That is the approximate number of cloud services that Ken Hankoff, Manager of Cisco IT Risk Management’s Cloud and Application Service Provider Remediation (CASPR) Program believes Cisco’s 70,000 employees use. For the last 14 years, this program has assessed and remediated risks associated with using a cloud-hosted service.
An assessment process for new cloud services is a vital step toward reducing the risk of using externally hosted services. Many customers I speak with struggle to rapidly assess cloud services and integrate them into their IT organization. As part of my blog series on governing cloud service adoption, I asked Ken to share some of his ‘lessons learned’ in assessing the risks of cloud services and bringing them into Cisco IT’s fold.
How do you ensure that teams wanting to use new cloud services work with your team?
Our team is not in the business of sourcing cloud vendors. That responsibility lies with the individual business units and their architecture teams who are seeking to use the service, often in partnership with IT. Once a vendor is selected, there are two primary ways in which my team gets engaged. First, through the Global Contracts team as they have made Cloud Service Provider assessment a part of the contracting process, and second when a new service is being integrated within IT.
How do you evaluate whether a new cloud service is risky to the business?
We look at seven risk factors to create a formula for risk—business criticality, financial viability, security, resiliency, architectural alignment, regulatory compliance, and assessment status.
We establish the business criticality of the service to determine how Cisco would be impacted or disrupted in the event the capability provided by the vendor would go away, and whether we could react or compensate.
We then look at the financial viability of the vendor to give us comfort that they will remain in business. To evaluate vendors we leverage Dunn & Bradstreet’s Predictive Scores & Ratings. We rely heavily on Cisco’s Information Security (InfoSec) organization to provide us with a Security Composite Risk score. Depending on the parameters of the cloud provider engagement, InfoSec will look at the vendor’s application development process, infrastructure, data handling security, system-to-system interoperability, and other areas. For resiliency we focus on how they meet our standards around business continuity and disaster recovery to ensure that our business data will be there when needed, regardless of what happens.
We also need to ensure that we stay compliant with regulations. A vendor that has to comply with HIPAA, SOX, or other regulatory/privacy requirements poses a higher risk than one that doesn’t. For this reason, we look into whether regulatory compliance is a factor, and if so, that it is addressed appropriately.
Finally, we also assess if the vendor aligns to the broader architecture that Cisco IT is investing in to support the business. Vendors are deemed higher investment risk if they do not align to the business and operational roadmap that Cisco is pursuing.
We re-asses vendors on a periodic basis according to their overall risk score. If a service is overdue for a reassessment, that in itself increases the risk of doing business with the provider, so we factor it in.
In your opinion, what are the three most important things to manage the business risks of cloud services?
First, I would suggest establishing ownership and governance of cloud services via a centralized PMO at enterprise level, not just within IT. This ownership needs to go beyond just assessing vendors for security risk, and focus on establishing company-wide policies for overseeing cloud services at the enterprise level.
Second, provide visibility into existing services and how they are being used. This helps enable a catalog of assessed and approved vendors for people to access. If you can have fewer vendors being used, you can reduce your risk.
Third, continually monitor services across the board to know what risks we might be facing, and ensure that the service providers are meeting their SLAs. Additionally, this helps to ensure that investments aren’t being wasted. There is a natural CSP application lifecycle – selection, implementation, adoption, and eventually that service usage might decline and you may end up supporting something that has very few users if you don’t have a lifecycle approach to phasing out services.
What is your biggest lesson learned in assessing new cloud services?
I wish the program had collected more metrics earlier. What we are finding is that there are a significant number of services being contracted all over the company. By collecting really good metrics we might have been more effective in showing executives what services are being used, who is using them, and how. We are making good progress on this now, but I wish we started earlier.
How are you monitoring cloud services and gathering this intelligence?
Our professional service team has helped us a great deal. With the Cisco Cloud Consumption Services, we have begun to capture an enterprise view of what cloud services are being used, by whom and have a great dashboard of metrics we can now use to inform Cisco executives. I never imagined before we were using the software that we had nearly 2,000 cloud services in use, but with Cisco Cloud Consumption we now know and can monitor activity.
In our previous big data blogs, a number of my Cisco associates have talked about the right infrastructure, the right sizing, the right integrated infrastructure management and the right provisioning and orchestration for your clusters. But, to gain the benefits of pervasive use of big data, you’ll need to accelerate your big data deployments and make a seamless pivot of your “back of the data center” science experiment into the standard data center operational processes to speed delivery of the value of these new analytics workloads.
