How to manage cloud project security worries

Security is a critical component of any cloud project. A priority not just in terms of importance, but also timing, validating a security model that addresses both genuine concerns and security ‘hype’ should be an early deliverable. Security fears can be a deal-breaker for cloud projects so it is important to put those worries to bed early-on and to win confidence from the outset.

Businesses should ask their cloud provider to expose the security policy and model used for the creation of the cloud as well as the test cases and test reports associated with its certification for market readiness. This will allow an effective ‘fit for purpose’ assessment prior to any costly project activity, and will make for a more realistic business case.

The most critical point is the security of data: Is it secured? Can it be recovered? Can it be stolen? These are the most serious questions that need answers. Ultimately cloud is only credible if you can hold the provider to account.

Be pragmatic about security concerns: create multiple security domains and align workload into the most appropriate security domain.

Start to drive early wins to gain confidence. Consider the implementation strategy and deploy early to target areas of the infrastructure that will see the fastest returns on having access to a more agile model. By being selective you can celebrate success faster and create change champions to create confidence around what can be gained from the new service.

If you create case studies with specific scenario’s around the business challenges resolved and at a fraction of the cost then its easier to relate to this at a business level. For example, Soak testing infrastructure will require lots of CAPEX but is only needed for a short period of time; with a scale up/scale down service the CAPEX is avoided and testing can be done quickly.

The creation of a model office for testing purposes and to allow demonstration to all stakeholders and communities will be a powerful tool in the project’s armory.

Remember that a cloud project, to all intents and purposes, is just like any other project. But it will drive real and lasting business change across numerous dimensions of the business operation. Businesses and cloud teams must ensure that the project caters for the impact of this or the results and returns will be significantly affected.

New developments which make information systems and information technology more accessible or agile often result in projects embarked upon without responsibility being taken for the consequences. Visualisation, for example, resulted in massive growth and server sprawl in many companies, rather than reduction.

If your processes around provision, budget and control of IT infrastructure lack accountability, or if you have a risk adverse architecture and security group who operate a ‘not invented here’ mentality, then cloud and service orientated infrastructure is probably not appropriate for your business without the board level leadership needed to drive paradigm shift of this nature.

But, if you are prepared to manage and control risk with the appropriate governance and due diligence, managing cloud projects are no more complex than any tradition IS/IT programme.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Barry Osbiston is Head of Service Delivery for T-Systems in the UK. T-Systems is the corporate customer arm of Deutsche Telekom. Barry is passionate about ensuring that technology enables and empowers business. In his 25 years of working in the information systems and information technology fields, he has driven major changes across numerous outsource organisations, from both operational and service management roles. One of his most significant posts whilst working for a major outsource organisation was Director of Service for the NHS, as well as for other Public Sector organisations.