Six Critical Questions CIOs Should Ask Before Entering the Cloud

August 3, 2010 Off By David
SpecOps Breached Password Report
Grazed from Logicalis.  Author: Editorial Staff.

Fear of the unknown is a powerful emotion.  But when you’re an IT exec, fear of the unknown – particularly when you’re talking about moving into the cloud – really comes down to fear of making a costly mistake. To help its customers navigate through the cloud computing conundrum, Logicalis, an international provider of integrated information and communications technology (ICT) solutions and services, has identified Six Critical Questions CIOs Should Ask Before Entering the Cloud. More information about Logicalis’ cloud computing expertise can be found at 

At this point, most businesses have read enough about cloud computing to know that it can potentially offer additional capabilities and cost savings.  And while CEOs and CFOs are pushing IT departments into the cloud to reap the financial rewards, CIOs and IT managers who haven’t yet bridged the gap between cloud and their own existing in-house services may feel a certain sense of trepidation every time the subject comes up.

Mike Martin, director of cloud computing at Logicalis says the thought of not knowing who has access to their organization’s data makes IT professionals concerned about how best to leverage the cloud while protecting their company’s sensitive data.

Asking six important questions, however, can help technology pros manage their risk in the cloud.

Six Critical Questions CIOs Should Ask Before Entering the Cloud

1.   What’s My Bottom Line? Identify the characteristics of the solutions that you are going to outsource that are most important to your company.  Some examples include:

  • Determining if the cloud provider offers appropriate service level agreements (SLA)
  • Finding out how secure your data will be in the cloud
  • Knowing whether you need a cloud provider with specific regulatory expertise or data encryption options
  • Discovering if the cloud provider is financially sound
  • Ensuring they have the right experience to manage enterprise cloud services

2.   How Transparent is that Cloud?  Be sure that the cloud provider you choose can supply detailed information about its security architecture.  Request a copy of the provider’s Statement on Auditing No. 70 (SAS 70) audit controls which ensure that the provider meets government and industry requirements.  The SAS 70, developed by the American Institute of Certified Public Accountants, covers data transmission and storage technology practices, including network operations, data safeguards, and physical security elements.

  • Find out how the cloud expands on the value of a virtualized infrastructure here:

3.   Where’s the Security Guard? A critical component to a healthy cloud strategy is ensuring that your internal security technologies and practices such as network firewalls and user access controls are strong and mesh well with your cloud provider’s own security measures.  Remember: Your side of the infrastructure is just as vulnerable, if not more so, than the cloud provider’s side.

  • Industry analysts forecast a rapid formation of cloud offerings, with IDC predicting the cloud services market topping $42 billion by 2012, and Dataquest predicting that between 28 – 37 percent of all server shipments by 2012 will be for cloud building. A new enterprise cloud offering from Logicalis is in direct response to that market demand.  Find out more here:

4.   Is It Legal? Laws and regulations affect what you can put in the cloud.  A cloud provider should include the auditing controls for change management in their SAS 70 to meet any regulatory requirements that they are supporting.  Unwillingness to commit to an audit request should be a big red flag.

5.   What’s the Address? Ask any potential providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy/regulatory requirements.

6.   Are They the Lone Ranger? Make sure you choose a cloud provider that really takes your relationship seriously and provides a solid partnership when supporting and hosting your server and data needs.  What you don’t want here is the Lone Ranger.  Be sure to ask for references and check them! Find out how flexible they are when working with you on your security requirements.  Will they be there if you have audit controls that need their assistance? And finally, are they strong enough to hang in there for the long term – what kind of financial footing are they standing on? Choose a partner that will be there when you need them.

“If you’re uneasy about jumping right into the cloud, start small with an easy, low-risk service, Martin says, “and grow your usage of the cloud as you gain a comfort level with cloud services and how to manage your risk.”