What are Cloud Foundations? Doug McMillian, former CISO and CTO and current Director of Healthcare at Sirius Healthcare joins Bill Russell to deep dive into some examples. Workforce alignment, Enterprise Architecture, IT Service Management and Governance. What are the core requirements, framework and principles an organization needs to enable them to take advantage of cloud service? Migration versus rebuild? Lift and shift versus rearchitecting? What about Application Dependency Mapping and security?
Sign up for our webinar: Owning Cloud in Your Organization - Understanding, Implementing and Designing Your Hybrid Cloud Strategy - February 24, 2022: 2:00pm ET / 11:00am PT
Thanks for joining us. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week in Health IT. ???? A channel dedicated to keeping health it staff current and engaged.
welcome to our hybrid cloud briefing. I'm excited to get into our topic today. We're going to talk about implementing the cloud foundations. We are joined by Doug McMillan, former Cisco and current director of healthcare at Sirius healthcare. This podcast series is going to culminate with an excellent panel discussion with experts talking about who owns the cloud strategy at your organization and how to effectively build out that stress.
Check out the description box below for the registration link and to learn more about the upcoming webinar. We want to thank our sponsors for today's show Microsoft for making this content possible. Now onto the show.
All right. Another conversation with Doug McMillan, Director for Sirius Healthcare around cloud and cybersecurity. And today we're going to talk about cloud foundations and Doug lets just start with a simple question. What is meant by cloud foundations?
Yeah. So to me, I list out cloud foundations as just these core requirements that an IT organization and just an organization in period really needs to be looking at to be able to enable themselves to be able to take advantage of cloud services.
I think again, a lot of them come into just you know, understanding the environment, really being able to do just normal service type oriented work inside of your IT organization. But without them what I would say is you really are setting yourself up for some risks if you're not doing them. At least I'll say, and a moderate level of maturity.
All right, let's talk about them. What, what are some of those cloud foundation
Yeah. So I, you know, I think we mentioned in the past some competencies and skillsets. So to me, it's workforce alignment. So if you think about your kind of traditional IT structures or the way that you had network engineers, you had storage engineers, you had, you know, whatever your virtual environment, you had engineers for those.
So a lot of these are going to be transitioning over time. So you really do need to set up and invest into your staff and to make sure that you are moving them into something that is going to be sustaining them throughout their journey over their career. So you'll see things like maybe a cloud security, you'll see things like cloud network or cloud engineers.
So a lot of the are just maybe new to your organization. So you really do need to invest in them over time to make sure that your staff are going to be set up for success.e things I did wrong. Back in:
And one of the things we, we didn't recognize how much angst this was going to create within IT. And and we had to step back right in the midst of the project and start to map roles to the cloud. This is what the role is here. There's what the role is in the cloud. This is what it looks like.
And just by doing that exercise, having the conversations with the staff and then explaining to them exactly how you did, which was really well done. You know, this is really about career longevity. I mean, if you're wondering what's next in terms of, you know, we used to have people that they had to have the data center on site or they'd be upset.
And then we moved those offsite and they got used to that over time. And this cloud is the next step. We still need all those same skills. They need to be done. Now some of them will be automated over time. But as those things get automated, there's a new set of skills.
We have IOT coming into healthcare. We have chatbots, we have AI, we have machine learning. There's always new things to do, but people have a certain amount of angst as you move in there. So I appreciate that you know, one of your first foundations is workforce alignment. Where do we go from here? What are some of the other foundations?
Yeah, so a big one is enterprise architecture. So this one again is really making sure that you have that standards based approach to looking at your technology and making sure that all aspects of, you know, from the business from security, from the technology thought everything is coming together to really deliver a well positioned solution.
Right? Because again, I think that's the thing from an IT perspective was, we are solution providers. So you really need to take that holistic approach to make sure that you're a really delivering the solution that you think you are. And what I would also say is, again, it's healthcare in general. This is one of the areas that I will think is lacking in most areas. Especially from the customers that I've talked with.
