Will Compliance stop you implementing the Cloud?

Location of Data Centres May Restrict your Plans for the Cloud

Microsoft Azure may Offer the Cloud Data Storage Solution you need

Proving you can Confidentially Store Data Could Make or Break your Cloud Plans

Regulation may Prevent Partial or Full Cloud Implementation




Microsoft Azure may ease your compliance based headaches

The rise of the cloud has been nothing short of remarkable.  Within in a few years we have moved from file sharing platforms to industry standard Office 365 and Microsoft Azure, and applications such as Dropbox are now in mainstream use.  IT giants such as IBM to smaller companies now offer their own solutions.  This age of the cloud is only set to grow. 

Before we get too carried away however, there are a few loose ends your organisation may have to tie-up in wake of cloud implementation.  Let's take a look at what these are.

Proof of Security

Depending on your industry, your organisation may need to obtain permission from a regulatory body to implement the cloud, especially if you are a government contractor.  This will entail proving you can meet Service Organisation Control (SOC) compliance, as well as part of the relevant ISO quality standard. 

If you are a commercial organisation, especially one that handles sensitive data and moves large sums of money, again, you will no doubt face tough questions from stakeholders which you will have to satisfy. 

In essence the question will be how well your cloud system can keep data confidential and secure?  If you cannot show that the data will be secure, the chances are full cloud adoption will be off the table.

Data Centre Location

Another significant implementation factor where data centres are concerned is where they are located.  Regulations in this regard, again depending on industry are explicitly clear, often excluding countries which are considered 'unfriendly' states.  Depending on your provider, you may find that they hold data in regions deemed undesirable.

Microsoft for example, tries to keep data close to the origin of it.  So if you're based in Western Europe, they will try and keep the data in Western Europe. They also provide a facility of storing data in a single geography, region, or country. This can negate a lot of data storing headaches.

According to Microsoft customers can: "Specify the geographic area(s) ("geos" and "regions") of the Microsoft datacenters in which Customer Data will be stored. Available geos and regions are United States, Europe, Asia Pacific, Japan, Brazil and Australia."

Understand Disaster Recovery Plans

As part of the data storage location issue, it is important to discover where data is held in the event of an unforeseen disaster.  Does it remain in the same territory, or is it stored in a completely different location?  Is the data redundancy location in an allowed zone? 

Microsoft, has stated that it may transfer your data within a geo, say Europe for example, and it replicates  Blob and Table data between two regions within the same geo for enhanced data durability in case of a major data centre disaster.

"Microsoft will not transfer Customer Data outside the geo(s) customer specifies (for example, from Europe to U.S. or from U.S. to Asia) except where necessary for Microsoft to provide customer support, troubleshoot the service, or comply with legal requirements; or where customer configures the account to enable such transfer of Customer Data."

E.U. Data Protection Directive

The E.U. has implemented directives to control the location and movement of sensitive data.  It is important that should your provider move the data outside of an allowed territory that this act complies with The E.U. Data Protection Directive (95/46/EC).  This directive lays down strict requirements for the handling of personal data originating in the European Union.

Microsoft have secured an agreement whereby they can transfer European data to the U.S for storage and processing.  This is part of the Safe Harbour Framework developed between America and Europe.

Microsoft as of February 2015 is the only company that have received approval from the EU's Article 29 Working Party.  This is partly down to Microsoft's impressive record on compliance for in-scope services.  They have satisfied EU Standard Contractual Clauses and  guarantees around the transfer of personal data.

It is important to note that Microsoft will transfer E.U. Customer Data outside the E.U. only under very limited circumstances.

Negotiation and Guarantees

If you find that a cloud based solution cannot be implemented due to regulations, you might be able to negotiate with a provider to only hold data in 'friendly' locations.  This would have to have formal guarantees and no doubt reams of paperwork will be involved.  The rewards however, might be worth the bureaucracy especially given the cost savings the cloud brings.  That said, Microsoft do seem to be leading the way in this regard, with their Azure product.

The cloud delivers a highly configurable IT solution which enables your people to work with agility.  It has been shown to deliver significant cost savings, and handle demanding workloads.  It is the future. 

Whether or not you can use it and or how much of it you can use, may be out of your hands.

Why not share your cloud implementation experiences in the comments below, or contact me direct. 

Sources

Microsoft Azure

Microsoft Azure Trust Center

EU's Article 29 Working Party

Azure In-Scope Services

Transforming to the Cloud- A Restructure Story

Align IT with Mission Critical Business Needs

Decide on Whether to Develop the Cloud in-house or Outsource

Long Term Savings Outweigh Short term Costs

Implementing the Cloud

To outsource or in-house development that is the question

The cloud has promised to revolutionise the way IT services are delivered for all sizes of organisations.  With the development of Office 365 and other services such as Dropbox, to Enterprise level design and development, cloud computing has taken off for all kinds of business.  If you are thinking of shifting your business to the cloud, here are some aspects to take into consideration.

Short term vs. Long term costs

Initially, the cloud may induce a big hit to your budgets.  However, once you consider your moving from an inflexible monolithic infrastructure to a fast dynamic infrastructure which can be tailored to the strategic needs of the business, it is not hard to see why the short term costs can stack up. 

Once the cloud is in operation the reverse is true. Gone are your needs for big capital expenditure to refresh the hardware every year or so.  Instead of your teams 'making do' with bulky under performing servers and software which does the job but can hardly be called efficient, you will have dynamic bespoke applications which allow collaboration by design. 

You will also have a range of choices where cloud applications are concerned, as many of which you pay for as you use, or by user.

Restructuring IT Services

To enable cloud efficiency and reap the benefits of having a more agile workforce and lower operating costs, you have to look at your current IT structure and make key decisions.   A cloud infrastructure works at its best when it is aligned to business needs.  This is the ultimate goal.  With this in mind let's look at some options.

Developing the Cloud Infrastructure in-house

Designing the cloud infrastructure in-house can be a good option if you feel the workforce is flexible enough to take on new concepts, new ideas, and retrain.  Traditionally, IT people are quite rigid in their focus, and have predefined roles.  Personnel are often deployed to keep servers running and applications functioning.  Much of the software they maintain is off the shelf applications.

Now the environment is dynamic.  Fluidity and flexibility is key.  Businesses can develop their own bespoke apps, and personnel around the world can access it and work.  Project collaboration can be in real time, despite the team members being miles and miles apart.  Using the power of business aligned applications, it is possible for team leaders to identify progress and what stage a project has reached.

Business support is also greatly enhanced, as a guy in the field can ask for information from support teams, who can simply data-mine it and provide it to him or her.  The field operative can then access this information on a standard smartphone if need be.  In fact the field operative can do this simply by accessing relevant docs if time differences mean support is not an option.  All of this is just barely scratching the surface.

Although in the business world we think of new projects and restructuring in terms of costs, to transform to the cloud it is more a question of will.  Does your organisation have the will to implement the cloud?

Outsourcing

Outsourcing cloud implementation is another option.  Plenty of businesses have sprung up facilitating this service from giants such as IBM to smaller organisations consisting of teams of professionals.  Microsoft Azure is an enterprise level cloud platform which has reseller package option.  Quite a few smaller businesses now implement this to help organisations switch to the cloud.

In many respects, a combination of the two might be the best option.  This way, you get the benefits of the cloud faster, and your existing IT infrastructure can be adapted and trained to take on the new dynamic roles they will need to keep the business running.

If you have any questions on the cloud, please contact me or kick off the discussion below.