Mitigate Risks of Cloud Computing


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Mitigate Risks of Cloud Computing

  1. 1. Featuring research fromThe Forecast is Bright for Cloud-Based OfferingsWelcomeResearch from Gartner:The Four Key Risks of Developing andExecuting a Cloud Sourcing StrategySingin’ in the Rain and Workin’ in the CloudAbout CornerStoneIssue 1231114Singin’ in the Rain andWorkin’ in the Cloudonly fromCornerStoneSkySphere
  2. 2. 2WelcomeAs organizations embrace new ways of accessing and “consuming” computing resources, they’ve becomeincreasingly aware of the benefits and risks associated with cloud services. Key challenges include:• Organizational unreadiness to adopt new delivery methods• Providers’ inability to deliver robust and stable offerings• The chance of encountering unanticipated costs or other risks.In the article that follows, you’ll find that Gartner offers valuable insight on how to get past these issues sothat your company can make effective use of hosted services.If you’ve spent time doing business in this space, Gartner’s advice is likely to ring true. In my ownexperience with companies and organizations around the globe, I’ve seen how most of them take fulladvantage of the benefits hosted services offer. I’ve had the privilege of leading our team of experts forover a decade as we’ve helped thousands of IT professionals and business owners in leveraging the cloudto gain competitive advantage, improved communications, and operational efficiencies. The customerswho were most successful were those who worked with us in advance to assess their needs and map outthe best plan.I hope you’ll find the following articles, The Four Risks of Developing and Executing a Cloud SourcingStrategy and Singin’ in the Rain and Workin’ in the Cloud, helpful as you plan for and implement the cloudsolution that’s right for your enterprise. And, of course, if you’d like to discuss your plans with a trustedpartner for cloud servers, private cloud, and a broad range of hosted services−including hosted voice−please don’t hesitate to call us.Regards,David G. WilmingPresidentSkySphere® Software ServicesCornerStone Telephone Company
  3. 3. 3Research from GartnerThe Four Key Risks of Developing and Executing aCloud Sourcing StrategyIntroductionCIOs must align cloud services sourcing strategiesand actions directly to business objectives toassure effective outcomes, and must understandthe IT services marketplace to effectively evaluateand utilize IT service providers and their offeringsfor cloud services.Cloud-based services (see Note 1) can offercost-effective, flexible and scalable IT solutionsto meet a company’s evolving business needs,but migrating to the cloud is a major shift fororganizations and can be risky.Although some risks are similar to traditionalservice delivery models, cloud-based serviceshave a much higher potential to reduce controlover strategic and operational decisions — and toamplify any adverse impact on clients.CIOs can address these risks with a well-definedsourcing strategy and execution plan. Riskmanagement must extend across all stages,from defining services to executing sourcingactivities and through ongoing service-deliverymanagement. This research describes the risks thatimpact the viability of cloud solutions and offers astructured approach to identifying and addressingthem; it is categorized into four best practice areas:• The readiness of your organization and themarket• The ability of solutions to be reliable, available,scalable and secure• Commercially viability• Avoiding hidden “gotchas”Migration to cloud-based services provides manybenefits but is inherently risky. CIOs can use thischecklist of key challenges and best practicesto reduce risks when executing a cloud sourcingstrategy.Key Challenges• The readiness of organizations to adopt cloudservice offerings, as well as the readinessof different country markets to supply theseofferings, varies considerably by enterprise,industry, service category and geography.• Cloud service offerings are at different stagesof evolution and maturity from a technological,architectural, performance, services andcontractual perspective and some are not“enterprise ready” yet.• There are a range of hidden costs, contractual“gotchas” and risks involved in taking on anynew cloud technology and service offerings,and many early adopters are not making thesavings they anticipated.RecommendationsCIOs should:• Conduct a readiness assessment to confirm thereadiness of their company and the market toembark on a cloud services journey.• Ensure the cloud services offering can meetyour reliability, availability, scalability andsecurity (RASS) requirements.• Confirm the commercial viability of the solutionrequired, considering both life cycle costs andbusiness and technology risks.• Ensure that the technical and commercialsolution avoids hidden “gotchas” that posesignificant operational and financial risks.
