Previously I posted topics on different cloud service models – IaaS, SaaS, PaaS, and iPaaS. I wanted to lay out a baseline understanding of the concepts, definitions, some basic limitations, and key advantages of each service model. As a cloud evangelist I expect these service models to be a foundational way to source and provision IT and business services for years to come. But let’s be honest….you still have to come prepared before jumping into new territory. Let’s review some basic considerations:
1. Understand Shadow IT & Embrace a Partnership
- Consider This: Because the cloud is available anytime, anywhere and is easy to use, a large number of non-IT users are attracted to subscribing to cloud services, which might not be accounted for by the IT department, particularly IT Risk, Security, Compliance, and Governance organizations.
- My Advice: IT departments should partner with their business and jointly evaluate and agree upon which cloud services will be used.
2. Review your Applications
- Consider This: Core business applications, especially legacy apps, are often highly customized, complex, and entangled. Some applications may not be well suited for the cloud, while other applications are ripe for a migration.
- My Advice: Prior to moving any application to the cloud, a readiness assessment should be performed to determine cloud suitability and identification of the target cloud model. In many cases it makes sense to use an experienced third party to perform this analysis who has access to mapping and modeling tools, ROI calculators, and other artifacts to assist in the assessing legacy applications. This topic is covered in depth by Jay Keyes.
3. Prepare for Provider Independence
- Consider This: Changing providers is always a challenge. However, the lack of standards for data formats and application programming interfaces (API) make transitioning cloud providers particularly difficult and expensive. Open standards are emerging and are being more widely adopted, but proprietary technology is still very common.
- My Advice: Be aware of the underlying technology used to deliver the service and prepare procedures to move cloud workloads elsewhere as a precautionary measure in case you become unsatisfied.
4. Get a Firm Grasp on Your Security and Compliance Requirements
- Consider This: With cloud computing, a high concentration of data may be hosted with a single provider. Such a provider is an enticing target for hackers who would have access to a wealth of information if they successfully breach the security measures in place. Enterprises who are moving to the cloud should have a deep understanding of the security technologies and procedures that their service providers put in place, including a review of what is included and what is not included. Never assume that basic security services are included as part of a base cloud service, especially for “self-managed” clouds where the customer, not the provider, manages the infrastructure. If you are running a Windows server on a self-managed public cloud, then YOU are responsible for securing the instance (patching, anti-virus, etc). Although not new to the IT industry, issues related to privacy include jurisdiction of information (where and under what set of laws the data resides), access and controls, the availability of audit trails, and compliance with industry and legal standards and regulations, such as the Statement on Standards for Attestation Engagements (SSAE) 16 and the International Standard on Assurance Engagements (ISAE) 3402.
- My Advice: Be sure to select a cloud service provider that meets your particular regional, industry, and regulatory requirements, and make sure to understand exactly what services will be included by the service provider.
5. Know How the Service Provider Manages Risk
- Consider This: It’s difficult to determine how well a cloud provider manages a service disruption or supports its clients’ requirements for data location disclosure and security measures and protocols.
- My Advice: Requirements for data protection and service availability should be strictly governed through the use of contractual service level agreements (SLAs), and customers must understand exactly how SLA metrics are calculated. You should evaluate the stability the provider’s business, and measure the risk associated with an unsustainable provider of cloud services as some providers have simply gone out of business.
Let’s cover the different cloud deployment models in my next post…starting with Enterprise Private Clouds.
- Ryan Reed, Cloud Evangelist
Post Date: 2/4/2015