Five decision criteria for evaluating and selecting hybrid cloud solutions
by Irfan Saif, August 2013
As cloud computing solutions continue to mature and permeate even the largest of companies, we are starting to see the true power of broad adoption. No longer content to rely on the cloud for narrow functional requirements, many companies are taking a strategic and multidimensional view of cloud offerings. They are also placing some big bets, not only on internal systems but also on customer and partner enablement—even in highly critical areas such as financials, supply chain, and manufacturing.
The excitement of the business value that a well-executed cloud strategy might unlock is often moderated by the primary concern that is raised in cloud adoption conversations: How can the litany of security, privacy, and risk questions that keep many executives up at night be addressed? While there is no one-size-fits-all answer, a structured approach is advised. Specifically, there are five questions executives should consider asking when contemplating cloud solutions.
1. Maturity. Does the solution have a clearly articulated and well-established security, privacy, and risk management program? A mature cloud provider should employ—and be able to clearly articulate—a strategic, programmatic approach to manage and secure its platform and customer data. Its program should leverage leading practices and frameworks with the appropriate resources and supporting tools along with elements to execute effectively.
2. Flexibility. Does the solution have a rich, customizable ecosystem of services and functionality? The solution should offer a full set of capabilities and functionality that can be reasonably tailored to meet immediate and future business circumstances, as well as agility to switch components based on enterprise demands. Ideally, the platform should provide or integrate with a federated single-sign-on experience. It should also provide dashboard or reporting functionality to satisfy operational and compliance requirements.
3. Performance. Do you have confidence that the cloud provider’s infrastructure will meet and scale to your long-term business demands within appropriate service-level tolerances? Vendors should provide performance metrics and performance guarantees that can, and should, be measured and incorporated into service-level agreements.
How can the litany of security, privacy, and risk questions that keep many executives up at night be addressed? There are five questions executives should ask when contemplating cloud solutions.
4. Resiliency. Does the provider have the appropriate redundancy and protections to address a broad range of business-impacting events? The vendor should provide reasonable details on redundancy and recovery plans and intended service levels during a disaster. Cloud architectures inherently follow a different model than typical IT platforms with respect to redundancy and recovery, and this should be factored into due-diligence activities.
5. Commitment. Are you comfortable with the investment the provider has made in people, resources, training, infrastructure, and communication? The cloud provider should have an established, experienced, and accountable platform security function guided by formalized principles, policies, and practices. The provider should collaborate with customers in understanding and configuring security measures to protect the confidentiality, integrity, and availability of the platform and the customers’ data.
Security, privacy, and risk need not be a roadblock to cloud adoption. With the right considerations, executives can make informed decisions about how to accept and manage risk appropriately. Adopting cloud computing is not about delegating responsibilities to a cloud provider. Rather, it is about incorporating these platforms, and their potential benefits, into a broad strategy.
Irfan Saif is a principal and leader of the postdigital enterprise initiative at Deloitte & Touche.