So as he starts to think about some of your solutions that you brought in, what if you accidentally tied let's say this one service to a single IP that's physical on a device. Well, now you've set yourself self up for a single point of failure. Well, if you had really well-defined EA architecture processes then those kinds of things can be cut off ahead of time, as opposed to the end.
Architects is interesting to me because I was always, the architect's role to me was to keep me out of dead ends, right. Going down the alley and ended up at the end of the alley and going where's the highway. And they go, well, you got to turn around and you got to go back, you know, a mile or so then you got to take a different direction. So the architects will see the big picture, how all of this works together and make sure that things are plugged together and things work together in a way that is going to serve the needs of the business and serve the ITorganization well as they try to deliver those services.
Yeah. And one of the things I was going to say to that one too, is to that big picture. I think one of the things that we don't put enough forethought into is how to retire systems.
And that's its own nightmare inside of health care is when we, when we're rolling out these services and solutions, we also need to know how to get out of them. And a lot of times you really get locked in and then next thing you know, that's where that legacy technology debt just kind of keeps remaining.
But again, if you are really thinking ahead of time, okay, well if we bring in the, you know, service for three years, and then we look at something else, well, architect the solution to hopefully make it easier to move out of it at a later date and time.
So I'll share my story. You share your story, which is when we started moving applications to the cloud we found, this is not exaggeration about 5% of our applications were no longer being used. Like we didn't know they weren't being used. They were still on servers. We were still maintaining them. And then as we were sort of going out to the departments going, Hey, we're going to move this application. Does anybody know about it?
They're like .... 5% of the applications we just were able to migrate and still wait. I mean, do you have a similar story?
Yes, sir. I think ours was actually higher than 5%. But that gets into that application dependency mapping and making sure that you understand clinical operations and just business operations in general.
And it is amazing inside of organizations, you know, I would say all of our end-users think we know a lot more than we really know. And that's where that conversation comes in is a lot of times they may stop using something and not tell us. And until we go back around and have that conversation with them you know, with either a business impact analysis or something that we really just don't know that they're not using it.
But yeah, we've already seen quite a few organizations retiring a lot of applications as they start to do that application dependency mapping, and then say, well, wait, I've got two services doing the same thing. Can I just consolidate down to one? And the answer inside of the businesses, you know, most likely you can.
Yeah. It was like, please do. Alright you have two more foundations listed here. You have IT service management and governance. Talk a little bit about those two.
Yeah, so service management what I would say is really focusing on those new areas of orchestration and automation that maybe have been, I'll say lacking inside of your physical data centers.
I think over time, we've all heard, with the software defined networking and things like Ansible shift it things coming up, some organizations really took a hold of that and try to take it to the next step. But with cloud, it really just becomes much more simplified. So as you're starting to look into those toolsets and technologies, you want to make sure that you're enabling rapid development and rapid deployment of all of these services, which really comes into that orchestration. And as you think about service management and we talked about this in the past is you could actually start to tie those into some of your service platforms, like a service. Now, if you're looking for some sort of, you know, self service model i nside of iT.
I mean the automation always just amazed me. I remember my team got so excited cause they came in and said, all right here's an Amazon Echo so go ahead, you know, speak provision servers and that kind of stuff. And then I just watched the servers over here being provisioned. And I'm like, all right, I don't know what the use case of that is, but, but it demonstrated the level of automation that's available in the cloud that would have taken us a long time to develop within our four walls of our data center.
And it just comes by nature of forcing us down that software layer. I mean, that makes sense. I mean, as you moved away from the physical based nature of your data center and moved into that cloud, you really are looking at a software layer and most things today thankfully are really built around those APIs.
Right? So as long as you're looking at technology from an API lens and really saying, well, how, how would I tie these things together from an API perspective, the world really is the limit. The question now is more of what's most important to the organization and you can more than likely bring it to bear.
So talk a little bit about governance. Governance is an interesting thing as well because with the cloud comes agility, but some of that agility is you have these departments going hey, I'm going to, I'm going to fire up some cloud services because they can, if they have a credit card.
Right? Yeah. So, I like to think about the cloud, immediately, when you were talking like that, I was thinking, you know, SAS my history there is agreed businesses.
