How to Diligence Cloud & SaaS Teams for AI, Data Governance, & Cybersecurity Essentials

Sherri Douville
5 min readAug 21, 2023

When and Why Cloud Teams Can’t Adapt to Tomorrow

Almost everyone can agree that AI and Cybersecurity and therefore, data governance becomes mission critical for all tech and tech enabled businesses.

If you worried that not only novice but many “experienced” parties and organizations could struggle the most with AI as well as new cybersecurity requirements and regulations like the EU AI act, you’d often be right.

But why?

In the space of software, cloud native engineering, product teams, and companies often don’t understand compute and storage relationships because the whole point of cloud was to make that relationship irrelevant. Until it isn’t. Take mobility and messaging which presents with a diagnosis of incomparably high memory pressure. In this use case, an abstracted generalized cloud compute model breaks the use case for the user and literally from a technical perspective as explained in this post here.

It turns out various enterprises are trying to solve this problem by way of leveraging small personal area networks with bluetooth as well as mesh networks. These approaches are irrelevant for mobile workers on the go over distances the way physicians are.

Things that SaaS and cloud made unpopular

  1. Governance for data quality
  2. Architecture
  3. Data Modeling
  4. Cybersecurity

Things that all advanced technologies including AI require and separate those ready for tomorrow (where team & technical diligence should focus). Note these are just as much culture and general management problems as they are hard technical skills.

  1. Governance for data quality
  2. Architecture
  3. Data Modeling
  4. Cybersecurity

Great posts by Chad Sanderson on Linked in about data quality and key highlights about the challenges of the SaaS cloud model:

“The ‘move fast and break things’ approach sacrificed long-term stability and comprehensiveness for a more responsive system that could quickly adapt to change. That certainly had its benefits and allowed product-driven companies to find market fit much faster, but it did that to the detriment of governance.”

“After teams adopted fancy tools and cheap compute, they found the quality of the data had degraded substantially. No one knew which data to trust “

“As businesses become more complex and the amount of code deployments increased radically, it became impossible to tell what changes were being made to the data and when. There was no longer a source of truth -”

Chad Sanderson’s brilliant posts on data quality are worth a read:

“Data architecture is dying” [2]

“Data Debt is the #1 problem facing data teams today.” [3]

With the advent of electronic medical records, EMR’s, healthcare has rightly focused on informatics (applying data to clinical care); however the CXO and board remit for data is much bigger than that.

“You have to look at data across the whole healthcare enterprise. We must accelerate our data executives’ ability in healthcare to connect the dots to drive digital integration through data which is required for effective cybersecurity.”

Former health system CIO, Security and Privacy Officer
Member, HHS Healthcare Industry Cybersecurity Task Force
Seasoned Cybersecurity Executive

Some answers to these challenges can be found here, CSO online published a great summary of Cloud Security Alliance, CSA top cloud security threats [1]

“Key takeaways about the lack of cloud security architecture and strategy include:

  • Companies should consider business objectives, risk, security threats, and legal compliance in cloud services and infrastructure design and decisions.
  • Given the rapid pace of change and limited centralized control in cloud deployments, it’s more important, not less, to develop and adhere to an infrastructure strategy and design principles.
  • Adopters are advised to consider due diligence and vendor security assessment foundational practices. They should be complemented with secure design and integration to avoid the kinds of systemic failures that occurred in the SolarWinds, Kaseya and Bonobos breaches.”

The CSA “report recommended building strong organizational practices around cloud hygiene, application security, observability, access control, and secrets management to reduce the blast radius of an attack. Key takeaways about misconfiguration and exploitation of serverless and container workloads include:

  • Investments should be made into cloud security training, governance processes, and reusable secure cloud architecture patterns to reduce the risk and frequency of insecure cloud configurations.
  • Development teams should put extra rigor around strong application security and engineering best practices before migrating to serverless technologies that remove traditional security controls.”

As our Ch. 10 coauthors of our Advanced Health Technology book [4] brilliantly point out, U.S. laws & standards are considered deficient for a number of international markets. You should be aware of this and plan to manage against a much higher bar or be ready to forfeit some international markets. Executives and board members can rapidly build trust by quickly upgrading cybersecurity literacy.

Managing Third Party Risk- Framework Details for Risk Management in Medical Technology by: Mitch Parker, Brittany Partridge, MBA, FAMIA, Eric Svetcov, Allison J. Taylor

The goal of the chapter is to provide healthcare (or any regulated industry) executives with the knowledge needed to understand regulations and requirements, and the processes by which leaders can apply them to implement proper risk management. Our goal is to provide actionable tips from the relevant standards and frameworks all in one place, enabling and accelerating those who have to make sound decisions.

[4] From our book, Advanced Health Technology which you can buy here:

[1] CSO Online:

[2] “Data architecture is dying”

[3] “Data Debt is the #1 problem facing data teams today.”

By Sherri Douville, CEO at Medigram, the Mobile Medicine company. Recognized in 8 categories of top CEOs by Board Room Media (Across SMS, mHealth, iOS, IT, Database, Big Data, Android, Healthcare). Top ranked medical market executive worldwide. Best selling editor/author, Mobile Medicine: Overcoming People, Culture, and Governance & Advanced Health Technology: Managing Risk While Tackling Barriers to Rapid Acceleration, Taylor & Francis; Series Editor for Trustworthy Technology & Innovation + Trustworthy Technology & Innovation in Healthcare. (contracted to advise top academic and professional education publisher Routledge, Taylor & Francis).

Sherri is the co-chair of the IEEE/UL JV for the technical trust standard SG project for Clinical IoT in medicine, P2933. She is passionate about redefining technology, software and data for medicine and advanced health technologies in a way that’s worth the trust of clinicians, our family, and friends. Ms. Douville leverages her books to inform her work on the CHIME CDH security specialization certification board. She also teaches, advises, and co-founded the Cybersecurity (+AI) curriculum for the Black Corporate Board Readiness and Women’s Corporate Board Readiness programs at Santa Clara University.