In a previous article (‘Taking stock in the shadow cloud’) we looked at how the rogue use of cloud services in organisations has accelerated. In light of such daunting figures, how can businesses manage their cloud activity successfully?
The adoption rate of cloud-based services in Australia and New Zealand is the highest in the world. Small wonder: it offers speed, efficiency and agility to many enterprises.
Organisations however, must be strategic in their approach to cloud-based services. The development of a collaborative atmosphere between IT and business that fosters mutual trust and verification is a key success factor in enabling this new business imperative. It’s critical that the solution to managing cloud activity doesn’t hinder the business benefits that it can provide.
One of the new risk paradigms we have encountered has been ‘shadow cloud’. Cloud activity within an organisation that hasn’t been sanctioned by the IT department or unmonitored activity that plugs into numerous networks of external providers clearly both present some risks to enterprise.
The key to successful cloud adoption is to embed it into existing strategies and processes. This shows a commitment and understanding that cloud is the new normal, and as such will be fully integrated into business operations.
Our experience has shown that organisations often have quadruple the number of cloud services as they initially thought and therefore, taking control of employee cloud activity can seem like a daunting task. To help, we have developed the following ten practical steps:
1. Discover and assess
Conduct a systematic discovery to build an inventory of services and form a risk profile.
2. Tackle business requirements
Work with departments across the business to understand their requirements. Use this process to establish stakeholder acceptance of the issues involved.
3. Comply with standards and regulations
Third party cloud services can pose a challenge to your organisation’s standards and regulations. Implement intelligent vendor management practices to help mitigate this risk.
4. Establish SLAs and contracts
When dealing with sensitive data sets or business transactions, ensure providers are willing to submit to service level agreements and other contract terms that meet your needs. Once these expectations are established, similar solutions can be assessed more quickly in future.
5. Manage the lifecycle
To ensure data governance, categorise data according to its useful life and manage its lifecycle accordingly.
6. Lock it down
To ensure the safety of your information, identify who needs access to applications and create an access control list. Make new users fully aware of protocols and apply encryption to data that is transferred from your company to a cloud provider. Ensure key management of the account is available to you if needed.
7. Make it resilient
If a cloud provider has an outage or goes insolvent, what would you do? Create a response plan that includes continuity and recovery procedures for providers of critical services.
8. Keep it on the radar
Manage and monitor your cloud service providers to ensure value generation and risk management.
9. Support the operation
Develop an IT architecture strategy for the consumption of cloud services that allows for efficient user access management and service interoperability; enabling an ‘integrated cloud’ for your organisation.
10. Manage cloud solutions
Depending on the level of cloud adoption in your organisation, you may wish to explore automation of monitoring and management responsibilities.
For more information on cloud adoption in enterprise, read our report Managing the Shadow Cloud.