Before doing anything else, you should develop a thorough plan for your cloud expansion and anchor it in your IT strategy. Often we see a sort of uncontrolled “cloudification” take place without the IT department’s knowledge. Bypassing IT governance like this exposes your business data to not only technical but also legal risks. When planning, consider which IT services fit best with your business situation. Ask yourself whether you want to invest in the cloud technology yourself, outsource or opt for a hybrid solution.
Anyone adding a cloud provider to their IT landscape must be aware that this provider will be responsible for a part of their IT. Certifications can help you select a provider by giving you insight into which standards they meet regarding security, data protection, compliance, business processes and infrastructure. One drawback, however, is that no specifications currently exist to define what needs to be certified and how to certify it.
We have seen that customers generally prefer standardised, modular services with a high degree of elasticity. The introduction of new services opens up a lot of potential for public clouds. On the other hand, services that involve core business processes or that are highly interdependent usually remain in a private cloud.
There is definitely a palpable uncertainty on the market. In most cases, this means that companies look for German, or at least European, cloud providers. But even US providers, such as Microsoft, are beginning to re-evaluate. They now offer special services for the German market, with data residency in Germany.
Strategies such as Microsoft’s data trustee model, which is offered as part of a Microsoft cloud within Germany, will undoubtedly affect cloud business here. On the one hand, customers are worried about how their data is handled, but, on the other hand, we see that current offerings are well accepted. I believe the future of cloud computing lies in agreements like the EU-US Privacy Shield rather than in isolated, country-specific solutions.
There is definitely a risk of becoming tied to a specific cloud vendor once you’ve made the leap. Unfortunately, no uniform standards currently exist. Provider-specific technology, service models and price structures often make it difficult to switch. Focusing on underlying strategies such as hybrid or multi-cloud platforms, or using technology such as OpenStack can reduce this risk to a certain degree.
Bechtle recommends making sure that contracts set out exactly how cloud data and applications are handled. In other words, how is data sent into the cloud and how is it retrieved? Standardised data formats and interfaces play just as big a role here as data security and compliance. Above all, it’s important to define clearly who owns the data and programs, and what happens to the data if the service provider goes out of business.
Published on Sep 6, 2016.