Cloud data centres will process over three quarters of workloads by 2018, according to Cisco. Del Heppenstall, co-author of KPMG’s ‘Moving to the cloud – key considerations’, looks at the reasons for migrating – and how to manage it effectively.
• Should we be considering moving some of our IT to the cloud?
• What will, and what won’t, we move?
• What model of cloud is most appropriate for us?
• How will we run due diligence to choose a provider?
• Do we have the right risk management processes of our own?
Download the report
As consumers, whole swathes of our data are based there, we just don’t realise it. Meanwhile, increasing numbers of businesses are moving significant parts of their IT, and therefore their data, to the cloud too.
There are many potential advantages. Because the cloud is flexible and scalable, businesses pay only for what they use, and can easily ramp capacity up or down. So it’s more cost effective than keeping everything in-house. It gives you increased capacity, subject to what you’re willing to pay for. It increases business agility too, given its scalability.
In fact, it can be a facilitator of innovation, because it becomes much easier to pilot new ways of doing things. You can spin up a cloud instance of a new application or configuration in minutes rather than having to procure new infrastructure and fit all the necessary hardware.
In fact, if you don’t join the cloud, you run the risk of being at a competitive disadvantage to your peers.
The perceived security risk is a common barrier. But in fact, if you choose your cloud provider and model carefully, I would argue that it can increase security. For the big cloud providers, this is their business after all. They are investing millions in their systems and are constantly monitoring for new threats or signs of compromise. With a good cloud provider, you get security wrappers and layering that you probably just couldn’t afford on your own.
Indeed, the security onus is due to rise for cloud providers thanks to a new piece of EU legislation. The EU General Data Protection Regulation places higher requirements on cloud providers to safeguard their clients’ data, with the threat of fines of up to 4% of global turnover, up to a maximum of 20 million euros, per incident. This takes effect from 2018.
If you are contemplating moving some of your systems to the cloud, it’s like any business process transformation: you’ve got to have a clear strategy and a roadmap. You need to be clear about what things you will (and won’t) put in the cloud. You also need a phased implementation plan – a ‘big bang’ approach is unlikely to be successful.Of course, a key decision is which cloud provider you use. As with any key purchasing decision, due diligence is vital. It’s critical to carefully compare cloud providers and their service agreements. A good place to start is by looking at what independent assurance statements and certifications they have. Common ones include ISO 27001 and SSAE 16 (there are others).There will also be lots of more detailed decisions to make, such as what model of cloud you put your data into – Infrastructure as a Service (IaaS), Software as a Service (SaaS) or Platform as a Service (PaaS), and whether you take your own ‘private’ cloud facility or go for a shared ‘community’ cloud arrangement.
But whoever you go with and however you configure it, it’s essential to have the right safety nets in place. It’s still your reputation on the line if any breach occurs. To manage risk, you need an in-house cyber incident response capability and a documented crisis management policy that can be implemented quickly.For those that get it right, a cloud strategy can support business growth. It lowers costs and frees up internal resource to focus on high-end development issues, rather than merely day-to-day IT management.