Shane Creech, Director of Infrastructure & Cloud Services, Information Services, New Hanover Regional Medical Center
Cloud technologies continue to evolve and are as stirring buzzwords today as they were about five years ago. Of course, the application areas and functionalities have broadened. Cloud, today, is nothing short of an umbrella term. In light of his rich experience in the space, Creech shares his thoughts and insights on the present-day cloud demographics.
What are the current market trends you see shaping the Cloud space?
What I’ve seen over the last two years specifically has been a tidal shift in organizational views towards the cloud and cloud services in general. Where it used to be typical to be asking vendors if we could take our servers hosting their applications to a cloud infrastructure service provider, we are increasingly seeing vendors realize the value in creating an alternative offering where the business can consume their software service offering in a modern IT utility model. This is causing disruption in the software services space as vendors whom are still stuck in the software only paradigm are quickly being overtaken by more nimble solutions who offer their services in a consumption model allowing the business to stay focused on what really drives their core mission.
Healthcare providers will have to have the skills to be able to configure, manage and support HIPAA compliant IT cloud infrastructure. What are your views on this trend?
Healthcare providers will certainly have to develop the skills to effectively configure and consume cloud infrastructures, but more so, these providers will be shifting or letting go of some notions of responsibility demarcation as those become real responsibilities that shift to contractual obligations as defined in a business associates agreement. Contracting and vendor management become paramount disciplines in any regulated industry space, not just healthcare and HIPAA. Having a clear understanding of whom is responsible for what aspects of compliance and shifting to verification those aspects are being delivered will become a new way of managing compliance. Support also shifts significantly as managers will lose direct control over traditional levers of influence they’ve come to exercise in delivering their services.
To these ends, it starts to paint a picture that when I give up the physical server or virtualization layers that exist in my data center today, I’m giving up direct control of compliance to my vendor partner providing the infrastructure service. Where I had traditionally had skills and expertise to manage firmware and hardware updates in response to compliance, these are assumed responsibilities of the service provider. My assumption is guaranteed in the form of contractual obligations to maintain these compliance tasks.
Please elaborate on the challenges that the organizations will need to address related to Cloud space.
As indicated above, an initial challenge will be to gain real discipline in vendor management with respect to contracts and SLAs.
Now that more organizations are embracing the idea of hybrid and multi-cloud, agnostic toolsets are quickly emerging to further reduce the vendor specific knowledge gaps that one may have
When you give up direct control, you’re levers of influence become what is or isn’t written in the contract and defined in the SLA.
Another fundamental shift is gaining IT service cost transparency. A lack of fully understanding the fully loaded costs of an IT service on-prem often leads to uninformed decisions that may have a lasting impact on your service consumers.
This shift of course necessitates the need for the creation, growth and maturity in a FinOps model focused on IT service delivery where understanding both the delivery and consumption demand are clear and transparent to decision makers.
Finally, I often relay to others who are beginning a cloud journey that the IT organization processes we operate under today will need to change, or the cloud will likely cost considerably more to operate than estimates show. The rigid command and control processes that keep the IT organization on track in the data center will derail the highly agile cloud train and any potential savings will quickly evaporate as the organization tries to reinforce traditional processes. This ultimately leads to bloat on the business process side, or even worse, adds time to innovation and service provisioning which defeats a core argument for cloud-based services.
What are the major tasks for organizational CIOs at this point in time? Is there any unmet need in terms of Cloudspace that is yet to be leveraged from the vendors?
The most important task for a CIO is to assess organizational risk tolerance and get a gauge on risk readiness. Never-fail IT was a pipedream that most organizations could never afford to achieve, so most organizations are living in a sense of security bubble that is likely more fragile than those outside of IT believe. Cloud vendors need to be able to help CIOs have risk-based discussions concerning the service and culture transition with the business. The cloud offers more organizations a chance at gaining the resiliency they really desire, but rearchitecting IT services is going to come with some learning and failure along the journey. This needs to be clearly articulated to the business in risk terms that support the typical ROI proposals vendors are delivering.
The need for cybersecurity measures has never been greater. Healthcare records are a very attractive target to hackers. Bloomberg reported that cyber-attacks against hospitals have more than doubled in the last five years. What can organizations do to stay abreast of these challenges?
My first piece of advice in the face of this challenge is to pick a security framework and begin measuring yourself against it and report the findings. Next, invest in IT security knowledge first and tools second. Skills and knowledge together with newer and smarter tools will help already stretched security teams stay ahead of the threat curve. I would suggest IT security leaders strongly consider partnering with service providers for routine security tasks, and tasks where a broader industry vantage point may favor a provider team. Let the security professionals with institutional knowledge stay focused on the ground game that is shifting daily. Learning to use AI and ML techniques to surface anomalies and allow the strength of your people and their tools to further focus their efforts to reduce fatigue. The results will show up in the measurements against the security framework.
What is your advice for budding technologists in the Cloudspace? How do you see the evolution few years from now with regards to disruptions and transformations within Cloudspace?
My advice is very similar to advice when automation was becoming mainstream. Pick a platform or toolset and become really good at it. IT in general continues to grow in complexity and specialty should be the target in order to maximize effectiveness. IT Generalists whom are highly valuable to the organization are increasingly rare. Even smaller shops are migrating to favor specialization to meet their innovation and agility aspirations. Vendors continue to amplify concerns of specialty as they work to create agnostic service layers, and lower technology switching costs.
Like the virtualization space several years ago, this is starting to play out in cloud space today, but this shouldn’t deter the growth of specialists. Experts in AWS, for instance, can now sidestep into a competing platform like Azure or GCP with a decent understanding of how it works and skill up to platform specific expertise as needed. Now that more organizations are embracing the idea of hybrid and multi-cloud, agnostic toolsets are quickly emerging to further reduce the vendor specific knowledge gaps that one may have. This trend is potentially creating even more opportunities for specialization.