How to avoid a disaster when moving to the cloud

With all the hype about clouds, 2011 was a year of education. The term ‘cloud’ is overused and has been sullied by the sheer variety of definitions used in the industry. Public, private, hybrid and ‘as a service’ have left many scratching their heads and wondering what all the cloud hype is about. There are several considerations to keep in mind when looking to cloud applications.

To begin with, let’s look at the definition of cloud. It is an over-abused term for almost anything available as a service these days. Combined with all of those ‘as a service’ terms, you also have to look at the location of these services - public, private or hybrid. For the sake of this article, cloud is a service provided including infrastructure, software, backup, desktop in an easy-to-configure and rapidly deployed solution.

For any cloud application, there are several key points that must be evaluated for a successful implementation. The first and foremost consideration to build to is what I will call ‘confidence as a service’. If there is no confidence in the solution and the provider, there is no need to follow the cloud bandwagon. In order to instill confidence in the solution, I recommend considering the following points.

Portability should be high on your confidence building list. It is unfortunate that many of the cloud technologies are moving to proprietary methods. Once you move something in the cloud there is no guarantee that you can port your information to another cloud without a massive rework effort. Investigate what will happen to your data if you choose to replace a cloud service with another (internal or otherwise) in the future.

What works in the cloud and what doesn’t? This depends on both risk and functionality. You may have a harder time moving home-grown applications to the cloud than COTS (commercial off the shelf) packages. It is well worth the testing and development time to determine that all functionality is still going to be there when an application is moved to a cloud platform.

Vendor dependency is a growing concern on the hardware side of things. Some electronics manufacturers are locking down their components due to the proprietary nature of their management and hardware hooks. Some even lock down the cables that you can use with their solutions by adding encryption to the cables. Years ago, the end-user community as a whole fought long and hard for open systems. To see such a regression is a shame. Beware of studies and marketing literature that promise that one vendor’s product is the one thing for everything. There is no such thing as one size fits all in IT.

Open systems are the key to assuring interoperability and help to avoid being locked into one vendor’s products, before you can meet critical business needs. With mergers and acquisitions running rampant, it pays to have an open system. If the company you have engaged uses proprietary hardware, and they are acquired by another company, you may find yourself with early end of life on your equipment.

IT can often feel threatened by cloud deployments. The thought of moving corporate systems and resources to an outside entity can be job threatening; and let’s face it, we all need a job to feed ourselves and our families. While companies may embrace cloud technologies for certain applications, it is very unlikely that a company can operate every system in the cloud. But resistance certainly can slow adoption, or force a company into a private cloud, when another perfectly good opportunity is out there waiting to be used.

Security is always at the forefront of any savvy CIO/CSO/CTOs mind. And, in fact, it’s the reason that some companies have shied away from cloud computing altogether. When you think about cloud computing and cloud strategies, one of the first things you should do is a risk assessment surrounding the data you wish to put in the cloud. There is some low-hanging fruit for cloud - systems you can place in the cloud, without exposing yourself to great risk - even at government level. Think of tax offices that get slammed at tax time with form downloads: there are benefits to putting this system in the cloud, and the risk is minimal, as the information in question is already public facing.

For security, it’s also important to look at IT policy. Savvy end users can put information in the cloud and completely circumvent company policies. This is an area that is not often addressed in actionable HR policies but may need to be in the near future. IT security - and getting around IT security - is a bit like radar guns/cameras and radar detectors for speeding. If you don’t have a policy on where users put company information, now is the time to make one, whether you currently use clouds or not. Users certainly have access to a lot of information, and proactive beats reactive, hands down.

Bankruptcy, or going out of business, is another concern with some providers. When the term “cloud” exploded, providers started popping up out of the woodwork. Vendors, likewise, began offering cloud-ready products. Granted, it is bad if a hardware vendor goes under, but if you are on open systems, you can generally recover from that block.

Recovery is much more difficult if it’s your actual cloud provider that goes under. It is important to understand how long your provider has been offering such services and what their financial outlook looks like. I know of one company that put its data in a cloud facility - the provider subsequently was collapsed for its asset value and the customer was never notified. The information was test data, but they lost quite a bit of development time and revisions of code that were stored in the cloud.

Geographic diversity is a great thing to have when storing information. Companies may plan to choose to build two tier II data centres, as opposed to one tier IV, as the tier IIs can be built at a fraction of the cost but also provide this diversity. Backing up data or moving data to the cloud can offer some of the same benefits.

An issue arises with new legislation in many countries about where exactly data resides. For instance, European Union countries require that private/personal information be stored in-country. Countries like Australia go further and require that it be stored in-state. In a public cloud, it is prudent to try to ascertain where the information is, and will continue to reside, so that you don’t accidentally find yourself in violation of regulatory compliance.

Tangible and intangible ROI calculations are difficult at best. It never ceases to amaze me how some companies completely butcher ROI and TCO calculations in marketing literature to justify their solutions to CFOs, and those with decision-making powers. You must first determine what is real and what is vapour when you look into the calculations.

There are always going to be line items that work and don’t work based on a company’s individual circumstances. In some cases, it may be attractive - in some, far less. Know what your tangibles and intangibles are prior to evaluations, and be open to others as the services change. Make sure you know the difference between one-time costs and those that are reoccurring in your calculations.

Standards are another sticking point when it comes to the cloud. Unfortunately, this is a world that is largely devoid of standards, making open systems more difficult. On top of that, some vendors love the proprietary hooks they can implement to lock you in. Management standards may increase learning curves, devices required and the intricacy/complexity of a variety of systems. Hopefully as end-user demands increase for single open solutions, so will the solutions that utilise them.

Lastly, you are going to have to require some significant information from any cloud provider outside of what is listed above. They should have the same change management practices that you would demand (provided you do). You should know all of the equipment, vendors and solutions they are using, if you plan to use their services long term. If you can arrange a site visit, all the better. You should put as much due diligence into your cloud provider as you would put into your own systems.

Contracts for cloud services can range from the very simple for short-term, to very complex for long-term solutions. It is in your best interest to do a little shopping to get a feel for what is being provided. Some cloud providers are asking users to forgo SLAs (service level agreements) and accept a ‘best effort’ service. While that may be fine for a service you don’t pay for, it certainly may not be acceptable for one in which you do! You should put as much due diligence into your cloud provider as you would put into your own systems.