What, When and Where to Cloud

Cloud service companies have been around for years. In fact, many organizations are already using cloud services and do not even know it; for example, if your company is using a hosted email or website provider, you are using cloud services. With all the services, features and functionalities being offered by enterprise cloud service providers today, the question is no longer should a company use cloud services, but rather, what, when and where to cloud.

The ‘What’
What to cloud is the most important question of the three. Systems and processes that involve the development of intellectual property and provide competitive advantage to the organization typically should remain in-house under direct control of executive management. Nevertheless, companies should assess their business systems and processes to determine which systems are common and easily performed, versus which are outside their core business and capabilities. These systems and applications are candidates for the cloud.

However, an important distinction of what to cloud, is the ability to cloud hardware only, hardware and some of the process applications, or a complete process including all its hardware and applications. Determining what to cloud starts with an understanding of what is currently in place, the cost of ownership and the end of life. In order to do this, a comprehensive systems inventory must be completed along with a systems flow analysis that defines the company’s business processes and systems administration requirements. Organizations with their own proprietary applications should consider using cloud hardware to minimize the necessary capital expenditures that are used to purchase new equipment, while continuing to maintain the operating systems and applications in-house. The same organization may also use a turnkey application as a service provider to deliver their enterprise resource planning (ERP) and client relationship management (CRM) solutions.

The ‘When’
When to cloud is dependent on multiple factors including financial, resiliency, security and technical abilities. Organizations starting new products or service lines that require hefty hardware purchases should perform a return on investment analysis on purchasing the required equipment versus implementing a platform as a service cloud. A similar review should be completed in organizations that have excessive disaster recovery requirements. Implementing a disaster recovery solution requires the purchase of hardware, software and a data center access to ensure that the systems are immediately available in case of a disaster. Implementing a cloud disaster recovery solution allows an organization to have the same systems available at the time of disaster, but also reduces the expense significantly.

For organizations requiring online payments and other e-commerce functions, security is a major concern. Additionally, health insurance systems hold employees’ or clients’ personally identifiable information. These systems can have multiple regulatory and compliance requirements such as Payment Card Industry (PCI) regulations or HIPPA. For many organizations, implementing systems that require these levels of security can be costly and difficult to maintain, making them great candidates for the cloud.

The ‘Where’
Determining where to cloud may be the most difficult decision. Just as a company has multiple servers and applications in its internal network, a company can and should use multiple cloud services providers. When deciding where to place your systems and applications, there are five important things to consider – service fit, financial health, performance, reliability and security.

Prior to reviewing, it is important to define the systems and service requirements necessary to fulfill the company’s’ business goals so that you more easily determine if a provider aligns with the type of support you need. Performing a detailed service comparison of cloud providers is critical; however, selection based only on service offerings can lead to failed implementations. The cloud service provider should be able to provide information on its financial stability and clientele. Just as in the dot-com era, many new companies – that may not be there tomorrow – are entering into the cloud service provider arena.

Once the service selection and financial due diligence are complete, it is important to review the technical aspects of the provider. Performance, reliability and security must be documented and assessed. The service provider should be willing and able to provide detailed internal and third party reports defining systems infrastructure and applications utilizations, configurations and processes, which define its business objectives, processes and results. Detailed documentation of day-to-day requests, incidents, events and change management processes, along with fault tolerance and disaster recovery procedures need to be reviewed and compared to your organization’s requirements. Additionally, the company’s requirements should be used to develop contractual service level agreements to control all services to be provided.

Summing it Up
Hybrid solutions utilize combinations of internal and multiple cloud service providers to fulfill the organization’s strategic plans and decrease IT expenditures, while still increasing revenues. By defining the what, when and where to cloud, organizations can take advantage of their systems and cloud solutions while fulfilling their corporate objectives and increasing their bottom line.

Jerry Irvine is CIO of Prescient Solutions and member of the National Cyber Security Task Force. Irvine provides strategic direction for all clients, overseeing product innovation and implementation. His expertise is an indispensable resource for our clients developing IT plans. His expertise on cyber security has been featured in industry publications, including The New York Times, WGN Radio and Wired magazine. Irvine can be reached at www.prescientsolutions.com.