Cloud Considerations
Taking the First Step
As someone once said, the first step is often the hardest. Making the move to the cloud can also feel like this for many clients. Technology companies can be renowned for using complex language which can make understanding the cloud more complicated than it needs to be. The good news is that it doesn’t need to be and once stripped back, is actually quite easy to understand.
So, what are the concerns that stop or slow decision making when it comes to moving to the cloud? The below graphic from RightScale provides an insight into what are some of these concerns are.~ Cloud Challenges ~
I won’t go through each one listed here but let’s take five of these and expand further on them using the C.A.R. model, Challenge Action Response:
1. Security
In my experience, Security is the number one topic that comes up in client discussions and understandably so. We all want to know that our data is stored securely and access to it is delivered in a controlled manner.
CHALLENGE – Knowing where my system and data is and who can access it.
ACTION – Asking your provider where is my system and data? Who has access to it? What security credentials does your provider and their vendors have?
RESPONSE – Your provider should be able to provide you with details on their security coverage per the above questions.
~ Security ~
2. Managing Costs
Moving to the cloud can often be a great way lower your business’ operating costs. However, without appropriate controls around the provisioning of memory, CPU and storage, costs can increase at a rapid rate.
CHALLENGE – Change in CAPEX to OPEX service provision and how to budget for cloud services.
ACTION – Asking your provider for a clear list of services and fees and how to model usage based on current usage and forecasted for the term of the agreement. How much will I be paying, per month, per year, what are the excess fees, if any? Do I save money by shutting down non-critical servers outside of operational hours?
RESPONSE – Your provider should be able to provide you a list of services and their associated fees.
~ Managing costs ~
3. Resources/Expertise
Having the right resources and expertise within your business to support the cloud environment is crucial to ensuring smooth operations.
CHALLENGE – On-premise infrastructure skills differing from cloud-based ones. Managing this change and knowing that your provider has reliable and knowledgeable staff.
ACTION – Asking your provider for a clear list of services provided in the agreement and who is managing what. What are the lines of demarcation? How do I raise a support issue? How do I escalate a support issue?
RESPONSE – Your provider should be able to provide you a list of services, how these will be managed, details of their service and support personnel.
~ Expertise ~
4. Governance/Control
Giving the ‘keys to the car’ to another entity to manage your business’ cloud environment means that you want to ensure that suitable controls are in place.
CHALLENGE – Ensuring that appropriate governance and controls are in place for systems and data and that all changes are managed. Managing this change and knowing that your provider has reliable and knowledgeable staff.
ACTION – Asking your provider how do they secure your applications? What are their policies on system and data access? What is their change control processes? How will you be consulted?
RESPONSE – Your provider should be able to provide you a set of policies that talk to how your systems and data will be managed. Further details regarding the change management process should be provided so you (and your provider) are clear on how changes are managed.
~ Governance and Control ~
5. Compliance
Compliance is important for a variety of reasons and this ultimately comes down to what your business’ obligations are.
CHALLENGE – Ensuring that your service is compliant with the appropriate legal, government and industry standards and regulations.
ACTION – What standards and regulations does your organisation require? For example, in the health industry there are strict guidelines regarding the management and accessibility of patient data (HIPAA). Does your provider adhere to the standards and regulations that your organisation requires? What are your organisation’s audit requirements? Can your provider support these requirements?
RESPONSE – This consideration requires a high level of input from you the client. Speak to your Legal and/or HR team about what are the standards and regulations that your organisation needs to comply with. Present these requirements to your cloud provider and work through a plan on how these will be managed.
To help capture these elements the below is a Checklist of conversation starters that you can take back to your respective businesses and service providers. These should help stoke healthy discussions and ultimately, help raise the awareness of cloud within the business and what options are available.