Managing the Cloud

Managing the Cloud

Oversight considerations for your cloud configuration.

It is possible to partake of the cloud piecemeal, using a hybrid model. And it’s possible to cherry-pick a dizzying array of cloud-based offerings from different vendors while keeping other functions in-house. It is possible to store backup data on the cloud. It is even possible to send one’s entire IT infrastructure to the cloud, passing responsibility for the company’s day-to-day IT management to an outside party. But any of these options, especially the combination of cloud applications and in-house technology, will require management oversight.

“You look at cost, you look at time and cost to maintain, you look at security, you look at performance,” says Mitch Brown, chief technology officer of Works Computing, an IT consulting firm in Bloomington. “Some of it is how decentralized [you want to] be. If you really need access anywhere, anytime, nothing can beat the cloud. As long as there aren’t other caveats to prevent you placing it there, that would then be your best delivery model.”

One of those caveats is the network connection. “The network suddenly becomes more critical,” says Tom Kieffer, CEO of IT consulting firm Virteva in St. Louis Park. “Your connection to these remote applications becomes more critical. The good news is, most of the network connections that we’ve all become used to are pretty darned reliable. So that’s not a huge issue.”

The exception is very large enterprises that are running high-performance block-based storage applications such as databases, Brown says. “If you look at the high-performance storage that is crunching the big business-intelligence kinds of databases, it’s just literally impractical right now to try and run them remotely,” he explains. “When you start trying to run it on remote hardware, you can’t afford the kind of links that would be required to get the same performance you can get if it’s sitting in-house.” That alone can stop a lot of people, he says.

For other companies, though, moving to the cloud can actually make systems run more quickly for end users. Tim Lambrecht, CEO of St. Paul–based IT service provider InCompass IT, says the vendor’s servers might run faster than the client company’s PCs do. When that happens, user experience improves, even with old end-user equipment. The cost savings for the company can be substantial: Not only does it not have to worry about buying new servers, but it may be able to put off buying new PCs for longer.

There is a limit to how much ancient technology you can get away with, however. Lambrecht says one of the few integration complications he sees when clients move their entire infrastructure to the cloud is moving incompatible legacy applications onto the new servers.

“If we take somebody onto our cloud infrastructure and we’re running the latest and greatest Windows servers, and they’re using a 25-year-old legacy application, there are going to be challenges,” he says. “Typically what we end up doing is working with the software vendor to have them rewrite their code.”

On the other hand, says Kieffer, integrating individual cloud-based applications with the rest of a company’s IT holdings is rarely a big issue. “It’s about the same [as integrating a new piece of locally held software], and I would submit that it may actually be quickly becoming easier,” he says. “They’re an external vendor, so they have to try harder. They have to be able to prove that they can work and play nice with others. Most of these systems have to integrate with other systems that the company’s using, and organizations are starting to make buy choices now based on integration features.”

Much cloud-based software is configurable, Kieffer says, meaning that it inherently supports various levels of integration. When it’s being installed and set up for the first time, all it needs is configuration, not actual development work.

Forgot Your Password?

Kieffer says sourcing cloud-based applications from a variety of vendors can sometimes add to the complexity of user logins. Inside its own walls, a company will usually give employees access to data and applications via a single sign-on. Employees type in their passwords, and they’re allowed to see what’s appropriate for their level of clearance.

“That changes now when you’re [on the cloud],” Kieffer says. “Instead, you’re potentially going to be logging onto multiple third-party software-as-a-service, each one having its own login, each one having potential usernames and passwords. There’s a user convenience issue of simply having to remember different usernames and passwords for these various systems. But more importantly, organizations are really struggling with how to maintain users’ access and privilege to those systems. An employee leaves, an employee gets fired, or whatever, and suddenly it becomes more problematic for the IT department to turn off their access to these applications.”

Kieffer says to mitigate this issue, many IT departments install password managers—utilities that store encrypted password data in a local database and automatically fill in passwords as required. He says many mid-sized and larger clients use a Microsoft security product called Active Directory, which allows any server that’s running it to check passwords, determine security clearances, and assign and enforce security policies on any software that is added or updated.

Yet in practice, there are some cloud-based applications that are not easily governed, says George Reese, chief technology officer at Enstratius, a cloud management company in Minneapolis. “For example, DropBox is an IT security nightmare,” he says. “It’s pretty close to impossible to prevent an employee from using DropBox to share sensitive data. Even if you implement controls in your data center, the employee can find ways to circumvent those controls rather easily.”

It behooves a company to know what’s going on—and cloud vendors can help with that, too. Lambrecht says his firm offers what it calls QBRs, or quarterly business reviews, where it meets with executives at its client companies to go over activity reports. The down side is that customers have to purchase that reporting as an add-on to their services; the service adds value, though.

“Typically, when a business has their own infrastructure, they have to buy this sort of filtering software up front,” he explains. “And they generally don’t do it. So they really don’t monitor the efficiency of their employees and how they’re working. Are they on Facebook all the time? But we can tell them.”

Managed Risk

Most companies that are contemplating a move to the cloud today have already been using cloud-based remote data backups for years. Cloud computing and cloud backup aren’t really the same thing security-wise, Brown explains: Backups are transferred and stored in an encrypted form. That’s a very different thing from sharing a live interplay of data with an outside entity.

So are there any risks to letting someone else store and move your critical business data? There definitely are some, but most experts say they tend to be smaller than the risks inherent in managing the data yourself. Businesses on their own have little recourse against rogue employees or mistakes that cause outages; but vendors can be held responsible.

“With a large organization like Microsoft or Salesforce or Google, you can pretty well depend that they’re doing it right,” Kieffer says. “The threat of being sued for losing personal information or having an outage is probably held in higher regard and concern by a third-party provider than it is by your own IT department. Are you really going to sue your IT guy if you can’t get access to e-mail for half a day? But we deal with this all the time. These third-party contracts have service level agreements, where if you don’t have access to your e-mail for half a day, they have to pay you a penalty.”

And Lambrecht says cloud vendors tend to be better at security than their clients are in the first place. “In a cloud environment, the security is really enterprise-level security, meaning that the level of equipment for, say, firewalls, is much higher level than what a small business could even afford. And it’s not just equipment, but it’s also the staff that is much higher level than a small business’ staff could be. We’re in charge of that security infrastructure, and we are going to protect it by any means possible.”

Jamie Swedberg is a freelance writer and frequent contributor to Twin Cities Business.