Do we really have a clear view of clouds? While there is an 'official' definition from NIST*, it's not the same as the definition in business magazines, technology magazines, or tech vendor presentations. The descriptors are all over the place: infinitely scalable, highly available, unreliable, unsecured, low cost, hidden cost, flexible, proprietary ... and the list goes on.
The reality is, they are all true, to a degree. So now what?
Here are five key requirements I recommend you address as you begin your 'cloud journey':
1. 'Risk Posture': Work with your compliance, security, legal, and regulatory experts to consider items such as:
- Location: What data can reside somewhere outside of my facility, state, country, etc.
- Control: How much control am I willing to give to a third party (think about subpoenas being served to an external provider)?
2. Financial Profile: Determine how you will evaluate the options financially. Key factors include:
- How much am I willing to invest up front?
- How much variability do I want / can I effectively manage?
- Do I want to be able to chargeback (or at least report) at a user / department level?
- Do I understand ALL the associated costs (there are sometimes additional charges for connectivity, etc. that are not well understood / explained)?
4. Flexibility: Determine the amount of flexibility you want to maintain for future growth, moving to other vendors, etc. While there can be benefits to embracing a specific platform, there are also risks of becoming 'trapped' as new factors emerge.
5. Participation: A powerful option is a 'hybrid' / 'federated' model where some of the service is managed internally, while the remainder is managed by a third party. Determine your ability to effectively manage / operate some of the service internally. This is often a great option for more sensitive or critical functions.
What other requirements are you including in your decision making?
*NIST defines cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
No comments:
Post a Comment