Clouditis: 21st Century IT Flu – or a Savior in Disguise? Part 2
In part one of this blog, I identified a new malady that can cripple potential cloud projects within the corporate world:
Clouditis (noun): The irrational fear of moving to the cloud, often exhibited by IT professionals.
Think about it. AIIM, Gartner and Forrester research all shows that security and compliance are the number one concern when it comes to moving to the cloud. So companies are rightly concerned about their information assets, and how to best manage and secure them.
Every cloud-based provider is more than used to having conversations about compliance and security. Cloud-providers do this for ALL of their customers, EVERY day. If they weren’t providing a secure solution, they wouldn’t have any customers, and, furthermore, if they ever get it wrong they’ll likely go out of business.
So, by default, any long-established cloud provider is more than likely to be secure, compliant and resilient.
Although the cloud is coming with or without the blessing of IT, organizations can only utilize the benefits of the cloud with buy-in from the IT department. So as an IT manager, why not try to take advantage of that? Yes, some of the roles and responsibilities managed by IT may be at risk – but as described by Kyle Falkenhagen, the real risk lies in not doing anything.
Getting the balance right is the key. It’s not simply a case of letting a cloud vendor manage infrastructure and content while IT hides behind a Service Level Agreement (SLA), no matter how comprehensive that SLA is. If a security breach leads to your confidential information being broadly distributed across the Internet, a few months of free hosting is not likely to soothe your pain. Indeed, even if your data is stored in the cloud, it is the organization’s responsibility to ensure security and protection of that data – not the cloud vendor.
What’s more useful is an approach that takes a proactive stance in getting rid of clouditis – one that emphasizes shared responsibilities. This “trust but verify” approach requires corporate IT to perform six key tasks:
- Measure the security of your cloud systems on an ongoing basis, not just when you make the initial purchase.
- Conduct security testing of the cloud vendor and service on a periodic basis or hire a qualified third-party to do so.
- Monitor the availability and performance of your cloud system, particularly in relation to the unique aspects of your business (e.g. custom workflows or content ingestion processes). This will improve IT’s ability to hold the vendor accountable for any issues (and not rely exclusively on what the vendor chooses to inform them of).
- Ensure suitable audit rights are available and that each cloud vendor responds favorably when these are exercised.
- Ask for references from customers of similar size and with similar regulatory requirements within the same industry. (There are a number of regional user groups around the world that can help with this.)
- Reinforce the importance of integrations with other LOB applications. These require a depth of knowledge about how various systems are used in business terms that only Corporate IT is likely to possess or retain.
By developing these simple points into a proactive “terms of engagement,” the corporate IT department not only avoids developing clouditis, but serves as a voice of reason in all things cloud-related. With the cloud, the IT department’s importance to the business does not diminish – indeed quite the opposite occurs, with IT claiming its rightful place in all of the strategic decisions the organization needs to make.