Uncover operations in a complex, hybrid world at the HP Government Summit

Guest post by

Sujit Mohanty

Public Sector CTO HP Software, Inc 

 

As the Public Sector CTO for HP Software, I've met with a wide variety of federal and Public Sector customers across different civilian, defense, and state and local agencies. During a recent customer visit, they posed an intriguing series of questions:

  •  What best practices do you recommend for maintaining operations in a hybrid world?
  • How does compliance fit into the world of cloud computing and public sector?

 

Such questions could draw short and simple responses; yet there are so many variables that play into the world of operations, compliance, cloud computing, and public sector. Compliance, from regulatory to operational, has a different context and level of significance in each organization. When posed with the discussion of operations and cloud computing, a multitude of answers results. 

 

One key question that I pose to every customer I meet with is “What exactly are you trying to achieve with cloud computing and hybrid delivery?” The responses from this series of questioning and discovery help define the compliance and operational requirements for that organization. If the cloud is being utilized for additional elastic computing capacity for front-end web application servers, Payment Card Industry (PCI), HIPAA, and Sarbanes-Oxley (SOX) compliance potentially come to the fold—alongside of operational compliance such as Center for Internet Security (CIS). Furthermore, if a compliance process is not clearly defined for an organization, regulatory compliance provides the best practices that may not easily be applied to the cloud due to a lack of visibility into infrastructure level resources. The best approach is a combination of operations and compliance at the same level visibility and process through an organization. No operational change can occur without an appropriate security level review. Vice versa, operations is in sync with what changes are being driven by regulatory compliance requirements.  

 

HP Gov Summit video.pngOne area that is key to operations and security is maintaining compliance and proper configuration management of the systems themselves. Maintenance of a configuration management process in the context of compliance is key to ensuring that all systems, regardless of whether they are housed internally or in an external cloud provider, are compliant to an organization’s compliance policies. 

 

A simple way to explain this concept is the idea of an infinite perimeter. Assuming that an organization’s walls and perimeter are strong through all layers, that organization should be able to withstand attack from both inside and outside. Maintaining a strong, secure baseline for all applications and systems is required. Systems and applications cannot simply be off-the-shelf; they must have gone through a security hardening process. This process makes sure the core operating system and applications have been vetted, and secured in a manner that minimizes security exposure and risk. Rapid provisioning of machine instances creates longer term lifecycle management issues, thereby potentially increasing attack exposure if the core machine images have not been properly hardened.

The final aspect is having a comprehensive systems management framework and process that the organization adheres to. Process frameworks such as ITIL and COBIT are crucial to helping to define the overall strategy for managing change in an IT organization. Whether an organization is running all mission critical assets in house, or in a hybrid strategy, it is critical to have a proper process of managing the lifecycle of change management. People and technology are constantly evolving in an enterprise, and are furthermore confounded in a hybrid delivery methodology. Organizations must be able to rapidly account for location of resources, their overall health and performance, and the bottom line impact to the lines of business for an agency. 

 

Operations in a complex, hybrid world does not have to be complex with a little planning from the start. You can learn how to begin your planning at the HP Government Summit on April 2 in Washington D.C. You can register for the free event here.

 

Labels: Events
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
This account is for guest bloggers. The blog post will identify the blogger.


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation