Software Solutions
Showing results for 
Search instead for 
Do you mean 

Uncover operations in a complex, hybrid world at the HP Government Summit

Guest Blogger (HPE-SW-Guest) ‎03-25-2014 01:02 PM - edited ‎06-25-2015 11:05 AM

Guest post by

Sujit Mohanty

Public Sector CTO HP Software, Inc 


As the Public Sector CTO for HP Software, I've met with a wide variety of federal and Public Sector customers across different civilian, defense, and state and local agencies. During a recent customer visit, they posed an intriguing series of questions:

  •  What best practices do you recommend for maintaining operations in a hybrid world?
  • How does compliance fit into the world of cloud computing and public sector?


Such questions could draw short and simple responses; yet there are so many variables that play into the world of operations, compliance, cloud computing, and public sector. Compliance, from regulatory to operational, has a different context and level of significance in each organization. When posed with the discussion of operations and cloud computing, a multitude of answers results. 


One key question that I pose to every customer I meet with is “What exactly are you trying to achieve with cloud computing and hybrid delivery?” The responses from this series of questioning and discovery help define the compliance and operational requirements for that organization. If the cloud is being utilized for additional elastic computing capacity for front-end web application servers, Payment Card Industry (PCI), HIPAA, and Sarbanes-Oxley (SOX) compliance potentially come to the fold—alongside of operational compliance such as Center for Internet Security (CIS). Furthermore, if a compliance process is not clearly defined for an organization, regulatory compliance provides the best practices that may not easily be applied to the cloud due to a lack of visibility into infrastructure level resources. The best approach is a combination of operations and compliance at the same level visibility and process through an organization. No operational change can occur without an appropriate security level review. Vice versa, operations is in sync with what changes are being driven by regulatory compliance requirements.  


One area that is key to operations and security is maintaining compliance and proper configuration management of the systems themselves. Maintenance of a configuration management process in the context of compliance is key to ensuring that all systems, regardless of whether they are housed internally or in an external cloud provider, are compliant to an organization’s compliance policies. 


A simple way to explain this concept is the idea of an infinite perimeter. Assuming that an organization’s walls and perimeter are strong through all layers, that organization should be able to withstand attack from both inside and outside. Maintaining a strong, secure baseline for all applications and systems is required. Systems and applications cannot simply be off-the-shelf; they must have gone through a security hardening process. This process makes sure the core operating system and applications have been vetted, and secured in a manner that minimizes security exposure and risk. Rapid provisioning of machine instances creates longer term lifecycle management issues, thereby potentially increasing attack exposure if the core machine images have not been properly hardened.

The final aspect is having a comprehensive systems management framework and process that the organization adheres to. Process frameworks such as ITIL and COBIT are crucial to helping to define the overall strategy for managing change in an IT organization. Whether an organization is running all mission critical assets in house, or in a hybrid strategy, it is critical to have a proper process of managing the lifecycle of change management. People and technology are constantly evolving in an enterprise, and are furthermore confounded in a hybrid delivery methodology. Organizations must be able to rapidly account for location of resources, their overall health and performance, and the bottom line impact to the lines of business for an agency. 


Operations in a complex, hybrid world does not have to be complex with a little planning from the start. You can learn how to begin your planning at the HP Government Summit on April 2 in Washington D.C. You can register for the free event here.


0 Kudos
About the Author


This account is for guest bloggers. The blog post will identify the blogger.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all