Cloud Solutions for Small and Mid-Size Enterprises.

← Older posts

Moving to the Cloud: Too Many Choices?

Posted on June 10, 2013 by Allen Falcon

 

Green_GaugeThis post is the ninth, and final, post in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Good News; Bad News.

The Good News:  Organizations can choose from a rapidly growing myriad of cloud computing services and solutions.

The Bad News:  Organizations can choose from a rapidly growing myriad of cloud computing services and solutions.

When looking to move into the cloud, organizations have an abundant set of choices and options that offer similar functions and services.  Even more challenging, many cloud solutions offer features that overlap, creating redundancy at the intersection (i.e., the Google Drive component of Google Apps versus Dropbox).

For many organizations, the marketplace is confusing and full of claims that may be hard to verify.  Too often, the decision falls to price, not business value, and organizations end up getting what they pay for.

Start at the Beginning

Organizations looking to move into the cloud should start at the beginning step of any successful IT project — business requirements.  What are the business reasons for moving into the cloud?  These could be a simple as “keep the same functionality as in-house systems, but at a lower cost” or as sophisticated as “expand into international markets”.

The business requirements drive the technical requirements.  The technical requirements guide the selection of the solution.  Evaluate how well the solution meets your technical requirements and how well it supports your business requirements first.  Include relevant issues of customization, management, and support.   Then, look at the cost.

Vet the Vendor

While the concept of cloud computing dates back to mainframe time-sharing services in the 1970s and 1980s, today’s marketplace is new.  Every cloud vendor is new to the market as their services are relatively (no more than 5 years old) new.   Do not assume “name brand” companies are best.  Microsoft, for example, is a well-established mature business.  And yet, they have proven they are very capable of failing when it comes to providing a reliable cloud computing service.

Look at prospective vendors for their track record (as limited as it may be) with respect to performance, availability, reliability, support, innovation, and customer service.  Talk with customers and see out organizations that have dropped the service.

Understand where the vendor is financially.  Are they profitable?  Are they running on venture funds, and will they be sustainable before the funds run out?  Is the vendor’s financial position improving as their sales grow?

Use a Trusted Partner

Find a partner that knows cloud computing and can help you find your way through the myriad of options.  Work with cloud solution providers that do not push you only to what they currently sell.  Better CSPs will direct you to other resources and will either contract with them on your behalf or hand off the relationship.

If your current IT firm or your internal IT team cannot navigate the cloud computing territory, look for a partner that will work with, and will help educate, your current IT staff and/or team.  As with your cloud solutions selection, choosing a cloud solutions provider is about business value.

A good CSP can help you find, vet, select, and implement the right solution.

 

Posted in General | Tagged , , , | Leave a comment

 

Moving to the Cloud: Internationalization

Posted on June 6, 2013 by Allen Falcon

 

Green_GaugeThis post is the eighth in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Cloud computing is global and a growing number of cloud solution providers are global as well.  Data stored in the cloud can end up in data centers in other countries and jurisdictions with differing laws and level of privacy protection.   In addition, organizations may be subject to laws or regulations that restrict data from being stored across national boundaries or in other jurisdictions.

Some risk exists in national or local laws related to data privacy and ownership.

Learn Before You Leap

Before signing on with a cloud provider, ask the questions about where data is stored and how the provider is protecting your data from foreign governments and other interests.  Review all contracts, agreements, and vendor policy statements to ensure they are consistent with the message you hear from the sales team.

Look for adherence to privacy standards based on international treaties, such as Safe Harbor and EU Safe Harbor. While these programs cannot eliminate all risk, they do set reliable standards and ensure the vendor has a process for managing any issues that arise.

Explore options with your vendor.  Many cloud vendors allow customers to select specific data centers in which their systems will run and/or data resides.

Seek out some knowledge about the privacy laws and regulations in the countries in which your data may reside (many Canadian firms, for example, see the US Patriot Act as a risk when data resides in the US).

