Digital Transformation is an interesting term. Sort of like the “Cloud”. We all know in the back of our minds what the Cloud is…someone else’s servers and services. The term “Cloud” is the perfect abstraction from the complexities of modern-day data centers and the myriad of services and solutions they contain. The Cloud is a fully functional asset to help us power our businesses to success.
Digital Transformation is also an abstract term that includes IT and business improvement activities that, in part, can leverage services in the cloud. This can include, but is not limited to, infrastructure, product development, process engineering, security, and compliance activities and workflows. And yes, the adoption of AI. A digital transformation is a journey weaving its way through the entirety of your business positioning you for success.
In the span that is Digital Transformation, there are 3 key attributes to keep in mind as you navigate this path; you must mitigate risk, build equity, and apply an Enterprise Mindset. It is not enough to “just” improve.
Let’s take a short walk through what this means to your business based on a previous engagement. Throughout this blog I use the term “we” as opposed to “I”. This is because I spent a good amount of time assembling performant teams and although the vision comes from “I”, it is “we” that executed our client’s Digital Transformation.
Infrastructure
Scalability is the key objective for your business infrastructure and encompasses the other “-abilities” such as maintainability, reliability, and deployability.
Business Case
This client was entering a high-growth domestic phase and the existing infrastructure was not sufficient to support this.
What We Did
For the 1st phase, we migrated from a 4 VMware server environment to an n-tiered fault-tolerant enterprise architecture for web, app, database, and integration servers resulting in a 23 VMware server environment. The integration servers were a new addition as we refactored that functionality out of the app and into a separate product.
We could have stayed with that tech stack and configuration, but sales became international, and that brought with it a whole new set of needs and requirements. First and foremost was the support for purchase transactions in regions around the globe and the need to scale for support of that activity.
Business Case
Support the purchase of learning assets globally.
What We Did
The 2nd phase involved migrating the VMware environment into the cloud, specifically AWS. This was a “Lift and Shift” of the infrastructure followed by a re-platform of the database from SQL Server to Aurora. We initiated a strategy to refactor commodity application functions utilizing native AWS services. Operational excellence would become a critical focus throughout when planning and deploying assets for the Netherlands, UK, China, and India subsidiaries.
Product Development
Whether internal or customer-facing, consistent, quality releases are the key objectives of your business when moving your product forward. You will either be gap-filling, catching up with the market, or innovating, staying ahead of the market. This client was in a unique position in that they needed to both gap-fill and innovate as demand was increasing and the target market was undergoing a high rate of change.
Business Case
Provide reliable releases that support agile product development, work with the cloud, and reduce post-release challenges.
What We Did
We chose Azure DevOps for its scalability, integration with Visual Studio and the .NET tech stack, and straightforward integration with AWS environments. This included setting up pipelines for dev, test, staging, and production environments with the lower environments also running CICD.
Business Case
Support the client’s need to sell learning, credentialing, and exam products internationally for some of the largest IT clients in the world.
What We Did
Refactor and enhance. This included, but was not limited to, locales, the distribution of digital learning assets, tax determination on said digital learning assets, enhancing e-commerce and order processing capabilities, adopting a new payment provider and ERP system, multi-currency, multi-language, continued iteration on enterprise integration, data enhancements, and an increased focus on security and compliance that also drove product updates. The focus on operational excellence and customer touchpoints began to increase in importance and became one of the key mandates, and successes, for the operations group.
Process Engineering
Whether you’re a fast-growing and dynamic company, as this client is, or you’ve hit your stride, “process” is your friend. Like bumpers on a bowling lane, “process” keeps you out of the gutter and focused on the pins, which in this analogy represent your business goals of which process is a key objective.
Business Case
Engineer, or re-engineer, processes in technology, product development, and finance to support smoother and more stable end-to-end releases and business operations.
