NetDimensions : Jahrbuch Bildungs- und Talentmanagement 2014: Learning Technologies in the Cloud

Titel

Anne Dreyer

Bildungs- &

Jahrbuch 2014

Talentmanagement

Fachbeitrag NetDimensions

Eine Bestellmöglichkeit für das Jahrbuch 2014 "Bildungs- & Talentmanagement" finden

Sie unter dem folgenden Link:

https://www.tuev-sued.de/akademie-de/buch-service/fachbuecher-bildungsmangement

125

Ray Ruff

Chief Scientist and Co-founder, NetDimensions

Learning Technologies in the Cloud

Are You Asking the Right Questions? Summary

Almost all Learning and Development (L&D) teams that are involved in selecting and im- plementing learning technologies and systems nowadays do come across the challenge of evaluating Software as a Service (SaaS) offerings that are now available from all major vendors. In this article, we attempt a brief analysis of the key technical aspects of SaaS and what organizations should be aware of for a successful evaluation and implementa- tion.
SaaS is at the heart of many business strategies today, including learning and talent management. As companies look to differentiate themselves in this field, there has been a tendency to obfuscate the true meaning of this phrase. So, let's start at the beginning.
Wikipedia defines SaaS as follows: "Software as a Service, sometimes referred to as
'on-demand software', is a software delivery model in which software and associated data are centrally hosted in the cloud. SaaS is typically accessed by users using a thin client via a web browser."
Looking specifically into the L&D industry, it is the case that most new deployments of Learning or Talent Management Systems in the past two years have actually been SaaS as opposed to the traditional model of on-premise implementations. SaaS offers compelling advantages to learning organizations in terms of predictable total cost of ownership, easier administration, rapid deployment, and global accessibility. However, there are two areas in which there is still some degree of controversy: what the key con- siderations in evaluating a SaaS offering should be; and how secure SaaS deployments are given that data is "in the cloud."

288

| Bildungsmanagement in der Praxis - IT und neue Medien NetDimensions

1. What Really Matters

Kapitel 2

Many of the advantages of SaaS are related to well-designed, robust delivery architec- ture efficiently and cost-effectively managed. As you would expect, the specifics of SaaS architectures vary considerably from one vendor to another, so any buyer needs to care- fully evaluate their options based on their specific needs.

Here are some key points to consider:

Automatic Admin: Most SaaS providers manage the systems environment, security and upgrades at no additional cost to their clients. This, along with the speed of deployment, is one of the most attractive aspects of SaaS.
One Code Base? In an optimal SaaS model, all clients of the SaaS provider share the same code base. Some vendors do not allow customizations. Some allow the addition of customizations or integrations to the standard code base as configured components. This ensures that each of their clients can seamlessly upgrade to the next release without any additional services or costs required.
Rapid Innovation: SaaS providers that have all their clients on the same code base can always make the latest and greatest feature set available to all their clients in a clean and efficient manner. New application releases incorporate new features suggested by all their clients, leveraging the community at large for best-practice improvements that benefit all users.

Control or Lack Thereof

In many cases companies need to control the timing of environment changes, especially if much has been invested in the current release user documentation; and time is needed to prepare your user community for a change, especially if you have sensitive program roll-out timetables or regulatory approval requirements that make upgrades a disruptive issue.

289

This may be a challenge as some widespread multi-tenant SaaS1 solutions tend to be weak in this area. However, single instances offer greater flexibility and control as each individual company dictates the timing of an upgrade.
Requirements Adaptability: Customization is a dirty word in modern software thinking. Every vendor wants to make the environment as flexible and configuration-driven as pos- sible, because this is a win-win for the client as well as the vendor. Certainly client- definable features such as custom attributes for modules and users, variable enrolment policies, auto-assignment rules, custom ad-hoc reports, etc. are part of the standard functionality expected of any modern enterprise software application, and do not require customization.
But in the real world there are some things that require special attention. How you handle these special requirements is critical. For example, integrating with back-end systems (e.g. HRMSs or ERPs) requiring some internal handling changes, and special regulatory or legal requirements not necessarily handled by native software workflows. Many "pure" SaaS implementations struggle with this value proposition. However, for some vendors it is possible to incorporate these special cases into configurable components that are a part of the standard code base to maintain single code base cost advantages.

2. Security - the Elephant in the Room

For many organizations a big concern about SaaS is the lack of "control" over their data once it is in the cloud.
Security is complex and constantly evolving, so much effort in this area relates to estab- lishing best security practices, preventing specific (known) types of vulnerabilities, and essentially minimizing overall risk levels to cater for the unknown. While there are well- established standards and best practices to manage this problem, they require foresight and effort to carry out properly. Unfortunately, anyone can say they are secure, but the real question is can you prove it?

Some key considerations for a secure SaaS environment are:

Security Management Standards: Perhaps the most respected and well established standard for data center security practices is ISO/IEC 27001, an information manage- ment system established by the International Organization for Standardization in 2005.

