2013-01-09 17:42:08 - As business move critical applications to the cloud, they need to pay close attention to the wide range of legal and data management issues
DUBAI, United Arab Emirates, 9th January, 2013: This year 2013 will see additional momentum in the Middle East for Cloud Computing, in both government and private sector.
No doubt the benefits or otherwise of moving to the cloud in the public sector will be debated long and hard but it’s important to remember that all organisations in the region that want to hold data in the cloud and use it for storage, backup and archive will need to consider a wide range of legal and data management issues. They will also have to think hard about whether they want to take a ‘DIY’ or managed services approach to the entire process. There are many ways to use cloud services, and
the issues around data are some of the most divisive.
Allen Mitchell, Senior Technical Account Manager, MENA at CommVault Systems says that
there are clear benefits to working with a managed service provider: getting a third party to manage data/storage for you enables you to focus on your core business; Disaster Recovery including testing is frequently offered as part of a managed service, and sending long-term, non-critical data to the cloud instead of keeping it ‘local’ can be a cost-effective solution that eases local backup pain. Backup can be a huge drain on resource, so employing a dedicated specialist organisation to do it not only saves you time but increases the likelihood that it will be executed to a higher standard.
Many C-level managers may like to assume that backup is already being managed effectively, whether it be in the cloud or not, and they are often shielded from any hiccups in normal service. However, it’s increasingly common for line-of-business or even project owners to make the choice for a managed service and keeping an eye on this is very important.
Choosing to go down the managed services route for cloud storage means it’s possible to significantly mitigate long term storage costs, provided that some sort of effective pruning takes place for data that is beyond the scope of current governance guidelines or law. It means that archive data will rely upon cloud copies, instead of you having to manage multiple copies internally.
Outsourcing also enables an organisation to plan for unexpected growth and to counter escalating costs by buying into a ‘pay per use’ approach to data management and storage; the elastic nature of the cloud means it’s much easier to scale up and down as required. This also means that over specification can be eradicated, though tying yourself to a service long term can have an impact if you unexpectedly grow beyond the target market of that service.
For IT Directors in the public sector – and IT Directors in general – who are being tasked with saving money without spending money, the managed services model is potentially the ideal solution. There is no capital expenditure to be found up front and the impact of IT on the overall budget can be managed more effectively in the mid-to-long term as an on-going operational expense.
For larger organisations, with a high degree of Intellectual Property to protect, for example, the big issue will continue to be security around where the data resides. Some data is highly sensitive and organisations are therefore reluctant to release it to a third party where it may traverse international boundaries, even if that provider is able to store and manage more data more cheaply than they can by managing it themselves.
Another critical consideration is the legal minefield associated with Service Provider terms of service. Few in IT management are also legal experts and complicated legal jargon and catch-all small-print can present issues should the worst happen. The truth is that you can be assured the service provider had legal counsel create the document, so at the very least you should get it checked by your own legal expert.
In the past, making the right decision involved working with a reseller or integrator to get the balance right between business needs, technical requirements and price; it is now becoming infinitely more complex. Few resellers can offer their own ‘pay as you go’ model and are more likely to be ‘cloud brokers’ offering a combination of services which may mean multiple terms of service – and more legal checking.
In order to take a more holistic approach to storage, backup and archive, organisations need to be able to compare ‘like with like’. They need to fully understand what the service provider is actually offering compared to what they can deliver for themselves; doing this right generally means the unpleasantness of properly surveying what you have and what you’re doing with it. The good news is that many service providers also offer services to help you build a picture of what’s really going on and what it really costs. While you might think the results could be loaded in favour of getting a service, you’d be surprised – they mostly give a clear direction either way that is hard to fake.
For smaller organisations, the decision to use a service is relatively easy. Although there has been a significant uptake by SMBs for cloud storage because it provides a quick, flexible and (often) lower cost solution, there is a concern that few check the terms and conditions. This is a mistake that larger organisations with more complex or specific requirements simply can’t afford to make; they need to have the ultimate levels of confidence in the platform underpinning the cloud service. For example, many of the products used to create a cloud-based solution that you might be prepared to bet your business on could be open source, freeware or even products you have discounted as unsuitable yourself. So while the expertise of the provider may mean everything will run satisfactorily under normal circumstances, it’s still worth investigating what infrastructure they use. The good service providers will be open with you. If the terms of service and SLA’s appear to be exactly what you want, you could argue that the tools don’t matter but I suggest that where technology is concerned, the opposite is the case.
In the financial services, legal and retail sectors Intellectual Property (IP) is a critical factor; here the technical choices of the service provider are arguably more important in terms of data security. Historically these organisations have thought it inappropriate for a third party to take responsibility for any IP data but they may well be prepared for less important data to be managed externally. This attitude is shifting and more organisations are trusting others with their crown jewels. However, where only the systems outside the core find themselves in the cloud, it must be remembered that data invariably ‘leaks’ from the core IP locations out into the secondary systems, so if these are considered for a move to the cloud, security is still just as important.
Clearly one size does not fit all but the diversity and choice available makes the cloud a very real solution for many CxO’s and IT Directors. Whether it’s appropriate for all organisations to take a ‘Cloud First’ approach to data management is another matter again.