What We Did
For product development and release management, we undertook a refactoring of our Agile process that included adopting the SCRUM management framework within the Agile methodology, training, and redeployment of that process through the technology group. For projects or groups where SCRUM was not a good fit, we introduced Kanban to manage first-in/first-out (FIFO) work streams, particularly in DevOps, Security, and Finance. This work dovetailed with the process work in the operations groups, specifically where customer notification of releases was concerned.
Security and Compliance
We could address these topics separately but in the case of this client and how the business progressed internationally, compliance drove a large part of the security program. This is not unusual for smaller companies, and it can be a great way to combine efficiencies across similar functional areas while engendering trust with your customers. The key objective for compliance is to show you do what you say you do.
Business Case
The major driver around compliance was the need to manage other people’s money across multiple global regions. The purchase and distribution of learning assets globally meant that this client needed to comply with a myriad of security, financial, and data privacy regulations.
What We Did
As this client offered credit cards as one of the main payment methods, we needed to attain an SAQ attestation for PCI DSS. For a PCI-DSS attestation there are 4 levels and 5 validation types. Which one you pick depends on the number of credit card transactions you process and what your implementation for card processing looks like. For this client, we spec’d in at level 4, validation type D. Ugh.
Type D means we have to comply with ~250 requirements regarding the processing of credit cards and the associated data. That’s a lot for a small company, who, by the way, could self-attest. Remember that “do-what-we-say-we-do” commitment? So we needed to have a 3rd party attestation. We did not want the responsibility of managing credit card data, nor did we want the expense of complying with ~250 requirements annually knowing that our environment was going to change often as we met the demands of our market.
We decided that we wanted type A which means ~18 requirements annually but also means that there can be no data associated with credit card transactions in the platform or business. We refactored all of the credit card services and data out of the platform, pushing it into a 3rd party app, Stripe, that could support regional credit card transactions along with multi-currency and native payments.
Business Case
With the client utilizing an order-to-cash flow, distribution of electronic entitlements, and enabling purchases globally, it would be important to engender trust with customers, partners, and regulators alike. In short, the client needed to show they “did what they say they do” and comply with financial and data privacy regulations within operational regions.
What We Did
We initiated a compliance project to attain a SOC2 audit focusing on the security, availability, and processing integrity trust service criteria. Our base would be the work we had done for our PCI DSS and GDPR efforts. With the security work that we completed after the move to the AWS cloud for the infrastructure and platform, along with adopting Amazon Cognito for enterprise IDM, we were reasonably far along with the Security TSC. The Availability TSC was also well covered due to our work with dynamic scaling, load balancing, and regional deployment using availability zones and regions.
The Processing Integrity TSC required collaborative involvement with the finance group to map the order-to-cash workflow through the platform identifying key transaction, monitoring, and observability points, and mapping these to the required controls. These controls were then implemented as part of the system or process.
Business Case
As an up-and-coming business with large enterprise sponsors and thousands of enterprise customers from said sponsors, we needed to provide a repeatable security program and apparatus to engender trust with customers and to prevent threat actors from negatively impacting the business.
What We Did
As with most of our major initiatives, we chose to partner with an expert in the industry. In this case with a well-known local security firm to assist in building a repetitive security program. The security model we had been using to this point was solid, but we needed to take it to the next level as there would be the need to deploy internationally. This project would contribute to the SOC2 Security TSC and provide a long-lasting approach to defending against an ever-increasing array of threats, not the least of which is AI in the hands of threat actors.
Wrap Up
Over the span of seven years we were able to iteratively implement a digital transformation throughout the technology group and business. There were many challenges along the way at both the leadership and technical levels, however, the team was able to work through these challenges through a focus on the objectives, proper prioritization, and open dialogue and collaboration between all team members. This digital transformation ultimately led to a more robust technology platform and enabled the business to execute its sales strategy globally, providing access to learning and credentialing assets to companies and end users the world over.
Contact Port Technology if you want to know how we can start your digital transformation and get you on the path to success.