Join Focus

Share what you know with millions of people

Focus is the best place to turn what you know into remarkable content
×
0

Our business want to put everything on the cloud. even our hosted web applications.What are therisk?

Asked at: Where's Cloud in its Lifecycle, and What Does that Mean for the Future?

Attachments

Topics
Information Technology
Marketing
Operations
Small Business
Cloud Computing
Startup
Technology Adoption
Mbaye, Bocar
Answer This Question
Bocar Mbaye
asked on Aug. 1, 2011
  • Recommended by:
0
Andrew Baker
Andrew Baker
Director, Service Operations, SWN Communications Inc.
Posted on Aug. 2, 2011
  • Recommended by:

From a generic perspective, there are the following risks:

-- Risk of choosing the wrong provider
-- Risk of having inadequate bandwidth
-- Risk of poor performance

Mind you, these are not guaranteed risks, but areas of concern that should be thoroughly investigated before proceeding. Rather than looking at potential risks in such a general fashion, however, it is important to perform a risk assessment that addresses the specifics of your situation.

-- What is the underlying goal that the organization has for moving/migrating everything?
-- How quickly do they intend to move everything into the cloud?
-- What are the specific applications under consideration for the cloud?
-- What is your organization's familiarity/experience with the cloud today?
-- What is the technology skill level of your organization today?
-- How does your organization intend to securely transfer data with clients, partners, vendors, etc?
-- How much bandwidth does your organization have today, and is it redundant?
-- What processes does your organization have for backups, security and DR/BCP?
-- How will these processes need to change when each application is deployed/migrated in the cloud?
-- What provisions for service are in the contracts your organization is pursuing with its cloud providers?
-- How many cloud providers will your organization need/use to support all of its applications and services?

While these questions will help many organizations identify points of risk, the answers are bound to be very different from company to company, and thus the potential risk mitigation options -- even for organizations within the same industry.

Whether or not moving everything in the cloud is good or bad will depend on many factors, but it tends to be a better idea in environments where everyone understands the risks, and the mitigation options are well communicated. It tends not to be less of a great idea when the discussion of risk occurs well after the desire to deploy has already been accepted.

-ASB: http://xeesm.com/AndrewBaker

0
Bocar Mbaye
Bocar Mbaye
Posted on Aug. 2, 2011
  • Recommended by:

thanks

0
James Myers
James Myers
President & CEO, Contingency Now Inc.
Posted on Aug. 5, 2011
  • Recommended by:

The "Cloud" is nothing more than utilizing existing data center infrastructure but with a diversified architecture. Meaning, an application could be running in one center, customer data in another and backup processes from another center. Either way, when it comes to placing "everything" in the cloud key decision makers usually look at the bottom line. It's a lease vs. own assessment. However there are risks involved with this paradigm shift. Let's first assume there is a Service Level Agreement (SLA) contract between parties. Assuming this to be true then here's a list of questions that should be asked prior to jumping in 100%. These are:

BUSINESS
Does the cloud provider have a strong balance sheet? What is their financial health? Will they be around in 2, 5, or 10 years?
If the cloud provider goes out of business, is purchased or merges with a competitor, what happens with the existing SLA contract?
What is the core competency(s) of the cloud provider?
Does the cloud provider own or lease the cloud center premise(s)?
If leasing then what is their contract terms?

PREMISE
What does the cloud provider offer regarding physical and electronic security of the premise itself? External bollards at key entry exit locations. Man trap. Video. Doors open outward, etc.
What type of water based sprinkler system is in place to protect the building?
What type of gas based system is in place to protect the systems environment?
Does the vendor offer redundant electrical distribution systems inside the center?
Does the vendor offer a back up generator for electrical failures/fades? If "yes" then who owns and manages the contract for maintenance and refueling? What is their schedule?
Does the vendor test their generator backup system on a quarterly basis - while under load?
Is the building stand alone or does it have a neighbor? If sharing a wall(s) then are these walls fire retardant and built from the foundation to the ceiling?
What is the geographic location of the building(s)? Rural, urban, dense urban, near railroad tracks, near major highway, near airport?

GENERAL SECURITY
Within the provider, who has access to your company's data? What level of access does this person(s) have?
Who manages the server HW/SW hosting your application or service? Is it outsourced from the current provider or wholly supported in house?
Do you receive cloud provider alerts and notifications due to system/data intrusions?
Does the cloud provider offer telecommunications of their LAN and WAN via a VPN using SSL? Or is their telecom solution purely open web based?
Are streaming files or batch files encrypted to/from the providers data center on a per customer basis?
How are log files managed and who has access to them?

TELECOM
Does the provider offer physical diversity of fiber lines? Meaning, are there two separate physical routes coming to/from each of their data centers?
If there are two physical routes, are these routes supported by a single WAN vendor or two?
Does the provider offer virtual diversity over a single fiber line with a single WAN vendor?

I believe when answers to these types of questions are acquired and assessed, then the customer can decide whether the cost benefit outweighs any perceived or known risks. It's a matter of performing due diligence up front to ensure the key decision makers are comfortable with the decision and can live with known risks or vulnerabilities within the business model.

Hope this helps.
James.

