Cloud is still a challenge
On October 12th, we organized an interesting themesession about Cloud Challenges, with attention for GDPR, a Cloud strategy and Cloud Management Portals.
Who thinks about Cloud, thinks about data, and that means we have to consider the GDPR first, who will be operative in May 2018. As an introduction to the Cloud theme, Arthur van der Wees (from Arthur’s Legal) took us along his “GDPR Readiness Fitness Programm”, with different elements on which we need to be prepared as organizations. Consider the desired risk profile, classification and segmentation of data. Data ‘travels’ through the chain of suppliers, but do you know where your data is in the Cloud and can you guarantee your responsibilities when it comes to privacy of data? Waving around an ISO certificate is not a guarantee. And what is the role of the CIO, the Data Protection Officer (DPO), the CISO and the Board? Every role has their own responsibilities and where we think we are GDPR ready, Arthur has really woken us up. Arthur suggests that the GDPR should actually be called GPDPDPS: “General Data Processing Data Protection Security”.
After this load on data and information, the practice case of PostNL was presented by Joost van der Vlies, Head of Architecture. PostNL as Cloud front runner, has been working with data and their Cloud journey for quite some time now. Joost explained the need for this Cloud transformation at the time, entered by technical possibilities and financial benefits, but soon driven from an application and platform strategy. And that means that ‘The Cloud’ is now a business model. Managing and executing the complete logistic chain themselves is not a goal at itself anymore, PostNL investigates where they can deliver a new service within the strength of their logistic process, together with partners. At the moment, the focus is on consolidating the Cloud and staying in control. Joost showed tools like Cloud Usage Management, Cloud Risk Assessment and the Cloud Design Document. With these steps, the benefits of Cloud play an even better role in the strategic plans of PostNL.
Michel Wets is head of the team Cloudservices within SURFnet and ultimately responsible for the SURFcumulus service. This service exists of IAAS soluitions, with which the members of SURF can flexible bring their IT infrastructure to the Cloud and expand it. With the right Cloud suppliers, exchangeable for every situation, and attention for specific privacy and security demands of the institutions. SURFnet has implemented a Cloud Management Portal for this service, with which the entire process is facilitated. The benefits are:
- Self-Service for the needed infrastructural solutions;
- Better governance on rights, costs and logging;
- Role Based Access Control on all providers;
- Multi-tenant, Multisupplier and Multicloud insert;
- SSO & SA: Single Sign On and Strong Authentication.
Michel also made it clear to the participants that Cloud Management Platforms are sometimes still immature, and that a new service slowly comes available.
The last half hour was reserved for Arthur, in which he gave his completion to the practice cases of PostNL and SURFnet. One of the insights which he gave, was to add Knowledge to the triangle of Process-People-Technology, with which People are becoming central in the system.
In the European context, he explained the creation of SLA’s. Only 15% covers the load of the EC Standardisation Guidelines, affairs that are essential in these contracts between Cloud suppliers and customers are Performance, Cybersecurity, Data Management and (personal) Data Protection. These consiltations on European level are being dominated by the providers and there is a call for action for the companies on the demand side of the IT market to explain their used cases. This gives the opportunity to practice more influence in the creation of Cloud guidelines and possible law & legislation.
During drinks the networking continued and the contacts were made. We look back at a great knowledge sharing session and are looking forward to the next steps with which we can support our members with their Cloud challenges!
Share this post!