27 Nov 2012

Building confidence in the cloud

What big changes are we seeing in end-user computing?

Privacy, regulatory and legal concerns are the biggest concerns for business when it comes to the cloud, according to research by the Cloud Security Alliance and ISACA. The longevity and credibility of providers were also prominent concerns. And these fears are holding back cloud adoption, even though the advantages can easily outweigh the risks.

So how can businesses assuage their fears and harness the benefits of cloud?

Securing a reliable provider

First and foremost is making sure you pick a reliable supplier. Look into how established the company is as a provider and request case studies and references from other similar clients to gauge client experiences. A company that owns its own cloud infrastructure is an important factor in this consideration, as well as the ability to physically examine the provider’s premises.

Cloud providers that have supplementary offerings for networking and managed services, with reference clients around these verticals, are also a key consideration. This shows a greater ability to fit a solution around your requirements.

Compliance certification

When it comes to compliance, you can ask for certification. Although certification and codes of practice are still evolving, there are some relevant ones out there. They include the ISO27001 information security management system, data centre certifications, as well as PCI-DSS (payment card industry) compliance.

Data sovereignty should also be considered: where will your data be stored?

Storing it overseas subjects it to a second set of regulations. For example in the US, the US Patriot Act will apply, which has provisions for government access to information. This may conflict with privacy laws in other countries, including Australia, complicating compliance.

Key questions

There are several important questions you should ask any provider before entering a contract:

1. How does the provider adhere to Australian privacy laws in relation to the storage of private data?

2. What technology is in use to ensure data integrity and security?

3. Clarify responsibilities: what is the end customer responsible for, and what is the provider responsible for?

4. What policies are in place in respect to contract termination?

You need know who retains the customer data when your contract ends, or what would happen in the event of a contract dispute. It’s also important to know how the cloud provider ensures the proper destruction of data and virtual machine images.

Not all companies are ready for an entire environment move to cloud. Moving only certain services to start with, such as email, is one way to dip your toe into the water.

And by selecting a cloud provider that is also an ISP, you can extend your on-premise network into the cloud while learning how to best use Cloud technology.

Ultimately, confidence in the cloud is about confidence in your provider, and clarity around their services.

What was the biggest issue for you when choosing the cloud? And if you haven’t moved there yet, what’s holding you back?