Pat Phillips, practice director at independent IT and business change professional services firm Xceed Group, talk through how to manage and prepare for the move to the cloud

CIOs and IT Managers are turning to the cloud in droves, with Gartner suggesting that cloud computing will be a $207 billion industry by 2016[2].
But as with any new deployment or implementation IT needs to approach cloud investment with its eyes wide open. When moving more IT to the cloud there are a number of areas enterprises must address:

Service Level Agreements (SLAs): Define the SLA required should be defined and the options available compared against the opportunities, risks and costs. A balanced approach should be ensured to managing the risks and carry out scenario planning with cloud service providers.

The SLAs required can vary from business-to-business. Some organisations have business critical IT to deliver and may need very high service levels. In these circumstances the public cloud may not give it sufficient cover, as the cloud service providers can’t guarantee the end-to-end performance if the delivery is relying on the Internet. However, if availability isn’t business critical then a cloud service option may be good enough and will be far cheaper.

Data Protection: it is vital that data strategy, standards and policies are documented before making the decision to move services into the cloud.

An organisation will have data which is a vital asset for the business, perhaps containing IP (intellectual property), personal data and commercially or regulatory sensitive information. It is paramount that organisations can articulate their data protection requirements to the cloud service providers clearly to secure these assets. The organisation cannot abdicate responsibility for managing and protecting its data. It must ensure a cloud service provider can demonstrate how they will help mitigate the risks.

Virtualisation: the risks and options need to be weighed carefully in a heavily virtualised cloud environment.

Virtual computing is already widely adopted within many organisations and the challenges of managing IT support for applications are largely understood within the confines of the enterprise. However, part of the value in moving to the cloud is that it uses virtual servers (potentially multi-tenanted) in co-located environments at scale. The risk profile of virtualisation and co-location needs to be understood and mitigated. Different ways to mitigate the risk of co-located environments could be physical segregation with hybrid or private cloud environments.

Performance Management: the application design needs to be focused on to ensure they are able to test, measure and tune the performance without necessarily having sight of the end-to-end delivery.

Historically organisations have struggled with measuring performance of applications in the traditional enterprise as commercially available tools are limited. As such a compromise on accuracy has to be accepted or a bespoke measurement tool developed and deployed. Any IT manager will know bespoke means expensive, both to design and run, and the task of measurement becomes even more difficult in the cloud.

Security: robust security policies must be in place. Organisations need to work closely with cloud service providers to get alignment and potential improvements in their risk profile. 

Security in the cloud is a huge topic in its own right with many elements to consider. Both users and vendors have to take into account the fact hackers are becoming ever more sophisticated and able to exploit all manner of vulnerabilities. Denial of service (DoS) attacks are rife and can be extremely disruptive and costly. In the cloud, which is heavily virtualised, cloud service providers have been investing in security to protect themselves and their clients. That investment has been more significant and better targeted than organisations may have been able to provide individually. Consequently there have been some major advances, particularly in the protection of virtualised services. Having this investment and protection added to an organisation’s on premise security firewalls is complimentary and beneficial in the war against hackers. Web based applications are arguably one of the largest security vulnerabilities. With more people and businesses making use of social media, the cloud service providers must be able to allow access to sites such as Facebook but still be able to block access to elements such as gaming. Irrespective of moving services to the cloud, organisations must ensure their security policies cover their staff’s responsibilities.

With thorough preparation IT managers and CIOs can reap the rewards of transitioning to the cloud. However without negotiation, preparation and risk assessment along the way the benefits of the cloud could be lost to high costs and poor control.