October 23, 2008
NOT SO FAST
We don't want to give the impression cloud computing is trouble free and right for every organization. In fact, 2008 saw a long, hot summer for cloud uptime: Google's Gmail and Apps services went down, and on July 20, Amazon S3 was unavailable for eight hours. Outages like these, if they continue, will shake IT's confidence in the idea that users will be able to access critical information at any time. Large cloud providers need to offer near constant uptime. It seems we haven't left the concept of five nines behind, and these outages illustrate that IT must have a backup plan in place for those apps that can't go down, even for an hour.
Then there are WAN costs. How much extra bandwidth you'll need to cover the additional throughput required for SaaS depends greatly on the types of applications needed, but network failover and connectivity are key. And companies with huge existing IT investments will be much more gradual in their adoption of cloud computing, and rightly so.
When exploring cloud-based services, there are several key questions to ask providers. We recommend developing a requirements template that combines these questions with business-specific issues before shopping. Start by delving into service levels; this peek into the underlying architecture will let you judge other areas of the provider's business.
Service-level agreements must clearly define the quality of service, and the provider should clearly state what credit or remediation will be provided if the SLA is violated. Ask for documentation that, internally, the provider has ensured that it can manage its environment to levels promised to customers and that it has policies and automated procedures in place to deal with performance issues or outages.
With an understanding of the SLA, you can now peel back the marketing information and understand more about the cloud provider's infrastructure. If there's a failure, how will it provide resiliency? Is there a failover mechanism? What corporate security policies are in place? What type of configuration management is used to protect against accidental changes that could negatively affect security? Dozens of other questions revolve around the specific IT component that you're moving to the cloud, and we cover more in our full Analytics Report, available at cloudcomputing.informationweek.com.
About the Author(s)
You May Also Like
How to Develop an AI Governance Program
Responsible data use: Navigating privacy in the information lifecycle
Checklist: 7 Essentials for Securing Modern Applications
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
The New Frontier of Cyber Security: Securing the Network Edge