Molnet mognar och skapar bekymmer

Özgür Bal Okategoriserade Leave a Comment

Från att ha mött motstånd hos IT- och säkerhetsavdelningar under många år verkar molnbekymmer numera snarare drabba CIO:er.



In contrast to early cloud objections, more IT oriented, today’s concerns involve more line of business issues.

The three top cloud concerns of CIOs:

  • poor user experience due to performance bottlenecks,
  • the resulting impact on brand reputation and loyalty, and
  • revenue loss due to non-availability, poor performance or cloud service troubleshooting costs.

Both type of concerns, IT and Business, converge in cloud.


Following guidelines below, you will be able to mitigate them both.


1. Embrace a security-by-design approach.

By using a security-by-design approach, you focus on eliminating direct access to information.  This forms the foundation for entering a cloud model.  Information is being secured with policies that can vary from workload-based access to granular data access within applications.
Do not underestimate this approach, as it will also facilitate in audit capabilities.

2. Identify alternative deployment locations.

This segment refers in some way to my previous post on Cloud and High Availability.
As a company, you should always be capable in deploying or redeploying your images at an alternative location.
This means you should focus on identifying alternate environments for deployment, and select a vendor which has multiple datacenters available, enabling organization to respond to changing conditions with minimal interruption to the business.

3. Implement an active monitoring solution.

“Risks comes from not knowing what is happening”.  If your organization wants to address availability or instability conditions you must implement an active monitoring solution, like Op5 (for your information, City Cloud is providing an Op5 image in their library).

Not addressing monitoring of your environment could result in an under performing infrastructure which could result in damages ranging from poor customer satisfaction, to loss of customers.

Never underestimate the deployment of a monitoring solution. You need to make determinations as to the monitoring and intervals based on data content and should implement manual or automated procedures to respond to related events.  Basic tests are simple to implement but when it comes to enterprise monitoring, it is a good idea to hire external consultants.

4. Develop an disaster recovery plan and response team.

Security has also to do with the speed you can respond to threats and abnormal events.  Always document responses to different threats, implement procedures and educate your staff.

5. Make use of additional security services.

Cloud provided offer additional services to keep your business running in case of issues.  Make use of them.  City Cloud offers backup solutions, snapshots, monitoring, …

Take a look at the services your preferred cloud provider is offering and subscribe when suitable.

Use these guidelines to tackle all business concerns.  Explain your business how you support their concerns with technology.

Keep in mind that some critical applications might be too important to move to a cloud service provider.
Organizations must assess what data and applications they can reliably and securely put into the cloud without implementing “over-the-top”-security measures.
The final decision on what can be moved into the cloud is based on the IT maturity level of the organization itself, its risk tolerance and type of cloud provision that is best fit (IaaS,PaaS or Saas). From there, the organization can decide on security protocols and system to be implemented.