10 Things to Remember When Reaching for the Cloud
There are important legal, security and business issues to keep in mind before implementing a cloud computing plan, such as data loss prevention, vendor policies, third-party security and relevant certifications. Weighing these issues at the onset will help you avoid potential problems once you select a vendor and begin deployment.
Jan 3, 2012 5:00 AM PT
Cloud computing represents a powerful shift in how your company deploys applications, stores data, implements security and adheres to industry regulations. Cloud architectures can give your company the flexibility to scale resources as the business requires. And you can do so without incurring unnecessary capital expenses.
Whether your organization is actively looking at cloud computing options or just thinking about it, there are some important business, legal and security issues to consider about cloud computing before taking the plunge. Weighing these issues at the onset will help you avoid potential problems once you select a vendor and begin deployment.
You should also bring some key stakeholders into the conversion to ensure you're looking at the benefits and potential risks from every possible angle.
1. Make Friends With Your Legal and Security Staff
Any IT organization that is preparing to adopt any sort of cloud service needs to understand their data issues. If your organization is large enough, you probably have people in the legal department who specialize in data security, both domestically and internationally. Data use and privacy differ by country, and there's no way an IT department can understand all the various legal issues associated with corporate and customer data.
2. Adopt a Data Loss Prevention ProgramBefore you start using cloud services, especially if your applications and data are going to reside outside of the corporate firewall, it's a good idea to classify your data. You want to have a blueprint that identifies which applications use which particular data, and which legal regulations apply to that data. How is the data being consumed by upstream applications, and how is it generated by downstream applications?
3. Try the Hybrid ApproachI don't recommend putting all of your eggs in one basket -- especially when you're just starting out. I suggest a hybrid approach in which you implement a cloud service within the firewall and move some data and applications to a third-party facility. The hybrid approach gives the IT department maximum flexibility and the best understanding of how to optimize cloud resources.
4. Start Small, Think BigI suggest putting a cloud appliance in your data center for your first trial with cloud computing. This is a great way to get started. There's a sense of security that comes from being able to see the box and how it works. Your development team can set up capacity on demand with minimal change to the operational environment. In addition, you're not introducing any new security issues into your infrastructure. An appliance is a great option to consider.
5. Understand Your Vendor's Customer Isolation PoliciesThis is really important if you're dealing with a multi-tenant data center. You don't want any other customer interfering with your data, application performance, or security. You should also ask your provider if your company's workload could be run on your network from its data center. This can provide huge structural isolation of your data.
6. Consider All of the Data Encryption OptionsAsk your potential cloud vendor if all of your data is encrypted in transit and in the rack. What is its encryption methodology and how is it managed? Is there any data visible in clear text? How could a third-party service provider in the data center do malicious harm to your data?
7. Make Sure Your Vendor Has the Requisite CertificationsAsk your cloud provider to provide all of the certifications that matter to your business, be it computing, regulatory or industry-based. Make sure it is up to date and in line with the latest requirements.
8. Bring in a Third-Party Security Monitoring PartnerWhen carrying out due diligence, ask if your cloud provider will let you employ a third-party security auditor. This security vendor will provide 24/7 monitoring of your resources within the cloud provider's environment and alert you to any potential problems.
9. Look at Your Vendor's Service Provider PoliciesUnderstand the agreement you are entering into. Know the level of service you are contracting for and understand its conflict-solution policies. Is this a long-term contract? Are there proprietary technologies that could lock you into this vendor? The answers to these questions should help you select your vendor.
10. Keep Up on Industry Developments and Best PracticesOnce you have decided on a vendor, and even after you've gone through the implementation, continue to keep an eye on developments in the cloud computing industry. Make sure your vendor lets you take advantage of the latest pricing and computing enhancements that come to market.
Once you consider these issues with all relevant stakeholders and get answers to your questions from your potential suppliers, you should be well on your way to making an informed decision about the types of cloud services that are best for your organization.