Questions to Ask Before Flying into the Cloud


Think Cloud computing is the cat’s meow? I guess it depends on your role, function, needs and objectives – and whether you are prepared to answer some very hard questions about the business risks you are taking on.

If you are with a small or midsize business attempting to service new customers and new geographies the lure of on-demand metered IT is hard to ignore. And, if you are with a larger organization attempting to better align operating or capital expenses, the opportunity to reduce non-core expenses is also hard to ignore.

The sticky-problem that won’t go away: you lose control over the applications, systems, information and intellectual property that may be flowing through the Cloud. Worse, there are reports of some organizations already experiencing applications, business procedures and critically sensitive information being hijacked from mult-tenant virtual systems that dominate among most Cloud providers.

What is your reputation, customer trust, customer loyalty, intellectual property, customer data, and employee data worth? Is your cloud provider responsible for these or are you?

Do your Cloud providers have deep enough pockets for these exigencies, and can you even ink a contract covering indemnities for what could be a business disaster?

What happens to your data when your Cloud provider outsources his obligations to you to a third or fourth party? Or, what happens to your data if a few bad-apples working at a Cloud provider set up their own data-brokerage business, with your data?

Beyond the obvious business risks from the loss of priceless intangibles, does the provider deliver the necessary physical controls to protect your information, or appropriate disaster recovery controls in case a disaster strikes their operations and puts your business on hold?

And then there’s the problem of information security. If you are not spending enough on it now, is your cloud provider financially incented to deliver better information security than you can provide yourself? Can she or he deliver secure-enough identity, information protection and infrastructure protection to guarantee or warranty your risks?

Lastly, what will you do to meet the needs of the auditors and regulators, and how will this be factored into a one-stop shopping menu of a Cloud provider that you might be asked to select from.

Unfortunately there are no easy answers here: only an obvious Cloud-trajectory and a lot of questions that many organizations are wrestling with and attempting to sandbox around.

Whatever you do, factor-in your own accounting and controls to manage the business risks before flying into the Cloud: otherwise you may not emerge.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: