When you try out a new technology, there is a honeymoon period. The new technology can do no wrong, or at least it is working as you desire for the moment. Yet even if it is working as you desire, how do you know that a new cloud offering will grow with your business? Do you have the proper people managing those relationships? Have your compliance and other documents been updated to reflect that clouds are in use? Who is ultimately responsible?
In most cases, the business unit is not ultimately responsible: instead, IT is. You have to delve through not only your standard procedures and policies, but also those dealing with security and compliance, depending on the data held within the cloud. Did you classify your data before putting it in the cloud? Does IT even have the skills to take on such a role?
This raises the question of whether or not IT (including security), legal, and compliance (regulatory) were involved from the beginning of the cloud adoption process. If they were not, they may not wish to take on this added responsibility, even though ultimately they may be the documented responsible party. An audit will show who is responsible. So, has such an audit been done?
Now you have to work with your cloud to make your business grow. Can you autoscale the cloud, or will the extra effort be less than cost-effective? Will you need to take more time out of your busy schedule? Has this been part of your planning all along?
Basically, when the honeymoon is over, we are left with a bunch of questions to be answered. Ideally, you considered and answered them beforehand. However, now that they can be seen warts and all, you need to determine how the clouds selected will grow with your business. We have talked about changing your processes for the cloud. The hidden dependency is that the processes need to be reviewed as the business is reviewed. That includes continued ownership. A cloud is not like traditional application development. The developers may choose the cloud, but the transition from development to operations and IT is rapid at best. We need to determine how the cloud meets the business needs of today, tomorrow, and the future. There must be a cloud service owner who can interface with the cloud and determine what needs to be fixed, what needs to be changed, and if anything needs to be updated.
As this transitions from development, engineering, or user-supplied clouds to IT-controlled or department-controlled clouds, there may be some changes. This is a natural growth of clouds. These changes take place only if there was poor planning when the cloud service was first brought in. One example of poor planning is the adoption of a cloud when the proper stakeholders are not involved. This forms a new kind of silo: the cloud service silo. As those silos are formed, the stakeholders that make up security, legal, and compliance absolutely should be involved, as well as the group that will eventually own the cloud service. If they are not involved at the beginning, this is generally considered poor planning and will result in changes that users find unacceptable.
Why do they find such changes unacceptable? Because they were not in use before, at the start of the cloud service. Changes users may object to can include changes to authentication modes, security measures, auditing requirements, and data protection methods. The use of the cloud service may even require mobile device management.
Honeymoon’s End: What It Boils Down To
What is boils down to is that the adoption and use of a cloud is more than just ordering a service, paying with a credit card, and using the service. There is a need to look at the cloud and see if it will grow with your business. There is a need to protect data held within the cloud and audit it for compliance requirements. Ultimately, there is a need to answer many questions. These questions formulate how you will integrate clouds into accepted practices and should be considered from the beginning, not postponed until the middle or end. The latter leads to a messy situation that often involves fights over ownership.
This is why when you go to the cloud, use a new cloud service, or just ignore the use of the cloud, you have so many hidden dependencies.
Share this Article:
Latest posts by Edward Haletky (see all)
- Common Product Security Questions - November 23, 2016
- Sorry Support: Not Getting My Data - November 18, 2016
- Moving to the Future: Strategies for Handling Data Scale - November 14, 2016