Again, they're not trying to do anything, I would say in the wrong fashion, they're really just trying to accomplish their work. Right. And sometimes they're really just not focused in, on asking the right questions to their IT staff and shame on it, about not being kind of forefront with them and trying to partner with them and talking more to make sure we understand what they need.
So to me, it's a symbiotic relationship that's not really taking a hold and, you know, some organizations are doing better than others but it really is laying out what I'll say is your risk management, your policies, your compliance, your standards. Really across the board what are you looking to enable across the organization as a control to make sure that we don't have that one accident happen?
So you ended up in a bad state and maybe even in the news for a misconfiguration. From a fact-based perspective, you know, you'll see things like cabbies come into play where organizations were really trying to get an understanding of all the fast usage in their environment and make sure that their standards are put across the environment maybe configuration management to make sure that you have certain standards you know, but maybe it comes into identity, right?
So, this could come into making sure that anything that fast, safe as they family single phone, single sign on enabled so that you know that you have a standard for identity across the board. And then obviously finances always lumped into that governance framework as well.
Right. Yeah, I was always telling people, governance is so important because there are expectations on it. You're going to keep us secure. You're going to be cost-effective, you're going to be efficient, all those things. And you know, if we don't know what hings are going into the environment and how they are going into the environment those expectations are extremely hard if not impossible to meet.
Here's my exit question on this one. It is, an awful lot of change comes to an organization when you decide to move to the cloud. And so you have a lot of decisions you're making and you need sort of a framework to look at those things. And you and I have discussed a framework that you brought and adopted. Talk a little bit about those principles or that framework that helps you to make those decisions with regard to moving to the cloud?
Yeah. So the way that we kind of structured this, and we did have what I would say, a cloud decision framework. So, like I mentioned, it's not always just put it in the cloud. It's really making sure that you're intentional and strategic about what you're doing. But I do say consider trial first, right?
To me, that is a core principle because not all workloads will make sense inside the cloud. However, as you start to develop that decision framework, it'll enable you to understand the inputs and outputs so that you are picking the right workload placement. I would also say rationalizing and standardizing your environment.
As we talked about going through all those applications and trying to do dependency maps, you really will find duplicate systems in your environment. And the question is really how are you going to handle it? And again, I'm not, you know, each organization is going to have that difference.
Maybe they do keep the different apps because maybe there are two different business lines that are doing, you know, just different setups in different technologies, a place, but that's where the organization to make that decision as they're reviewing the applications at hand. Migration versus rebuild. This one comes up a lot. You know, the lift and shift versus rearchitecting. Obviously the more cloud native things that you can use. I think the better however cloud native doesn't mean that everything's going to work right. So there is a little bit of I'll say, give and take. I'll use Epic as an example. As we were moving to Azure, you could use an Azure load balancer to load balance some of that web traffic. The problem was, out the gate we didn't get some of the core features like drain stop. Like being able to move users from one server to another negatively. Like you got with an F five or a NetScaler. So cloud native didn't make any sense. So we decided, okay, well, we could use an Azure to load bouncer, but let's not. Let's move it over to, you know, what, traditional load balancer that's still hosted in Azure but gave us the additional functionality. Security, as I was CISO at cone health, being able to pick core platforms so that my staff could manage is least amount of systems as possible was critical because I didn't have a large amount of staff.
So you really are looking for technology and platforms that can run on prem cloud anywhere and really enable you to get to that end state. And then as we mentioned, business relationship management. You really have to understand what's going on and this as a, again, a never ending process. We really need to be talking with our operational leaders on a very recurring basis because things that healthcare are changing so fast, especially post COVID, that you could actually be working on something that was a strategy and no longer is, important to the organization because it's changed so fast.
Doug. Thanks. Thanks again for sharing on the cloud foundations really appreciate your experience with this is really coming through on these episodes. Really appreciate it.
What a great discussion we want to thank our sponsors Sirius healthcare and Microsoft who are investing in our mission to develop the next generation of health leaders Thanks for listening That's all for now
What a great discussion we would have. Thank our sponsors for today's series, healthcare and Microsoft ???? who are investing in our mission to develop the next generation of health leaders. Thanks for listening. That's all for now. ????