Strategies for SaaS, Cloud Computing, Open Source and Governance

As Open Source software continues to penetrate every facet of software business (vendor and consumer) companies now face a challenge in getting a handle on the various open source software that they might be using. In the course of the last three years of my working with many startups or their leaders, I have [...]

Established companies venturing into SaaS business or newbies starting off as SaaS companies have to deal with a lot of new and evolving challenges. Everything that you can possibly think of is different with SaaS model. To say that it is changing the software business is an understatement.
Starting with delivery model, architecture, sales, support [...]

Compliance audits have become a part of life for most companies these days. Companies have relied on certifications to establish and declare the conformance of the related business processes and internal controls to the various regulatory mandates like Sarbanes-Oxley, PCI-DSS, HIPAA. But incidents of data breach that have occurred, time and again prove that just [...]

Sarbanes Oxley Act (SOX) enacted in 2002 created a watershed moment for companies forcing them to take a critical look at their internal controls and  processes. Executives operating unfettered until then abusing company resources and shareholder money were now asked to account for their actions. Although the mandates under the SOX Act started out murky [...]

Data Security breaches, leaks are a frequent news item these days. If it is not a hacker intruding a network, it is disgruntled employees taking data with them when they are let go.  If all else went well, it is a laptop that an employee lost and along with it all the crucial information on [...]

Going with SaaS comes with a set of concerns around Data Security. Intrusion Detection, Prevention and Penetration Testing should allay those fears to a large extent.

SaaS adoption brings with it a lot of benefits in the Cost savings, quick ramp up and at the same time brings challenges in the IT Governance area.

If you are customer having a business application like Oracle E-Business Suite, PeopleSoft or SAP in production I am sure you have constantly run into this need to clone/replicate Production database.
Why would someone need a copy of production instance?
Some of the most common reasons are

to create a test environment with representative production data
to create a [...]

One of the critical requirement of both SOX 404 and PCI Compliance mandates is that companies manage their provisioning in a more controlled manner.
Companies with disparate applications from different vendors are confronted with the challenges around it. As part of my discussions with companies I have been talking to (in the Oracle E-Business Suite customer [...]

By now, most of you might know what PCI-DSS stands for. Here is what it is – Payment Card Industry Data Security Standard.
As part of PCI Compliance, companies processing credit card transactions are required to conduct annual assessments by third party qualified security assessors (QSA).
A little bit of history on what brought about PCI-DSS. You must have already [...]

Iny my series of governance topics today I will go into the the key benefits of effective Change Management and key areas of  the Audit process.
Audit is becoming the norm in most companies. Thanx to all the myriad regulatory requirements, SOX, HIPAA, PCI DS, Gramm-Leach-Biley Act (GLBA), California State, Japan SOX, IT Organizations across the [...]

Quick Question: What is the most challenging aspect for IT?
Few would argue if I said change management is the most critical and the challenging process in the IT world. The same is probably true in business world too,  especially given the rapid pace at which things are changing.
The effectiveness of  your change management process can be [...]

In one of my recent conversations with a past customers of mine, amongst other IT challenges we ended discussing the moratorium on changes or locking down the application from any changes.
When would you want a change moratorium?
Typically a change moratorium is put in place during some critical business events like Compliance Audits, Book Close etc.
The [...]

After defining what Configuration Management should be in my last post, let us look at what that means to Oracle E-Business Suite.
Application Configurations include a lot of switches and knobs within the application besides the IT Infrastructure components like Database, Servers, Processes, Networks, Directories. In Oracle E-Business Suite, the switches and knobs are Profiles, Extensible [...]

While doing market research for various products that are out there in the market which fall under the umbrella of Application Management for E-Business Suite, I compiled this list of companies that provided solutions in ITSM Service Support area (not necessarily in any particular order)

BMC – Remedy for Incident and Problem Management, Atrium CMDB for Configuration [...]

The main goal of Configuration Management is to provide information on the IT infrastructure to all other processes and IT management. Enabling control of the infrastructure by monitoring and maintaining information on all the resources needed to deliver services.
Key Activities
Here are some of the key activities performed as part of Configuration Management

Planing the configuration management database ( CMDB [...]