451 Research recently released some results of its Voice of the Enterprise: Cloud Transformation Survey of IT Buyers that are worth sharing:
- Today 41% of all enterprise workloads are currently running in a cloud computing environment (public or private).
- By mid-2018, this number will increase to 60% of all workloads.
- 38% of respondents indicate a ‘Cloud-First’ policy when approaching workload deployments.
Given the data and what we’ve seen in terms of data center modernization, a Cloud-First approach to enterprise IT makes sense. But IT decision makers need to formulate a cloud computing strategy that factors in policies and procedures designed to protect sensitive data or cloud computing decisions made outside of IT. To reign in this kind of shadow IT, ask yourself and your IT team these ten questions:
- Which devices will be allowed? Create a list of approved devices that meet your security requirements. Make sure that approved devices haven’t been hacked or modified, which could lead to unnecessary computer network security exposure.
- What company data can be accessed? Given the mobility of personal devices and applications and your lack of control in terms of out-of-office use, either restrict or encrypt all sensitive data.
- What apps will be allowed? More and more apps are making the news for privacy violations and other non-disclosed device access. Apps are potential doorways through which information (and data) can be accessed. Do some homework on the risks posed by applications, whether they’re accessed by a mobile device or company PC.
- Will password logins be required? Some people use the built-in pin login features on their personal devices, but others don’t. Plan accordingly. For cloud apps accessed from the office, be sure employees are using complex passwords or cloud-based authentication.
- What will your IT support cover and what will it not? If an employee has a technical issue with an employee-owned device, will IT troubleshoot and provide assistance? Decide and incorporate this into your written IT policy to avoid any misunderstandings. The same goes for public cloud apps; if they aren’t approved for use in the organization, what will IT support cover when help is needed?
- Do you know your legal implications of a data breach? Not all data is created equally. If you store personal data, such as social security information, credit or financial records, or health records, there are legal ramifications from a data breach. It’s best to understand exactly what data you’re storing and what the law says regarding the storage of that data.
- Are you thinking long term? You may know your data storage requirements today, but data has a tendency to multiply (see IoT and Big Data implications on the data center), and depending on applications you’re using, your data needs tomorrow might be exponentially greater than what they are now. Build in growth scenarios and plan accordingly.
- Have you established data use policies? You can’t give equal access to all data. Salary information, for example, should only accessed by certain departments or personal, while other employee records should only be accessed by executive management.
- Have you factored in time and bandwidth requirements? Moving large data sets doesn’t happen in the blink of an eye. If you need to move 1 TB of data, it can take hours or days depending on your bandwidth connection.
- Have you looked internally? If your IT department is not taking advantage of server virtualization, you may already have the server capacity to house data. Granted, you may still need a backup solution, but server virtualization can free an amazing amount of data storage capacity, helping you make your existing server footprint work harder and more efficiently.
The answers to these questions can play a pivotal role in helping establish a workable policy for cloud computing usage and allow your IT organization to adopt a Cloud-First policy.