This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Most organisations are familiar with the benefits of moving at least some business processes onto the cloud platform, and return on investment (ROI) metrics for base scenarios of various cloud deployments are abundantly available as well. However, less is understood about the potential risks involved in shifting specific business functionalities onto the cloud - which have often been understated and underestimated.
For a midsized enterprise, the decision to evaluate any cloud footprint should begin with the constitution of a risk evaluation and contingency planning board. The board should include the relevant business process owners, risk management specialists, vendor coordination managers, legal professionals, and members of the corporate strategy team, as well as the head of IT operations and strategy. Its mandate should be to evaluate the following risks:
1. Access to Private Data
In today's fiercely competitive business world, the enterprise must do everything to protect the confidentiality and availability of its data. While planning a transition to the cloud, the board must identify a detailed plan to ensure confidentiality of transactional and master data both during and after the migration.
Prior to deciding on a cloud presence, the research should list key evaluation metrics for potential vendors on security infrastructures, and the final report should outline policies to govern user access and segregation of duties (SoD). These should be applied to both new cloud applications, as well as the points of interface between the new cloud system and existing on-premise application systems. This is more critical if the plan is to rent facilities in a multi-tenanted environment.
2. Availability of Platform
Should cloud environment availability be critical to business operations, the board, rather than the IT operations team, should be responsible for formulating a business continuity plan and executing it. For all customer-facing processes with revenue implications, all possible causes of non-availability should be identified. A fallback option, either in conjunction with the cloud vendor or with capabilities developed by internal IT, must be put in place before the decision to migrate is sealed.
The availability definition for external, user-facing processes should include acceptable response benchmarks for key transaction flows, as a poor experience with a website often turns users prematurely and permanently away from an offering. The second aspect of availability considerations refers to the choices open in the future. The board must ensure that the company always owns all master and transactional data in the cloud environment. Additionally, the contract must allow it to migrate the content out at a later date at a minimal financial and operational cost, should the enterprise choose to sever ties with the current vendor or if the service provider ceases to exist or offer the solution.
Sign up for CIO Asia eNewsletters.