Learning to Control the Cloud

Grazed from Virtual Strategy Magazine.  Author: Sundar Raghavan.

Cloud computing has quickly become one of the hottest catchphrases among IT and business executives alike. The users are attracted to the cloud based on its flexibility, availability and scalability, among other benefits. However, these advantages do not outweigh what many consider a potential pitfall in the adoption of cloud technologies: control. IT and business leaders remain concerned about how they’re able to keep business critical applications and data from being accessed by unauthorized users. This is not easily accomplished, as controlling the cloud requires businesses to exercise restraint and exert influence over cloud technologies – many of which are provided by external parties…

To properly control the cloud, one must understand the responsibilities for both the cloud provider and the customer.

Customer Responsibilities

What problem is your business trying to solve? – As simple as it sounds, this is the most important responsibility of a cloud customer. Businesses need to clearly identify what they are trying to solve by implementing cloud computing, as well as which business unit(s) the technology is primarily serving and if the applications will run in the cloud as-is or require additional work. Some clouds allow your applications to run unchanged, while others require additional configuration. Knowing what your application needs will help eliminate confusion about how quickly you can attack the problem. Don’t be fooled into thinking all clouds offer similar features and instant access.

What does your application and process require? – It is important to understand your application and the development process you wish to use, as well as any access restrictions for users. The cloud can be an ideal environment for changing a large and lumbering development process into a quick, fluid, and agile development cycle. When used correctly, this can result in a massive increase in productivity. However, if you aren’t clear about the nature of your application, it can potentially lead to a massive waste of resources.

How do you define data and application security? – Many customers overlook this critical question. It is as much the responsibility of the customer to establish security parameters as it is the vendor. Establish who in your company you can trust, and empower those chosen few. Define their roles, and make sure they’re aware of the nature of the data and applications you’re taking into the cloud. It’s imperative that you set up clear password policies before turning your team loose in the cloud.

What is your time horizon for cloud projects? – A lot of customers think of cloud projects as a sprint. Given that cloud technology is transformative in nature, customers should think about these projects as a journey over time.  Trying to get full control over all cloud projects in one sweep won’t work. Instead, try to define on a quarterly basis your early experiments, the next set of more business-critical projects and so on. Be sure to start the next set only after gaining a good understanding of the first set including lessons learned, mistakes made and correction mechanisms in place. This way you can create a learning organization that gains control over time and improves based on data and experience.

What does success look like to your organization? – Before you jump into a cloud implementation, you should explicitly define what “success” means to your team. Figure out if you can improve the agility of the development process, or increase the availability of your applications. Outline your availability and reliability needs and how quickly you need the cloud up and running. Establishing realistic goals before embarking on a cloud initiative will allow you to identify the solution or provider that matches your particular budget or timing needs.

Cloud Provider Responsibilities

Cloud computing offers self-service, speed, scalability, security and cost efficiency without a cumbersome implementation processes. Whichever provider you choose, they should be able to demonstrate these capabilities from the very start, and continue to deliver success each step of the way. Here a few things to consider:

Does the solution offer the correct mix of scale and speed? – The perfect balance of scale and speed will dramatically increase productivity. Your team will be able to suspend/resume processes, take snapshots, run multiple instances in parallel, and publish and collaborate in real-time. If these processes are automated, they can dramatically accelerate the business cycle.

Is the solution truly self-service? – No matter which cloud provider you choose, the offering should be available for use from day one.  Make sure that your solution can implement the applications and processes that you have in mind or you will likely have to rewrite the app or modify the process. Check if your users will require additional training or if there is a self-service web interface that provides quick, easy access.

Is the cloud cost efficient? – The main motivation for companies to transition into the cloud is to save on overhead costs such as hardware and software. Public or hybrid cloud solutions should not be labor intensive thanks to the technology used to automate the backend systems. This converts into tangible cost savings for you.

Is the cloud environment secure? – Your cloud provider should have nothing to hide, and ideally will demonstrate its security measures and processes up front. Things to look for include:

• Application and data transportability – transitioning existing applications, data, and processes in and out of the cloud should be effortless.
• Physical security of data center –physical data centers should be protected with trained and skilled operators, with at least SAS 70 Type II data centers.
• Access and operations security – it should be clear who is able to access the physical machines, and how they are managed.
• Virtual security of data center – the better that the cloud is architected, the more efficient that it will be in terms of scale and speed. Your cloud provider should be able to explain how the individual pieces are architected, integrated and secured.
• Application and data security – to properly implement your policies, your cloud solution must allow end-users to define groups and roles with granular access control, proper password policies and data encryption.

How reliable is the service? – One of the main responsibilities of the cloud provider is to make the system reliable and consistently available. This often takes the form of a Service Level Agreement (SLA). The provider should clearly set operational expectations with the customer.

Cloud customers can maximize their ROI by carefully aligning their responsibilities with those of the provider. By doing so, you can increase productivity from your users while maintaining the control that you need to securely run your business.