10 Steps to Cloud Control
Even though they recognize the benefits of cloud computing technologies, many business leaders have questions about cloud security and control. That's understandable. But by adopting a collaborative approach and aligning their responsibilities with those of the cloud provider, these leaders are finding solutions that offer the best of both worlds.
Aug 27, 2011 5:00 AM PT
Business users are drawn to the cloud. Of course, that's not surprising, considering they tend to see only the benefits: self-service freedom, scalability, availability, flexibility, and the pleasure of avoiding various nasty hardware and software headaches.
IT leaders, on the other hand, aren't always as enthusiastic. They worry about cloud security and have legitimate concerns that applications and data could fall into the hands of unauthorized users. What's more, they also want to retain a level of influence and control.
Can both "sides" have their way? Is it possible to deliver the freedom that users want and the control that IT leaders need?
Of course! But, doing so will take a collaborative effort. Both business users and IT leaders are going to have to assume a few key responsibilities . . . and you'll have to be certain your cloud provider is doing its part, too.
Your 5 Responsibilities
For starters, you'll need to be accountable for the following:
1. Define the business need. Which specific problem are you trying to solve with cloud computing technology? Is it an ongoing concern or one that occurs only infrequently? Do you need an answer "yesterday," or do you have time to build out a solution?
Remember: Not all clouds are created equal. Some can run your applications unchanged, with instant access. Others require a little tweaking. Knowing your needs and the differences between cloud technologies will help you determine the right strategy for attacking the particular business problem that needs attention.
2. Identify your application and process requirements. Once you have precisely defined your business needs, you need to choose the application best-suited to meet them. Be clear about the nature of the application, the development process you want to use, and the roles and access permissions for each user.
Your teams no longer have to wade through traditional monolithic development processes that are linear and slow. Instead, the cloud can empower them with best practices that are fluid and agile. Many self-service solutions can even enable them to run copies of the same environment in parallel.
In short, when used correctly, the cloud can lead to breakthrough productivity. If used incorrectly, though, it can also lead to enormous amounts of wasted resources. Do your research and choose wisely.
3. Determine your timetable. Contrary to popular belief, cloud projects aren't sprints. They're more like journeys over time. Plan accordingly. Because cloud technology is transformative, it's best to define your early experiments on a quarterly basis. Learn from this set, make the necessary adjustments and then move on to the next. The goal is to create a learning organization that gains control over time and improves based on data and experience.
4. Establish success factors. Ask yourself, "What will success look like?" Are you hoping to improve the agility of the development process? Or maybe you want to increase the availability of your applications or enhance remote collaboration? Define achievement, and know how you'll measure progress, too. Establishing realistic goals and identifying metrics will help you find the solution that meets not only your needs, but also your budget and your payback timeframe.
5. Define data and application security. All too often, companies overlook this critical responsibility. Do your due diligence and thoughtfully determine whom you can trust to use the cloud. Then, empower them. Here are questions that need unambiguous answers: What roles will team members take in the cloud model? Is everyone clear about the nature of the application and data they are planning to bring to the cloud? Do they know how to protect your data? Do they understand your password policies? When you're up front about these security factors early on, you create a solid foundation for cloud success -- and your own peace of mind.
Your Provider's 5 Responsibilities
If you want better cloud control, be sure your cloud provider offers the following:
1. Self-service solutions. Waiting equals wasted time and money, so look for cloud offers that are ready to go from day one. Ask if the solution you are considering can immediately implement the applications and business process you have in mind, or if the provider requires you to rewrite the app or change the process.
You'll also need to know if users will require training, or if they can be empowered with a self-service Web interface. Answers to these questions can determine whether adoption is rapid and smooth or slow and bumpy.
2. Scale and speed. A well-architected cloud solution delivers the unique combination of scale and speed. It provides the resources at a scale you need, with on-demand responsiveness. This combination will enable your team to run multiple instances in parallel, snapshot, suspend/resume, publish, collaborate, and accelerate the business cycle.
3. Reliability and availability. The cloud provider has the responsibility to make the system reliable and available, which is often articulated in Service Level Agreements (SLAs). The provider should clearly set operational expectations (such as 99.9 percent availability) with you, the customer.
4. Security. Ask your cloud provider for a comprehensive review of its security technology and processes. More specifically, ask about the following:
- Application and data transportability. Does your provider allow you to export existing applications, data and processes into the cloud? Can you import back just as easily?
- Data center physical security. How does the vendor protect its physical data centers? Are these SAS 70 Type II data centers? Are there trained and skilled data center operators?
- Access and operations security. Your provider must be clear about how access to physical machines is controlled. Who is able to access these machines? How are the machines managed?
- Virtual data center security. Most cloud efficiency, in terms of scale and speed, comes from how the cloud is architected. Be sure you understand how the individual pieces (the compute nodes, network nodes, storage nodes, etc.) are architected, and how they are integrated and secured.
- Application and data security. To implement your policies, the cloud solution must enable you to define groups, roles with granular role-based access control, proper password policies and data encryption (in transit and at rest).
5. Cost efficiencies. Cloud solutions should allow your success to drive success, without any upfront commitments. Unlike a managed service or a hosting solution, a cloud solution uses technology to automate the back-end systems, and therefore can operate large resource pools without big human costs. Naturally, this should all translate into real cost savings for you.
Even though they recognize the benefits of cloud computing technologies, many business leaders have questions about cloud security and control. That's understandable. But by adopting a collaborative approach and aligning their responsibilities with those of the cloud provider, these leaders are finding solutions that offer the best of both worlds. They get the visibility and control they need, while empowering their teams with the huge performance gains only the cloud can provide.