Cloud has been described as an extraordinary step change in the way IT-based services are delivered, but fundamentally, the cloud is but another form of outsourcing which will help businesses drive down costs. And it is here to stay.

In pure business terms, cloud is essentially a flexible, scalable, pay-per-use model for the way

IT services are delivered and consumed, typically through short-term contracts. With its pay-as-you- go model, cloud moves many IT costs from capital expenditure to operating expenditure; its “elastic model” means available IT capability can be flexed to mirror changing business demand; and enables consumers of IT to have much greater transparency over their costs.

But to understand what that means to the business, the benefits and potential risks of migrating to cloud services need to be carefully considered. In any discussion about the cloud, the enthusiasm of evangelists is all too often tempered by the inevitable sage words of security-conscious CIOs. This isn’t surprising. After all, we are talking about moving confidential data away from physically being under the lock and key of a datacentre that the company owns and maintains – to an outsourced third party, possibly to an unknown location on the other side of the world. Three security areas in particular merit a closer look.

Data Location

The location of the data centre is the first consideration for any CIOs thinking about moving to the cloud; the questions that ensue as to what actually happens to your data are plentiful: where exactly is it kept? What happens when you end the contract? What happens if you terminate the contract early, or are in dispute with the outsourcer – is it still your data? Can you get access to it quickly? Is the data subject to laws of that particular geographic location?

Regulatory Compliance

This latter question of geographic location pivots on the differing regulatory compliance laws that will impact your data. These demands vary from country to country; for example, here in the UK, we are subject to both the Data Protection Act as well as the Freedom of Information Act. In the USA, the Patriot Act means that the US government can access data held by an American owned company anywhere outside of North America. This means that should your sourcing partner be an American firm, with your data located in e.g. the Philippines, the US government can still access your data. Should US officers search another company’s data that is hosted on the same shared infrastructure as your own your data could also be accessed and impacted.

Recovery

A third concern when outsourcing your IT services is the back up recovery guarantees in place of your data. What happens in the event of a natural disaster? How safe is the infrastructure of the premises? Or indeed the political or economic stability of the country? What guarantees are in place to ensure recovery is swift and complete? In the event of loss, can it be recovered and stripped from everybody else’s data?

The Right Approach

These are all valid concerns. However, provided the right approach is adopted, your organisation can be confident that embracing the cloud will yield tangible gains.

Critical to the success of any cloud deployment is to understand that there is no one-size-fits-all solution. Indeed, the answer to these questions will depend on the nature of the cloud delivery model – be it public, private or a hybrid of both.

The first step is to decide what data can be migrated to the cloud and stored externally within a community or public cloud, and what data should be retained within a private or trusted cloud environment. The key is knowing what data you are allowing into the cloud and which type of cloud is suitable for that data.

Once this data split has been undertaken, the next step is for organisations to do the due diligence on the proposed cloud provider. Customers must understand that the cloud demands a more – not less – rigorous process to ascertain the right model and sourcing partner for their business needs. This means ensuring the right service level agreements are in place to address the above issues.

The Right Partner

Finally, deciding on the sourcing partner will depend on a number of factors. The Cloud Security Alliance Standards is a good place to start for anyone wanting guidance for best practice relating to the cloud.

Cloud deployment works best when it is tailored according to the customer’s needs. And the above concerns can be met in a multitude of ways.

In the case of data location, CIO’s should be able to choose between an in-country or offshore location solution or a mixture of both, according to the data split decided upon. The case for knowing exactly where your critical data resides and the conditions for accessing it, is abundantly clear. Non-essential data (e.g. website content) can be more economically placed in a public or community cloud.

Concerns regarding recovery can be allayed via a private cloud solution. In Fujitsu’s case data is secured in more than one datacentre, meaning recovery is virtually instantaneous. The private cloud ensures that this service is dedicated to your organisation which brings with it its own benefits: for example, our customers can request that their data is stored either in dedicated physical security or specific virtual arrays with no other shared access. The physical disks can be returned to the customer should that need arise; in the virtual scenario the segregated array will be overwritten and returned to the pool for reallocation.

Regulatory compliance can best be addressed by having an end-to-end solution. Because of the proliferation of companies offering various “as a service” offerings, the complexity that ensues can result in a situation whereby different data could be subject to different national laws. An outsourcing partner that provides such a service is better placed to ensure the security of your data.

A final word would be that security will always be a concern for CIOs. The issues identified above are from insurmountable, neither are the remedies prohibitively expensive, but as the cloud matures, so do the solutions that ensure companies can outsource effectively with the clear cost benefits that will surely ensue.