Cloud computing. You can’t go anywhere these days without hearing about it - from consumers downloading the latest movies and music on the move, right up to major business leaders talking about how it is revolutionising the way we use IT resources and meet customer demands.
And for good reason. Outsourcing key operations to cloud providers makes sense in terms of reduced capital expenditure, reduced energy spend and staff and operational efficiencies. There is no doubt we are living in the cloud computing age, but some analysts and commentators have, I think, overcomplicated the shift by attributing almost magical properties to the cloud without considering some more mundane realities – such as my favourite topic, security stability and reliability – but we will come back to that. People even gesture to the sky when they talk about cloud computing!
Of course cloud computing is very much earth bound and resides in pretty mundane data centres. In other words, a whole bunch of boring servers!
Much more important is what’s being processed on those servers. A whole industry of cloud-based services have grown up, including of course services like those of the company on whose site this blog is based. NewVoiceMedia can set up a contact centre and all its services in the cloud. Elsewhere essential services such as sales management, CRM, email and inbound marketing can all be purchased in the cloud -- all great and all no doubt effective in the current changing marketplace.
Indeed very cool and the future will no doubt only bring even more great cloud-based services. Exciting then, but let’s get back to my security, stability and reliability point before we get too carried away. As a manager you are no doubt sold on the business arguments of the cloud and keen to push some of your services out to the cloud, but your CIO or IT Director, while undoubtedly keen to take advantage of the cloud also, will need some reassurance that any cloud services meet strict controls. So how can you achieve this?
The answer is to decide as a business, as a group of stakeholders, what you want to put out to the cloud and most crucially, why. What’s the business reason? Remember you are not buying the cloud, you are buying a business service, a service that is right for you and your business culture.
When you think about it, how that service is delivered is actually irrelevant in terms of technology which means you need to ensure that any due diligence you do on a potential cloud service, is as detailed as on any service you currently host in-house. It cannot be stated enough that the business and the advantages of the cloud must come first – not the cloud itself. The technicalities of the cloud are the responsibility of the cloud provider.
Which is why my rules of the cloud are as follows:
Customers provide you with data, that data is your lifeblood
Data is the heart of your business. You must know is where it is. As part of any SLA, your cloud provider must inform you where their data centres are – even (actually, especially) if they don’t own them. If you don’t know this you may fall foul of international data compliance and governance laws.
Prepare for a possible data breach
Sounds scary, but you would ensure IT security in your own business, so any cloud provider must be able to prove that it has the same level of data protection that you would expect. If not, move on.
Due diligence means just that
This is your business you are entrusting, so determine how stable the cloud provider is. What experience does it have? Can it scale? What is its infrastructure? Plus a hundred other questions need to be answered...
Stay in control
Just because you are outsourcing part of your business to the cloud, you are not outsourcing your business. It’s your data, your business plan – keep control of that and ensure that your cloud provider understands this. Their time is best spent fulfilling the strict SLA that you negotiated. Remember that!
So, even as a business user, you should grab the nettle of these security rules when you are shortlisting cloud suppliers, so that when you rock up to your CIO or CEO, you are equipped with the answers to the security questions he or she is bound to ask you.