Cloud computing – reduce risk with careful planning of business processes

By Pete Deacon, technology and strategy at SaintGroup Managed Services

It is undeniable that there is much hype in the IT market about cloud computing which is often over-sold to CIOs looking to streamline IT processes. However, the emergence of cloud computing-based business systems does provide an opportunity to tailor IT provision to better suit individual organisations’ business computing needs.

Adoption of an effective cloud infrastructure is an initial step towards business transformation and will increase an organisation’s speed to market. In the past, companies would update old and legacy business applications - a customer relationship management (CRM) system, for example - by upgrading all of the equipment on the network individually: a wasteful process in terms of both time and IT resources. Through cloud deployment, this type of software upgrade and new service capability for the business can be streamlined and automated.

Implementing technologies such as desktop virtualisation and automation systems made possible through cloud deployment help to improve day-to-day business operations in a number of ways. Firstly, virtualised environments enable organisations to optimise their existing assets, lengthen refresh periods and increase procurement cycles. As upgrades become process-driven, companies can develop repeatable, reliable processes, reduce IT resourcing costs and ultimately pass the savings on to their customers. In addition, cloud deployments could include online billing portals which provide real-time historic bills, call usage reports to manage e-alerts and direct debit information.

That said, companies should always exercise caution before agreeing to cloud computing as there might be processes that just aren’t suited to this approach. IT managers need to look at their core processes and network operations and determine which could be operated as cloud services whether as shared or dedicated versions. In these cases, an independent expert needs to be brought in to examine a business’s needs, conduct an end-to-end audit of the organisation’s processes and the networking infrastructure. This rigorous risk management and audit process will determine if its required business application can be transferred to the Cloud and what the business case and return on investment (ROI) might be; or whether other approaches might be preferable to the Cloud. A thorough discovery process will examine longer-term service deployment questions such as whether the infrastructure can be used to facilitate card payments and where transactional data will be stored.

There is always a potential security risk of migration to the Cloud in relation to organisation’s data is compromised. Businesses need to question their cloud provider - whether they will provide them with an end to end offering? And can they layer in required level of security? Some cloud vendors will federate some aspects of the Cloud to third parties, so in some cases the security risk is actually being worsened rather than contained. Trusted cloud providers will give companies end-to-end SLAs in line with different industries’ compliance needs.

It is important that an organisation’s chosen cloud provider provides a plan of phased implementation with its implications for the business, together with detailed migration phases and technical support.

Cloud computing is an exciting prospect for many organisations, but it all needs to be closely risk managed and the business case for the Cloud should to be very carefully examined before this model is automatically adopted.