With a small amount of due diligence, organizations can judge the vendor’s competency in managing data privacy and ownership across boundaries, and can ensure the cloud solution meets the organization’s needs above all.

Next Post in the Series:  Coming Monday June 10th

Previous Post in the Series:  Regulatory Compliance

Posted in General | Tagged , , , , , | 1 Comment

 

Moving to the Cloud: Regulatory Compliance

Posted on June 4, 2013 by Allen Falcon

 

Green_GaugeThis post is the seventh in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Moving to the cloud often entails more than switching to an email service or spinning up a some cloud-based storage and servers.  For many businesses — including Small and Mid-Size Businesses (SMBs) — regulatory requirements place demands on IT systems and security.  And, while these requirements impact in-house and cloud solutions, moving to the cloud requires planning.

The most common regulations for SMBs relate to consumer (customer) privacy:  HIPAA, which protects personal health information, and PCI, which protects personal and credit related information.  Many SMBs, however, must also meet the requirements of Sarbanes/Oxley, FINRA, SEC, and various state regulations.

The solution:  Integrating Solutions.

Fortunately, the tools and systems exist to provide compliance with data security and privacy regulations.  Cloud vendors are creating environments and the management controls necessary for customer regulatory compliance and certification.

The challenge is to make sure that all of the pieces work together.

  • Message Archive/eDisovery:  Manages retention of email as official business records and provides the eDiscovery and audit tools necessary to meet federal subpoena requirements.
  • Message Encryption: Encrypts email at the individual message level based on content and rule sets, requires users to authenticate before accessing the message, and prevents forwarding.
  • Two Factor Authorization / Single Sign-On: Provides identity management services and audit trails beyond core products in order to meet regulatory or policy requirements 
  • Third Party Encryption:  Encrypts data in the browser or client before transmission to the cloud, providing a second level of encryption prior to the encryption provided by the cloud vendor.  In the event of a vendor data breach, the exposed data would be encrypted.

These types of solutions, and others, provide cloud environments with the capabilities to meet regulatory requirements.  Vendor contracts and policies should still be carefully reviewed for any terms and conditions that threaten compliance.

And remember, no vendor can ensure compliance.  Compliance exists when the technology meets the technical standards and is used in accordance with policies and procedures that meet the regulatory intent.

Next Post in the Series:  Internationalization

Previous Post in the Series:  Integration with Legacy Systems

Posted in General | Tagged , , , , , | 2 Comments

 

Moving to the Cloud: Integration with Legacy Systems

Posted on May 28, 2013 by Allen Falcon

 

Green_GaugeThis post is the sixth in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Very few businesses go “all-in” when moving into the cloud.  Most businesses start their move into the cloud with specific applications and services.  For small and mid-size businesses, the trend is to go cloud with critical core services, such as email and calendaring, and/or applications, such as CRM.  Over time, businesses add additional applications and services, such as file services, and hosting of legacy applications and servers.

The result:  Most businesses have a hybrid environment of on-premise and cloud solutions.

For many businesses, this creates a new need to integrate existing systems with new cloud-based applications and services.

While this may seem overwhelming, the scope of the integration depends, in large part, how well your in-house systems integrate today.   For most small and mid-size businesses (SMBs), legacy application integration focuses on a few key features:

  • Email / Messaging:  Legacy applications and systems should be able to send notifications, alerts, and other messages.
  • Shared Storage:  Legacy applications may need to use cloud-based storage for data storing and sharing.  Depending on the need, direct access may be preferred to a sync solution.  Also, business applications often need locations in which to deliver reports and other automated output.  Still others may need to be able to link to documents saved in the file service.
  • Contacts:  Legacy applications, particularly those responsible for customer relationship management (CRM) functions (sales, support, service, marketing) will need to synchronize contact information in a way that does not result in duplicate data or data loss.  The same holds true for Enterprise Resource Process (ERP) and Professional Service Automation (PSA) systems.
  • Calendars / Events:  CRM, ERP, and PSA systems may also look to sync or manage calendars and events.  As with contacts, avoiding duplication and lost data is critical.
  • Data Import/Export:  Legacy systems may have the ability to import/export data from/to other systems.  In some instances, the import/export is manual or scripted to occur at specific intervals.  Some systems support automated synchronization or provide an interface for real-time data exchange.

