A recent study featured in ComputerWeekly, found that more than 40 percent of IT professionals surveyed confirmed that their company’s operational efficiency improved after moving to a cloud environment. According to the study, taking IT to the cloud helped businesses adapt to market changes and target new customers. The survey also reported that robust cloud adopters are 117 percent more likely to use the cloud to make better, data-driven business decisions. More than half the companies relying upon the cloud concluded that their information infrastructures improved because the technology enabled them to have quick access to data and knowledge, without the headaches of capacity constraints. They stated that with cloud, they have the power to build up revenue streams and target new markets.
Despite the proven cost saving and business advantages offered by cloud computing, CXOs are still wary about making a move to the cloud. While they are aware of the obvious benefits of an enterprise shift to cloud computing technology and how it drives innovation and business growth, what worries them are the potential challenges that come with such a migration.
Relying on cloud for critical storage could leave organizations vulnerable in the event of a network outage. When moving to cloud, security of crucial information is another key concern that comprises information theft, computer hacking, as well as unauthorized access to organizations’ sensitive data.
Despite these concerns and because of the net benefits offered by moving applications to the cloud, the cloud computing market is expected to grow from $40.7 billion in 2011 to $241 billion in 2020. Therefore, CIOs must find ways to efficiently manage their move to cloud. They need to evaluate what should be moved to cloud, how to structure the relationship with their cloud service provider, and how to manage risks while operating in a cloud computing environment. CIOs should also take into consideration various security and application risks and process complexity along with the degree of customization required. Moreover, they need to identify potential deal breakers during migration to the cloud.
There are several factors IT teams must consider as they move their organization to a cloud ecosystem.
Is organizational data too sensitive for the cloud?
CFOs and CIOs are usually unsure about placing their organizational information off-premises or in the cloud. For them it’s easier to control something that is physical and more tangible. An evaluation of the data can help them make the right decision about which data to move and which data to manage internally. For example, CIOs need to ask these questions before moving their data to the cloud - Should personal data including information like social security numbers, bank account information, HIPPA regulated health data, etc. be moved to the cloud? Are there restrictions upon the geographic location of company’s cloud servers? How would cloud applications interface with native desktop applications to provide the right blend of functionality, accessibility and security for the needs of the company?
Determine what type of cloud can best serve business needs
Be it public, hybrid or private cloud computing model, each offers unique benefits for different businesses. A public cloud would be a good choice for those looking to replace a service or application that is currently running on-premise. Switching to a public cloud model provides additional features that an onsite upgrade cannot offer. Some motives to consider the public cloud should be:
- If hardware or software is approaching End of Life (EOL) and upgrading it is too costly
- If business needs exclusive features that it can’t get from an onsite solution
- If servers and specialized applications are not centralized
- If the aim is to obtain high-availability for only one or two solutions
On the other hand, a hybrid cloud solution can prove beneficial if an organization has already made investments in software, hardware and solutions, but are still thinking of augmenting their IT network. Companies should consider migrating to the hybrid cloud model in case of the following situations:
- Already have centralized IT resources, but need to add a critical feature to them that is better delivered via hybrid cloud
- Business demands secure server backups or a data archiving solution
- Business needs filtering and protection for email and web content
Private cloud is another option for businesses that require high availability and security. Companies should opt for the private cloud model if:
- Business has multiple workplaces, especially satellite offices with IT resources centralized at head quarters
- Organization has high-availability needs for internet, data access, email and business critical applications and company is willing to put in the investment to configure the private cloud with sufficient IT support, redundancy and maintainability.
- Business works around high-risk data governed by regulator controls such as HIPPA, PCI (News - Alert) or FISMA
- Organization has complex legal requirements, requiring enhanced logging or secure access to sensitive data
Know your cloud service contract
It is important to review the cloud service contract carefully before moving ahead with a migration. A contract may contain terms from vendors, such as “The SaaS (News - Alert) vendor can suspend your right and license to use services, or terminate the agreement in its entirety for any reason or no reason, at its discretion at any time, with, at most, 60 days’ notice” OR “You bear sole responsibility for adequate security, protection and backup of your data, even though the other party is hosting it.” (Computerworld -“Best practices for scaling up SaaS”). Such terms will need to be evaluated in the context of the company’s requirements.
Before entering into any contract, make sure that the service provider’s incentives and governance are in place. Among other considerations, there are key contract areas that CIOs need to pay attention to, which include - Does the service provider offer an evaluation period to test its cloud services? In the case of potential system failure, what back-up plans will be provided by the vendor? If the cloud service provider ceases its operations, what process should be followed for operationalizing the company’s information hosted in the cloud?
Avoid the ‘Vendor Lock-In’ and ‘Technology Lock-in’ situation
Many organizations are rightly concerned about being fixed to a single vendor or a technology that may be hard to upgrade. To accurately gauge the risks of vendor and technology lock-in, CIOs must look at different factors, like whether the service provider uses industry standard APIs, if a shift to another vendor is taking place, will the existing cloud service provider promise quick data extraction? Can the services offered by the current vendor be controlled by third party control panels?
Pick the right vendor
- Research well - While selecting the cloud service provider, the choices will range from established companies to unknown startups. To assess a vendor’s reliability, it is essential to ask them to provide customer references, talk to the companies they serve and do some online research as well. Remember, the vendor picked up should have a strong track record for both performance and customer service. For example, CIOs should check for latency, i.e. if the vendor is slow in dealing with the arising problems, the response time to customers is likely to suffer, adversely impacting business performance.
- Cost Visibility: CIOs should have a complete sense of what amount they will be charged for different cloud services they avail from the selected vendor. If they don't have a clear visibility into how the cloud service provider charges them, they can expect a huge bill at the end of every month. There are many free tools to help manage cost visibility. CIOs should not jump into the cloud without them.
- Security in the cloud – Security of enterprise data and applications is a huge concern. ClOs should only engage with the service providers who adhere to industry standards, like Security Assertion Markup Language (SAML). This will ensure the highest levels of security when moving data to the cloud.
- Compliance – There are several compliance requirements that must be met when moving to a cloud environment. This changes according to the requirements and IT infrastructure of each organization. Some of these include PCI, GAAP, HIPAA, SOX, and IFRS. CIOs should fully appraise their organizations’ compliance requirements, and evaluate to what extent the vendor meets those requirements.
While creating a migration strategy, some of the other elements that CIOs often overlook are the bandwidth cost of moving significant amounts of data to the cloud, the time taken to transfer data in the migration process and the downtime, training etc. involved in the process.
No doubt, the complexities involved in the cloud migration are numerous, but delaying a move or poorly executing the migration process could impact organizations’ competitiveness. CIOs that follow a disciplined approach to cloud migration end up finding unprecedented levels of business efficiency and growth. Those who rely on a haphazard methodology might find themselves steering their organizations into risks for which it is difficult to find a way out. By strategizing a path that smoothly manages the cloud transition costs and risks, CIOs can end up with the best business outcomes.
Edited by Stefania Viscusi