Navigating the cloudy mist - part 1

10 things to consider when working in the cloud - part 1

Cloud computing continues to evolve and is becoming the norm for organisations, including those operating in heavily regulated sectors. Gartner predicts the public cloud services market will grow 21.4% in 2018 to a total $186.4 billion, with the fastest-growing segment being Infrastructure as a Service (IaaS) with revenue forecast to reach $40.8 billion. The research also shows Software as a Service (SaaS) remains the largest segment of the cloud market, with revenue expected to grow 22.2% to $73.6 billion in 2018.

This is no surprise to me, having seen the positive impact of cloud enabled services that have truly transformed how we work within PwC, including enabling flexible working which the Firm champions. It made me realise such changes were only possible because the Firm took the right steps to evaluate before migrating to cloud services – we wouldn’t want to compromise our client and employee information. So what do you need to consider before migrating to cloud?

Based on recent experience of working with clients on cloud migration projects I have compiled a list of ten things to consider. This week we’ll be looking at the first five steps to migrating to cloud.

1. The right governance – everything starts with good planning. Accessing services in the cloud takes 2 minutes with a credit card. But it’s easy to miss small print about security and hidden costs. Having the right framework to procure cloud services is paramount. The nature of the cloud is such that each service (IaaS, PaaS and SaaS) has to be treated differently to enable effective security, and doing so at scale across multiple cloud providers. An organisation-wide cloud policy and framework needs to be established to create a structural approach to managing multi-cloud deployments.
2. Carrying out a thorough discovery – not every application is cloud ready and equally an organisation may not want all its sensitive data to be in the cloud either. By not undertaking a thorough diligence to understand what can be moved to the cloud, the business can do serious damage to application performance and user experience which may affect the overall vision and migration.
3. Understanding who is responsible for what – in my previous cloud security blog, I talked about shared responsibility between the cloud provider and the cloud consumer. The cloud provider is only responsible for what they control and that varies by the nature of service they provide. It’s essential to understand the responsibility matrix and organisations need to ensure they allocate time and resources for their own activities – absence of which can lead to disputes and poor supplier relationships.
4. Security ‘of’ vs ‘in’ the cloud – cloud providers generally consider security as paramount, investing significant resources to ensure the service they provide is secure. But if the organisation’s own security policies or software development processes are not robust, this can result in significant breaches causing reputational damage. Understanding who is doing what is essential to safeguard data in the cloud. Organisations with a clear shared responsibility model (RACI framework) with their cloud provider and who acknowledge that security is a collaborative effort will be able to prevent security incidents in the cloud.
5. The right talent – migrating to the cloud is generally considered complex and a rampant adoption of multi cloud strategies makes it nearly impossible to successfully migrate and operate in a cloud environment without the right team behind you. Lack of understanding of how the cloud works can result in security compromise, spiraling cost and an ineffective cloud model. Organisations with the right talent to plan and execute cloud migration achieve the desired outcome.

Look out next week for Part 2 of the blog.

Read more articles on