Cloud, Control or Both
December 10, 2012
Contributed Article. Author: Tri Nguyen, CISSP, MCSE, Manager, Product Management in the Windows Management Group at Quest Software (now part of Dell)
Cloud, Control or Both
Everywhere I look, it’s Cloud, cloud, cloud… So it’s clear that the cloud is here, but the question I have is this: if organizations go to Cloud, do they lose control and, secondarily, do they care? Let’s start by defining Cloud. For the purposes of this article, my definition of Cloud is any service with which your important, enterprise data might be stored somewhere that your IT department does not specifically own: Office 365, Google Apps/Docs, Dropbox, etc. There are advantages to leveraging these services, but there also are disadvantages. Some of your challenges go away (hint: they are not all bad things to rid yourself of, but there are new challenges you have to consider, as well). For example:
- The headaches of managing the IT-related stuff for that service, e.g., email service, servers, storage, backups, upgrades, etc. All really good stuff to give up (provided you trust that the service is actually doing things on par with you or better, like backing up your data).
- Yelling at your IT guys whenever there is a little hiccup in your service. Again, really good stuff (provided you have a really good 800 number and an iron-clad service agreement).
- Assurance that your data is safe and secure. Not so fast ─ some individuals believe their data is safer in the hands of service providers than it is with their own in-house staff. As a matter of fact, some providers have certifications and tons of credibility that give you peace of mind that your data is safe. But is it really?
- Assurance that intellectual property isn’t being shared and disclosed to those who shouldn’t have access. For example, how many folks audit or have any visibility into what is being shared by their employees via Dropbox? It’s so simple and easy to use that I guarantee someone is sharing something they probably shouldn’t.
- And finally, let’s just say that, at some point, your relationship with the service provider sours. How do you (or can you) get your data from their environment back to your in-house systems, or to another provider? Here is a great test. During your pilot, try it out and go through a live test to see how the process really works.
If you’ve spent even a few hours with your head in the clouds, you know that we could debate whether or not the Cloud is safe all day long. However, I would argue that if you’re leveraging any services in the Cloud, there certainly are aspects of control that you are losing, such as accountability, confidentiality and availability. Whether these risks prevent you from using that service is an entirely different story. But maybe (and, I suggest maybe) you leverage the best of both worlds. This is known as the hybrid approach. Use the Cloud for all the great things it provides for individuals who are not at high risk, or services that don’t expose you to all the bad stuff. And, you know the bad stuff is what leads to loss of reputation, loss of revenue, loss of customers, law suits, etc. ─ basically, headlines you want to avoid on the front page of your local newspaper, or worse, a national newspaper.
I’m pretty sure everyone cares about losing control, both personally and professionally. In the case of controlling the Cloud, there are advantages and disadvantages. One option is to maintain control where you need it, and relinquish control where you can afford to let go, to take advantage of the benefits the Cloud offers. I hope that if you plan on leveraging the Cloud, you make sure to consider the risks involved, and choose wisely.
###
About the Author
Tri Nguyen, CISSP, MCSE, is a Manager, Product Management in the Windows Management Group at Quest Software (now part of Dell). With more than 15 years of experience, Tri has provided extensive Windows management expertise to many organizations, including serving as a Senior IT consultant before joining the comapny. Tri holds an MBA from the University of Phoenix and a Bachelor of Science from the University of Maryland Baltimore County. Tri leverages his technical industry knowledge and business perspective to help Quest Software develop enterprise wide solutions.