Our Full-Service B2B Marketing Program Delivers Sales-Ready Leads Click to Learn More!
Welcome Guest | Sign In

10 Things to Remember When Reaching for the Cloud

By Richard Taggart
Jan 3, 2012 5:00 AM PT

Cloud computing represents a powerful shift in how your company deploys applications, stores data, implements security and adheres to industry regulations. Cloud architectures can give your company the flexibility to scale resources as the business requires. And you can do so without incurring unnecessary capital expenses.

10 Things to Remember When Reaching for the Cloud

Whether your organization is actively looking at cloud computing options or just thinking about it, there are some important business, legal and security issues to consider about cloud computing before taking the plunge. Weighing these issues at the onset will help you avoid potential problems once you select a vendor and begin deployment.

You should also bring some key stakeholders into the conversion to ensure you're looking at the benefits and potential risks from every possible angle.

1. Make Friends With Your Legal and Security Staff

Any IT organization that is preparing to adopt any sort of cloud service needs to understand their data issues. If your organization is large enough, you probably have people in the legal department who specialize in data security, both domestically and internationally. Data use and privacy differ by country, and there's no way an IT department can understand all the various legal issues associated with corporate and customer data.

2. Adopt a Data Loss Prevention Program

Before you start using cloud services, especially if your applications and data are going to reside outside of the corporate firewall, it's a good idea to classify your data. You want to have a blueprint that identifies which applications use which particular data, and which legal regulations apply to that data. How is the data being consumed by upstream applications, and how is it generated by downstream applications?

3. Try the Hybrid Approach

I don't recommend putting all of your eggs in one basket -- especially when you're just starting out. I suggest a hybrid approach in which you implement a cloud service within the firewall and move some data and applications to a third-party facility. The hybrid approach gives the IT department maximum flexibility and the best understanding of how to optimize cloud resources.

4. Start Small, Think Big

I suggest putting a cloud appliance in your data center for your first trial with cloud computing. This is a great way to get started. There's a sense of security that comes from being able to see the box and how it works. Your development team can set up capacity on demand with minimal change to the operational environment. In addition, you're not introducing any new security issues into your infrastructure. An appliance is a great option to consider.

5. Understand Your Vendor's Customer Isolation Policies

This is really important if you're dealing with a multi-tenant data center. You don't want any other customer interfering with your data, application performance, or security. You should also ask your provider if your company's workload could be run on your network from its data center. This can provide huge structural isolation of your data.

6. Consider All of the Data Encryption Options

Ask your potential cloud vendor if all of your data is encrypted in transit and in the rack. What is its encryption methodology and how is it managed? Is there any data visible in clear text? How could a third-party service provider in the data center do malicious harm to your data?

7. Make Sure Your Vendor Has the Requisite Certifications

Ask your cloud provider to provide all of the certifications that matter to your business, be it computing, regulatory or industry-based. Make sure it is up to date and in line with the latest requirements.

8. Bring in a Third-Party Security Monitoring Partner

When carrying out due diligence, ask if your cloud provider will let you employ a third-party security auditor. This security vendor will provide 24/7 monitoring of your resources within the cloud provider's environment and alert you to any potential problems.

9. Look at Your Vendor's Service Provider Policies

Understand the agreement you are entering into. Know the level of service you are contracting for and understand its conflict-solution policies. Is this a long-term contract? Are there proprietary technologies that could lock you into this vendor? The answers to these questions should help you select your vendor.

10. Keep Up on Industry Developments and Best Practices

Once you have decided on a vendor, and even after you've gone through the implementation, continue to keep an eye on developments in the cloud computing industry. Make sure your vendor lets you take advantage of the latest pricing and computing enhancements that come to market.

Once you consider these issues with all relevant stakeholders and get answers to your questions from your potential suppliers, you should be well on your way to making an informed decision about the types of cloud services that are best for your organization.

Richard Taggart is lead partner for SHI.

Facebook Twitter LinkedIn Google+ RSS
What should be done about UFOs?
World governments should cooperate to address a potential planetary threat.
The DoD should investigate -- they could signal a hostile nation's tech advances.
The government should reveal what it already knows.
The government probably has good reasons for secrecy and should be trusted on this.
Wealthy corporate space-age visionaries should take the lead.
Nothing. Studying UFOs is a waste of resources.
Keep the stories coming. People love conspiracy theories, and it's fun to speculate.