Cloud is high on the priority list for IT directors, but seldom is it used for essential IT services. The obvious question is why do companies continue to deliver critical services from on-premise environments when the cloud has been proven to provide greater cost efficiency, improved agility and flexibility?
The answer is two-fold. When cloud computing first started gaining awareness in the late 2000s, service providers originally encouraged its use for dev/test and behind-the-scenes IT work that had low impact on end-users. Cloud providers had hoped that cloud use would extend to the production side of IT and the business. Yet, IT directors struggle with whether or not to turn to cloud to host these vital workloads.
IT directors may be best served in seeking a cloud services provider who can provide the technical and governance requirements for their applications. Cloud providers that offer clear service level agreements (SLAs), enhanced security, and consulting and migration services are best suited to provide a smooth transition for production workloads.
Understanding contracts and laws
The details are in the fine print of both SLAs and government regulations. A detailed, well-understood SLA is critical as companies cannot afford latency issues or downtime as it affects user efficiency. Assumptions on the definitions of service availability can lead to disastrous consequences such as costly outages without any associated penalties. Both parties must clearly spell out in the SLA what service is being offered, how it is being measured for uptime and performance and what events would trigger additional costs or compensation.
Additionally, the cloud provider must be cognizant of governance concerns. Under data sovereignty laws, a production application which is constantly storing and generating data is subject to the regulations of the country in which it is stored. Cloud providers also must be able to spin up new applications within specific regions quickly to address new market opportunities without data sovereignty issues.
Locking down the data
IT directors have two main concerns related to security: the transmission of the data and access to it. Cloud providers that comply with relevant certifications, such as SSAE 16 SOC 1 and ISO 27001, ensure the right governance and control over applications and data. Secondly, how data is segregated and accessed in the cloud need to be clearly defined. Cloud providers must demonstrate how they use best practice tools and architectures to segment network and data access. IT directors should never need to expose their servers and data to the open Internet in order to access them. The cloud provider should allow private access mechanisms given the data security requirements of production workloads.
Choosing a true partner
The migration of a tightly integrated, production level environment to the cloud is not accomplished overnight. This intricate task may be made more difficult if the migration requires re-architecture, a technology refresh or organizational changes to handle modifications in how systems are being managed. Cloud providers who have migration and consulting experience and understand how to manage these various processes will minimize the impact of the migration and improve cost efficiencies and service value.
The days of cloud services languishing in the dark corners of IT are coming to an end. IT directors who want to use the cloud for hosting production applications should select the cloud provider partner that can handle custom codes, unique implementations and run services reliably and securely. Cloud providers with a rich set of complementary services can be the difference between maintaining the status quo and introducing a new innovative IT services model.
- Tim Brophy is Global Cloud Architect at Dimension Data