1 Multitenant applications rely on a software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants).

290

| Bildungsmanagement in der Praxis - IT und neue Medien NetDimensions Kapitel 2

This system requires that management design a comprehensive framework of security controls and practices that address information security vulnerabilities and risks. Most importantly it is a standard that requires an external audit and certification by an outside organization, and it is very much a security-focused audit.
Some SaaS providers rely on SAS70 Type II, which is not a security certification but is primarily a statement by an auditor that stated financial controls are fairly implemented (although nothing is specified as to what the security controls actually should be). The weaknesses of SAS70 (which has been found wanting as a standard) are spurring addi- tional efforts in the security space, such as NIST CyberSecurity standards.
Location, Location, Location: For many reasons multinational corporations must navigate a minefield of country-specific legal guidelines regarding data privacy controls that in- clude HR and training data. For European operations it is essential that data in the cloud be contained somewhere in the EU to ensure that the company stays in compliance with EU data privacy requirements. Likewise, US companies often prefer the legal protection of the US for their managed data. So, in reality, where the data is in the cloud actually matters for many clients.
Infrastructure Architecture: Providing the minimum security is often all that you get from a SaaS vendor - often, this means they have a firewall, require eight-character passwords, and keep their fingers crossed that nothing bad happens. However, a serious security infrastructure can go much further and establish procedures such as intrusion detection, VPN connectivity, regular penetration testing, audits of all server activity, backup encryp- tions, and many more.
Client Data Compartmentalization: In the most secure of cases, each client should have their data in their own database, with application and content elements also compart- mentalized. Many multi-tenant SaaS implementations mix these information sources. This can be done in a managed manner, but relies on limiting client functionality (for example, the ability to connect external third-party report tools to the database) and expert pro- gramming which requires a lot of trust.
Make it Secure Before it's in Production: As if the above arguments were not enough (and with security there is never enough), some vendors go through regular source code scanning for security vulnerabilities in addition to all of the automated unit and system tests. It is impossible to guarantee any system or environment 100 % secure. However, it is inexcusable not to do everything that can be done in a practical, common sense manner beforehand to prevent a problem from occurring needlessly. These preventive measures are another powerful weapon in managing risk and reducing vulnerabilities.

291

As you can see, SaaS offers great benefits, but buyers need to evaluate solution provi- ders on the premise that good software should adapt as much as possible to the way an organization works, not the other way around.
This article was first published in Learning Technologies & Skills Magazine:
http://www.learningtechnologies.co.uk/magazine/

The author

Ray Ruff co-founded NetDimensions, having joined the Group from Sybase. Ruff previously served as open systems group manager at Unisys in the US. Ruff holds an M.S. in computer science from the University of North Carolina at Chapel Hill. Ruff is responsible for managing the technical and product development areas of the Group.

The company

Established in 1999, NetDimensions (AIM: NETD; OTCQX: NETDY) is a global provider of performance, knowledge and learning management solutions.
NetDimensions provides companies, government agencies and other organizations with talent management solutions to personalize learning, share knowledge, enhance performance, foster collaboration, and manage compliance programs for employees, customers, partners and suppliers.
Recognized as one of the talent management industry's top-rated technology suppliers, NetDimensions has been chosen by leading organizations worldwide including ING, Cathay Pacific, Hunter Douglas, Chicago Police Department, Geely Automotive, Fugro Group, and Fresenius Medical Care.
NetDimensions is ISO 9001 certified and NetDimensions hosted services are ISO
27001 certified.

292

INITIATOREN

TÜV SÜD Akademie

Ob Handel, Industrie, Handwerk, öffentlicher Dienst oder Privatpersonen: Die TÜV SÜD Akademie gehört zu den führenden Aus- und Weiterbildungspartnern und hat es sich zur Aufgabe gemacht, Menschen zu qualifizieren und die Zukunft von Unternehmen und Arbeitnehmern zu entwickeln. Professionelle Wissensvermittlung, innovative Produktent- wicklung und flexible Lösungen für Unternehmenskunden zeichnen die TÜV SÜD Akade- mie als Bildungsberater aus.

Das breit aufgestellte Weiterbildungsprogramm der Akademie bietet Seminare in mehr als 400 Fortbildungsthemen aus den Bereichen Management, Medizin und Technik an. Auch in aktuellen und zukunftsorientierten Themen wie beispielsweise Elektromobilität, Energiemanagement oder Medizintechnik bildet die TÜV SÜD Akademie aus. Die er- worbenen Qualifikationen und zertifizierten Abschlüsse entsprechen höchsten Quali- tätsanforderungen und genießen in der Wirtschaft ein weltweites Ansehen. Neben den vielfältigen Seminaren, die in verschiedenen Sprachen angeboten werden, unterstützt die TÜV SÜD Akademie als Komplettanbieter Unternehmen im Bereich Bildungsma- nagement, zum Beispiel bei Personalentwicklungsplanung und Bildungsbedarfsanaly- se, beim Anlegen von Kompetenzprofilen und Qualifizierungsplänen oder beim Aufbau eines modernen Bildungscontrollings und der Sicherung des Wissenstransfers. Zudem werden auf den Kunden und dessen Inhalte spezifisch zugeschnittene Inhouse-Schulun- gen konzipiert, um den bestmöglichen Lernerfolg für den Mitarbeiter und ein optimales Ergebnis für das Unternehmen zu erreichen. Rund 110.000 Teilnehmer bildet die TÜV SÜD Akademie jährlich weiter. Die mehr als 10.000 Seminare werden durch rund 60 verschiedene Fachtagungen ergänzt. Sitz der TÜV SÜD Akademie ist München, 500
Mitarbeiter und mehr als 3.000 Trainer an über 80 Standorten weltweit sorgen für eine flächendeckende Präsenz.

