Putting cloud under lock and key
Stephan Damhorst outlines the best way to secure the cloud.
While IT departments have handled cloud computing in recent years cautiously, the cloud — driven by the megatrend of digitisation — has now finally arrived in Middle East businesses.
Besides clear cost advantages that made it seem worthwhile to use cloud computing as an alternative sourcing option, they are now an additional business and technical requirements of the digital nusiness transformation exercising immediate pressure on the internal IT departments.
This is mainly because of the challenge that many business leaders face in making the company fit for the digital era, which has already begun. It is nothing less than exploiting the potential of the integration of new technologies such as cloud computing as an opportunity to optimise its value chain and to generate new business potentials. It is not surprising that Middle East companies — regardless of the industry — are planning to operate half of its applications in the hybrid clouds within the next five years.
In this context, hybrid means to combine speed, cost benefits and flexibility of a public cloud with its virtualised IT environment (private cloud). However, hybrid clouds are not only cost effective. With the right setup, they can also provide more agility and enable the business to generate market innovative solutions.The following six factors must be considered to realise success:
Cloud strategy: First, the subject of cloud computing should be strategically positioned at the level of management and anchored in the IT strategy. The IT strategy should thereby define the objectives pursued by cloud computing and conditions, individually for the company. In this way, the uncontrolled use of cloud services is prevented in companies.
Integration capability: The critical success factor of hybrid cloud sourcing models is the integration of external cloud services into the existing IT infrastructure of the company. The complexity of interfaces between processes, applications, infrastructure and organisations are often underestimated and represent a technical and organisational challenge.
Standardisation: For the different cloud computing deployment models, a high degree of standardisation is essential. It is therefore the objective of the internal IT department to first clarify whether or not custom developed solutions or environments can be replaced by standard solutions without economic and strategic disadvantages for the business.
Service Level Agreement: Contractual agreements between enterprises and cloud service providers are of particular importance for the usage of any cloud-based services. In addition to the demands on the availability and performance of the cloud services, regulations for service and support as well as legal, commercial agreements and arrangements for a service transition back from the cloud into the own IT environment are also vital.
Security and compliance: Requirements regarding safety and confidentiality and in particular, compliance requirements arising from legal regulations (for example, Federal Data Protection Act), represent a high hurdle for cloud services and need to be investigated for the particular business right from the beginning.
Release Management: The Release Management plays a critical role in case the individual provider has defined individual and mandatory release cycles. The internal IT faces a great challenge to test the compatibility of the various release plans with their IT systems. Due to the distributed responsibility for cloud services, it is often difficult for the internal IT department to manage multiple service providers to ensure a fast problem-solving process in case of critical system errors. This difficulty is evident especially if the cause of the failure is unclear to assign to a particular provider.
Studies recommend that a pragmatic approach is used to evaluate the potential of cloud computing in the company, as it is aligned with the above six success factors. The following are the approaches that the company should undertake:
Positioning: As in the initial section, the procedure model provides a critical evaluation of cloud computing in the enterprise. Experienced cloud supervisors can help to analyse the internal IT areas in which the company already made experiences with cloud computing and identity cloud computing potentials. This way, the set forth factors for success in cloud computing can be used as a checklist and provide orientation
Cloud Roadmap: Based on its positioning, the individual way into the cloud for the company will be developed with support of experienced cloud supervisors. Both, the strategic classification and all the necessary benchmarks for corporate governance are going to be defined. Strategical criteria can be individually derived depending on the business of a company.
Evaluation: During evaluation, all relevant application will be analysed and checked based on the cloud roadmap. Internal IT departments and experienced cloud supervisors will help to check the organisational and technical feasibility, which need to be checked for the relevant systems. As well, criteria for testing and acceptance of the cloud system need to be defined.
Piloting: In this phase, the pilot system solutions are being replaced by the cloud solution provider of the visible part of the project. The aim is to gather experience in dealing with complex cloud services within the company and to reinforce organisational and technological changes in the business.
Consideration: After a certain operating time, for example, one year, the pilot systems are evaluated for their effect. The acceptance criteria are documented and evaluated.
Cloud computing is a strategic decision, forcing companies to a cultural change. The internal IT department is faced with the challenge being an internal service broker, while technically connecting the existing IT environment with the new cloud-based world. This hybrid infrastructure provides a lot of opportunities on one hand and risks on the other, a pragmatic approach is therefore recommended. For internal IT, it is safest to gain experience with pilot projects that are embedded in an overall strategy, thus using a structured approach tailored by the individual needs of the company.
Stephan Damhorst, independent IT and cloud computing expert, coach and book author.