When looking at cloud solutions, take a moment to research your current environment and needs:

  • What integration exists today?  Does it help or hinder?
  • What integration capabilities do legacy applications support that are not currently in use?  Would these be useful/helpful/meaningful?
  • What integration do you need, or want, to make your business more efficient?
  • What capabilities does the proposed cloud solution have for integration?  Can you leverage these to your advantage?  Is the cost of integration worth the potential benefits?

With a short assessment, organizations can determine if, when, and how to best integrate new, cloud-based solutions with legacy applications and systems.  As with any IT project, the focus should be on resulting business value.

Next Post in the Series:  Regulatory Compliance

Previous Post in the Series:  Lock-In

Posted in General | Tagged , , , , | 1 Comment

 

Google+ Hangouts and Google Apps: OFF for a Reason

Posted on May 24, 2013 by Allen Falcon

As Google prepares to replace Google Talk with Google+ Hangouts, customers expect to benefit from the improved audio/video quality and features that Hangouts offer over Talk.

There are very good reasons why Google+ Hangouts are OFF by default in Google Apps for Business (Gov and Edu, too).  Before you turn on Google+ Hangouts, understand the current ramifications.

  • Preview Mode:  Google+ Hangouts are not yet officially released and, as such, get “best effort” support as opposed the technical support under the Terms of Service.
  • Incompatibility:  Google+ Hangouts are not compatible with Google Apps Vault.  Any organization that plan on using Vault, or that may need to use Vault, should not opt-in to Google+ Hangouts.
  • Data Location:  Google Apps customers under data location restrictions cannot opt-in to Vault.
  • No Enterprise Controls:  These controls are not yet available for Google+ Hangouts at this time.  As such, there are no warnings for users when chatting outside the domain and there is no way to block users’ chat status outside of the domain.

Google advises enterprise environments to continue using Google Talk for instant messaging, voice, and video conferencing.

Cumulus Global shares this recommendation, as the implications of adding Google+ Hangouts is not fully understood.  Organizations interested in a test domain may contact us for assistance.

 

Posted in General | Tagged , , , , , , | Leave a comment

 

Moving to the Cloud: Lock-In

Posted on May 23, 2013 by Allen Falcon

 

Green_GaugeThis post is the fifth in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

When looking at cloud solutions, most organizations spend a great deal of time, appropriately so, investigating how they will move data and processes into the cloud.  At the same time, organizations should understand how they will get data out of the cloud should they decide to switch solutions in the future.

While this seems like a new issue or concern, the reality remains that organizations switch systems and data migration and integration issues exist — cloud or not.  The same analysis and decision making process that organizations follow for in-house systems should be followed for cloud solutions.

Platform as a Service (PaaS) solutions provide environments that, in general, enable data and application movement.  Moving to a Windows Server image in the cloud is not much different from moving to an in-house Windows server.  Key considerations focus on the amount of data and the time/efficiency of moving the data on or off the cloud server.

Software as a Service (SaaS) solutions can prove more challenging.  Migrating to or from a cloud-based application provides the same challenges as migrating data to a new in-house application.  Record matching, data scrubbing, and data translation are all issues to be considered.  In addition to the strength of the import utilities, understand the strength and cost of the export utilities.  Some SaaS applications only provide comprehensive export capabilities at their most expensive licensing options.

Fear of “Lock-In” should not prevent organizations from moving into cloud solutions.  Rather, a small amount of due diligence will ensure that the “how” and “how much” of a future migration is understood.

