Category: cloud

  • Going Rogue into the Cloud?: Hidden issues in Cloud Deployment.

    Institutions are moving quickly to the cloud. Often CIOs justify the move based on gains for enterprise applications in the areas of speed, agility and flexibility in spite of their concerns about redundancy and security.   A recent report indicates there are still other potholes on the road to the cloud for the enterprise.   This 2013 report “Avoiding the Hidden Costs of Cloud” is based on a Fall 2012 survey commissioned by Symantec of 3236 business and IT executives in 29 countries It provides insight to the types of issues IT departments will encounter in the push to the cloud.  
    Hidden Costs?
    The issues summarized from the report are indeed challenges.  However, for a survey report with a title that includes the term “Hidden Costs”  there is precious little financial detail as to what these costs are: are we talking one dollar or a million dollars?  Lack of financial details aside, the survey results provide important issues which are not always discussed when an institution is developing an overall cloud strategy.
    Hidden Issues in Cloud Deployment
    Rogue Clouds
    This Rogue Cloud challenge is an offshoot of a challenge some refer to as “Shadow IT”  he deIn the past several  years you began seeing impatient department managers securing extra budget money and hiring outsiders to build a database for various tasks.  These tasks range from managing mailing addresses to retrieve feedback from a targeted population.  After accomplishing desired goals with this activity the department head would work the cost into their operating budget.  Other managers would take notice and start building their own databases. Then along came the cloud, and IT’s perceived lack of timely delivery of a desired service was amplified. Managers also encountered consumer based products which were easier to access and which heightened frustration with the traditional delivery of IT service.  This issue,sometimes referred to as the “Consumerization of IT”  allows department managers to seek outside vendors to automate various business processes, from customer relationship management to classroom evaluation services. Many of these consumer-based services can also be defined as a rogue cloud services as identified by the survey.  
    The survey revealed 77 percent of all businesses have experienced rogue cloud situations, or unauthorized use of cloud services, over the past year. This can put sensitive business information into a position where it could be compromised, without approval from IT or high-level management. Those responsible are doing it in order to save time and money, and yet the results may in fact be the opposite.
    The concerns about rogue clouds should be considered. Forty (40) percent of organizations surveyed have in fact experienced the exposure of confidential information. Other issues include theft of goods or services, account takeover and even defacement of web properties, experienced by more than one-quarter of businesses.
    Backup Difficulties and Inefficient Storage in the cloud
    Backup is a challenge for organizations. A majority of organizations surveyed are using at least three different backup solutions. Nearly half have lost cloud data and two-thirds have experienced recovery failures. Another hurdle is the perception of cloud recovery as a slow process; only about one-third considers it fast, and the majority estimate that if they experienced a catastrophic data loss it would require three or more days to recover.
    The ability to store information in the cloud is one of the most significant advantages the technology offers, because we only pay for what we use. The survey showed, however, that the utilization of the storage businesses are paying for is low – only 17 percent, when it should be over 50. Storage is made even less efficient by the lack of deduplication – about half report that little or none of their data is deduplicated.
    Compliance and eDiscovery Difficulties
    Half of organizations expressed their concern about meeting compliance requirements and proving compliance. Twenty-three percent of respondents have been fined for violations of privacy. There are also eDiscovery concerns when businesses are required to find the right information quickly. One-third of organizations have received eDiscovery requests for information stored in the cloud, and they have not responded well. Two-thirds of those receiving the requests have missed a deadline, leading to costly penalties.
    A list of recommendations provided by the report include:

    1. Focus policies on information and people
    2. Educate, monitor and enforce policies
    3. Embrace tools that are platform agnostic
    4. Deduplicate data in the cloud
      Below, I have included a MindMap I put together several years ago to help clarify how the cloud impacts use.  Amazingly it is still relevant.

