While the on-demand utility model of cloud computing empowers users and speeds up projects, she argues those services may be too easy to consume. For example, one company has a CIO who is receiving bills for 25 different people in his company with 25 different accounts with service providers. That may be an example of something too easy to consume. It also begs the question as to whether that company has the right controls in place to control this kind of sprawl.
Considering the fact that this organization is using various cloud providers, it’s also a fair question to ask exactly what is being put in the cloud, which brings us back to the question of SLAs and vendor lock-in risks. . Is the information sensitive? What do the SLAs say? What does it cover? Is the provider responsible for regulatory compliance or is the user? Will you be locked in and who does the data belong to now?
Some companies don’t care about SLAs, and they just use the cloud because it’s easy. That’s OK, until something goes wrong. With liberal use of multiple clouds, like the situation described earlier, it might be wise to at least publish a policy around defining and preventing users from putting “sensitive data in the cloud.
However, if you are using an enterprise-level infrastructure cloud. At BlueLock we’ve built our solution with a 99.99% SLA, in a SAS 70 certified data center and we can help companies build a more secure and compliant environment using industry standard tools like Checkpoint firewalls, Shavlik and IBM. With respect to vendor lock-in, our clients can worry less about this issue because we’ve built our Cloud Platform on VMware, which means they can migrate their servers away from BlueLock by loading them into another VMware-based cloud, including an internal cloud.
There are considerations with any infrastructure choice a company makes, but there are also ways to avoid the big ones. Just remember, you get what you pay for so know your infrastructure choices and know how to manage your risks.