Considering the perennial resource challenges faced by IT departments, cloud computing and software as a service (SaaS) offerings are increasingly seductive.  When you factor in the IT needs of a firm as it expands, these services start to look essential.

Though the definition of cloud computing (and SaaS falls under that term) is still somewhat nebulous, most IT professionals define it to include Web-based, virtual servers as well as other services, applications and any subscription or pay-per-use tool that doesn't reside on your network.  By offering ubiquitous access, platform abstraction, scalability, redundancy and enterprise-grade disaster recovery, these services free up internal resources, control costs and allow IT organizations to focus on delivery.

However, as is often the case, one set of challenges is replaced by another.  Developing a diligent understanding of these new challenges is a key step in delivering the goal of global access to data.

In some form or other, every ILTA member firm depends on a distributed computing infrastructure that is not under its direct control.  Common examples are e-mail and Internet gateway services, DNS, mobile and data networks and vendor security updates, to name a few.  As consumers of these products, each of us has developed our own internal procedures to assess the reliability and integrity of any of these services to our business, but when extending these services to users globally, it's important that we re-assess the value and dependability of a cloud or utility provider.  The attributes to assess can be broken down into the following broad categories:

Network and Infrastructure "Nitty-Gritty."  How well do you understand your network (cloud) connectivity and that of the provider?  The abstraction of the service does not excuse you from getting "under the hood" to understand how your data is going to move and be stored.  How will the availability and redundancy of your electrons and bits be ensured?

Security and Integrity.  What are the procedures that the vendor has in place to preserve the security and integrity of your data?  Are their procedures open for review?  Does an administrator have the ability to view your data?  What are their procedures for handling data breaches?  To what level of audit do they subject themselves?  What are the procedures for investigating a data breach?  What assistance will be provided in the event of a discovery request?

Regulatory Compliance.  Providers should be able to demonstrate their regulatory compliance for every jurisdiction in which they do business.

Data Location.  Where does your data physically reside?  What commitments will the provider make to house your data in a specific jurisdiction?  With the constant search for cheaper power and cooling for data centers, what guarantees do you have that the data is going to be housed in a location that is acceptable to the data stakeholders?

Data Separation.  By the nature of the service, your data will reside alongside other organizations' data.  Encryption should be a given, but not solely relied upon.  What procedures does the provider implement to fully guarantee the segregation of your data?

Disaster Recovery.  You know your DR plan intimately; the DR plan of your provider should be viewed in the same light.

Business Viability of the Service Provider.  Is the provider a listed entity?  What is their financial health?  A provider on the slide is always going to try and make cuts in ways they hope you will not notice, but invariably you will discover the full extent of the cuts at the worst time for your business.

If the provider is acquired by another company, is your data going to be accessible at a reasonable cost when under a new banner?

Service Level Agreements.  What leverage do you have to hold their feet to the fire?  What are your contingencies for leaving the provider if their service level deteriorates?

There may certainly be other considerations that relate to the particular service under review.  However, once due diligence has been satisfied, the shrewd adoption of cloud services promises to deliver.

About our author :: :: ::

Sean Power was born and raised in Durban, South Africa and has eight years of experience in legal IT.  He has been in the current role of IT?Director for three years.  Sean has worked both sides of "the pond" and had a previous life as a college professor.  Sean has a strong interest in process management and developing business efficiencies.  Other interests include science education, skeptical thinking and all things sci-fi.  He can be reached at spower@mateerharbert.com.