It’s no surprise that enterprises are continuing to increase their reliance on cloud computing. Users are ripe to take advantage of the cloud’s undeniable benefits including self-service freedom, flexibility, availability, scalability, and the simple joy of not having challenges related to hardware and software deployments.
However, many business leaders have expressed concern about the security of the cloud. Time and time again enterprises echo the same concern – how do we control applications and data from falling in the hands of unauthorized users? This is no small feat given the complexity of the situation and number of parties involved across internal teams and an external cloud provider.
In order to secure applications and data in the cloud, enterprises must first outline their responsibilities and the responsibilities of the provider. These guidelines should be universal, regardless of which type of cloud solution your organization is deploying.
Let’s examine the relationship between customer and provider, and how clear responsibilities can help deliver the freedom and control that business and IT leaders require.
What business problem are you aiming to address? This is the most important responsibility that you, as a cloud customer, have in the relationship. All clouds are not created equal, so answering this question will help you determine how quickly and effectively you can solve the problem. Your cloud choice should depend on a number of questions: Do the business owners need to learn new technology to solve their problem? Does the cloud solution require a lot of new application code to be written? Can you solve your problem with existing tools and processes? Will gain agility and tangible results early on or is this going to be a large IT project?
Have you identified your application and process requirements? It is crucial that you are clear about the nature of the application you are moving to the cloud, the development process, and how to limit the roles and access of the users. The cloud model is perfect for transforming a lumbering, slow development processes into a fluid agile process. The cloud solution should bring you agility, simplicity and deployment convenience. Not just a bunch of new technologies that slow you down.
Have you defined what data and application security means to your organization? This is perhaps the most overlooked of all customer responsibilities. In your organization, know who you can trust to use your cloud solution, and empower these people with the right solution. Do they have a clear understanding of the nature of the application and the data they are planning to put in the cloud? Do they know how to protect your data, and understand your password policies? If you establish these guidelines early, you can easily set the requirements that define your success in the cloud.
Have you established success factors? Before diving into the implementation, you must consider how you will define success. For example, how soon do you need to be operational? What are your availability and reliability requirements? Often, customers want their cloud solutions to be ready where and when they need it, which is something that not all applications require. Setting realistic expectations will help you find the cloud that matches your budget and time frame.
Once you are clear about your responsibilities, you can begin a conversation with a cloud provider.
Cloud Provider Responsibilities:
Customers expect providers to deliver scalability, speed, security, self-service, and cost efficiencies without many hurdles. Most importantly, your cloud provider must demonstrate how they have delivered on these critical capabilities from the start of the relationship.
Does the solution provide a simple, self-service interface? The cloud must be ready to go immediately. Can the solution you are considering handle the applications and business process that you’re planning? Or will the provider force you to rewrite the app, change the process, or provide additional training? Do they offer a self-service Web interface or do users require a tough learning curve? These factors can make or break rapid user adoption.
Does it offer scale and speed? A well-built cloud solution will deliver the optimal combination of scale and speed. This will let your team run multiple instances in parallel, take snapshots, start/stop applications, and accelerate the business cycle.
How does your service rate on reliability and availability? Cloud providers are responsible for making the system reliable and available at all times. Typically defined in service level agreements (SLAs), your provider should clearly set operating expectations with the customer, such as 99.9% availability.
Is the service highly secure? The hot-button issue of today, your cloud provider should provide you with a complete overview of their security technology and processes. This includes application and data transportability, physical security of the data center, access and operations security, virtual data center security, and application and data security.
What are the cost efficiencies? Unlike other computing solutions, the cloud does not require commitments upfront. Cloud technology automates the back-end systems, and as a result can operate large resource pools without big human costs. That difference should translate into dramatic cost savings for you, the customer.
By carefully meshing your responsibilities as a consumer of cloud services with those of the cloud providers, you can achieve the visibility and control needed to govern the process and technology you choose, and empower your team.