As CIOs develop their federated cloud strategies, one of the things they want to avoid is being locked into a particular vendor or service provider. As a result, many IT organizations are looking for ways to enable data portability. CIOs want the ability to move data from one cloud provider to another if they are dissatisfied with the service they are receiving.
At this point in the young history of the cloud, there are no broad, well-accepted public cloud standards. However, because of the web-centric focus of most cloud architectures, it is relatively easy to develop APIs to enable this portability.
The federated cloud concept is still new. Nevertheless, given the double digit pace at which all categories of enterprise cloud computing are growing, it will be critical for CIOs to establish a unified framework for managing these environments.
Erik Sebesta, founder and chief architect and technology officer for Cloud Technology Partners, has been helping clients build an application development framework. Clients go through their application portfolio and determine where each application should live and which are mission critical, meaning core to the enterprise with sensitive data.
"As a result, it comes down to where an application should be built. Should it be built on a public platform as a service, on a private platform as a service? Should it be migrated to a SAAS platform? Should it be brought into a managed service?" Sebesta says. "The starting point is really to develop an application decision framework and from there, build out solutions."
The common framework must provide governance guidance on what type of applications and data are allowed to go into the public cloud environment, and what must stay inside the firewall in a private cloud environment due to regulatory and corporate compliance requirements. The framework should also offer insight into how management and monitoring resources can be shared and optimized to create transparency and facilitate integration across all of the cloud environments.
Irfan Saif, who leads Deloitte's security and privacy practice for the technology, media and telecom sectors, believes that defining a holistic strategy is critical with any cloud implementation. Users must also understand their responsibilities, especially as they relate to regulatory compliance, security and risk management. Where are the lines drawn? What kinds of specific requirements do you have? How can you make sure they are adequately embedded into the contract?
"Make sure you have a vehicle to go out and test these third party solution providers to make sure they are doing what they say they are doing and that they are in compliance with the requirements you are putting on them," Saif notes. "Ultimately the responsibility lies with you. It's your data or it's data about your customers."
Sign up for CIO Asia eNewsletters.