For most companies wanting to migrate their applications or benefit from Cloud Computing models, it can be a no-brainer for specific types of applications which have enough maturity and confidence within the computing industry. In recent years Cloud Computing has become one of the hot topics for CIO’s, who clearly see the benefit and value of making strategic decisions to expand services with a on-demand infrastructure or set of services.

If you choose SaaS or PaaS, the multi-tenant model provided by Cloud vendors is already a proven and a solid platform where they can securely host information for your business. For applications such as email, web site hosting, CRM, online meetings, time management, storage and application virtualization instances, this can make clear sense as a viable processing platform for businesses.

So what are the obstacles or issues that might hinder such projects?

Whilst the obstacles may likely vary from organization to organization, there are a few common ones all companies have to deal with. Ensure you consider, or at least include the following list as part of your design/requirements planning process.

1 – How to integrate the internal authentication systems and domain
infrastructure (e.g. Microsoft Active Directory) with the Cloud infrastructure? There are some listed options here:

• Microsoft Active Directory Federation Services 2.0
• Vordel Cloud Service Broker
• Forum Sentry SOA Security Gateway
• Layer 7 CloudSpan Products
• Ping Federate Connectors

2 – User account provisioning and decommissioning:  Ideally companies should be setting up Single Sign-On to control access to internal and Cloud services to manage a simple and seamless process of user account provisioning. Employees that leave your company shouldn’t still have an account to logon to your systems, or any Cloud applications that were provisioned during their service with your company.

3 – Internet Connectivity: Ensuring you have reliable, redundant internet connections and bandwidth management in place on premise. Unfortunately we cannot have QoS over the internet at this moment, but there might be optimizations that can be managed on the internal network down to the desktop.

4 – Integration: Integrating the internal systems data and information with the Cloud application.  The possibility here might be Cloudstreaming the information securely.

5 – Legal: Are there any legal issues related to having your company data and information on a server hosted in a different country, or on a multi-tenant system. For example, there might be an issue with local laws prohibiting specific types of information being stored across certain borders, or local laws of where you data is held may well be an issue too. Security awareness with the privacy of data is a major concern here.

6 -Web Services: Connectivity might well be an issue for some applications, depending on the type of integration requirements. Secure web services should help in this area, but for large quantities of data it’s important to optimize and test  such requirements.

7 – Governance:  How is the information managed, what restrictive roles can be implemented on the Cloud platform, and are these enough to suit your business requirements. Are there any specific audit standards which need to be followed and are these available as part of the service.

8 – Backups and recovery vs risks: How important is the information to your company, do you require a local streamed backup of the data. Are you content with the options the Cloud vendor offers as part of the service. Should additional provisions be made to protect the data before the event of a disaster.

9 – Large files and large queries: During a pilot, it’s not enough to test a Cloud system and determine the performance capabilities with a subset of your data. The last thing you want to happen is to go live and realize that the sub set data  performance test was lightning fast, but the full data set resulted in performance issues.

10 – Service Level Agreements (SLA’s): It’s important to understand the SLA’s behind the service and what compensation is offered by the Cloud Vendor. If your company is reliant on the service being available 24×7, then receiving credits in service hours may not be enough coverage for your business, especially if you will lose a significant amount of revenue from a service outage.

11 – Service decommissioning:  Some Cloud vendors state that it is the responsibility of the customer to remove their data from the service prior to the service being decommissioned. For whatever reason, its important to understand what potential issues could arise from decommissioning your information from a service, and what the rules are around the contracts.

12 – Data Migration: If you decide to bring a service to an end, what will be the migration strategy from Cloud-to-Cloud or Cloud-back-to-On-Premise.

13 – e-Discovery: Under certain regulations, companies are required to provide various accounting and transactional information to a third-party. If this is a concern, ensure that the Cloud vendor can provide e-Discovery facilities which work in a timely manner. Whilst the Cloud architecture is completely multi-tenant orientated, it is important to understand, it may be difficult to perform forensic inspections, should any situations of this nature arise.

14 – Data ownership: Companies must ensure they protect themselves over the information they store in the Cloud. Most importantly, intellectual property rights and trade secrets is the concern here. Unlawful information leakage could cause some issues related to this subject.

15 – Training: Whilst most people are use to using major desktop applications, there is a distinct shift in the training required to facilitate a Cloud migration. Ensure that your staff have sufficient knowledge of the new system and changes in terminology prior to initiating the new service.

I’ve touched on a number of different areas for consideration. Every Cloud vendor has a different architecture, a different set of rules and different options available as part of their services. Making a decision to move an application to the Cloud should involve the following teams in your organization:

• Senior Executives
• IT and Information Security
• Infrastructure Teams
• Application Specialists
• Helpdesk/Service Desk
• Training Departments
• Legal Team
• Human Resources
• Business Application Process Owners

Over the years the Internet has brought us many new capabilities to collaborate from business to consumer, business to business and consumer to consumer. I always wonder where the Internet and technology will take us next, perhaps to another galaxy !

On a serious note, the potential of cloud imputing is endless. Companies have built their own data centers for many years, purchased server after server to ensure they have all the processing capabilities required to run their businesses. Unfortunately, the investment on servers, networking equipment, software, security, applications, server replacement cycles etc all come at a huge operating cost. Personally, I believe that SMBs will still keep their core infrastructure within their own data centre, and review what the cloud offers with caution at the very beginning. It’s a bit like buying BMW’s during your whole life for your week day vehicle and then deciding to sell it and buy a Mercedes, or having a Ferrari as your weekend car and then selling it to buy a Porsche. Some people love one or the other, but not both 🙂 Well thats me personally anyway (they are all fantastic car manufacturers though).

There are always applications which make more sense to be on the local network rather then hosted elsewhere. Even though the offerings in the cloud could replace a complete data centre, there are many bridges to cross before taking a huge leap of faith to move to an architecture which is essentially not controlled by the business. And as for us IT folks, well if we have a server, we control the application, updates, releases etc its all under our control and its our sweet spot !

I will be writing articles about cloud computing which cover architecture, security considerations and business processes which require consideration for moving to the cloud. There will also be topics based on specific issues and links to the most current articles from various security and cloud computing conferences to ensure you are kept up to date on recent content.

Watch this space !