  • Note to Self: A checklist of steps you should take when planning your move to the cloud

    What should an educational institution think about before committing to a cloud provider.  Daniel Solve the John Marshall Harlan Research Professor of Law at George Washington University Law School, the founder of TeachPrivacy, a privacy/data security training company, and a Senior Policy Advisor at Hogan Lovells provides a great starting point in the following video.  
    One of the major compliance issues education deals with is FERPA. Solve says FERPA provides little guidance to educational institutions looking at the cloud.   The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects students’ privacy by prohibiting disclosure of education records without adult consent. FERPA also allows parents and students over age 18 to inspect and review education records and request that inaccuracies be corrected.  
    Schools may share basic “directory” information, such as student names and phone numbers, if they give parents the opportunity to opt out. However, advance written permission is required to release all other student-level information, such as student coursework, class discussions, recorded comments, and grades, if they are linked to any information that would enable a member of the school community to identify the student. Several exceptions in the law allow individuals such as teachers and administrators with a legitimate educational interest in the student’s record to access personally identifiable student data without prior parental consent.
    Solve’s video is very good, but we thought it might be helpful to have a checklist of items available for you to cut and paste when beginning the conversation with a potential cloud service provider.  Institutions should take the following steps before  committing to the cloud:
    Prior to Contracting with a Cloud Provider:

    1. Conduct due Diligence on the Cloud Provider
      1. What is their reputation?
      2. Do they have References?
    2. Establish a relationship with the Cloud Provider
    3. Ask questions such
      1. How Does it store the data?
      2. How does it protect the data?
      3. Where is the data stored?
      4. What is your accountability infrastructure
    4. Make sure the contract has provisions for:
      1. for securing data
      2. confidentiality
      3. technical administrative and physical security
      4. deleting data which is no longer needed
      5. abiding by institutional privacy policies
      6. training for employees including on institutional client policies
      7. subcontracting by provider should be allowed only with written permission of the client
      8. use of data

  • Is your Premise Equipment Vendor about to be “Twinkied” by the Cloud

    The rush to the cloud is underway in both the public and private sector.  Companies such as Vivantech ,a Higher Education ERP service and implementation provider, by introducing Cloud Centric software deployments are certainly changing the outlook for the traditional rack and stack server deployment.   Although there are still concerns about security, regulatory compliance , bandwidth and redundancy the cloud movement continues gaining strength.  Rob Vandenberg says, that former U.S. Chief Information Officer Vivek Kundrachanged the game for the government cloud. He implemented the aggressive “Cloud First” cloud migration strategy, tasking government agencies with migrating 80 services to the cloud within 18 months. The move is projected to eventually save the federal government between $5.5 billion and $12 billion per year. The federal government plans to further streamline its $80 billion IT budget by closing 472 federal data centers by the end of this year, and nearly 500 more by 2015.
    What is your timeline for moving to the cloud?  If you have not begun mapping this out now is the time.  ABI research says that by 2016, 41% of all enterprise communications users, or 386 million lines/seats, will be on virtual infrastructure.
    Your on premise inventory and management plan also needs a look.  ABI research analyst Subha Rama says, “For CPE vendors, the cloud threat is real, By 2016, the communications CPE market will only grow 4.3%, while cloud communications will grow by over 21%, reaching $8 billion in revenues.”  Just as the time of the Twinkie came to an end, premise equipment vendors will likely be “Twinkied” if they cannot the make the cloud transition seamless and without performance penalties.  If you are counting on your favorite premise equipment provider to be there five or more years down the line you may need to come up with a contingency plan.
    At my current shop, Casper College,  we are adopting a mixed approach to cloud migration. While certain applications are part of our cloud experimentation, others are retained on premises and still other core applications are already on the cloud.  Mixed environments and hybridization will likely become the norm, especially with larger enterprises. There are many issues still impacting decisions for cloud migration. Rural institutions such as mine have even more such as lack of bandwidth options, which are often assumed in most urban environments. Better tools must and will become available to manage hybrid clouds and to enable seamless movement of applications instances across different vendor clouds and existing premise equipment deployments.