Making the switch to cloud systems can be a daunting task for CIOs, for whom the various different systems and processes on offer can be overwhelming. The range of definitions and standards applied to cloud computing complicates the task further, as does pressure from other C-level executives who may be keen to deploy a system they may not be familiar with.
It is vital to understand the different options on the market, and find the right solution for the right business.
The mix of standards applied to cloud systems is a challenge for any IT professional. As a relatively new technology by industry standards, there is no universally accepted definition of what cloud actually is, although some organisations have come close.
The most widely accepted understanding is from the National Institute of Standards and Technology (NIST), an American government institution which releases a regular list of acronyms to help shape the concept. It defines the cloud as:
"Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
However, this definition leaves out some important characteristics; cloud security is overlooked, as is automation and data protection (backup). Many IT professionals prefer to merely define the cloud by its associated components, such as its on-demand, self-service capabilities, along with the greater flexibility it affords.
Adopting cloud technology can also help alleviate capital expenditure – service becomes operation-expense orientated. Furthermore, there is less of a need to fully grasp the type of hardware infrastructure these cloud services sit on, offering IT professionals smooth integration into their daily IT operations.
Despite its current popularity, a staggering 92% of IT professionals are reluctant to switch to cloud, according to a recent survey from an online hosting firm. Security fears are almost entirely to blame, with companies concerned by a perceived lack of control over their data once it goes into the cloud. Stored outside of their business walls, it becomes easier for prospective clients to assume this data can become publically accessible or at least easier to access by third-parties.
This is of particular concern when considering the transition period of a company's security infrastructure – the perception is that cyber-attacks could directly attack a company's servers while its proverbial 'guard is down'. This is not strictly true. A company's on-premise security does not actually change as they transition to the cloud, so cyber-attacks would be no different than they were previously.
The new security infrastructure is the sole responsibility of the cloud provider and there is usually a close collaboration with a company's security officer regarding data transition and end-user interaction with cloud systems.
These risks might not be apparent to those at the top. There is a risk that C-level executives may hear of a well-regarded cloud platform and attempt to impose it on the IT department without a detailed understanding of the needs of the business. Acronyms such as IaaS and DRaaS may be picked up by CIOs and recommended without consulting the IT department first. Cloud isn't for everyone, and it is vital that the IT department makes this clear to the decision makers.
- Check out our sister site ITProPortal's article on Disaster Recovery as a Service (DRaaS): What businesses need to know
Assessment – should IT be cloud?
To begin, IT professionals need to conduct a detailed assessment of the existing IT infrastructure and the end-user requirements, then correlate how aspects of cloud computing can help alleviate issues within the business.
The easiest on-ramp to cloud adoption is to ensure your company's infrastructure is virtualised. However, many firms, particularly small and medium-sized enterprises (SMEs) operate a very basic infrastructure consisting of a mail server and maybe some file/print and application servers.