| By Cara Beston |
Article Rating: |
|
| June 3, 2010 10:15 AM EDT |
Reads: |
1,660 |
There's little doubt that cloud computing is here to stay. In fact, analyst group Gartner believes that cloud computing will reach critical mass by 2015. The reasons for moving to the cloud are compelling. If cloud providers purchase and maintain the IT infrastructure that drives your business, you don't need to. But the promise of lower capital and operational costs isn't the only benefit of cloud computing. Companies that partner with the right cloud provider can scale their capabilities quickly and flexibly-potentially giving them a competitive advantage.
However, the concerns C-level executives and IT decision makers have about security and data control pose a serious impediment to widespread adoption, according to the 2009 Cloud Computing survey conducted by Kelton Research. To leap with confidence into the cloud, you need to know what you'll find before you land.
Such insight may come from a trusted relationship with your cloud provider, who should be considered a partner in the matter rather than a vendor. 
You'll want to establish an open working relationship with your cloud provider that tolerates no secrets. Let's look at some practical ways you can work effectively with providers to protect your business as you move to the cloud.
Make No Assumptions
Cloud providers know that their success depends in good part on how well they allay security concerns. It's reasonable, and likely accurate, to assume that reputable cloud providers have invested heavily in architectures designed to keep data safe. This does not mean, however, that their controls, processes, and technologies are the right ones for keeping your data safe. For example, you may be subject to regulatory requirements-such as HIPAA or the Payment Card Industry Data Security Standard-that may not be on your provider's radar. Each provider approaches security differently.
"It does come down to vetting the practices of the provider and making sure they meet the standards you want for your business," Phil Hochmuth, senior analyst at Yankee Group told C/NET last year. The bottom line: you need to know whether your chosen provider's approach will effectively safeguard your particular business.
Negotiate Effective SLAs
The details of the service-level agreement (SLA) you agree on with your provider will differ based on your type of business and tolerance for risk. For instance, if you're planning to move your transactions to the cloud, then availability and reliability may take center stage in your SLA. It's important to understand that a guarantee of 99% uptime still results in 1% downtime. If you have thousands of customers making purchases every minute, that 1% can lead to significant lost revenue. Ask your provider how it manages unexpected peaks in demand, and find out how your services will be prioritized. Make sure you have key members of your management team review the SLAs so you can be confident that the impact of each provision has been rigorously considered.
Push for Transparency
Having a thorough SLA isn't enough. At any point in time, you need to know whether your provider is living up to its commitments. Just as your business undergoes changes over time, so does a service provider's. Cloud provisioning companies hire new employees and adopt new technologies. To streamline operations, they may alter certain practices and policies or even outsource operations once handled internally. You'll need to find out what protocols your provider has in place for reassessing its changing environment. Could the provider still continue to safeguard your data and meet performance requirements? Your provider should also be willing to share information on known or potential security threats and violations and its response to them. A provider that wants to keep you in the dark may be doing so innocently or intentionally. Either way, it would be a situation to resolve promptly.
Get a Second Opinion
If yours is like many companies, you may not have the time, resources, or in-house skill sets required to evaluate whether a cloud provider can meet your specific security and performance needs - no matter how transparent the provider might be. In that case, consider getting a trusted third party to evaluate the provider's environment. This objective assessment would describe the provider's environment as it relates to the services you want to purchase. In clear language, it should provide details about how the provider's processes, controls, people, and technology address your security, privacy, confidentiality, and availability concerns. If a third-party assessment is done correctly with the right level of preparation and collaboration with the cloud provider, it can cement the trust between you and your provider. It can also serve as the basis for ongoing reassessments that evaluate how changes to the provider's environment may impact its ability to meet your SLA now and in the future.
Go for the Win-Win
The benefits of cloud computing are indeed compelling - as are the risks. But those risks aren't insurmountable, especially if you view your relationship with your provider as a close partnership, one in which you can ask tough questions and the company will answer. As cloud computing gains momentum and the technologies employed multiply and morph, it's critical that you continue to own responsibility for the availability and confidentially of your data. If your provider is willing to expose its environment through an assessment, it's more likely that your data will be secure, risks will be effectively managed, and your business will operate seamlessly. With open lines of communication between you and your provider, and a trusted third party at hand to regularly assess your provider's environment, cloud computing can be a win-win. So go ahead, leap into the cloud. Just look first.
Subscribe to JAVA Developer's Journal Email News Alerts
Subscribe via RSS
