20 Reasons to Approach Cloud Computing with Caution

There’s no doubt the acquisition and maintenance of computing resources and software sucks up a lot of time and money, especially for businesses without in-house expertise. Cloud computing services have become popular precisely because they solve this dilemma for organizations. Still, the industry is new enough that best practices continue to evolve and managers looking to invest in the Cloud must take care to avoid these common pitfalls:

Security

When considering a move to the Cloud, don’t assume anything. This is especially true when it comes to the security of the assets you place in the Cloud. Carefully vetting vendors isn’t a step in the planning process you can skip.

Include these points on your checklist:

  1. Does the vendor run background checks on its employees?
  2. How do they keep your data separate from other customers’ on multi-tenant servers?
  3. Can the vendor provide you with documentation of the security of their software and any third party apps that are integrated with their service?
  4. What encryption protocols do they use to secure data?
  5. What authentication methods do they use to verify access privileges?

Hidden costs

Software-as-a-Service (SaaS) may cost much less than actually purchasing software and the equipment needed to run it, but there are a lot of other factors that can jack up the cost. You’ll blow your budget pretty quickly unless you account for these ancillary costs during the planning stages:

  1. Technical upgrades – It’s possible you’ll need additional bandwidth or other equipment updates.
  2. Implementation costs – It takes a significant amount of time, money and effort to move resources and data to the Cloud, not to mention de-commissioning in-house systems. Also, be aware that the vendor may charge upload fees.
  3. Configuration/customization – Some vendors allow their services and applications to be customized, but they may charge you to do it.
  4. Vendor management – Even though you’re offloading many responsibilities, someone still has to keep an eye on the Cloud service provider. You’ll need to monitor service levels (i.e. uptime), incident response times and security measures on a continual basis.
  5. Data back-up – Cloud computing vendors handle data backups differently. You need to find out if your vendor includes backups in the subscription price, if it’s an add-on you have to pay extra for, or if you need to take care of it yourself.
  6. Lost productivity/downtime – No Cloud service, no matter how reliable its track record is, can guarantee 100% uptime 24/7/365. Stuff happens. If you’ll take a significant hit if and when your SaaS is offline, be prepared to deal with the financial loss.
  7. Training – This includes training IT staff as well as end users.
  8. Termination fees – If you decide to terminate your contract early, you may have to pay a penalty. You may also incur costs associated with moving the data back in-house or to another Cloud vendor.

 

Legal concerns

Unfortunately, moving to the Cloud isn’t as cut and dry as many vendors would have you believe. There are a number of legal issues you must be aware of in order to stay out of hot water:

  1. Other countries’ laws – As you well know, U.S.-based companies are subject to laws and regulations that govern how data is handled. However, if your Cloud service provider stores your info in data centers outside the U.S., you’re subject to the laws of those countries as well. Therefore, it’s important to know where your company’s data may be stored so you can research applicable laws and, if necessary, argue for a clause in the contract that limits where your data can be stored.
  2. Electronic discovery – Cloud computing complicates record retention efforts. In addition to maintaining internal policies and procedures, you now have to keep tabs on what your Cloud vendor is doing with your data – where they keep it, what file format it’s stored in and what search tools are necessary to sort through it all. That way you’ll be prepared to comply with any electronic discovery orders that result from legal actions.
  3. Data security and privacy – If your company is subject to laws governing data security and privacy (ex. HIPAA), you’ll be held liable in the event of a breach, not the vendor. It’s up to you to make sure the vendor is compliant with all laws and regulations that affect your data.
  4. Subcontractors – You not only have to make sure your Cloud vendor is compliant with all applicable laws and regulations, but you also have to follow up on any subcontractors involved in the equation.
  5. Data breach notification responsibility – By law, companies have a limited amount of time to notify individuals and law enforcement in the event of a data breach, which means your Cloud vendor has to notify you in a timely manner. Spell out the time frame in the contract.
  6. License agreements, terms of service – Sharing log-on information internally and storing prohibited types of data in the vendor’s Cloud are just two examples of how users may put the company at risk. User training and monitoring are necessary to avoid such legal troubles.
  7. General contract violations – Inadvertently violating the terms of your contract could really put you in a bind, so it’s vitally important that you take the time to negotiate a favorable contract, go through it with a fine tooth comb before signing and avoid traps like automatic renewal and clauses that say you can’t take your data with you if you change providers.

If you cover these issues before signing on the dotted line, moving to the Cloud should be a positive experience all around.

About the Author: Megan Berry is a senior editor at Progressive Business Publications where she covers mobile technology, cloud computing, IT management and more.  Visit PBP’s LinkedIn page to learn more about the company.

 

Related Posts:

  • No Related Posts

1 Response to "20 Reasons to Approach Cloud Computing with Caution"

  • Patricia 04:47 AM 21/11/2012

    Data governance is something that should definitely be addressed if you plan to house sensitive customer data on the cloud. We are a company that deals with fund of fund CRM in the US and UK so it’s important that we comply with US, UK and EU laws. It can get a bit tedious but it’s important that we don’t get locked out of accessing our data or infringe on data laws.

Leave a Reply

Your email address will not be published. Required fields are marked *