Co-authored by: Naveen Devnani
In this two-part blog series, we are giving recommendations on how to adopt a robust Cloud Ops model for multi-cloud environments in the healthcare industry. While part 1 looked at the importance of “cultural change” for successful CloudOps, in this part, we will be covering aspects related to automation, security, and governance.
Modern healthcare applications require a higher degree of service discovery, programmability, automation, and observability. However, in the quest of attaining no-ops nirvana, many enterprises end up running into common obstacles such as dealing with the complexity of the tool’s proliferation, and visibility gaps around the heterogeneous mix of VMs, bare metal, containers, and server-less functions. This eventually creates even more siloes, results in the creation of watermelon dashboards, which fail to meet end-user experience with a higher Mean Time to Detect (MTTD), Mean Time to Resolve (MTTR), and misalignment of meeting business needs by measuring Objectives and Key Results (OKRs).
As per the Flexera 2021 state of the cloud report , only 42% of organizations are taking advantage of multi-cloud management tools, which are essential to manage cloud resources cost-effectively and ensure strong governance and security .
Our recommendation on intelligent automation for CloudOps is twofold:
The first is to codify everything– enterprises need to embrace the new autonomy that can be obtained by leveraging Infrastructure-as-Code (IaC). This will overcome the common cloud operating challenges such as misconfigurations and the required level of guaranteed guardrail on security compliance. Also, this will accelerate DevSecOps practices by reducing efforts and rollbacks as well as increasing the velocity and number of releases. Once the IaC is in place, it should be extended from provisioning to monitoring security, and eventually evolve into Everything-as-Code (EaC).
There are several examples where security vendors are embracing Security-as-Code. For instance, next-gen monitoring tools apply Monitoring-as-Code. We can further integrate incident response tools like HCL DRYiCE iAutomate, which uses AI and predefined runbooks to automatically remediate incidents, as an example of EaC, with the use of machine learning algorithms to automate incident responses.
The second is to extend AIOps to enable digital business observability. Enterprises need to reorient the traditional monitoring approach to full-stack observability. Healthcare clients and their end users like healthcare professionals and patients interact largely via digital channels. The end user’s customer experience is a critical component of business success. The end user is only interested in the experience and performance of the transaction they are trying to complete, whether it is a simple parameter capture or a multi-step telehealth interaction. This intelligent observability delivered via AIOps ensures an increased insight in the status of the digital service, resulting from a better understanding of applications and underlying infrastructure components.
Our Cloud Smart suite can help organizations with both digital observability and AIOps to enable an automated process of intelligent alerting, alert correlation, auto-remediation, and escalation. These improvements help drive a higher degree of service discovery, intelligent observability, and an improved customer experience.
For a Fortune 500 Healthcare firm, we were able to achieve continuous optimization of customer experience and overall perception by building intelligent observability on the end-to-end claims management and payment monitoring dashboard which led to improvement in the MTTR.
Cloud Security and Governance
Security, privacy, and compliance pose a significant challenge to the healthcare industry’s digital transformation initiatives. With growing cloud adoption, tackling increasingly sophisticated threats across multi-cloud is the biggest security challenge today. On the one hand, enterprises must deal with applications that are increasingly composed of microservices and deployed across multi-cloud environments. On the other hand, frequent deployments and continuous delivery to ship software faster is resulting in security concerns (via CI/CD tools and pipelines) that must be monitored and secured by the operations team. This makes the environment more complex and maintaining consistent security postures across hybrid clouds problematic.
Automating security via CI/CD integration, i.e., DevSecOps, is becoming the de-facto approach for securing cloud-native applications where developers and ops teams work together to mitigate the risk of human error and speed deployment by automating wherever possible. Another critical challenge specific to CloudOps is the need to ensure secure and compliant access to cloud services. Traditional network and security architectures designed for centralized, legacy data centers are not adequate when you have applications everywhere, a remote workforce, and data extending from the edge to the core to the cloud. This vulnerability increases with the increasing shift in care delivery models that involve care outside of the traditional hospital/office walls.
Implementing a zero-trust access model should be a core component of cloud security transformation and ops teams need to continuously enhance and optimize cloud security postures in this regard.
While cloud governance frameworks associated with identity and access management, security, operations, and other sets of policies and standard practices continue to remain relevant, an entirely new concept, now gone mainstream, is FinOps. FinOps is the practice of bringing together technology, business, and finance, to master the unit economics of the cloud and bring in consistency, visibility, and control throughout cloud operations. In our experience, healthcare and life sciences enterprises can gain most with FinOps practices to drive better returns on cloud investments and avoid unwanted cloud consumption-related expenses.
The most common phrase, “you can’t manage what you can’t measure”, can be also be attributed to CloudOps by bringing financial accountability to the variable spend model of the cloud. As per leading analyst research, a quantum of enterprises are unprepared to manage multi-million-dollar cloud budgets; over 53% of firms say poor cloud financial management has halted or stalled migration projects.
The truth is that migration to the cloud alone will not save cost. It is how you run in the cloud, your actions, spend behavior, and Cloud FinOps that can bridge this gap by covering aspects such as tag management, chargebacks, show backs, waste elimination, rightsized instances, budgeting alerts, and continuous monitoring of cloud services’ health and compliance.
Healthcare and life sciences enterprises are increasingly in the forefront of cloud adoption and making this shift the bedrock of their IT modernization. A successful cloud strategy needs to factor in a robust Cloud Ops plan that brings together people, process, technology, and governance in a seamless fashion to achieve and leverage smooth cloud adoption. In this effort, DevSecOps, AIOps, and FinOps must serve as the key cornerstones of a successful Cloud Ops strategy in an increasingly decentralized yet converging healthcare ecosystem.