As everyone knows, cloud provider Nirvanix recently fell apart, declaring bankruptcy and leaving its customers in the lurch. Nirvanix gave enterprises less than a month to move their data to a new home. To avoid the fate of those customers, follow these best practices for safely moving data in and out of the cloud.
Due diligence: financials first
The Cloud Security Alliance's February 2013 report, "The Notorious Nine: Cloud Computing Top Threats in 2013" has identified a lack of due diligence as a continuing threat to cloud computing. When enterprises do look into cloud providers, their view of things is a bit lopsided. "Cloud consumers place too much emphasis on information assurance and privacy, or focus on cost reduction and savings at the expense of investigating the financial health of candidate providers," says John Howie, COO, the Cloud Security Alliance.
"Perceived profitability does not imply stability for a company or a service provider," says Adam Gordon, CISO, New Horizons Computer Learning Centers; "the management strategies of a company can squander financial success overnight, driving profitability, the company and its partners over a cliff quickly if nobody is paying attention."
Organizations should examine the financial status of the cloud provider. Enterprises can investigate public corporations by examining their regulatory filings such as a 10K through the SEC. "This will detail the cloud provider's finances and self-identified risks," says Howie.
"If possible, examine audited financials for at least the last two to three years," says Gordon. These should demonstrate an overall positive trend in the growth and management of capital and the business bottom line, Gordon explains. "While it is realistic to see fluctuations and negative outcomes over a period of time, unless we are looking at the Amazons of the cloud services ecosystem, we should expect to see positive growth in revenue and profitability as well as expansion over a two to three year timeline," says Gordon.
Financials should also demonstrate business management and business growth strategies that indicate a strong direction, long-term planning, sound risk management and the ability to weather crises while maintaining focus, clarifies Gordon, drilling down. "Investments that support a long-term strategy for growth and market share acquisition are important indicators of stability as well," says Gordon.
Howie advises large enterprises to consider using a cloud broker to analyze their cloud computing requirements, determine their risk tolerance and select cloud providers that are a match for the enterprise. "Cloud brokers will examine providers' overall financial health and determine the potential likelihood that a provider will withdraw service," says Howie. The US National Institute of Standards and Technology (NIST) has produced Special Publication 500-292, which defines the role of a cloud broker.
Sign up for CIO Asia eNewsletters.