It’s all a matter of perspective. From one viewpoint, “Cloud” is the answer to everything; scale, cost reduction, ubiquitous access to applications, storage, lower management overhead, flexibility . . . probably even world peace in the eyes of some.
I’m sure we’ve all been exposed at some point to the wide-eyed “Cloud is the (only) answer” evangelists in Strategy and Planning meetings – ably supported by endless Powerpoint slides and a forest of handouts. Don’t get me wrong – I’m not knocking the enthusiasm and passion of such visionaries; it’s just that sometimes this should be tempered with a bit of reality and pragmatism.
A carefully researched, planned and designed Cloud Strategy can be a painkiller and massively beneficial to an organisation with most (if not all) the points I opened with being realised. Unfortunately, for some, the reality is different – a big headache. Critical steps are overlooked or poorly executed resulting in the complete opposite to the outcome expected. Costs go up, management overhead increases and often the desired flexibility and scale simply can’t be achieved.
It’s not just the nuts and bolts one needs to consider. For example, do the terms and conditions of your prospective provider meet or exceed your requirements; compliance, legal, data sovereignty, security and even compensation if something goes wrong? Are you as an organisation in a good place from a policy and user awareness viewpoint? It’s not uncommon to find unsanctioned Cloud services operating in even the best run organisations.
Humans are ingenious and if there’s a problem, we generally find a way round it. For example, a project team needs to share some documents and for the sake of expediency, one member uploads them to a private Dropbox account. Great for the team but that simple action has almost certainly broken corporate security policy and exposed that information to potential loss – and nobody knows about it. There are numerous cases of companies being absolutely adamant that there are no unsanctioned Cloud services (shadow IT) on their network. Running a detailed audit reveals there are – and generally plenty of them. Some hosted in the most unexpected of places – scary.
Once the unsanctioned Cloud services are identified they can be blocked. But then, we have to address the ingenious human element – probably the most difficult. A re-education is often needed around acceptable behaviour – e.g. use the corporate Dropbox account, don’t send documents/files to personal email accounts etc. This also brings such things as BYOD into the equation. But none of this is especially difficult to resolve; it’s just that it’s very often overlooked.
In summary, the message is straightforward – question everything, and make no assumptions. Exercise due diligence (in the true sense) and leave no stone unturned – especially when it comes to your ingenious humans. Get that right and you have your painkiller. Get it wrong and . . . well, you get the sketch. Right?