This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Companies everywhere are moving core enterprise systems to the cloud. Formerly complicated and expensive on-premises outsourcing implementations are now relatively simple and inexpensive in the cloud. This reduction in cost and complexity is causing an explosion of cloud services and cloud service providers. With multiple cloud services, many companies are losing track of the who, what, where, when and why of their data. Below, we outline potential issues involved in having multiple cloud services and service providers, along with a proposed action plan to stay on top of your growing cloud services environments.
Who is ‘the cloud’?
“The cloud” doesn’t exist. “The cloud” is a hodgepodge of private, public and hybrid data centers used to store data and host cloud services. Cloud service providers typically operate independently from data centers and are ecosystem-driven — they want your data in their environment so you will purchase more of their offerings. To achieve this exclusivity, many cloud service providers prohibit or otherwise restrict access to data or the ability to transfer data between cloud environments. Failure to address these issues in the planning and contracting phases can lead to a nightmare.
What’s in your clouds?
With multiple environments and services, it is easy to lose track of what data goes into which environment, and who has access to the data. Not all cloud services are the same — failure to monitor and enforce security levels and access limitations could lead to disastrous results. For example, if one provider is HIPAA-compliant and another is not, transferring protected health information from the HIPAA-compliant cloud to the non-HIPAA-compliant cloud could lead to significant regulatory fines.
Where is your data?
To offer competitive services, providers are always looking to reduce costs. One way they do this is by offshoring data storage and processing. Depending on the type and sensitivity of the data being offshored, this practice could subject you to the laws of foreign jurisdictions. These foreign legal obligations could arise even if your data is stored in the U.S. but processed offshore. These compliance obligations get even more complicated if you are dealing with sensitive data, such as protected health information or financial data.
When can you exchange data, and are there transition services?
The ability to transfer data between environments is not always permitted, even if possible. If the legal agreements do not permit the transfer of data between environments, you may not be allowed to do so. Likewise, if the implementation plan does not specify compatible data schema and formatting, you may be technologically prevented from exchanging data between systems. Additionally, many companies fail to plan for the transition from one vendor to another. Without proper planning for the end of the relationship, your cloud vendor may not have an obligation to help you migrate your data to a new service provider, or worse, it could delete all of your data without liability.
Sign up for MIS Asia eNewsletters.