Cloud: Is Your Cloud Vendor Ready for You?
By Jim Lundy
You can’t read a technology blog today without getting hit with cloud. The question that is asked most often is, “Are you ready for the cloud?”
I’d like to suggest that you flip it and see if your vendor’s cloud is really ready for you and your needs. The problem with cloud, applications, and content is that it often just isn’t as easy as it sounds. Doing a public cloud right and in a secure fashion takes work and it takes time.
Today, there are many ways to leverage cloud with SaaS applications being the main one. There are some surprisingly basic things that sometimes are not happening when it comes to cloud. Often, this has to do with shortcuts in how SaaS applications are deployed and managed in a cloud. Getting smart about some of the things that are implied and basic (but often don’t happen) is the first step to understand before deciding to evaluate cloud providers and their applications. This includes things like Diesel Generator backup power (see related post about Diesel Generators, Amazon, and Cloud Computing).
Cloud Security Basics
Google didn’t add SSL to its email service until 2010, shortly after they were hacked. There are many other vendors out there proclaiming to be SaaS, but they don’t do some of the basics to secure the content or even the SaaS application you are licensing from them. Sounds basic, but SSL enablement of applications is a must do. Making mobile apps SSL compliant is also something to check. If the end points aren’t secure, then getting access to the application and then your content is fairly easy. This isn’t limited to start-ups. Large vendors also have security issues that go unnoticed.
Also, increasingly, enterprises need to start managing their multiple cloud-based applications through unified identity management from providers such as Okta, McAfee, IBM, and others.
Cloud and Securing Content
The big issue that exists with the cloud is that bad people want access to your information. They monitor your staff and what they do. They look for announcements about applications you are using and then they start to plan their attack. The biggest issue with content shifting to the cloud is with the security that surrounds it. Not all content and data is ready to be moved to the cloud, mainly due to security risks that still need to be addressed by vendors.
Web conferencing (which is now on a collision course with video conferencing) is one of the oldest forms of a cloud SaaS application on the market. These systems connect people in real-time via a robust and secure cloud. Some of the providers (such as WebEx and Saba) will store the meeting recording in their respective cloud for later access. Most big users of these services do regular verifications of the security offered by these services.
Let’s examine Human Capital Management (HCM) and talent applications. Talent applications such as learning and performance management have been available as SaaS applications for years. They take feeds about employees from the systems of record, the HCM system, but they don’t contain all of that valuable information, such as payroll and employee bank account information.
HCM in the cloud is now a hot topic and Oracle and SAP are racing ahead with their clouds. Even with that, it is still early days for HCM and cloud. I have spoken with numerous CIOs and their staffs about HCM. Many are being very careful about shifting their HCM system to the cloud for the simple reason that they are worried about the security of their data. In some cases, it is a simple discussion. “If I move our apps to the cloud and we get hacked, I’ll get fired.”
For Enterprise Content Management, it is also still early days for the cloud. Many cloud content management providers are emerging, but today, we estimate that 95% of enterprise content is stored onsite in ECM systems. Because of BYOD and limits on email storage, users are fighting this and buying their own content sharing accounts at places like YouSendIT and Dropbox. That creates risks to the enterprise when those vendors get hacked, as Dropbox just did. If you are a large enterprise, you might want to check how many of your employees are sharing your content via these services.
We do see cloud content management as a growing area, but there are numerous considerations that need to be examined to ensure your content is secure. Some of the things to be careful about have to do with the basics of the security that surrounds the users and their access to the cloud application. Some of it has to do with the cloud data center—where it is located and in what country. So, looking at the basics of how the application is managed and how the data center where the servers are housed is run.
Suffice it to say, that cloud isn’t going away. But making the shift to the cloud takes a lot of work and examination of your potential providers. So, we end with what we started with. Your cloud vendors may not be as ready as they claim when it comes to securing your content. Careful due diligence is needed before taking the plunge into cloud.
Author’s note: During my sabbatical away from being an analyst, I had a General Manager role and it involved delivering applications via the cloud. Ensuring that cloud SLAs are met and exceeded is an eye-opening experience.