With vendors at every turn touting the benefits of Cloud services or SaaS solutions, sometimes it becomes difficult to discern just what parts of your company’s IT infrastructure will thrive in a hosted or Cloud infrastructure, and which components are most effective staying local / on-premise.  Cloud computing has experienced tremendous growth to be sure, but some specific solutions haven’t quite hit their mark yet.  For example, many industry-specific ERP systems have yet to display any proven benefit by being moved to a SaaS platform.

I have compiled some basic questions to help begin the process of determining a company’s readiness for migration of services to the Cloud.  In this article, I will avoid discussing industry-specific software, and remain focused on points like user security and device management.

  1. If my company has compliance requirements such as HIPAA, PCI, SOX, etc., does the cloud platform I’ve chosen meet those criteria? (Hint: If not, look elsewhere to find a third party solution that meets them before signing up, or consider keeping file management on-premise)
  2. What is the company hierarchy for security, and can the Cloud service candidates provide that same or similar structure? For example, should the sales team have access to the engineering teams files, and can my cloud platform support things like security groups and security audits for file access?
  3. What is the company password policy, and can I enforce multifactor authentication (MFA) using my current user database?  MFA is an important step in helping to better secure cloud platforms and mobile users.  Your cloud platform should be able to implement and enforce these features for the protection of your users and your company’s data.  Also, the ability to link up your local Active Directory with the Cloud platform’s user database is a huge help to managing accounts and security.
  4. If I plan to lean heavily upon mobile devices with my Cloud services, can my company standardize on a few devices or operating systems, i.e. COPE?  This is the best way to keep device management from spinning out of control, and causing a plethora of headaches trying to keep up with all the idiosyncrasies.  If you can’t enforce specific devices, you should at least lay out guidelines. For example, all laptops need to run a “Professional” level Microsoft operating system and have an Intel processor, or, all phones must be running Anroid version x.x or above.
  5. Are my mobile devices encrypted?  Though the idea with cloud services is to keep company data protected (and it is protected much better than on-premise, in most cases), it is difficult to police users who either inadvertently or deliberately copy files to their local hard drives.  To mitigate the threat of data theft or loss, use encrypted drives and remote wipe technology.
  6. Are my devices monitored?  Mobile devices and cloud-based software are perfectly matched for enabling employees to stay productive wherever they are, but it’s the devices themselves that can become hard to manage.  A solid MDM system can keep track of these valuable company assets, and make sure they are up-to-date and secure.

These questions merely scratch the service of an overall Cloud readiness discovery process, but they should help to get the gears turning as you begin to weigh your options.  As always, an experienced cloud broker or IT consultant can help you discover the best overall fit for your business and budget.