If you're thinking of taking the plunge into cloud computing, don't dive in without proper preparation. Franz Winkler, an IT business architect at the lead Competence Centre for virtualisation, run by the Bechtle IT System House Munich, explains what needs to be considered.
Mr Winkler, what would you tell a customer who wants to head into the cloud?
Before doing anything else, you should develop a thorough plan for your cloud expansion and anchor it in your IT strategy. Often we see a sort of uncontrolled “cloudification” take place without the IT department’s knowledge. Bypassing IT governance like this exposes your business data to not only technical but also legal risks. When planning, consider which IT services fit best with your business situation. Ask yourself whether you want to invest in the cloud technology yourself, outsource or opt for a hybrid solution.
What criteria should be considered when evaluating providers?
Anyone adding a cloud provider to their IT landscape must be aware that this provider will be responsible for a part of their IT. Certifications can help you select a provider by giving you insight into which standards they meet regarding security, data protection, compliance, business processes and infrastructure. One drawback, however, is that no specifications currently exist to define what needs to be certified and how to certify it.
Have you observed any trends?
We have seen that customers generally prefer standardised, modular services with a high degree of elasticity. The introduction of new services opens up a lot of potential for public clouds. On the other hand, services that involve core business processes or that are highly interdependent usually remain in a private cloud.
Have companies become more reluctant to pursue cloud computing following the Safe Harbor decision?
There is definitely a palpable uncertainty on the market. In most cases, this means that companies look for German, or at least European, cloud providers. But even US providers, such as Microsoft, are beginning to re-evaluate. They now offer special services for the German market, with data residency in Germany.
How will these new offerings impact the market?
Strategies such as Microsoft’s data trustee model, which is offered as part of a Microsoft cloud within Germany, will undoubtedly affect cloud business here. On the one hand, customers are worried about how their data is handled, but, on the other hand, we see that current offerings are well accepted. I believe the future of cloud computing lies in agreements like the EU-US Privacy Shield rather than in isolated, country-specific solutions.
Is it difficult for companies to switch providers once they’re in the cloud?
There is definitely a risk of becoming tied to a specific cloud vendor once you’ve made the leap. Unfortunately, no uniform standards currently exist. Provider-specific technology, service models and price structures often make it difficult to switch. Focusing on underlying strategies such as hybrid or multi-cloud platforms, or using technology such as OpenStack can reduce this risk to a certain degree.
What do you recommend?
Bechtle recommends making sure that contracts set out exactly how cloud data and applications are handled. In other words, how is data sent into the cloud and how is it retrieved? Standardised data formats and interfaces play just as big a role here as data security and compliance. Above all, it’s important to define clearly who owns the data and programs, and what happens to the data if the service provider goes out of business.
IT-Business-Architect Lead Competence Center for virtualisation
Bechtle IT System House Munich email@example.com