Next Post in the Series:  Integration with Legacy Systems

Previous Post in the Series:  Privacy

Posted in General | Tagged , , , , , , | 1 Comment

 

Moving to the Cloud: Privacy

Posted on May 20, 2013 by Allen Falcon

 

Green_GaugeThis post is the fourth in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Few topics related to cloud computing create more passion than privacy.  Knowing how well your organization’s information will be safe-guarded is key to trusting a service provider and the decision to go to the cloud in the first place.

Privacy, while closely related to security, differs in that security addresses access and protection of information, privacy addresses who can access data and how it may be used.

When considering privacy, organizations should start with three documents from the service provider:

  1. Terms of Service / Contract:  Most cloud providers provide clear terms and conditions related to privacy in their terms of service.  These include statements about content ownership and access rights; clauses covering confidential information; statements regarding the provider’s access to customer data and content; and terms related to how the service provider will respond to subpoenas and other third-party demands for data.
  2. Service Level Agreement:  Many cloud providers include terms related to privacy in their service level agreement.   In some cases, the SLA stipulates time frames for addressing privacy issues.
  3. Privacy Policy:  Most cloud providers now have one or more privacy policies.  These policies may be universal to the provider’s service, or may cover specific aspects of the services (such as use of the web site/portal).

When looking to choose a cloud solutions provider, look at all three documents.  Verify that they are comprehensive and clear.  Understand how they address any particular regulatory requirements for your organization.  Validate that they are consistent — that no conflicts or gaps exist that could lead to confusion or misunderstandings down the road.

Make sure the review of privacy policies and looks at the specific customer agreements and policies.  Many cloud providers offer “free” or “consumer” services with different terms and conditions than their paid (or free) solutions for business, government, education, and non-profits.   Many organizations spin their wheels and raise unwarranted concerns by not focusing on the specific, applicable agreements, and policies.

Finally, review the privacy performance of the service provider.  If they have had any sort of breach, or a privacy dispute, understand the nature, scope, and response.  Understand if the breach was provider-related or due to the actions or inaction of the customer.  Assess the appropriateness of the provider’s response given the nature of the issue.

Again, due diligence is key.  A small amount of research, a few questions, and an accurate understanding of how a service provider plans and manages privacy will help organizations determine if the provider meets the organization’s privacy needs and priorities.

Next Post in the Series:  Lock-In

 

Previous Post in the Series:  Provider Reliabilty

Posted in General | Tagged , , , , , , | 4 Comments

 

Moving to the Cloud: Provider Reliability

Posted on May 16, 2013 by Allen Falcon

 

Green_GaugeThis post is the third in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

One of the challenges in planning a move to the cloud remains the relative youth of the current industry.  While the concept of cloud computing is not new (tip your hat to Control Data in the 1980′s and their mainframe time-sharing service), most cloud computing services are relatively new.  Even services from long-standing, reliable vendors — like IBM and Dell — are relatively new ventures for these firms and have yet to be proven in a long-term market.

Organizations looking at any cloud service, be it SaaS, PaaS, or IaaS, must consider the reliability of the provider.  In doing so, it is the customer that must also understand the benchmarks being used by vendors when reporting their statistics.  Considerations include:

  • What is the availability of the service?  How well does the service provider meet their Service Level Agreement (SLA) benchmarks in terms of total downtime and/or service disruptions?
  • What is the reliability of the service?  How often does the service experience issues?  While most organizations tout availability, 6 disruptions lasting 10 minutes may have more impact on your operations than a single hour-long disruption.
  • Does the provider have performance benchmarks?  If so, how well does the provider meet the benchmarks?  In moving to the service provider, what expectations/needs will you have with respect to WiFi capacity, fixed network performance, and Internet capacity?   In many cases, the limiting factor on end-user performance is not the service provider or the Internet speed — it is the organization’s internal wired and wireless capacity.
  • What level of support do you expect?  Understanding how the provider delivers support — directly or through resellers/partners — is key to an organization’s long-term satisfaction with the service.
  • Does the vendor have the financial stability for the long-term?  With the number of start-ups in the cloud space, this factor may be the most difficult to ascertain.  Looking at the company’s financials, funding levels, and profitability can provide some insight.  Assessing whether the provider would be a good buy-out or merger target can also instill confidence that your provider will not go away unexpectedly.