If you are using a “free” (hint: nothing’s free), or open source workload scheduler, or even a solution that can manage day-to-day batch jobs, you may run into problems right off the bat. Limitations may come in the form of dependency management, calendaring, error recovery, role-based access control and SLA management.
And really, this is just the start of your needs for full-scale, enterprise-grade workload automation for Big Data environments! As the number of your mission-critical big data workloads increases, predictable execution and performance will become essential.
Lucky for you Cisco has exactly what you need! Read More »
Cisco will Leverage OPNFV Efforts in Evolved Services Platform (ESP) Development
Most people following industry trends are aware of the ETSI Network Functions Virtualization (NFV) Industry Specification Group, which was formed in 2012 and kicked off its first set of specifications in October 2013. These documents are commonly used references in the growing movement to utilize NFV for carrier-grade network services.
Great progress has already been made, and Cisco has delivered many innovative NFV solutions via our Evolved Services Platform. To take it to the next level, and realize the full potential of NFV, customers will now start flexibly combining components from different vendors to enjoy the benefits of open source efforts.
Hence the announcement on Tuesday of Open Platform for Network Functions Virtualization (OPNFV), a new open source project focused on accelerating NFV’s evolution through an integrated, open platform. Cisco is a platinum-level founding member of the project, which will focus initially on the NFV infrastructure (NFVI) and infrastructure management (VIM) of the ETSI NFV Reference Architecture.
Source: Publications and Collateral page at opnfv.org.
Today’s blog post is by a guest author, Adel du Toit, who is currently spearheading the effort by Cisco’s internal IT organization to deliver IT-as-a-Service internally, dubbed the Cisco IT “eStore.” Recently, the eStore team took home multiple awards, you can read more about that here. (If you’re not familiar with the eStore, be sure to check out my other blog posts regarding the eStore here and here.)
Over the last few months I had to take a few steps back and admire the passion and dedication of the team as our Vision is starting to become a reality. For those less familiar with the Cisco IT eStore, have a look at the latest customer case study here. You can also check out the demo video below:
In the last few months the eStore team has delivered IT services, to any device, simply, while achieving broad adoption while showcasing Cisco as the #1 IT Company thanks to Cisco Prime Service Catalog, which is the underlying foundation for our end-user storefront interface.
Delivered IT services:
We have 2 ways of delivering IT services and apps. In estore.cisco.com employees can find the IT services that one needs to order from a desktop or laptop computer. As for mobile devices, employees can go to eStore for Mobile to install the apps he or she needs to stay productive whilst on the go.
Today we have nearly 290 IT services and mobile apps that our users can choose from:
To Any Device:
It is important to embrace BYOD and at Cisco we live this every day. It was important that the store we created could be used by any device.
Below is a breakdown of the device types that have accessed both eStore over the last 6 months.
User experience is important to us and we wanted to make sure that the store provides a similar experience to what you would expect when shopping at Amazon or eBay, for example.
In both our mobile and web interface we have the ability to surface the apps and services most needed by our end users:
The Cisco IT eStore (Desktop Version)
The Cisco IT eStore (on iOS mobile)
Adding spotlight content and recommendations is important to help with findability and user experience. This was made possible by the latest release of Cisco Prime Service Catalog, which introduced a next-generation user interface and powers the storefront that the eStore is built on. Be sure to check out Phillipe’s post on the latest release here.
Achieving broad adoption…
One of the most recently added features in the internal Cisco IT eStore has been the addition of desktop software for employees to download. Going forward, we expect to see around 20k unique visitors a month ordering Desktop Software from eStore. For the first time we will have a single, unified platform for both Mac and Windows users to install their software from.
In addition, during our Global Sales Conference (GSX) in Las Vegas in late August we had the requirements to support 18,000 Sales users downloading the recommended mobile apps during the event. We had to be ready to surface the apps, but also support 18k users downloading the event app in a 15 minute period!
Lots of long hours and planning later, we made sure that all of this happened seamlessly, here are a few statistics from the event:
- 89% of the GSX attendees installed eStore for Mobile
- During the event we had 5.4k average visits a day
- 81% of the attendees installed the GSX event app from the store
- 49% of the attendees also installed other apps in addition to downloading the event app
- Very few support issues (less than 40 total!)
