Since Cloud computing is a new way of doing business you have to be clear about what you are letting yourself in for. For some, the business benefits of Cloud are many – for others it will be the simple fact that Cloud allows a small business to stop worrying about its IT – something that distracts from its core function of running the business.
Cloud computing differs from conventional outsourcing in that the latter model is still about stand alone computing — either you take your server and put it in someone else’s data centre or you have a service provider who manages your devices. You will know exactly where your data and servers are and what resources you share with others.
Cloud computing is different – it separates your data from your IT infrastructure, so your data is replicated ‘in the Cloud’, which could be anywhere in a multitude of ‘virtual’ servers. These differences give rise to a new set of security and privacy issues that will have an effect on your risk management practices and has started a re-evaluation of the complex legal issues in areas such as compliance and auditing.
To help with this process, I have put together a checklist of key issues and concerns. When evaluating the different services available, be sure to ask the following questions before you sign any contracts.
And remember – you are on the road to a far better, faster, more efficient, greener and less expensive type of computing, which will free you up from worrying about what’s happening to your ageing IT infrastructure to concentrating on your main task – your business! If you’re planning to maximize the convenience of cloud computing for your business, use this short but important checklist for choosing the right services.
1. Are your applications ready to run in the Cloud?
Are the applications which you use already web-based ? Will they benefit from a cloud- based architecture? Can it scale your present application up in the Cloud ? Migrating your old ‘legacy applications’ to a Cloud based infrastructure will not bring the correct benefits. You need to carry out an assessment to determine an application’s readiness for the Cloud. This means evaluating, via a potential supplier, the readiness of all your key applications. This will provide clear recommendations on your options – whether private or public Cloud.
2. Will you be able to receive technical support for the service?
Many cloud-based services are known for their ease of use, but there will come a time when you will need some technical support. When you use cloud-based services, you’ll be entrusting a lot of your business data to the service’s servers, so it’s only right for you to have a service representative to consult in case things go wrong. Before you go with any cloud-based service, make sure that you will be able to receive adequate technical support from the provider.
3. Ownership and access of your data
The application, the hardware and the operating system will be owned by the cloud provider. However, the data is what your intellectual property is based on and it has to be clearly acknowledged in the contract that you can take that data away with whenever you want to. Your Cloud subscription gives you access to the functionality of the application or function that you use. If that access is removed, can you still access the data so that you can take it away with you? Ensure that the contract allows for access to the back-end data, either directly or via the provider offering an export capability, even after the contract has finished.
4. Fluctuating Data Volumes
The Cloud is excellent for flexible computing, where extra resources such as additional power or sudden additional storage needs – maybe as a result of project work – are needed. However, as your storage capability grows, so does moving it. Migrating 1GB of data across a wide-area network is pretty simple but how about 1TB? That migration can take a long time, and if you need to work with that data as well in real-time, you’ll have to plan for a degree of downtime while the data is pulled from the Cloud and reinstalled against a replacement application or function. Look out for clauses in the agreement that charge for data volumes.
5. Is any part of the Cloud infrastructure outsourced or subcontracted?
Cloud computing can often involve chains of sub-processors. If you work across Euorpe you need to watch this. In some parts of Europe, data protection law requires the controller to independently authorise all subcontracts and to enter into direct contracts with all processors. In most member states, it is left to data controllers or processors to determine what amounts to appropriate technical and organisational measures. However, some countries (for example, Spain, Italy and Poland) have prescriptive requirements for security set out in their legislation. If a customer that operates in one of these countries wishes to put data into the cloud, then it will need the cloud computing service provider to confirm that its security arrangements meet these particular countries laws.
Organisations considering using Cloud services should perform a gap analysis between the specific requirements identified in relevant regulations and the set of controls provided by the Cloud service provider. Using Cloud computing services for data and applications subject to compliance regulations requires a high degree of transparency on the part of service providers. If you are considering these services, you need to think through what use cases make sense, closely review contracts and service-level agreements and understand how the Cloud service meets your specific compliance requirements.
7. Cost analysis
The business case for Cloud application migration is never complete without taking the target Cloud platform into consideration. The migration and overhead costs vary widely based on the target Cloud platform and thus will skew the estimated cost savings. Cost analysis helps decide whether to go ahead with moving a particular application to the cloud or not from a return on investment perspective. Cost should include capital expenditure, operational expenditure, and the overhead costs involved with migration.
8. Migration Strategy
Defining a migration strategy involves understanding the various migration options available, establishing business priorities, and evolving a strategy that offers a fine balance between costs and meeting business priorities. Fundamentally, enterprises have the two following options with a cloud infrastructure – private or public. The choice is driven by priorities such as business model, go-to-market strategy and constrained by factors such as technical feasibility, security, migration costs, etc.
9. Dealing with Downtime
No business should start their operations with a cloud computing vendor without a Service Level Agreement (SLA). The SLA will specify the guaranteed uptime. In cloud computing, anything less than 99.9% is unacceptable. One of the distinguishing features of cloud computing is the assurance of an uptime to nearly 100%. Providers should be able to do this because of their multiple data centres. These are a necessity for providers to ensure uptime. The process in dealing with downtime should also be indicated as should a clear vendor strategy on how the problem will be dealt with if it arises.
10. Data Migration
Cloud computing does not just ‘happen’. Vendors must explain to their clients how data migration will be implemented. This is the most important task for cloud computing vendors because this will not only deal with the future efficiency of the application but also the security of the data.
A detailed plan with a corresponding time frame should be expected from the vendor. Although there are companies that will have more requirements from their clients for data migration, these are done to ensure proper migration without having to deal with future insecurities.
All of the above ten steps should be carefully considered by any business before they proceed to cloud computing. The specific advantages for cloud computing will only be realised if you have selected the right vendor.
Author: Constantine Galonis
He is also the inventor of the patented meshDETECT, Secure Prison Cell Phone Solutions.