According to the IT industry trade association CompTIA, "over 80% of companies now claim to use some form of cloud solution, whether that be virtual machines that can be spun up on demand or applications that can be easily procured and put into use."
Right now there are three major trends driving cloud usage and deployment, says Laura Maio, director of customer solutions for Trend Micro. “First, organizations are using public cloud as a natural extension of their internal environments. Second, non-IT business groups are using the public cloud to gain faster access to server resources and storage.Third, IT organizations are being pressured to establish secure private cloud environments that function like public clouds, in order to win back non-IT business groups from the public cloud.”
[ALSO; Top 10 cloud tools]
Ed Mahon, Kent State vice president and CIO, is a big believer in the cloud, but only if IT departments use it intelligently. “We use activity-based cost accounting to assess when it makes sense to move on-premises service into the cloud,” he says. “For example, we saved $650,000 annually by moving our faculty and staff e-mail service to Microsoft 365. ” In addition, moving student email to the cloud “allowed us to decommission 30 servers."
For IT managers, the challenge is to use the cloud both effectively and safely. We consulted with several cloud experts and compiled this list of 10 cloud best practices.
Best Practice #1: Know your clouds
The cloud is not a monolith. In fact, there are a variety of clouds for IT managers to deal with; each with their own characteristics and applications. Smart managers need to know which cloud is right for them, before moving data outside of their enterprise servers and firewalls.
According to The National Institute of Standards and Technology (NIST), there are three types of cloud service models.
-- Software as a Service (SaaS), where customers access a software provider’s product online. The customer does not control the cloud system, beyond setting user access.
-- Platform as a Service (PaaS), where the customer can deploy their own-developed or purchased applications on a third party’s cloud system/servers. The customer controls the selection and deployment of applications and specifies user access.
-- Infrastructure as a Service (IaaS), where the customer accesses raw server power over the Internet.
Best Practice #2: Assess your IT activities
To use the cloud effectively, IT managers must know which applications would yield benefits to clients by migrating to the cloud. Kent State’s Mahon refers to this process as ‘activity-based cost accounting’. This means looking at the things you currently do in-house, and assessing whether they could be done more efficiently in the cloud.
He says, “In fact, you need to take a look at everything; not just what you do in-house, but what your IT department is good at, and not good at. In some cases, moving to the cloud will provide you with a better return. The cloud can also provide an alternative when dealing with applications and infrastructure that is approaching end of life.”
Best Practice #3: No one cloud fits all
Having selected the appropriate cloud(s) for their customers based on activity-based cost assessments, IT managers must dig down into available cloud providers and applications to see which offering best suits their needs. This is because “there is no one set of overarching guidelines that dictate which cloud applications work best for all clients,” says John Howie. He is COO of the Cloud Security Alliance (CSA), a not-for-profit group that develops and promotes cloud best practices. “This is why IT managers should investigate the cloud options that exist and compare them diligently against their own requirements, to find the one that truly best suits their client’s needs and the IT department’s security systems.”
Best Practice #4: Legal compliance drives cloud choice
Under both U.S. and the laws of other nations, certain forms of information – usually financial and legal – must be kept on an enterprise’s own servers. Failure to heed these ‘compliance requirements’ can land business, institutional and governmental clients into serious legal problems, with hefty fines a real possibility.
“This is why we recommend a hybrid approach to cloud usage,” says Jeetu Patel, general manager of Syncplicity, whose cloud-based solution supports secure file synchronization sharing and collaboration. “Data that falls within regulated compliance should be kept on premise,” Patel says. “Other information, such as public relations information about the company, can be safely and legally be stored and accessed in the cloud.”
Best Practice #5: There’s safety in redundancy
Don’t be fooled by the term ‘cloud’: We’re really talking about accessing and relying upon other people’s servers. Particularly in the IaaS scenario, it’s the IT manager’s responsibility to make sure that there’s redundancy built in because servers do fail.
“If you truly intend to use the cloud safely, then you should choose a provider or providers who store your files in multiple locations, with multiple ways to access them,” says the CSA’s John Howie. “But don’t stop there: Make sure that you have multiple copies of your files on the cloud, with interconnections between them to ensure that when one file is updated, all are updated. This way you’ll still be online and in business should one of your copies go down.”
Best Practice #6: Check your vendors
Just as the cloud is not monolithic, neither are all cloud providers the same. IT managers need to carefully examine what each cloud provider has to offer, and what resources and commitments they make to back up their promises.
“The issue isn’t so much security, since most cloud providers take security very seriously,” says Dave Elliott, product marketing manager for Symantec’s cloud business. “But what you need to ask is what kind of backups each provider has, what recovery protocols are in place, and how easy it is for your customer’s employees to access cloud-based data when primary systems are down.”
Best Practice #7: Take time to properly migrate applications to the cloud
When migrating on-premise applications to the cloud, it is vital to do so in a manner that is methodical, carefully considered, and tested on a step-by-step basis. It is dangerous to simply upload applications onto the cloud, do a few configuration tweaks, and assume everything will work as desired – because it likely won’t.
Unfortunately, this latter approach is so common among new cloud users that Michael Kopp ranks it among the biggest mistakes associated with cloud deployment. He is the technology strategist at the Compuware APM Center of Excellence.
“Trying to migrate existing applications to the cloud without considering the changes that are necessary often leads to bad performance, outages and – on top of that – increased cost,” says Kopp. “One should consider the applications to be moved carefully and what needs to be changed in order to accommodate the cloud and embrace its advantages. Only then can one reap the benefits in flexibility and cost reduction.”
Best Practice #8: Maximize security by keeping the customer satisfied
As Trend Micro’s Laura Maio points out, one trend driving cloud deployment is the tendency for employees to bypass IT altogether. They do this because some IT departments’ private cloud policies make these resources more difficult to use than the insecure public alternative. People being what they are, will go for the easier solution first – in this case, the public cloud -- without worrying about the risk it could pose to their employers.
“To succeed, the enterprise’s private cloud must provide users with public cloud-grade usability,” says Syncplicity’s Patel. “ By doing so, IT managers will be able to keep cloud usage with VPNs and firewalls, rather than having convenience-focused users posting sensitive data on easy-to-use public clouds.”
Best Practice #9: Keep an eye on things
Just because an application is in the cloud, doesn’t mean that the IT department can afford to ignore it and focus on other things. Even at the best cloud providers, things can go wrong. This is why savvy IT managers keep a close eye on their cloud-based applications and data, to catch problems before they become serious. As Kopp warns, “Using the cloud without proper monitoring and application performance management is like flying blind.”
Best Practice #10: The cloud doesn’t get you off the hook
The last and most important cloud best practice is to accept that cloud-based content is just as much an IT manager’s daily responsibility as anything stored on their on-premises servers. Moving applications and data into the cloud doesn’t offload the responsibility for them. It merely changes the nature of the responsibility, transforming into a shared responsibility borne by both the cloud provider and the IT manager who has hired the cloud.
“Using a cloud-based service is like renting an apartment,” explains Maio. “You don't expect your landlord to come into your apartment and vacuum your floor and fix your furniture (applying patches and security updates to the applications you are running). But you would expect your landlord would fix a problem with your plumbing or electricity (keep the physical infrastructure running). In a cloud provider scenario, ultimately it is the consumer’s responsibility to protect the integrity of their applications running in the cloud; not the cloud provider.”
Careless is a freelance writer. He can be reached at james.careless@gmail.com.