LESSONS LEARNED THROUGH CLOUD TRANSFORMATIONJim RuttDirector of IT, Dana FoundationOctober 28, 2015
PERSONAL BACKGROUND• 20 years of client-side practioning in technology• Primarily in healthcare (payer/managed care) but also significant
experience in financial and pharmaceutical.• As Director of IT for The Dana Foundation, responsible for all domains
encompassing the use of technology (infrastructure, application development, data, network, etc.)
• First experience in the non-profit sector
DANA FOUNDATION BACKGROUND
• http://www.dana.org• Founded in 1950• Endowment based foundation supporting brain research through grants,
publications and educational programs• Chief importance centered around scientific inquiry (funding of research
into neuroscience) and the engagement of the general public (publications and programs)
DECEMBER 2010: FIRST DAY
BEGINNING STATE• Traditional on-premise infrastructure with a limited amount of IaaS/private
cloud• Limited human resources• No application lifecycle • No real strategy around risk, security, compliance • Traditional problems (too much time spent supporting infrastructure
issues and not enough time developing new features and enhancing end-user experience)
MARCH 2011: TRIGGER EVENT• Foundation moved to new location• Opportunities for consolidation as well as re-thinking existing cloud
environment, with an eye towards optimizing from a performance, security, and cost perspective.
• Addressing macro trends affecting everyone in our industry (consumerization of IT, rise of mobile, demographic trends).
• Time to test the waters with the first application…
OFFICE 365• Existing Exchange Server environment:
• Total of 15 VM’s, way too complex• Uptime way below five nines• All resources (CPU/RAM/storage) reaching 100% utilization• Active Directory environment supporting Exchange badly neglected with
serious integrity issues.• Maybe an opportunity to embrace a new security model rather than pour
significant resources into maintaining AD.
OFFICE 365: APRIL 2011-JAN 2012
• Migration considerations specific to governance:• Ruled out AD Federation due to previously identified issues with AD.• However, slightly complicating authentication model temporarily (going from
AD pass through authentication to adding an additional Office 365 credential in addition to existing AD)
• Already risking “password fatigue” with end users.• Time to look at a possible new solution for cloud-based identity…..
OKTA (ID AS A SERVICE)• Essentially a single sign on solution primarily for SaaS• Great leverage with web based SaaS offerings,also integratable with AD• Also streamlines provisioning/deprovisioning.• Clean user interface and simple administrative console• We began to see this model as the future.
SALESFORCE
GREAT PLAINS TO AZURE
ZENDESK• SaaS based Help Desk solution
COMPLIANCE/GOVERNANCE CONSIDERATIONS
• No technology audits prior to 2010.• Using the new technologies and strategies we were able to craft a
compliance structure, along with guiding our external auditors, that truly represented an actionable governance program, rather than just a checklist of useless items.
NEXT GENERATION SECURITY SOLUTIONS
• Netskope (CASB)• Vera (hardening at the actual file level)• Menlo Security (malware isolation)• Ensilo (Exfiltration
• Lesser reliance on legacy antivirus solutions
REMAINING IAAS VIRTUAL ENVIRONMENTS
RETURN ON INVESTMENT• Signifigant security cost/risk mitigation now transferred to top tier
providers (Microsoft, Salesforce, etc.)• Trust factor is this case resembles a reverse of the “prisoners dilemma”
theory.
LESSONS LEARNED ALONG THE WAY
• Calculated risk moving our most visible application (Exchange) to the cloud first, but mitigated by existing pain felt.
2016 AND BEYOND• Eventual retirement of legacy AD• Harden end-user devices • Expansion of two factor authentication• Continue to adopt next generation endpoint security solutions.
THANK YOU • Questions?
Top Related