Consider Cloud Computing Services Before Your Users Do
May 21, 2012
Cloud computing is here--get over it. Services are being used, business value is being gained, and budgets are being cut using cloud platforms, be they private, public or other. It's not something you can hide from, and the longer you drag your feet, the worse off you are.
Every day that goes by that IT isn't meeting the features and services offered in the cloud, users are moving there on their own. No office collaboration environment? They're on Google Docs. No file-sharing option? They're using Dropbox. No solid backup or recovery options for their laptops? Carbonite is handling it. Now your data is outside your corporate walls, outside your control and outside of compliance.
- Thwart off Application-Based Security Exploits: Protect Against Zero-Day Attacks, Malware, Advanced Persistent Threats
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
White PapersMore >>
- Research: Federal Government Cloud Computing Survey
- SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger
The concept itself isn't new: For year, users have been turning to Gmail to send files larger than corporate limits and to Yahoo Messenger to instant message. Now the scope has increased, and the options have grown exponentially. Larger and larger data sets are being pushed outside your firewalls and stored on various unknown servers across the globe. What's worse is it's being done on a department-by-department or person-by-person basis. Your data may be strewn across several file-sharing applications or online collaboration services.
The use of these systems is only a fraction of the problem. The bigger picture is getting users to switch over, and retrieving that data once you do implement an alternative. Every day that goes by that users are on an unsanctioned IT service makes it harder to go back. You can't close Pandora's box once it's opened.
From a user migration perspective, you'll have to offer an approved product or service that's as good or better to get them to switch. This is no easy task. It's much easier to provide something that works up front, before users get accustomed to an interface you may not be able to match immediately. This is where an ounce of prevention is worth a pound of cure.
The data itself is another nightmare. Let's use Dropbox as an example, and narrow the scope to a best-case scenario where Dropbox is your users' only file-sharing tool. Take 100 users with less than 2 Gbytes of data shared via Dropbox. That's about 100 Gbytes of data stored across a back end of Amazon's S3 service. That's data for which you have neither accountability nor backups. If at this point you implement an approved file-share option, how will you get that data migrated over? How will you enforce compliance?
Another hiccup: How do you ensure that the data is scrubbed from Dropbox? What's Dropbox's retention policy? What's Amazon S3's policy on the back end of Dropbox? Is data truly scrubbed from disks, or is space just reallocated?
The landscape of IT is changing rapidly, and the consumerization of IT is driving much of it. Your users' phones, tablets and TVs can sync movies, photos and much more without any effort from them. Users want the same simple function for their work environment.
If IT isn't providing it, someone will--and that puts the business and IT's jobs at risk. If a user with a credit card can set up data sharing and backup for a department, why does the company need an admin again? Don't stall on new services and the benefits of cloud: Build the services in-house, and standardize on public cloud offerings where applicable.
Disclaimer: This post is not intended as an endorsement of any vendors or products. Products mentioned are for example purposes only.