This page contains a Flash digital edition of a book.
24


Cloud Industry Forum Cloud Solutions


At their heart, cloud-based solutions can introduce three potentially new risks to manage – and manage is the operative word! First, by nature cloud uses an untrusted network (the Internet) and as such, depending on the sensitivity of data, appropriate mechanisms to secure communications and access to data need to be understood and implemented. Sec- ond, some cloud service providers (CSP) will operate multi-tenancy implementations and customers should seek assurances on CSP penetration testing to en- sure the integrity and security of data stored on their platforms is not accessible by a third party. Finally, as CSP’s by nature act as a form of aggregator offering services to many customers, they arguably attract a higher risk the larger they become (compared to an on-premise implementation) as they will likely become a more active target to the hacking community or those wishing to target distributed denial-of-service (DDoS) attacks. Again, professional CSP’s should be able to provide assurances on their defences and countermeasures to any external attack.


CLOUD CONSIDERATIONS IN SERVICE CONTRACTING


Arguably one of the biggest impacts of adoption of cloud services is getting used to the cultural and op- erational changes of having IT delivered as a service. Some have seen the use of cloud as transitioning responsibilities under contract to third party service providers; however when it comes to the governance of IT and corporate responsibilities for matters such as Data Protection, these activities cannot be del- egated outside the end user organisation. Therefore, understanding with clarity which party is responsi- ble for which elements of the delivery of the cloud service is critical to ensuring effective governance of IT. Adoption of cloud services should not obfuscate responsibility for IT, which will always be the strategic responsibility of the user. In service models like SaaS, the boundaries are fairly clearly defined as the greater part of the stack is delivered as a turnkey solution, however, even in this scenario, consideration must be given to disaster recovery capability should the service ever fail. For IaaS and PaaS solutions, clear account- ability of the service provider and the end user should be documented and agreed to avoid misunderstand- ing or gaps in service delivery, and ideally this should be backed up with a clear Service Level Agreement (SLA) for operational performance of the solution.


CCI Magazine January 2013


The Cloud Industry Forum (CIF) was established in 2009 to provide transparency through certification to a Code of Practice for credible online Cloud service providers, and to assist end users in determining core information necessary to enable them to adopt these services.


ABOUT CIF


CLOUD AND SOFTWARE LICENSING Finally, and by no means least, the use of cloud


services is not a carte blanche for ensuring license compliance, far from it. Again, whilst a SaaS delivery model will likely include licensing considerations within the rate charged for the service, Infrastructure-as-a- Service (IaaS) and Platform-as-a-Service (PaaS) solu- tions may only cater for the Operating System used, with responsibility for licensing application software remaining with the end user organisation. Further- more, licenses used by an organisation on-premise may not necessarily transfer to a hosted or cloud solu- tion unless the EULA or contract specifically allows for this. Therefore the need for an effective Software Asset Management programme is as relevant in the cloud era as it was in the on-premise era, and with the added complexity of BYOD (Bring-Your-Own-Device) and mobility, the requirements for licensing are argu- ably getting less straightforward in the near term. Un- derstanding how to drive value from software assets is a critical aspect of managing IT today where the variable costs of hardware and networks are largely under control and easier to simplify.


So in conclusion, whilst cloud is a powerful and compelling opportunity for most if not all organisa- tions, it does not mean to say that accountability and application of strategic thought can take a back seat. The benefits are clearly worth pursuing, but do so with clarity of understanding of the wider impact and consequences to ensure a robust and sustainable IT service platform is maintained for your organisation in its increasingly hybrid state.


ABOUT THE AUTHOR Andy Burton


Andy has over 15 years of experience managing technology companies in the security, monitoring and asset management markets. He is currently CEO of Fasthosts Internet Group and Chairs the UK Cloud Industry Forum, a body that champions the emerging UK cloud industry and aims to provide transparency to end users about the capability of suppliers.


www.cloudcomputingintelligence.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68