Cloud Computing: Friend or Foe?
By: Ali Gomulu
The benefits of moving more and more to the cloud are now proven. What do IT teams need to know when contracting with cloud service providers and the communications service providers delivering access and transmission services?
The first key to success is thinking long term and planning optimistically for years of great service; also, when contracting with cloud providers, it’s wise to leave room for making a switch if necessary, or at least renegotiating service level agreement terms.
The second key to success is understanding security, particularly in a multi-cloud environment; ensuring corporate data and systems are protected from cyberattacks, intentional or accidental data loss internally, and threats from external actors are also critical.
While the cloud computing market is generally controlled by tech giants like AWS, Microsoft and Google, there are many smaller, more local providers, and a good number of competitive, often vertical industry niche providers.
Here are five recommendations, or questions to post to cloud service providers:
Understand Your Business Goal
Come to the table with tangible, measurable expectations. This may seem obvious, but often the notion of moving certain compute needs to the cloud is driven from higher-ups – for example, we need to save money, we need to make sure we can scale, we need to support digital transformation initiatives.
Clarifying your specific requirements and expectations in advance of assessing and then spending time with providers ensures you are comparing them against real-world requirements, including security.
Ask Critical Questions of Every Potential Provider
Don’t be afraid to ask for references, even from the largest providers. Ask for use cases, ask for performance data, ask for economic results (“ROI” and “TCO”). Ask about their certifications & standards and request their full range of technologies, including those on future roadmaps.
When it comes to security, ask specifically about their data integrity measures, data governance and ability to meet the standard and your own business policies. Make sure they are accredited with certifications including ISO 27001 and other compliance indicators, including government regulations.
Ask for Detailed Information on Their Partnerships
With so much integration, APIs, and general partnering associated with the cloud make sure you understand exactly what the cloud service provider is delivering, vs. their partners, and understand how that might impact your SLAs, contracts and other commercial terms and remedies.
Be Upfront about Vendor Lock-In
One of the biggest surprises coming from cloud service providers over the last decade has been fees associated with switching out of their services to another provider. As the cloud computing landscape becomes increasingly competitive, you can negotiate terms but should do so upfront, so the relationship is healthy from the start.
Ask about your options, and don’t be afraid to negotiate.
Ask for Financials & Other Business Health Indicators
You may find that a niche player provides the best option, perhaps because they understand your industry better than the tech giants. Or, you may find smaller, more local providers are more flexible when it comes to terms.
That’s great, but make sure your cloud compute provider has a track record of stability, a strong balance sheet, and enough capital to operate for years and even decades to come. Ask about any past legal issues, and make it clear your decision will be based on due diligence. Strong providers will respect your professionalism and approach.
In short, it’s important to get a “360” view of the contenders for your business, including technical and business capabilities, in addition to the less tangible “soft factors”, for example, trust and cultural compatibility.
And in summary, there is no cloud service provider worthy of your trust if security is not a forethought and a critical part of their technology roadmap.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.