cloud service. For IT leaders in the healthcare industry, it involves taking into account a wide array of complex factors, including regulatory compliance, information security and organisational change. Indeed, security mandates are increasing due to the upswing in cyberattacks on health providers, you only have to look at the WannaCry ransomware attack last year and how that impacted many NHS hospitals across the UK to see how healthcare and in particular health information and systems are being targeted.   This has led many healthcare providers to closely examine enterprise cloud options for hybrid and off-premises deployment models that meet or exceed high security and compliance requirements whilst offering utility-based billing and cloud flexibility.

The good news is that healthcare IT is now trending towards the cloud and digital transformation is well underway with hospitals, care centres and clinics all undergoing some form of digital transformation, integrating their electronic patient record (EMR) platforms and new patient engagement systems and as well as emerging precision health platforms.

Here at Virtustream, we have our own Healthcare Cloud which is purpose-built for mission critical healthcare applications, with availability SLAs of up to 99.99%, full automation for HIPAA and HITECH compliance, and rigorous end-to-end security to protect patient information.

With organisations continuing to migrate to the cloud, healthcare providers require a fast turnaround when getting infrastructure up and running. Cloud applications such as Virtustream’s have been successful in delivering this within just six months.  Applications that offer consumption billing means organisations are only charged based on the resources they use, allowing for major cost savings. For healthcare providers, the result is a flexible cloud infrastructure that runs as a single entity, no matter the location.

As digital technology continues to transform the healthcare industry, the right cloud infrastructure can pave the way for providers of every kind. 

So, what should healthcare organisations look for in a cloud provider?

  • Partner with a cloud provider that guarantees the safety and security of patients’ health data with a full suite of security and compliance capabilities and delivers true ‘cloud’ benefits such as pay-as-you-go with the flexibility to scale up or down
  • Look for a cloud provider with the cloud infrastructure and managed services needed to manage all of the categories of mission critical applications including EMRs; ERP systems; workforce management systems; precision medicine platforms; picture archive and communication systems (PACS) as well as many other health IT systems
  • Check that your provider offers guaranteed in-region hosting, to meet country-specific data residency requirements
  • Choose to work with a cloud provider that has a solid track record and proven expertise

By choosing a cloud provider with superior service, governance, security and flexibility, healthcare providers can make significant improvements to their current IT infrastructure, while at the same time transforming their systems to be future-ready. Today digitally transformed companies have an edge; tomorrow, only those businesses that have digitally transformed will succeed.