  4. 4. 4AnalysisThese four groups of best practice recommendations stem from Gartner’s interactions with organizationsconsidering a cloud services-based sourcing strategy.1For each best practice we provide an outline ofrisks and possible mitigation actions.Make Sure Both Your Company and the Market Are ReadyEnsure Local Market Readiness and MaturityRisks:Many cloud offerings are early in the Hype Cycle, which introduces market maturity risks.2Access toreadily available, reliable, secure and low-cost network connectivity can also be an issue in remotegeographies.3Without such access you can’t take full advantage of new offerings without unnecessaryexecution risk, nor leverage lessons learned by early adopters in more mature markets.Mitigation:Review the maturity of cloud services offerings in your market, other organizations’ cloud serviceadoption, and the quality of network availability/access — then tailor your sourcing strategyaccordingly. Ensure that the local offerings provide the desired level of maturity, cost-effectiveness andscalability or consider collaborating with providers to invest in cloud service offerings that align withyour requirements.Figure 1 illustrates how these risk elements can be integrated into a straightforward sequencing ofyour sourcing action plan for your cloud services sourcing strategy. Use a cloud readiness assessmentprocess and then use a deal sweet-spot analysis as part of the market scan to speed up the shortlisting ofprospective cloud service provider offerings.RASS = reliability, availability, scalability and securitySource: Gartner (January 2013)FIGURE 1 Stepwise Approach to Meeting Your Cloud Services Requirements
  5. 5. 5Address Technology and ArchitectureReadiness and MaturityRisks:Many enterprises are unaware of significantarchitectural barriers to migrating existingapplications, and particularly high business-transaction-based ERP workloads, to the cloud.4Most high-volume business transaction applicationplatforms are between three and five years awayfrom being mature enough for early mainstreamconsumers to consider moving some traditionalworkloads to cloud-enabled application platforms.This often leads to “cloud Frankenstein” scenarios,with multiple architectures at various levels ofmigration to the cloud, increasing complexity,operational risk and life cycle costs.5Mitigation:• Consider common infrastructure architectureand platforms and consolidate architectures ifneeded prior to cloud migration.• Use a phased approach to implementing cloud-based applications.• Prioritize your application portfolio formigration to the cloud.Not all applications will be viable candidatesfor migration and those that are may requiresignificant remediation and replatforming to workin a virtualized environment.Define a longer-term road map for remediating/migrating applications to cloud-based services.For each phase you should define the subsetof applications and underlying technologiesto migrate, while also defining the applicationinterfaces and handoffs required to ensureseamless delivery of business functionality to usersand easy supportability of the hybrid architecture.Also assess which applications should be runon a private or hybrid cloud and which mightbe candidates for public cloud, such as email ordevelopment and testing environments.Address Organization Readiness andGovernance ImpactsRisks:Enterprises are at different states of organizationalreadiness for cloud migration and many lack thedecision-making processes needed for such majorchanges in IT direction. A common governancemodel is essential to guide cloud decisions.6Moving to cloud services also means dealingwith smaller and less mature vendors that maybe technologically innovative but lack maturityand discipline when it comes to standards andgovernance.Because providers are responsible for most ofthe services involved in cloud delivery, clientcompanies retain only strategic direction-settingrelated to business and technology priorities. Thosecompanies must, therefore, rely more heavily onalignment and governance processes — as wellas outcome-based performance measures — tomanage and oversee the outsourcing relationship.This represents a significant shift in responsibilitiesand some companies will struggle to staff, manageand maintain the appropriate level of control overthe cloud provider.Mitigation:Assess your organization’s readiness to adoptcloud service offerings at the early stages ofstrategy planning. Consider both the maturity ofgovernance structures and processes and the skillsets offered by the target retained organization.Incorporate change management in cloudstrategy execution. Clearly identify roles currentlyperformed in-house or through other providers thatwill need to be performed by the cloud servicesprovider, and assess the impact of this change oncontrol over technology and architecture decisions.Define areas of decision making and control thatwill be retained, as well as dependencies andhandoffs with the provider that enable end-to-end coordination between decision making andexecution.Develop a model for the future-state retainedIT organization and identify skill sets neededto support an interaction model with the cloudservice providers for ongoing service delivery.Define and establish outcome-based performancemetrics that focus less on operational control andmore on delivering the business and technologyoutcomes required.
