Cloud computing models allow companies to have their applications, data and IT services hosted and managed by a professional third-party service provider. Over the past few years, a growing number of companies have migrated to cloud services to cut IT costs, offload non-critical tasks and gain better access to computing resources.
Small- and medium-sized business (SMBs) can also gain many of the same benefits that large companies have achieved from cloud computing. In fact, according to a study by Semantic, over 40% of SMBs are eagerly adopting new computing models including cloud services. However, to gain these benefits, they must first have a clear objective and ask the right questions.
1. Which applications should we migrate to the cloud?
The best candidates for the cloud are commodity applications that require little special technology skills to operate or to manage. CRM, email, office productivity and payroll applications are prime examples of the kind of applications that can be delivered quickly and cost-effectively by a Software as a Service (SaaS) cloud provider. On the other hand, custom applications and applications that are covered by state, federal or industry regulations are less ideal for the cloud.
2. What kind of ROI will we achieve?
Companies migrate applications to the cloud for different reasons. Some do it because they want to reduce IT operations cost. Others do it because they do not have the IT infrastructure they need to support their growth. Some tap the cloud because they want to free up their internal IT resource to focus on mission critical tasks.
3. What should we look for in a cloud vendor?
Some of the most important factors to consider when selecting a cloud vendor are performance, availability, reliability and security. Some cloud providers may offer cheaper options but they may not always be suitable for a company’s specific requirements. For example, some large cloud providers store customer data on servers located in multiple countries. Companies in certain industries may be prohibited from using this kind of data storage. Similarly, small vendors may sometimes offer very competitive pricing, but their infrastructures may be less scalable and protected than those of a large vendor.
4. What is the payment model?
Cloud providers offer a variety of hosting options ranging from fixed-term price contracts to pay-as-you go subscription models. Each model has its benefits and its downsides. For instance, a fixed-term contract might guarantee a fixed price for a certain length of time, but customers may end up paying for more resources than they actually need. A pay-as-you go model may look to be the cheaper entry point but can make it challenging to predict a monthly operating budget.
5. Will our applications be hosted on a shared infrastructure or a dedicated infrastructure?
Cloud service providers should offer customers the choice between a shared or dedicated infrastructure. Both of these options have pros and cons; a shared infrastructure is cheaper than a dedicated infrastructure, but if privacy and control are important, a dedicated infrastructure model is the better choice.
6. What key security areas should we ask about?
When you move your infrastructure outside your company walls, security will become your number one concern. Prior to moving applications to the cloud, ask potential cloud providers questions around their security, such as:
- How safe is my data?
- Will my applications be available when I need them?
- How do I control and manage access?
- Will I be in compliance with federal regulations?
Security is a collaborative effort between the vendor and client. The vendor cannot guarantee absolute security but can provide the means so the vendor and client can work together to make security a practical reality. With this in mind, companies should take a layered approach when assessing cloud vendors. These assessments should focus on three key areas – the vendor, the facilities and the data.
7. What are the regulatory implications of moving data to the cloud?
Companies that are covered by federal, state or industry regulations need to make sure they are not breaking compliance by having their data and applications hosted and managed by a third-party service provider. In some cases, companies may be required to implement measures such as data encryption before they can move customer data or other data to a hosted server. Companies in some industries may be prohibited from having their data hosted on servers that are based outside Canada.
8. Where will our data be hosted?
Large cloud providers like Google and Amazon use massive global cloud infrastructures to host customer applications. It is not unusual for a company’s applications and data to be split up and distributed across multiple systems in different countries by cloud providers.
9. Who is responsible for our data security and privacy in the cloud?
Most reputable cloud service providers have extensive security controls in place for controlling access to data and for protecting against malware and malicious intrusions. Even so, the ultimate responsibility for data security lies with the company that collected the data in the first place. This is especially true in the case of data covered by regulations such as the Payment Card Industry Data Security Standard (PCI DSS).
10. Is it better to go with a public cloud or a hosted private cloud?
This usually depends on the extent of control a company wants over its applications, along with the sensitivity of the applications. In a public cloud model, a company’s applications and services are hosted on a shared infrastructure. Rather than having dedicated equipment for each client (servers, networking, surge protection, storage, bandwidth, etc.), clients share a pool of resources. By sharing equipment, companies can achieve the greatest cost efficiencies, as well as excellent scalability, elasticity and automation. However, businesses that are evaluating a public cloud need to consider how to reduce their risk. Look for a public cloud offering built on established infrastructure such as Vblock versus open source.
For increased security, many businesses turn to a hosted private cloud solution. In a private cloud, all of the resources in the operating environment are dedicated to a single client, guaranteeing that the client’s data never shares space with another company. While the OPEX advantages remain, some of the cost efficiencies disappear in the private cloud model. This may be considered a fair exchange for the increased security of the system, which could then be utilized for sensitive data and maintained in accordance with regulatory and compliance requirements.