The cloud is a fluffy concept, and takes many different forms, but basically means any computer services that are provided on systems that you access over the internet. Examples include things like gmail, dropbox, and Google docs. It can include sophisticated applications for accounting, document management, and other business processes. Other forms include just the physical infrastructure that you install and manage your own software on. The cloud can offer many advantages when used properly, but also carries risks that need to be managed.
Here are 8 things to consider when using the cloud.
- Consider how mission critical the cloud service is to your business. Far more diligence and care is required for a service that is crucial to the operation of your business.
- Make sure you have a backup or mirror of the data in case something goes wrong.
- If the application is mission critical, make sure you have a continuity plan in place to keep operational if the cloud service is temporarily out of service or permanently gone.
- Privacy, security and encryption are essential to consider. Look at what information is stored and manipulated, who has access to it and how they access it, and what the consequences are if that information was compromised. Encryption is a complex subject and requires the right questions to be asked. Is it only when at rest? Is it during transit? Who has the encryption key? While it is not always practical, a zero knowledge approach where the vendor can’t access the data is ideal.
- If you use platform or infrastructure as a service where you are in control of certain aspects of it, make sure you get expert technical advice to set it up to make sure it is done right.
- Pay close attention to the provider’s service agreement. For basic, commodity services, the agreements will be non-negotiable and will include limited or zero liability if something goes wrong. As the cloud service becomes more sophisticated, personalized, and costly, those agreements tend to become more negotiable. The terms of the service agreement can be a risk assessment factor.
- In some circumstances privacy laws can dictate where data is stored or manipulated, or what you have to tell customers. Or your customers may perceive an advantage for the data to be housed in Canada, even though from a practical basis the risks may not vary much amongst first world countries. If any of these apply to you, make sure the location is where you need it to be.
- All the promises a vendor makes about data location, service levels, and data security have no teeth unless they are referred to in the service agreement, and are meaningless if not backed up by some consequence.