Posts Tagged 'Ceritifcation'

December 13, 2011

Do Your Homework!

As far back as I can remember, I hated homework. Homework was cutting into MY time as a kid, then teenager, then young adult ... and since I am still a "young adult," that's where I have to stop my list. One of the unfortunate realizations that I've come to in my "young adult" life is that homework can be a good thing. I know that sounds crazy, so I've come prepared with a couple of examples:

The Growing Small Business Example
You run a small Internet business, and you've been slowly growing over the years until suddenly you get your product/service mix just right and a wave of customers are beating down the door ... or in your case, they're beating down your website. The excitement of the surge in business is quickly replaced by panic, and you find yourself searching for cheap web servers that can be provisioned quickly. You find one that looks legit and you buy a dozen new dedicated servers and some cloud storage.

You alert your customers of the maintenance window and spend the weekend migrating and your now-valuable site to the new infrastructure. On Monday, you get the new site tuned and ready, and you hit the "go" button. Your customers are back, flocking to the site again, and all is golden. As the site gains more traffic over the next couple of weeks, you start to see some network lag and some interesting issues with hardware. You see a thread or two in the social media world about your new shiny site becoming slow and cumbersome, and you look at the network graphs where you notice there are some capacity issues with your provider.

Frustrated, you do a little "homework," and you find out that the cheap service provider you chose has a sketchy history and many complaints about the quality of their network. As a result, you go on a new search for a hosting provider with good reviews, and you have to hang another maintenance sign while you do all the hard work behind the scenes once again. Not doing your homework before making the switch in this case probably cost you a good amount of sleep, some valuable business, and the quality of service you wanted to provide your customers.

The Compliance-Focused Example
I still live, eat, and breathe compliance for SoftLayer, and we had an eye-opening experience when sorting through the many compliance differences. As you probably recall (Skinson 1634AR15), I feel like everyone should agree to an all-inclusive compliance model and stick to just that one, but that feeling hasn't caught on anywhere outside of our office.

In 2011, SoftLayer ramped up some of our compliance efforts and started planning for 2012. With all the differences in how compliance processes for things like FISMA, HIPAA, PCI Level 1 - 4, SSAE16, SOC 1 and SOC2 are measured, it was tough to work on one without affecting another. We were working with a few different vendors, if we flipped "Switch A," Auditor #1 was happy. When we told Auditor #2 that we flipped "Switch A," they hated it so much they almost started crying. It started to become the good ol' "our way is not just the better way, it's the only way" scenario.

So what did we do? Homework! We spent the last six months looking at all the compliances and mapping them against each other. Surprisingly enough, we started noticing a lot of similarities. From there, we started interviewing auditing and compliance firms and finally found one that was ahead of us in the similarity game and already had a matrix of similarities and best practices that affect most (if not all) of the compliances we wanted to focus on.

Not only did a little homework save us a ton of cash in the long run, it saved the small trees and bushes under the offices of our compliance department from the bodies that would inevitably crash down on them when we all scampered away from the chaos and confusion seemingly inherent in pursuing multiple difference compliances at the same time.

The moral of the story: Kiddos, do your homework. It really is good for something, we promise.

-@Skinman454

Subscribe to ceritifcation