0
James Myers
James Myers
President & CEO, Contingency Now Inc.
Posted on Aug. 5, 2011
  • Recommended by:

The "Cloud" is nothing more than utilizing existing data center infrastructure but with a diversified architecture. Meaning, an application could be running in one center, customer data in another and backup processes from another center. Either way, when it comes to placing "everything" in the cloud key decision makers usually look at the bottom line. It's a lease vs. own assessment. However there are risks involved with this paradigm shift. Let's first assume there is a Service Level Agreement (SLA) contract between parties. Assuming this to be true then here's a list of questions that should be asked prior to jumping in 100%. These are:

BUSINESS
Does the cloud provider have a strong balance sheet? What is their financial health? Will they be around in 2, 5, or 10 years?
If the cloud provider goes out of business, is purchased or merges with a competitor, what happens with the existing SLA contract?
What is the core competency(s) of the cloud provider?
Does the cloud provider own or lease the cloud center premise(s)?
If leasing then what is their contract terms?

PREMISE
What does the cloud provider offer regarding physical and electronic security of the premise itself? External bollards at key entry exit locations. Man trap. Video. Doors open outward, etc.
What type of water based sprinkler system is in place to protect the building?
What type of gas based system is in place to protect the systems environment?
Does the vendor offer redundant electrical distribution systems inside the center?
Does the vendor offer a back up generator for electrical failures/fades? If "yes" then who owns and manages the contract for maintenance and refueling? What is their schedule?
Does the vendor test their generator backup system on a quarterly basis - while under load?
Is the building stand alone or does it have a neighbor? If sharing a wall(s) then are these walls fire retardant and built from the foundation to the ceiling?
What is the geographic location of the building(s)? Rural, urban, dense urban, near railroad tracks, near major highway, near airport?

GENERAL SECURITY
Within the provider, who has access to your company's data? What level of access does this person(s) have?
Who manages the server HW/SW hosting your application or service? Is it outsourced from the current provider or wholly supported in house?
Do you receive cloud provider alerts and notifications due to system/data intrusions?
Does the cloud provider offer telecommunications of their LAN and WAN via a VPN using SSL? Or is their telecom solution purely open web based?
Are streaming files or batch files encrypted to/from the providers data center on a per customer basis?
How are log files managed and who has access to them?

TELECOM
Does the provider offer physical diversity of fiber lines? Meaning, are there two separate physical routes coming to/from each of their data centers?
If there are two physical routes, are these routes supported by a single WAN vendor or two?
Does the provider offer virtual diversity over a single fiber line with a single WAN vendor?

I believe when answers to these types of questions are acquired and assessed, then the customer can decide whether the cost benefit outweighs any perceived or known risks. It's a matter of performing due diligence up front to ensure the key decision makers are comfortable with the decision and can live with known risks or vulnerabilities within the business model.

Hope this helps.
James.

0
Stephney McMohan
Stephney McMohan
IT Analyst, Real Time Data Services
Posted on Aug. 26, 2011
  • Recommended by:

There is no such risk in this....YOu can go with it very easily even you dont have to bother about the risk of loosing any data.. As the hosting services provider will take its warranty before giving you the services....Even you can check with this link it will help you in gaining information:
http://www.myrealdata.com/cloud-computing.html

0
Jim Haughwout
Jim Haughwout
Managing Partner, Oulixeus Ltd.
Posted on Aug. 29, 2011
  • Recommended by:

The right cloud provider can make things very, very easy. The wrong can be a nightmare. Some risks of putting everything in the cloud:
- Provider viability: Will the provider be in business in two years, five?
- Up-time/Availability: What is their SLA for this? Is it better than you could do with existing resources
- Performance/Bandwidth: Again, what is their SLA? Also, where you are geographically hosted can be a factor
- Business Continuity / Disaster Recovery: What if they get hit by a hurricane? Where are their data centers? Ask to see their DR plan (the one the provide customers). Are you resources distributed and dual-hosted across multiple sites? How often do they back-up your data (which back-ups are stored off site in an escrow facility)
- Customer Service / Support: Again, what are their SLAs. Google them to see if you get customer complaint stories. (Search Twitter for associated #fails as well)
- Interoperability: How does their cloud work with others or non-cloud on-premise systems. Is it as simple as HTTP, TCP, etc. or are you looking at developing apps specifically around a particular cloud platform (e.g., Azure, AWS). This can pose a future business expansion risk.
- Import/Export: How easy hard is it to get your data out if you need to move it. This could create a large business interruption risk.

The best way to manage these risks are 1) do your due diligence and 2) take a step-wise approach (try a little, expand what works, end what doesn't)

Answer This Question

Events

Related Activity

Syed Sabih Uddin Ahmed
Syed Sabih Uddin Ahmed answered
Is Cloud Computing a technology driven wave or a business lead wave of change?
12 hours 27 minutes ago
anderi Iosua
anderi Iosua answered
What is "the consumerization trend" and why is it a problem?
15 hours 49 minutes ago
Andrew Baker
Andrew Baker answered
Considering both Apple and Microsoft OS which has the best security?
17 hours 26 minutes ago
Andrew Baker
Andrew Baker asked
Are there hidden security costs for outsourcing?
17 hours 36 minutes ago
Rapidsoft Technologies
Rapidsoft Technologies answered
How can companies use mobility to extend the use of their ERP systems?
18 hours 10 minutes ago
Dheeraj Gopa
Dheeraj Gopa answered
What are some of the basic SEO techniques that any company can use in house for their websites?
18 hours 33 minutes ago
Bill Wood
Bill Wood answered
With all the different online marketing channels what are some guidelines SMB's with limited resources can follow to manage it all?
yesterday
Nora Stewart
Nora Stewart answered
What are some good practices to prevent spammers from filling out a form on my website?
yesterday
Hamid Ghanadan
Hamid Ghanadan answered
How have you explained the importance of content marketing to the C-suite in order to get the budget you needed?
yesterday
José Ricardo Santos
José Ricardo Santos asked
How can I transform members into buyers?
yesterday