The Cloud-first strategy explained
In my work, I regularly meet people from businesses of all types and sizes. And for a while now, a lot of folks have been telling me that new projects are assessed on a Cloud-first priority basis. The main reason behind this change in approach is the discrepancy between implementation timelines when projects are carried out internally using more limited infrastructure, compared to the speed at which business units want results—which is relatively easy to achieve with Cloud computing.
What should you consider before switching to Cloud?
While most IT departments have already made the decision to switch, there are still some important things to consider before taking the plunge. First, it’s true that virtual servers and software as a service (SaaS) can be rolled out quickly for use by the requestor. But what’s harder to gauge is whether the service you’re purchasing is aligned with your organization’s governance rules. For example, who has access to the data? What mechanisms prevent outsiders or supplier personnel from accessing your company data? What are the default access rules? Can access be restricted or specified? What are the service levels from an availability standpoint? Are backups done regularly? How often? Can you revert if an error or corruption is detected? How granular are recoveries? Are there any additional fees? Can data be exported? What formats are available for transferring data? Can you connect to your company’s existing analysis tools and reports?
When systems are implemented internally by your company, all of these questions are relatively easy to answer. Typically, the perimeter is secured and only authorized personnel can access it from the workplace. In exceptional cases, a VPN connection can be provided to individuals requiring remote access. But what happens when the system is part of a shared infrastructure or access is via the Internet? Doesn’t that automatically increase the risk of a security breach? I don’t want to scare you, but the answer is yes. The potential risk exposure is higher if you don’t take the time to understand what’s being offered to you and to see how security can be enhanced.
What about data protection?
The same applies to data protection. IT departments usually run daily backups. In some environments, an instantaneous copy is taken every hour to enable a fairly granular recovery level. If data becomes corrupted, you just have to call the IT department and they’ll create an action plan to recover the most recent complete copy or the information from a specific point in time. Does your Cloud provider offer the same flexibility? Can the provider recover exactly what you want, when you want? Can they restore your critical files without overwriting them? Is this service included in your plan or do extra fees apply? Are the fees affordable? Oftentimes, the backups carried out by suppliers are intended to restore services. This means the service provider may save a copy of your data, but recovering information from this copy is generally difficult and costly. To counter this, suppliers sometimes offer optional levels of protection. While these cost extra, it may be the only way you can meet your retention and restoration goals.
That’s why it’s so important to examine your plan carefully and fully understand the services offered to you. This isn’t something you want to be looking into once a disaster strikes.
So, yes, go cloud-first. But not before you make sure the service level complies with your governance rules. If the provider can’t deliver on your expectations, look elsewhere or consider adding features, such as software-defined solutions, to make sure your needs are met. Potentially, this can give you the data security and protection you want without forcing you to accept the Cloud provider’s constraints.