2. “By 2012, 80% of Fortune 1000 enterprises will be using some cloud
computing services, 20% of businesses will own no IT assets.”
“The bottom line: Early adopters are finding serious benefits, meaning
that cloud computing is real and warrants your scrutiny as a new set of
platforms for business applications.”
5. FINALIZE PREPARE/
ENVISION ALIGN EVALUATE CONFIRM FIT DUE DILIGENCE
& SIGN MIGRATE/DEPLOY
(0%) (10%) (20%) (40%) (60%)
(80%) (100%)
Capability & Joint Solution Alignment
Cloud Svc/ O365 Solution/Tech
Technical Fit Evaluation Workshop
Briefing Briefing
Plan
Legal & Cloud Initial Contract &
Compliance Principles Proposal SOW
Briefing Negotiations
Solution Alignment
Security, Privacy, Data Cloud Svc/ O365 Security Briefing
Workshop
Sovereignty Briefing
Business Value
Initial Business Final Business
Business Value Development
Case Case
Session
Joint Regular C-Level
Governance Evaluation Reviews
Plan
Cloud Initial Contract & Contract & Contract &
Transaction/
Principles Proposal Services Services SOW Services SOW
Procurement
Briefing SOW Negotiations Signed
Solution Alignment
Support Initial Workshop Support Contract
Support & Value Proposal Negotiations
Support Contract
Added Deployment Services
Services Services Joint Deployment, Deployment
Assessments SOW Prepare / Migrate/
Definition Evaluation Custom & Value Planning &
(optional) Custom & Value Deploy
Partners Plan Added Services Design
Added Services SOW
SOW Negotiation
Vision • SAW Report
Outcome C-Level Evaluation • Feasibility Report • Signed Contracts
• LETTER OF INTENT
Definition Review Plan • Validation • Migration Preparation
• Migration Scope
Go / No Go Vision & Business Valid Business Fit? Gaps? Migration Deployment
Decisions: Need & Technical Alignment? Case? Mitigation? Plan Feasible?
6. Strategy: employ a risk-based, multi-dimensional approach to safeguarding services and data
Security Management Threat & Vulnerability Management, Monitoring & Response
Data Access Control & Monitoring, File/Data Integrity
User Account Mgmt, Training & Awareness, Screening
Application Secure Engineering (SDL), Access Control & Monitoring, Anti-Malware
Host Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
Internal Network Dual-factor Auth, Intrusion Detection, Vulnerability scanning
Network perimeter Edge Routers, Firewalls, Intrusion Detection, Vulnerability scanning
Facility Physical controls, video surveillance, Access Control
6
7.
8.
9. Education Technology and Process Accountability
Ongoing Process Improvements
Services • ISO 27001
(BPOS and FOPE)
• ISO 27001
Data Centers • SAS 70 Type II
Microsoft • Safe Harbor
11. Strategy: consistently set a “high bar” around privacy practices that support global standards for data
handling and transfer
• •
• •
•
•
•
•
•
•
12. Business Rules for protecting information and systems which
store and process information
A process or system to assure the implementation of
policy
System or procedural specific requirements
that must be met
Step by step procedures
•
•
•
•
12
13. Initial
Severity Level Definition Response Communication Goal
Time
Microsoft updates customer every hour or via live
Catastrophic business impact in which a service, system,
conference bridge; customer updates Microsoft
1 – Catastrophic network, server, or critical application is down, impacting
15 minutes every hour or via live conference bridge. This level
production or profitability. Multiple users or customers
of severity agreement is applicable 365 days per
lose complete functionality of all services.
year, including weekends and holidays.
Critical business impact in which service, production,
Microsoft updates customer every two hours;
operations, or development deadlines are severely
A – Critical customer updates Microsoft every two hours. This
impacted, or where there will be a severe impact on 1 hour
level of severity agreement is applicable 365 days
production or profitability. Multiple customers, users, or
per year, including weekends and holidays.
services are partially affected.
Moderate business impact. Significant problem where use
of the service is proceeding, but in an impaired fashion. Microsoft updates customer every day. This level
B – Urgent Single user, customer, or service is partially affected. All 2 hours of severity agreement is applicable 365 days per
mail flow issues are considered urgent, regardless of year, including weekends and holidays.
number of users affected.
Microsoft updates customer every three days. This
Minimum business impact. Important issue, but does not
C – Important level of severity agreement is applicable on all
have significant current service or productivity impact for 4 hours
business days. Holy days and weekends are
the customer. Single user is experiencing partial impact.
excluded.
D – Advisory Used for design change requests (DCRs), feature requests,
48 hours Updates customer as necessary or agreed upon.
research activities, and similar items.
23. Microsoft O365 references
•
In a five month timeframe, we migrated roughly 30,000 people
migrations to 1,000 per night with less than 1 per cent error rate
•
return on our
investment within 18 months
•
reduce our IT operational costs by roughly 30%
•