We’ve talked many times about how business risk/reward assessments are taking center stage when it comes to IT investments, the cloud in particular. This is increasingly the case as IT and the cloud are viewed as business enablement services and revenue-generating tools, and subject to larger corporate governance oversight.
Security is only one driver, although it is a big one. Evolving IT roles, competition for investment dollars and ROI measurements across the entire organization have helped changed to rules of the game for IT forever.
Out technology partner Cisco posted a blog recently about taking steps to mitigate business risks of cloud investments. In addition to citing statistics from a couple industry analyst firms, suggesting that businesses either get onboard with cloud computing or get thrown under the train, the blog offered useful recommendations for lessening risk. Two in particular stood out for us.
The first recommendation was to revise how your company applies its data classification system to cloud services. They suggest that this system needs to be revised to detail what and how information should be shared in the cloud. These policies also need to take into account any regulatory or compliance requirements. Large or small, all companies need to address data classification.
We know from experience that not only is this the best way to provide correct levels of protection for different data types. It’s also critical from a cost standpoint. The more critical the data, the more it will cost to protect it. You don’t want to give undue protection to data that doesn’t warrant it. By the same token, you don’t want of skimp where protection is needed most and the consequences of data corruption or theft will cost you much more.
Furthermore, this need applies to more than just re-evaluating data classification for the cloud. Many first-time customers come to us with the assumption that they can simply pick up their applications and workloads and move them to the cloud. Left unchallenged, that assumption can lead to a world of hurt.
The advantages of cloud computing are many, and the right solution should fit your needs, not require you to fit the provider’s way of doing things. But the cloud is another computing model that’s reliant upon virtualization and multi-tenancy. For example, a complex application with many interdependencies with other applications and databases will not seamlessly migrate to the cloud. A low-latency application will need network connections that will not time out; if it’s located too far away from the user, then an Internet connection may lead to poor performance.
Which lead us to the second recommendation in the blog that we particularly liked: businesses that are looking to reap the benefits of the cloud and avoid risk must put in place a lifecycle approach to manage cloud services.
As the world continues to move to hybrid cloud models, stepping back and taking a holistic approach to managing cloud infrastructures will provide the greatest return to your business. Even now, however, putting in place corporate and IT governance policies, and planning, procuring and deploying IT services accordingly will help you to fully leverage your initial investments and continue to extract the greatest value from them over the course of their useful lives.
For everything we talked about here, having a provider that is an engaged, supportive and collaborative partner is one more way to put more ‘reward’ into risk/reward evaluations.
Content source: Cisco, “Steps to Overcome the Business Risks of Cloud Services,” by Robert Dimicco, July 29, 2014