Cloud technologies have overwhelmingly defined the course of IT for the past several years and will do so for the foreseeable future. From packet-moving fabric architectures that enable cloud-like scale of the network to software as a service (SaaS) solutions, we’ve taken everything from our data centers and moved it into the cloud. Servers, business operations software, telephony solutions, and most office software applications are now cloud-based.
Moving to cloud comes with some huge benefits, but it also comes with potential risks, and not all cloud architectures are created equal. If you’re considering moving to a SaaS solution for any aspect of your business, I offer 5 points of advice.
1) Know your hosting options
There are numerous infrastructure providers available today. Whatever you're trying to "cloudify," whether it be physical infrastructure or a SaaS solution, you probably want to diversify, especially with software. If the provider only operates in one cloud, how redundant is the configuration? If you have a solution spread across more than one provider or at least more than one region, you may have a better chance of your application staying available in the event of an outage.
Additionally, confirm if the provider is using anything proprietary. If a cloud solution is heavily reliant on proprietary solutions from a single provider like Amazon AWS or Microsoft Azure, that solution is likely locked to that provider. This significantly limits the ability of the solution to grow or support organizations trying to avoid competitive situations, such as a retailer trying to avoid Amazon services.
2) Demand a global footprint
The world of computing may be different now, but the laws of physics haven’t changed. If the solution you’re looking at is halfway around the world from a portion of your workforce, you’re going to see latency.
A SaaS solution that allows your business to work with native cloud management platforms generally results in lower latency, better service, and assurance that your data is being managed according to local laws. And since most businesses have more than one location, solutions with a global footprint are often the superior option. Make your decision based on where your business is and how many locations you have; a solution located in your backyard, wherever you are, will always perform better than one that is hundreds of miles away.
3) Insist on a true cloud solution
A true cloud SaaS solution should be a microservices-based application that can be more quickly updated, deployed, scaled, and healed from faults. If you’re evaluating a SaaS solution, look for one that is developed using continuous integration/continuous delivery. This will allow you to achieve continuous operation status – meaning less downtime, faster feature velocity, and faster resolution of security-related issues. It’s important to know how your SaaS provider built their solution, the details of the service-level agreement, when updates occur, and what the architecture looks like. Avoid solutions that are nothing more than a monolithic application running in a cloud provider.
4) Understand data privacy, duration, durability, and ownership
From GDPR to CCPA, you need to be aware of where your data is and who can access it. Ask questions to ensure you understand if you own and control your data, how long you can keep your data, and where it is stored to ensure the solution meets your needs. Once you’ve chosen a solution, make sure you’re not turning over any rights to your data, and understand how your data may be used, especially when evaluating artificial intelligence and machine learning models.
Finally, ask about data durability, which is the likelihood that something you store in the cloud will stay there until you delete it. Well-built solutions will be created with architectures that offer “eleven 9’s”, or 99.999999999% durability. This is not accomplished solely through technology, but through solid backup and data and disaster recovery processes, in addition to architecture.
5) Assess the security of the solution
To more easily assess the security of your SaaS solution, make a checklist of requirements for your organization and questions you need to answer before deciding. Are there proper audit, encryption, and authentication logs? Does the solution have any ISO certifications or SOC audits performed?
ISO standards like 27001, 27017, and 27701 should be on your checklist for any SaaS solution. Furthermore, a SOC audit that specifically targets compliance with these ISO standards should give you peace of mind that your data is safe. Without those, and without third-party assessments, you might as well open your firewall and hope for the best.
Cloud offers hands-off maintenance of servers and hardware, eliminating the burden of hardware churn and capital expenses and enabling rapid feature development. But this automated approach can lead to problems. As an aviator, one of the first things I learned in flight school was the "positive exchange of flight controls," which ensures there is never any question about who is flying the plane. With all the automation in today's aircraft, it's easy to forget who is actively flying, whether it be your co-pilot or the computer.
The same situation can occur in cloud. Once you start moving maintenance, operations, and the lifeblood of your organization into someone else’s hands, it can be easy to forget about it, or worse, assume they’re doing something you should be doing and aren’t. With cloud, you always want to know who’s flying the plane.
Bill Lundgren is the Director of Product Management for Cloud Operation and Architecture at Extreme Networks.