by Matt Ferrari
Co-founder and Former CTO
ClearDATA
This is the third in a three-part blog series on Next Gen Managed Services by Matt Ferrari. Access the first post here and second post here.
Want to show public cloud value to your CIO? You can do it by citing these five examples from Next Gen Managed Services.
1. Show Wins and Losses, not Just the Box Score
Your CIO will appreciate you showing healthcare applications and business performance in your reporting and dashboards, not just virtual machine or instance performance. Most applications that are running in the cloud are being reported on from a perspective of what the capacity is of the EC2 instance, or how the virtual machine (VM) is running on memory or RAM, or what the uptime is of that VM. When you look at most systems using native cloud, these are the kinds of reporting we see from DIYers and managed service providers. Instead, you can have your IT professionals focus on getting business reporting back to your CIO so that she or he has what they need to make better informed decisions for the company.
A great starting point to make that happen is intelligently tagging your application in the public cloud. There are a lot of free and native cloud tagging technologies out there. You can look at a conglomeration of services, or various IaaS, SaaS and/or PaaS and tag them as part of that business app. For example, you may have 10 EC2 instances, Lambda, a firewall, and serverless services along with some PaaS that make up your app – so tag them as your app, or EMR, or population health app, and when you go to pull your reports you won’t be reporting on each individual instance, but instead reporting on the overall app and performance. Your CIO would also greatly appreciate knowing how many evaluations you’ve done on that app’s security, if it meets compliance regulatory frameworks, how many remediations have occurred, and how many times your partner such as ClearDATA has done some kind of automated remediation against the app for enhanced security and compliance.
Another good report would tell your CIO how many services you are using within the app, breaking it down by infrastructure (IaaS) and Software as a Service so that your organization can optimize over time.
Also look at third-party integrations. You’ll want to understand by app what other cloud integrations there are or what 3rd party system and services your application is talking to. This especially important around PHI inventories and any time you are storing, processing, or transmitting PHI or PII, as many healthcare organizations do not understand their business risk when it comes to third-party integrations.
You’ll want dashboards. While your system administrator may be wildly interested in looking at all of your individual services, your CIO is looking at a broader view of the universe and a compliance dashboard that shows the status of your environment compliance status over will be hugely useful. The CIO also needs to know what your app availability is and what the vulnerabilities are and how those are being detected and addressed. With cloud optimization is a constant opportunity for improvement, so they may want to see how adding a new cloud service could save $x. By intelligently tagging your application you will have access to this data in the cloud and can understand what infrastructure and services are running under a holistic view rather than just spinning up numerable instances without the big picture view.
2. Move from Pets to Cattle
If you’ve spent any time in technology you’ve probably heard the phrase to treat servers as cattle not pets. Here’s what we mean by that. In my previous CI/CD post, I talk about continuous integration/continuous deployment models, where every time you are provisioning a new version of your app in test, dev or production, you are tearing down the infrastructure and redeploying in a high availability model. The concept here is to get out of the maintenance business, reduce the blast radius in the event of a security incident, and stop worry about constant vulnerability scanning or patching (as long as you do the right alternative actions) and redeploying with Infrastructure as Code over time. Pets require maintenance, and the commitment is for the long haul, as with servers in traditional or private data centers that are kept for years, with considerable ongoing expense. Cattle are treated a different way with a different purpose and a different commitment that is more pass through. Every time you deploy or every time a new AMI or hardened environment comes out, you replace it through automation tooling with options that may include Jenkins or Terraform or Cloud Formation. If you are going to show your CIO value get rid of your ‘pets’ and the ongoing costs of operating system management, vulnerability scanning patching etc., and become a cattle rancher.
3. Avoid the Repetitive IT Logins
Much of my career has been spent building and managing data centers, cloud services and designing and deploying software, and I will tell you that it is an enormous risk for a healthcare organization to constantly have people logging into production systems, especially ones with PHI and PII. This is probably on the list of things your CIO is losing sleep over. For many healthcare organization’s models, it is seemingly unavoidable today, though they use temporary logins – it’s still login activity. The more you can avoid those repetitive logins, the more you reduce malicious insider activity as well as opportunities for human error. You can leverage the public cloud for self-healing by using application location monitoring. For example, you can set application thresholds on your front-end web and your back-end database. So, when your app crosses certain thresholds it bursts or retracts. There are numerous other approaches from an automation viewpoint, including ClearDATA Comply™ Automated Safeguards. You may have read me talking about containers in the last year a lot, and from an automation perspective, you can automatically burst up clusters or nodes, depending on capacity. There’s a real payoff here for payers going through seasonal demands where that scalability becomes incredibly important.
4. Give the CIO a Simple View
Your CIO is going to want to dive deep into certain details, but there is a lot going on in the healthcare world right now ranging from the pandemic all the way to ongoing digital transformation initiatives, EHR migrations, the move to mobile and mhealth – it’s a time of massive transformation. Most healthcare organizations I am talking with every week have dozens or more security and compliance tools, but it’s spread across their infrastructure. They may be inherited from displacement of tools or acquisitions. There is a distributed view of third-party tools from performance, scalability, security, and compliance perspective. There’s real value from a decision-making perspective to get that on a single pane of glass via SIM or a custom dashboard that integrates Symantec, TrendMicro, network and firewall appliances and the like for an overall view of your environment.
5. Show Where You’re Going, Not Just Where You’ve Been
My first blog post in this series talked about the culture change as a traditional managed service provider moves into the role of trusted advisor with Next Gen Managed Services. When you work with that mindset, you always thinking about the road ahead and can show your CIO where you are going. In the public cloud, for example, new services and features are constantly being rolled out, some say thousands a year. Your trusted advisor is keeping abreast of those and will inform you of relevant ones, so you can show your CIO which ones you’ll be integrating to save on licensing such as transforming Oracle to cloud-native database services. When I interview CIOs, I hear over and over that they don’t want cloud to be a one-time hit. They moved to cloud for constant improvement and constant optimizations and the opportunities are there to do just that. If you embrace a Next Gen Services automation model, you will be thinking about optimization all of the time. And that doesn’t just mean optimizing costs, though you will be. That means as a new service or a new feature comes across you optimize it too. As you look at the app monitoring discussed earlier, you’ll be thinking about how to scale the app, how to add new features, and maybe how to take the exciting step from Infrastructure as a Service to serverless.
In closing, I’ve spent the last 60 days talking with more than 40 C level health executives in the healthcare and life sciences community specifically about Healthcare’s Next Gen Managed Services. We’ve talked about using native cloud and software-based solutions, building out app-level solutions, leveraging Infrastructure as Code and DevOps to drive automation, the benefits of app monitoring so as you scale up and down, it detects problems and remediates and resolves the issue for you. By taking the forward thinking, always improving, always optimizing approach of Next Gen Services, you’ll be able to take advantage of all the amazing new services coming to market, and you’ll be able to show your CIO why and how it’s working to support your organization’s business goals. It’s an exciting new world just ahead. Next Gen Services will get you there.