With a modicum of due diligence, organizations can assess the reliability of cloud solution providers before making a commitment.  Reputable vendors will openly share their data and will not hesitate to discuss failures and how similar events will be prevented going forward.  And while, this type of discussion feels new, it is the same process CIOs and IT decision makers have been using for decades as they evaluate new technologies and vendors.  The players are new, but the process remains the same.

Next Post in the Series:  Privacy

Previous Post in the Series:  Moving to the Cloud: Cost Savings

 

Posted in General | Tagged , , , , , | 1 Comment

 

Moving to the Cloud: Cost Savings

Posted on May 14, 2013 by Allen Falcon

 

Green_GaugeThis post is the second in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

Will moving to the cloud save money?

The answer is a definite, absolute … maybe!

Whether or not a move to the cloud saves money depends on the in-house services being replaced and the cloud-based services taking their place, as well as the impact the change will have on related IT services and your business.

In our experience, most companies see savings over 3-year and 5-year periods of 30% or more.  Some companies see total cost of ownership (TCO) savings of up to 70%

When looking at 5-year TCO, organizations must make honest projections on IT spending to maintain the status quo and/or upgrading systems.  Beyond projected hardware and software replacements and upgrades, the analysis should include the cost of services and supporting systems (backup, anti-virus, security, etc.).  The analysis should also assess soft costs for administration, support, and estimated down time.

The challenge remains making the comparison equivalent.  For example, moving from a single in-house Exchange server to Google Apps for Business is a move from a system with several single points of failure to a highly redundant and highly available service.  If improving availability is an objective of the move to the cloud, the comparison should include the cost of upgrading the Exchange environment for redundancy.

A final consideration should include any business enablement that comes from the move into the cloud.  Will the cloud service enable the business to operate more efficiently and/or in new, more productive ways?  Improved collaboration, real-time communications, and access to information are all examples of how Google Apps for Business enables businesses over traditional email services.

In straight dollars and cents, not every company will see savings when moving to cloud-based solutions.  With better availability and expanded capabilities, cloud computing solutions can deliver better value, even when the price tag is higher.

Next Post in the Series:  Provider Reliability

Previous Post in the Series:  Moving to the Cloud: Security

 

Posted in General | Tagged , , , , , , , , | 2 Comments

 

Moving to the Cloud: Security

Posted on May 10, 2013 by Allen Falcon

 

Green_GaugeThis post is the first in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

At some point in the evaluation and decision process, the issue of security comes to the forefront as organizations look at cloud computing.  Vendors and resellers, like Cumulus Global, often provide two answers — both of which are correct:

  1. Cloud computing providers need their environments to be secure, and they invest time and money on security.  Most cloud providers deliver environments and systems that are significantly more secure than their customers could provide for themselves.
  2. Standard cloud security may not be sufficient to meet specific business needs.  Just as they would with in-house systems, cloud computing customers should be prepared to add additional security services to meet business requirements such as HIPAA, SEC, FINRA, and PCI compliance.

As a first step, organizations moving to the cloud should review the security capabilities of their solution provider.  Beyond the technology, look for certifications such as SSAE-16 Type I and II, ISO 27001, and FISMA.  Make sure that the provider’s security practices are reflected in their terms of service, contracts, and service level agreements.  Finally, verify if and how you can add security capabilities to meet business or industry requirements.

With a reasonable level of due diligence and planning, cloud solutions can overcome any security concerns.

Next Post in the Series: Moving to the Cloud: Cost Savings

Posted in General | Tagged , , , | 1 Comment

 

← Older posts

  • Receive Our Blog's RSS Feed

  •  

  • Translate this Page

    Chinese (Simplified)EnglishFrenchGermanHebrewItalianJapaneseKoreanPortugueseRussianSpanish

     

  • Archives

  •  

  • Login