2013 will see additional momentum in the Middle East for Cloud Computing, in both government and private sector.
No doubt the benefits or otherwise of moving to the cloud in the public sector will be debated long and hard, but it’s important to remember that all organizations in the region that want to hold data in the cloud and use it for storage, backup and archive will need to consider a wide range of legal and data management issues.
They’ll also have to think hard about whether or not they want to take a ‘DIY’ or managed services approach to the entire process. There are many ways to use cloud services, and the issues around data are some of the most divisive.
There are clear benefits to working with a managed service provider: getting a third party to manage data/storage for you enables you to focus on your core business; Disaster Recovery including testing is frequently offered as part of a managed service, and sending long-term, non-critical data to the cloud instead of keeping it ‘local’ can be a cost-effective solution that eases local backup pain.
Data Law Tips
- For some organizations, having data cross international boundaries could present challenges so make sure you know where your data will end-up; what’s perfectly legal here may not be in other jurisdictions.
- Data security is only as good as the weakest link – an open laptop with a stored password could land you with a fine from the Information Commissioner whether you use the cloud or not.
- Balance – a service provider’s terms may look defensive but you have to ask – on balance is it better than what you have now?
Backup can be a huge drain on resources, so employing a dedicated specialist organization to do it not only saves you time, but increases the likelihood that it’ll be executed to a higher standard.
Many C-level managers may like to assume backup is already being managed effectively, whether it’s in the cloud or not, and they’re often shielded from any hiccups in normal service.
However, it’s increasingly common for line-of-business or even project owners to make the choice for a managed service. Keeping an eye on this is very important.
Choosing to go down the managed services route for cloud storage means it’s possible to significantly mitigate long-term storage costs, provided that some sort of effective pruning takes place for data that is beyond the scope of current governance guidelines or law.
It means that archived data will rely on cloud copies, instead of you having to manage multiple copies internally.
Outsourcing also enables an organization to plan for unexpected growth and counter escalating costs by buying into a ‘pay-per-use’ approach to data management and storage; the elastic nature of the cloud means it’s much easier to scale up and down as required. This also means that over specification can be eradicated, though tying yourself to a service long term can have an impact if you unexpectedly grow beyond the target market of that service.
For IT Directors in the public sector – and IT Directors in general – who are being tasked with saving money without spending money, the managed services model is potentially the ideal solution. There is no capital expenditure to be found up front and the impact of IT on the overall budget can be managed more effectively in the mid-to-long term as an on-going operational expense.
For larger organizations, with a high degree of Intellectual Property to protect, for example, the big issue will continue to be security around where the data resides. Some data is highly sensitive and organizations are therefore reluctant to release it to a third party where it may traverse international boundaries, even if that provider is able to store and manage more data more cheaply than they can by managing it themselves.
Another critical consideration is the legal minefield associated with Service Provider terms of service. Few in IT management are also legal experts and complicated legal jargon and catch-all small-print can present issues should the worst happen.
The truth is that you can be assured the service provider had legal counsel create the document, so at the very least you should get it checked by your own legal expert.
In the past, making the right decision involved working with a reseller or integrator to get the balance right between business needs, technical requirements and price; it is now becoming infinitely more complex. Few resellers can offer their own ‘pay as you go’ model and are more likely to be ‘cloud brokers’ offering a combination of services which may mean multiple terms of service – and more legal checking.
In order to take a more holistic approach to storage, backup and archive, organisations need to be able to compare ‘like with like.’ They need to fully understand what the service provider is actually offering compared to what they can deliver for themselves; doing this right generally means the unpleasantness of properly surveying what you have and what you’re doing with it.
The good news is that many service providers also offer ways to help you build a picture of what’s really going on and what it really costs. While you might think the results could be loaded in favor of getting a service, you’d be surprised – they mostly give a clear direction either way that is hard to fake.
For smaller organizations, the decision to use a service is relatively easy. Although there has been a significant uptake by SMBs for cloud storage because it provides a quick, flexible and (often) lower cost solution, there’s a concern that few check the terms and conditions. This is a mistake that larger organizations with more complex or specific requirements simply can’t afford to make; they need to have the ultimate levels of confidence in the platform underpinning the cloud service.
For example, many of the products used to create a cloud-based solution that you might be prepared to bet your business on could be open source, freeware or even products you have discounted as unsuitable yourself. So while the expertise of the provider may mean everything will run satisfactorily under normal circumstances, it’s still worth investigating what infrastructure they use.
The good service providers will be open with you. If the terms of service and SLA’s appear to be exactly what you want, you could argue that the tools don’t matter but I suggest that where technology is concerned, the opposite is the case.
Things to ask prospective service providers:
- Can I see your ISO Certifications (remember to also check with the certification body)?
- What vendor certifications do you have and what is your training policy?
- What happens to my data when the service is terminated?
In the financial services, legal and retail sectors Intellectual Property (IP) is a critical factor; here the technical choices of the service provider are arguably more important in terms of data security. Historically, these organizations have thought it inappropriate for a third party to take responsibility for any IP data but they may well be prepared for less important data to be managed externally.
This attitude is shifting and more organizations to trusting others with their crown jewels. But where only the systems outside the core find themselves in the cloud, it must be remembered that data invariably ‘leaks’ from the core IP locations out into the secondary systems.
So if these are considered for a move to the cloud, security is still just as important.
Clearly one size does not fit all but the diversity and choice available makes the cloud a very real solution for many CxO’s and IT Directors. Whether it’s appropriate for all organizations to take a ‘Cloud First’ approach to data management is another matter again.
Edited by
Braden Becker
