Acquiring and implementing a cloud service environment is an appropriate action under the right circumstances, with a concise strategic plan, and a clear understanding and awareness of the potential problems that may arise. The essential question that must be asked and answered: is it in our best interests to continue to support a conventional IT environment or to move it to a Cloud Service Provider? The remainder of this section outlines the steps that are part of the decision process to move to the cloud and to select an appropriate Cloud Provider.
The first consideration for a go/no-go decision addresses the sometimes complex cultural aspects. This includes discussions among the stakeholders, including those currently providing the conventional IT services (since they may view this action as a threat to their jobs), and those who have an interest in the business operations (since they are responsible for cost, hiring, training, company competitiveness, flexibility, etc.). There is a certain amount of emotion and politics in this decision and time must be spent on educating both sides on the real issues and risks before making a decision. Part of this discussion requires a mindset shift from viewing the conventional IT environment as a cost center to that of viewing the cloud environment as business driver and beneficial asset. The result of this step must be an agreement among all stakeholders to move forward with the analysis.
Preparation for a cloud transition next involves defining the current conventional IT environment. This review includes the IT architecture and systems:
Each of these are candidates for possible relocation to the cloud.
A decision to move to the cloud is not an all or nothing strategy. Some components such as hosting and storage servers are more obvious candidates than end-user systems like workstations, laptops, and printers. Things that the cloud does best usually include "available anywhere" computing, backup and disaster resources, flexible business plan implementation, access to emerging technology and cost reduction measures for personnel, training, 24x7 support. Other things such as those requiring essential elements such as security should remain on conventional IT systems. The resulkts of this review should be socialized and agreed to among all the stakeholders.
A risk assessment of the cloud strategy identifies how the specific risks to the Security is a critical component of a decision to move forward with cloud computing. This security review determines the cloud strategy's specific requirements for access control, integrity, availability, and compliance. These are discussed in more detail in the Cloud Security topic; this is a link to the acquisition page.Review Security Risks
There are a many large and small cloud service providers. Choosing the one that best meets an organization's needs is not a simple task. Large cloud service providers with 10 or more years of experience are well-known: Amazon, IBM, Microsoft, Google and Oracle. Smaller cloud service providers cannot deliver as complete or robust package of capabilities as those larger services mentioned above, i.e. IaaS, SaaS, and Paas, and may go out of business over time. Additionally, small cloud provider's knowledge and application of cloud security may be problematic. Large providers, in addition to the expected capabilities, often have specializations, e.g. Microsoft offers access to Windows Office 365 desktop software, Google offers Google Docs, Code, and rapid user application development. Small niche providers are often focused on specific business models, (e.g. health care, financial services, hospitality) and can offer application hosting and knowledge to support software for these businesses. Another advantage for the small provider is that every customer is important and they are motivated to be more responsive to customers.
What is a cloud service broker? They act as an intermediary between the buyer (customer) and clouid service provider and provide technical design and implementation support to assist the buyer in translating their operational business needs into a technical specification relevant to the offerings of specific cloud providers, e.g., Microsoft's Azure or Amazon Web Services. These are typically resellers and integrators certified by the specific cloud providers who use their knowledge to save the buyer time and effort to recommend the services that most closely fit the buyer's needs. In working with a cloud service broker, a buyer should recognize that the brokers have confliucted interests since they benefit from the transactions they broker or resell.
In many cases, this acquisition process will result in a single provider who stands out as the best choice, driven by the specific cloud strategy. If other cases, the candidates can be evaluated by price, service quality, or other business-specific factors. Following this acquisition process simplifies an otherwise confusing process, and empowers the customer.