CityMD leaders thought their employees were using 15-20 cloud services. They were in for quite a surprise.
- The New York-based urgent care provider has grown rapidly since its inception in 2010 and now operates 52 facilities in Manhattan, Brooklyn, Queens, Long Island, Westchester, and Rockland County.
- While cloud services helped make the swift expansion possible, the time had come to get a better handle on CityMD’s cloud utilization and ensure there were no cracks through which sensitive data could fall.
“Anyone can sign up for a cloud service,” says Robert Florescu, vice president of IT at CityMD, “but not everyone understands compliance requirements.”
This became painfully clear when a CityMD employee mentioned they were having trouble uploading documents. After some investigation, Florescu found the problem involved a cloud-based file sharing application that was outside the purveyance of the company’s IT staff.
"Cloud services are fine as long as we have data privacy agreements and safeguards in place,” he says. “Without them, we could have some exposure.”
- CityMD tapped Cisco® Cloud Consumption Services to help discover and analyze its public cloud usage.
- Company leaders were shocked to learn 544 cloud services were being utilized, far more than the 15-20 that were on their radar.
Reducing risk, redundancy
After the initial shock wore off, Florescu and his team were able to scour the cloud consumption findings. Most of the services being utilized were nonfactors.
“Many of them were financial, e-commerce, and telecom sites,” Florescu explains. “We don’t have a problem with employees doing personal banking or shopping online or paying for their cell phone bill when they’re on a break.”
But some of the discovered cloud services were potentially risky. One group, for example, was utilizing a cloud-based help desk service without a data protection agreement.
“If someone got their hands on that data, they could impersonate the identity of one of our employees, get into our server room, and access all of our systems,” says Florescu. “That didn’t happen, of course, but we need to proactively eliminate any possibility of exposure.”
Other cloud services—many of them for file sharing—were redundant, resulting in operational inconsistency and unnecessary cost.
“Why use Dropbox when we already have a contract in place with Google Drive?” Florescu opines. “With better visibility of our cloud usage, we can standardize, optimize, and take advantage of economies of scale.”
Boosting application performance
CityMD is also working to improve application performance. Some of the discovered cloud services are bandwidth hogs, stimulating internal discussions and formalized practices.
“We want our doctors to be able to watch YouTube for new procedures, conference lectures, and medical news, but we don’t want others watching YouTube for entertainment purposes during their lunch break if it’s going to impact the performance of clinical applications,” says Florescu. “It would be easy to block everything, but we also need to enable our staff. It’s a fine line.”
And that line is best determined with full visibility of the cloud services being employed. Florescu and his team are still analyzing the Cisco Cloud Consumption findings, and will use the data to:
- Optimize the company’s firewall
- Consolidate its third-party services
- Develop better standards and practices for cloud utilization
“The cloud consumption service not only gave us greater visibility and understanding, but it also prompted better conversations between our business and IT teams,” says Florescu. “We now have an onboarding process and checklist for cloud services, and we can show the business what is already in place and what they need to do to maintain compliance. It’s been tremendously helpful.”