Overlooked questions to ask before jumping into the cloud
- By Shawn McCarthy
- Jul 02, 2013
Is your organization asking the right questions when planning for the cloud? If not, progress can be slowed as you work to integrate multiple externally hosted IT services. Lately, cloud solutions have not been expanding as rapidly within the federal government as they have in other sectors, and one reason might be failure to deal with important questions upfront when evaluating how cloud services will be integrated.
Here are a set of often overlooked questions that can help agencies establish a true enterprisewide plan for how to tap into a wide range of on-demand services.
Does the agency have the right rules in place?
Decisions on data ownership and authorized access apply to any system and are not unique to cloud. But when multiple cloud providers are part of the mix, rules need to be very specific and formal. A large systems integrator can often help agencies set formal rules.
There should be rules governing who is authorized to purchase a cloud service or seat license to understanding what service-level agreements (SLAs) need to be requested. There should also be a framework for how service levels are monitored and enforced, whether by the agency itself or via a third-party subscription with companies such as Rackspace and LogicMonitor that can handle those duties for the enterprise.
How do the agency’s rules on data centers apply to the cloud provider?
Agency rules on firewall and router configuration settings, authorized ports for connections and packet monitoring will affect bringing cloud-based services into the enterprise. If rules cannot transfer, is that a deal breaker? Or can you work around the limits of the provider’s system? GFI Cloud’s management console offers configuration monitoring and management.
How will cloud services be integrated into the enterprise?
Even the most basic cloud services – e-mail, for example – can't be treated as a stand-alone solution. Decisions must be made about how other applications interact with the service. With e-mail, case management solutions or shared calendars may need to interact with the cloud provider’s system. Consider the following questions:
Will system interactions be done via application programming interfaces, or will most data be imported into a shared datamart, perhaps via XML exchanges?
How will user profiles be set up to manage access control, read and write permissions and more? Existing identity management tools include Hewlett Packard's Unified Profile solution and the System for Cross-domain Identity Management.
How will trouble ticketing be handled when issues extend beyond the scope of just the government's own networks? Will end users need to interact with the help desks of multiple service providers, or will a central resource be used to coordinate all tickets, acting as an interface to the help desks of individual cloud providers? A central resource that helps with ticket coordination is preferable to most end users, but it can be an added layer of expense.
Can all cloud services be offered in a way that lets employees take advantage of centralized resources such as data analytics tools, reporting, and knowledge management systems? This can get complicated, because the analytics tools need to send queries and cull data from multiple systems. Both IBM and the SAS Institute are masters in this domain, and they can help set up analytics tools capable of reaching across multiple cloud services.
The set of questions listed here are important, but there are many others. The Federal CIO Council has established committees to handle many of these issues. It's worth monitoring their reports to see how others have dealt with these tough integration issues.
Agencies really do need a robust service-oriented architecture in place before cloud can gain traction. Asking the types of questions listed here will help organizations move down that path.