Key Cloud Implementation Considerations
The cloud offers several advantages, including expense predictability, scalability, and flexibility—and can aid in digital transformation initiatives. But, notes Tom Jarry, manager of Project Services and Customer Relationships at Cooperative Systems, it helps to understand some key needs and issues upfront.
Security is Job #1
As with almost any technology solution, security is the number one issue.
“You should be asking your vendor questions about what they do to protect their client’s data,” says Jarry. “Ask about where that data resides. Ask about such things as multifactor authentication, also called 2FA, which means that you need more than one factor in order to authenticate to a platform. Back in the day, people had RSA tokens on their keychains to connect to banking applications if they were in finance roles, for example. (An RSA token is essentially a secret number). Now, people have apps on their phones such as Duo, Microsoft Authenticator, or Google Authenticator, where they either type in a code or accept a push message.”
Multifactor authentication is stronger than just a password alone, and it prevents people from logging into a system with, for example, a stolen password. So, you want to ensure that any cloud solution you’re looking at has protections in place, like multifactor authentication. Because if your network is accessible from anywhere, that means attackers can get to it a lot easier versus it being in your office behind a firewall.
Another issue to ask your provider about is risk-based controls.
“In that case, you might be tracking where people are logging into your system from,” he says. “If someone has an impossible travel pattern, like being in Boston and then in China 20 minutes later, that’s a clear red flag. Ask potential providers about the safeguards they have to prevent logins on a risk basis.”
Another critical area to ask providers about is their business continuity or disaster recovery strategies.
“You need to understand what they might do in the case of a disruption,” says Jarry. “Do they fail over to another geography, or do they only run in one geography? You could sign up with a cloud provider that might only have one facility, and maybe that facility is in Boston. You could sign up with another one that has a location in Boston and one in California that’s replicating the data between the two, and their disaster recovery plan could include cutting over to the other datacenter in the event of a disaster.”
Two other key factors to ask about are the recovery point objective (RPO) and the recovery time objective (RTO).
RPO is defined as the maximum amount of data—as measured by time—that can be lost after a recovery from a disaster, failure, or comparable event before data loss exceeds what is acceptable to an organization. RTO is the maximum acceptable time that an application, computer, network, or system can be down after an unexpected disaster, failure, or comparable event takes place.
“Asking providers about their RPOs is important,” says Jarry. “Providers might do it hourly, daily, or even monthly. You might even be able to elect a custom RPO. In terms of RTO, it’s simple: how quickly can they get you back online? Typically, that should be a question of hours, not days, depending on the parameters of their disaster recovery plan.”
Keeping Costs in Line
“With the cloud, you’re switching to more of an OpEx model over CapEx,” he says. “While you can save money in the long run, cloud solutions come at a premium—based on the fact that they immediately enhance reliability and scalability—and can get expensive quickly. You have to keep the train on the tracks in the sense that someone within your company or a qualified partner can help ensure that you’re getting what you need and not focused on unnecessary scaling. Many of these services are consumption-based, so that you pay only for the amount of data you use, the CPU cycles you use, the number of users you have, etc. You need to make sure that you’re not paying for resources that you don’t necessarily need.”
“The issue with any change regarding technology is exactly that: it’s change,” Jarry points out. “Change requires adoption, and driving adoption in an organization can sometimes be challenging. Educating employees on what’s changing and how they’re going to use a different solution can be time-consuming. During a transition to the cloud or any type of new technology, there can be a loss of productivity and efficiency. Typically, it’s a short amount of pain.”
In terms of planning, the migration itself needs to be timed well in advance. and communication regarding the shift needs to come from the top and be clear. Poor planning might result in employees being unable to work for periods, or that work may need to be recreated.
“Businesses that decide to undertake a cloud transition themselves can risk ending up in a situation where the migration wasn’t the way that they envisioned it and productivity suffers,” he says. “That’s why it can be a critical advantage to rely on the expertise of an IT partner like Cooperative Systems.”
Contact us to learn how Cooperative Systems can help you create and implement a plan for seamless cloud integration.