Navigating the cloudy mist - part 2
Sep 20, 2018
10 things to consider when working in the cloud - part 2
The world we live in today is changing to a digital world – “why cloud?” is a thing of the past and more and more organisations are adopting a ‘cloud-first’ strategy as it creates a differentiation and is becoming the blueprint for today’s digital application landscape.
So what do you need to consider before migrating to cloud? In part 1 of this blog, I gave you the first 5 points of my starter for 10 on cloud migration. This week I’ve highlighted points 6-10 in migrating to cloud:
- Data sovereignty regime – with the introduction of privacy laws such as GDPR, understanding where your data resides is now more important than ever. This is further complicated by country-specific regulations such as Health Insurance Portability and Accountability Act (HIPAA), International Traffic in Arms Regulations (ITAR) in the US, etc. which force cloud providers to follow certain processes to keeping data in certain territories.
- Understanding how business continuity and disaster recovery works – generally, top tier cloud providers build infrastructure and services with uptime percentages that far exceed the levels the average business can achieve. That doesn’t mean they are immune to outages caused by systems and people. Understanding how continuity works is essential and in the growing data privacy world, the ability to access data in the event of a breach and responding to access requests is key to ensuring continuity and disaster recovery planning are well considered.
- Understanding how the costing works – cloud is a pay as you service, i.e. you only pay for what you use. That’s the reason why cloud services deliver dramatic cost savings. Organisations needs to undertake a proper total cost of ownership (TCO) before signing up to cloud services. The cloud TCO may assume eight hours per day of cloud usage but if the systems aren’t configured to turn off these servers when not in use, cost can spiral and cloud will become expensive to run and maintain.
- An effective service management framework to monitor performance – as with any outsourcing, keeping a close eye on the performance of the vendor and challenging when things are not going to plan is essential. Cloud is no different and organisations which monitor their performance and security get the most out of the service. A service management framework which includes key performance indicators such as up time, down time, security breaches, incident managements and other metrics which are vital to the organisation should be established. This should then be reviewed periodically to ensure the cloud service actually being received is as planned and where there are deviations, take actions to resolve differences.
- The right assurance framework – having the right to audit clause in your contracts and enforcing them when required such that you get assurance over the services provided by the cloud provider. There are a variety of certifications and assurance reports that can provide comfort and help organisations better understand how data is managed and secured by the cloud providers. As I’ve said previously in my blog on ‘Compliance in the cloud’ having the right assurance framework will enable organisations to evaluate the cloud provider’s security and organisational controls.
The decision to transform the existing legacy landscape to a cloud-native model has many factors to consider —for some, a full shift from traditional to cloud-native is the right path; for others leaving the traditional as-is and to apply a cloud-first for only new applications, is the right way forward. Irrespective of the path they choose, a detailed assessment covering people, process and technology is critical.