Pick up any technical magazine today and you will find articles and advertisements pushing the financial advantages of implementing cloud solutions. As with any new technology, it is important to think about more than just the potential savings. Having a good understanding of the various cloud options and where they fit in your data center is essential. Cloud computing promises a world where computational resources can be rapidly provisioned and where end users don’t need to know anything about the systems that deliver services. However, there are questions you should be asking before jumping into any cloud solution.
In order to make the best decisions about how and where to use cloud computing there are some fundamental concepts to understand. As with weather clouds there are strata or tiers to consider. Cloud environments typically come in one of three basic tiers:
- IaaS (Infrastructure as a service)
- PaaS (Platform as a service)
- SaaS (Software as a service)
There are additional offerings around networking and security but these are the basic three. IaaS is where the provider takes care of the physical assets such as servers, network, devices, etc. and provides the operating system. The client is responsible for the applications, security, etc. PaaS is where the provider takes care of the IaaS resources plus the solution stack and any middleware. The client manages the application and runtime environments as well as some of the security. Finally, SaaS is where everything is done by the cloud provider.
Clouds can be deployed in many different ways but the three most common are public, private and hybrid implementations. A private cloud exists wholly within the enterprise and is typically behind the data center firewall. Private clouds address many of the concerns around data security and governance and can be managed and hosted internally or externally as long as they are for private use and the location of servers and data is known. Public clouds are where most of the concerns arise as these are where the provider supplies everything and the client simply connects to use the applications. Dropbox, Google Docs, Salesforce.com are just a few examples of both SaaS and public clouds. The third deployment option is a hybrid cloud which integrates private and public clouds so that data and applications can be placed according to governance and security needs.
Thinking about Cloud
In order to truly take advantage of what cloud computing offers there are several critical questions that need to be answered. Clouds require a lot of planning in order to be successful. The first step is to do a risk analysis on applications and processes to determine the security, uptime and compliance issues for each one. Anything that requires manual approval where approval cannot be delegated automatically is not a good candidate for a cloud environment. The compliance requirements are critical – in spite of what providers will tell you it is important to know where your data is at all times. There are different privacy laws between different countries so you need to take into account where your data and applications may be stored.
You also need to consider up-time requirements. In particular, it is important to understand the disaster recovery options provided by the cloud vendors and what is really covered in the SLA (service level agreement). If only the web servers are covered but the network is down, then you have no service so make sure you read and understand these agreements carefully. This applies to public and hybrid clouds as well as managed services. You also need to know if disaster recovery means failing over to systems and data in other countries.
Questions to ask cloud providers before signing
- What is covered in the SLA? And how is this measured (KPIs – key performance indicators)?
- What are my disaster recovery options?
- Is data encrypted and how are the keys managed?
- When I delete data is it actually deleted?
- How do we meet data retention requirements with cloud based data?
- How are change control and maintenance handled?
- How often is software upgraded and how is it tested?
- Are you at risk of getting locked in due to them using non-standard APIs?
The above are some of the questions you need to think about as you consider transitioning to cloud solutions. They also apply to moving to outsourcers or managed service providers. Probably the most important question to ask yourself is what your exit strategy is. Many providers have shut down their cloud environments so it is important to understand what your options are with respect to getting your data and applications out of the cloud if the worst was to happen or if you just decided to move on.
With the proper planning cloud computing can provide significant savings and free up personnel to focus on the business, ‘while addressing security and regulatory compliance. If you ask the right questions and plan accordingly then your cloud implementation has a much better chance of being successful.
Schedule a consultation today to learn how Flagship can help you design and implement an effective cloud solution.
If you liked this blog, you also might like: Never Wake a Sleepwalker, Myth or Truth? – common cloud myths