Afraid of Floating on Cloud 9? Some Pros and Cons of Cloud Computing
By Marc Edwards, B.Sc. , PMP, Content Analyticss, bpms, MBA
Are you at the stage within your organization where cloud computing and storage is now a valid tactic to consider to maintain or increase your organization’s competitive advantage? This is obviously a complicated decision since having your data in-house on your own servers gives a sense of security that only proximity can bring.
I came across an article by Carlos Mendible that speak of some of the pros and cons for an organization going to the cloud. Some of the benefits include:
- Reduced IT costs: Fewer servers and the staff managing them are needed.
- Scalability: In this fast changing world it is important to be able to scale up or down your solutions depending on the situation and your needs without having to purchase or install hardware or upgrades all by yourself.
- Business continuity: when you store data in the cloud, you ensure it is backed-up and protected which in turn helps with your continuity plan cause in the event of a crisis you’ll be able to minimize any downtime and loss of productivity.
- Collaboration: Cloud services allow you share files and communicate with employees and third-parties in this highly globalized world and in a timely manner.
- Flexibility: Cloud computing allows employees to be more flexible in their work practices cause it’s simpler to access data from home or virtually any place with an internet connection.
- Automatic updates: When consuming the cloud services, you’ll be using the latest version of the product avoiding the pain and expensive costs associated with software or hardware upgrades.
That being said, some of the perceived cons to moving to the cloud are:
- Privacy agreement and service level agreement: You must understand the responsibilities of your cloud provider, as well as your own obligations. In some situations, is your obligation to do configure correctly the service in order to enable the best SLA possible.
- Regulatory compliance: Remember that although your data is residing on a provider’s cloud, you are still accountable to your customers for any security and integrity issues that may affect your data and therefore you must know the standards and procedures your provider has in place to help you mitigate your risk.
- Location of data: Know the location of your data and which privacy and security laws will apply to it cause it’s possible that your organization’s rights may get marginalized.
- Data privacy and security: Once you host confidential data in the cloud you are transferring a considerable amount of your control over data security to the provider. Ask who has access to your sensitive data and what physical and logical controls does the provider use to protect your information.
- Data availability and business continuity: How is your organization and the provider prepared to deal with a possible loss of internet connectivity? Weigh your tolerance level for unavailability of your data and services against the uptime SLA.
- Data loss and recovery: In a disaster scenario, how is your provider going to recover your data and how long will it take? Be sure to know your cloud provider’s disaster recovery capabilities and if and how they have been tested.
- Record retention requirements: If your business is subject to record retention requirements, how well is the cloud provider prepared to suite your needs?
- Environmental security: Cloud computing data centers are environments with a huge concentration of computing power, data, and users, which in turn creates a greater attack surface for bots, malware, brute force attacks, etc. Ask: how well prepared is the provider to protect your assets through access controls, vulnerability assessment, and patch and configuration management controls?
- Provider lockdown: What is your exit strategy in case your provider can no longer meet your requirements? Can you move your data and operations to another provider’s cloud? Are there technical issues associated with such a change?
I’ve learned that one of the best ways to alleviate fear is to conduct research. So if you are in the position where you need to make a decision about cloud computing, take the time to fully understand the implications. You’ll find that it will be quite worth it.