- Our max CPU stayed below 12%
- With an average load response time of 1.7 secs
If we take a step back and also look at our overall adoption for Q4, FY14 the numbers look very healthy. Nearly 50k requisitions in the 3 months period from May to July 2014.
…While showcasing Cisco as the #1 IT Company
The Cisco eStore team is no stranger to awards, and we continue to add our trophy cabinet with our latest award, the Gold Stevie Winner for Information Technology Team of the Year. For more information on the latest awards, be sure to check out this blog post detailing all of the awards we won this year at the International Business Awards.
Want to learn more? We have a webinar coming up on October 8th at 8 am PDT where we will discuss best practices for delivering Enterprise IT-as-a-Service, and delve deeper into the latest developments in both the Cisco IT eStore and Cisco Prime Service Catalog. You can register here.
Thanks for reading. For more info be sure to follow us on Twitter @CiscoIT to learn more about the Cisco IT eStore, and follow @CiscoUM for the latest info on Prime Service Catalog.
The Greek philosopher Epictetus once said, “We have two ears and one mouth so that we can listen twice as much as we speak.” This is an important adage to embrace, especially with social media marketing programs. Listening enables you to understand what people expect from your brand and how they feel about your products. It can also give you valuable insights to guide your strategy and develop deeper, more meaningful relationships with your customers.
All too often, a common failure with brands is that they speak twice as much as they listen – or worse yet, they don’t listen at all:
56% of customer tweets to companies are being ignored (source)
70% of brands ignore complaints on Twitter (source)
39% of companies do not track their social media responses at all, and 55% ignore all customer feedback on Twitter and Facebook, largely because they have no process in place to respond (source)
Companies who fail to listen are losing an opportunity to satisfy and engage customers, and they also miss out on other strategic benefits. Listening delivers great value during the strategic planning process as well as in tactical operations. It can help you:
Identify emerging trends
Provide competitive insights
Discover product issues and concerns
Manage crisis and mitigate risk
Uncover sales leads
Find influencers and advocates
Guide your content marketing strategy
Sophisticated listening guides our approach at Cisco. We implemented a Social Media Listening Center (SMLC) to visualize conversations that are relevant to us. Our listening center started out as a single-screen display outside of our CMO’s office. Now, it is a multi-screen experience that enables customized visualizations in real time. It features conversations related to our brand, trends, influencers, and sentiment, as well as short-term activities such as new product launches, major campaigns/sponsorships, and our annual customer conference, Cisco Live.
But listening alone is not enough. Today’s social media savvy customers expect companies not only to listen, but also to respond. A study by Edison Research found that 67% of people want a response within 24 hours or less. This is where the “ABCs and 123s of Social Listening” comes into play.
Step 1: Action-Based Conversations (ABCs)
Cisco is mentioned 5-7K times a day and roughly 3% of those conversations are actionable. Using our listening tools, we developed a process to help filter out the noise and identify the ABCs. These conversations are then categorized into one of the six categories below:
Support – Request for help resolving real-time issue
Question – General inquiries and product questions
Critic – Conversations that merit brand management consideration
Buzz – Praise from Cisco fan or advocate
Lead – Pronouncement of near-term purchase decision
Idea – Request to enhance a product with a new feature
Step 2: 123s
After we identify and categorize the ABCs, we then prioritize them into 3 levels. Priority 1 conversations typically have a 24-hour response time, and priority 2 conversations have a 72-hour response time. Priority 3 conversations fall in the discretionary response category.
Step 3: Route and Respond
Once conversations are tagged, they are routed through our social content management platform to the appropriate team members and experts who can provide a response within the designated time frame.
Step 4: Measure and Evaluate
As with any marketing program, it’s extremely important to measure your results and set targets for success. At Cisco, we began by tracking baseline metrics such as the number of action-based conversations and replies. Now we also track reach, revenue from listening for leads, average response time and adherence to SLAs (i.e. response posted within the recommended time period). We monitor these performance indicators and make adjustments to the program as needed to ensure continued success for Cisco and our customers.
Listening isn’t always easy, but it’s well worth the effort. The more you listen and interact with those who are talking about your company, the greater opportunity you have to build connections and increase the visibility of your brand. Having a formal program in place to not only listen, but also respond offers many rewards ranging from increased customer satisfaction to positive brand perception to new revenue opportunities. Just remember your listening ABCs and 123s, and you will be well on your way to creating meaningful relationships with your customers.