Six Questions You Should Ask Your Cloud Provider
Employ a carefully defined risk analysis of IT systems and procedures before deciding which cloud technology and service is best for your organization.
A few years ago I wrote a post in which I referred to Web 2.0 as "a sexy little minx" that, while it tempted many CIOs with its promises of heady enterprise collaboration, hadn't convinced many of them to leave their existing communications tools. In a similar comparison, ZDNet blogger Larry Dignan likened cloud computing to a hot mistress that gets some CIOs to abandon their "marriages" with providers of on-premise software - only to realize maybe the mistress can't deliver on all that she promised.
(IT Business Edge colleague Loraine Lawson wrote about this in a post with a silk teddy of a title: "Wooed by the Cloud? Before You Cheat, Get a Prenup." I made the same point back in March, in a post titled "Contract Vagueness Yet Another Cloud Computing Snag," which as headlines go is more of a full-length flannel nightgown.)
After reading Loraine's post, I tracked down a recent eBizQ discussion in which several folks offered comments on why organizations end up disappointed with the cloud. Moderator Peter Schooff kicked off the thread with a reference to a Symantec survey that found fewer than one in five organizations questioned have outsourced application hosting to cloud providers.
I'm not clear on which flavors of cloud (platform-as-a-service, infrastructure-as-a-service and software-as-a-service) were covered in the survey. I also suspect that business folks may have brought SaaS - and maybe IaaS and/or PaaS - into their companies without first getting the approval of the IT organizations that responded to the survey. And based on the references to security that appear in both the Reuters story and a Symantec blog post about the findings, it sounds like the survey was designed mostly to gauge feelings about that topic. (Not surprising, given Symantec's business.)
Any of the flavors will disappoint if companies expect the cloud to somehow magically improve their operations without making the necessary people and process changes. Several of the eBizQ commenters make this point. Companies should know this by now, with decades of technology implementations under their belts. Yet all too often these factors somehow get overlooked. So inevitable is the result that Gartner came up with a catchy phrase for it: the trough of disillusionment.
Threaded throughout the comments are several references to service level agreements. Next to the more nebulous people/process issues, SLAs probably present the biggest "gotcha" for IT organizations. They need to pay close attention to SLAs in cloud contracts - what Loraine calls "the prenup" in her post. That's also where you can find a bit of sizzle in my "nightgown" post, with some good advice from Gartner that should help cloud computing buyers avoid some of the more predictable problems with cloud contracts.
I also shared a list of seven rights and responsibilities for cloud computing consumers from Gartner's Global IT Council for Cloud Services and a list of 15 things that engender trust in a cloud service provider, contributed by members of a LinkedIn forum, both of which offer great ideas on what to cover in negotiations with cloud providers.
About those security concerns? A great bit of contract-related advice from a National Institutes of Standards and Technology report and corresponding presentation on cloud security that is available in our IT Downloads library: Since large cloud providers are not in the market to tailor their SLAs on a per-client basis, it's best to seek a provider who is already certified for standards you may require to satisfy specific security or compliance requirements.