Beispiele für Kompetenz und Erfahrung:

» Wissenschaftlich fundiert: Das Qualitätsmodell des Deutschen Bildungspreises ist

Grundlage aller Analyseangebote.

» Methodenvielfalt: Neben Seminaren und Workshops konzipiert die TÜV SÜD Akade- mie zum Beispiel auch E-Learning-Angebote oder Blended Learning-Pakete.

» Höchste Qualität im In- und Ausland: Die TÜV SÜD Akademie bietet den gesamten

Seminarkatalog in gleichbleibend hoher Qualität weltweit an.

392

| Die Initiative Deutscher Bildungspreis

KAPITEl 4

EuPD Research Sustainable Management

EuPD Research Sustainable Management ist ein führendes internationales Forschungs- unternehmen im Bereich der nachhaltigen Managementsysteme. EuPD Research Sus- tainable Management stellt höchste Qualitätsansprüche an die eigene Arbeit, macht Forschung effizient, transparent, intelligent.

EuPD Research Sustainable Management ist führender Anbieter für die Analyse, Audi- tierung und Modellierung nachhaltiger betrieblicher Managementsysteme. Einen beson- deren Fokus bilden die Themenbereiche Gesundheitsmanagement sowie Bildungs- und Talentmanagement.
Die Kooperation mit einem einzigartigen Netzwerk aus Fachexperten, Wissenschaft und Medien macht es möglich, neue Themen fundiert zu identifizieren, nachhaltige Manage- mentsysteme zu analysieren, zu auditieren und zu implementieren. Einen besonderen Schwerpunkt legt EuPD Research Sustainable Management dabei auf die Praxisvali- dierung. Das Unternehmen identifiziert gemeinsam mit seinem Netzwerk erfolgskritische Faktoren und verbindet so wissenschaftlichen Anspruch mit der notwendigen Funktio- nalität. (www.eupd-rsm.de)

EuPD Research Sustainable Management besitzt langjährige Erfahrung und umfangreiche

Expertise in folgenden Bereichen:

» Managementanalyse

» Managementworkshops

» Modellierung nachhaltiger Managementsysteme

» Ausbildung und Schulung

» Benchmarkingstudien

» Auditierung/Zertifizierung

» Kundenzufriedenheit

» Mitarbeiterzufriedenheit

» Markt- und Wettbewerbsanalysen

393

Schirmherrschaft:

Anne Dreyer

Bildungs- & Talentmanagement

Jahrbuch 2014

Das Jahrbuch Bildungs- und Talentmanagement 2014 informiert über den Status quo sowie die Entwick- lung des Bildungs- und Talentmanagements in deutschen Unternehmen. Die Ergebnisse basieren auf der anonymisierten Auswertung von 126 Qualifizierungsbögen, die im Rahmen der Bewerbungsphase des Deutschen Bildungspreises 2014 eingegangen waren.

Das Jahrbuch gibt im ersten Kapitel einen fundierten Einblick in das Qualitätsmodell der Initiative und wertet die im Rahmen des Deutschen Bildungspreises 2014 gewonnenen Daten aus. Hier werden Hand- lungsfelder und Optimierungspotenziale in deutschen Unternehmen identifiziert. Neben diesen aktuel- len wissenschaftlichen Ergebnissen kommen im zweiten Kapitel Autoren verschiedener Unternehmen in Fachbeiträgen zu gelungenen Best-Practice-Ansätzen zu Wort. Sie beschreiben, wie Unternehmen die betriebliche Weiterbildung organisieren und die Entwicklung ihrer Mitarbeiter strukturiert fördern. Die Gewinner- und Exzellenzunternehmen der Initiative Deutscher Bildungspreis werden schließlich im dritten Kapitel vorgestellt. Sie zeigen in ihren Kurzportraits, warum sie zu den besten Talentförderern Deutschlands gehören.

Der Deutsche Bildungspreis hat die Zielsetzung, Qualitätsstandards im Bildungs- und Talentmanage- ment zu etablieren und die hohe Relevanz betrieblicher Bildung im öffentlichen Diskurs hervorzuheben. Der Deutsche Bildungspreis ist eine Initiative von TÜV SÜD Akademie und EuPD Research Sustain- able Management. Das Jahrbuch Bildungs- und Talentmanagement 2014 wird von den Initiatoren des Deutschen Bildungspreises gemeinschaftlich herausgegeben. Schirmherr der Initiative ist das Bundes- ministerium für Bildung und Forschung.

www.deutscher-bildungspreis.de