  6. 6. 6Finding Cloud Services That MeetYour RASS RequirementsProtect Data Sovereignty and SecurityRisks:Privacy, sovereignty and security of data areconcerns in most mature IT economies. Processingdata in the public cloud means you have littlecontrol over where that data is stored/processed,and limited ability to audit/assure that it meetsregulatory compliance.7Thus, it is more difficultfor companies to define their data’s geographicfootprint at any given time or to address datasecurity and privacy issues in order to containrisk.8Some cloud providers still refuse to tellclients where their data is physically located or toguarantee that data is held locally (in the samecountry).Increasing government incursion on data use,added to location issues, poses an operational riskthat is a particular barrier to entry for clients in thepublic, health and financial sectors that requirecritical data to reside in the same jurisdiction.9While global and local providers offer servicesbased on locally situated, shared infrastructure inmajor markets, these may not provide the cost-effectiveness, scalability or service maturity youneed.Mitigation:Develop a comprehensive policy for data location,privacy, security of access and processing, andensure that providers are contractually obligatedto comply with these provisions. Contracts shouldunequivocally state that cloud providers will notshare personal data with anybody other than thoseapproved third parties that are required to providethe services, and that clients are notified (and mustprovide approval) before data is moved. Contractsmust also allow for specific reporting and auditingcapabilities, to ensure ongoing compliance. As partof your pilot you should validate data transmissionsecurity and verify the physical location in whichdata is processed/stored.Retain Control Over Your DestinyRisks:Cloud providers can change their technology andarchitecture without your knowledge or approval.10Most major organizations will not rely on a singleprovider for all their IT solutions, meaning thatongoing interoperability with other technologiesand integration with their existing systems, as wellas lack of performance guarantees, can presentavailability and performance risks.Mitigation:Define and implement clear governance modelsfor vendor decisions that could have an impact ontechnology and architecture changes. If possible,build in provider obligations for the performanceof third-party interfaces. Look at the cloud servicebrokerage role for simplifying the integration ofthe various components in your cloud ecosystem.Put business-aligned service levels in your contractto ensure the cloud services can deliver the end-to-end performance required by your business.Pilot the Candidate Cloud ServicesRisks:Early adoption of new technologies and serviceofferings, major migration decisions, and bettingthe future of your IT and business functions onnew developments carries major risks. Worst-casescenarios include costly project overruns, businessprocesses not working properly and the businesscoming to a standstill because core functions don’twork efficiently or properly. Comparing differingcloud service offerings is difficult as they oftenhave different technical and service roots and DNA,as we can see in the evolution of offerings fromAmazon Web Services and Google compared totraditional providers like IBM, HP or CSC.Mitigation:Assess the suitability for cloud services innon-critical business areas and build up aworking knowledge of what those cloud serviceofferings can offer. This might include commonoffice systems such as email as well as usinginfrastructure as a service (IaaS), which is easierto use in test and development environments (seeNote 2).
  7. 7. 7Do a market scan and use a deal sweet-spotanalysis to shortlist candidate offerings — to pilota small number of services to validate vendorclaims across a select range of services. Areas toassess include whether solutions provide easeof access, scalability and use; good security;performance under load and consistency with yourarchitectural policies. Develop test criteria andsuccess factors to evaluate the pilot and to act asstage gates for decisions to expand.Confirm the Commercial Viability ofCloud SolutionsInsist on Balanced Contractual TermsRisks:Factors related to contract, pricing and transitioncan expose you to significant operational andfinancial risks. Cloud services contracts are lessmature, and typically have standardized butsimplified sets of master services agreementclauses and limited schedules relative totraditional IT services contracts.11Many cloudservices providers reserve the right to changeall or part of the agreement once it is signed, orto cancel services with minimal notice. Thesepractices expose users to risks related to thetechnology solution meeting business needs,limited control over their longer-term risk profile,and limited recourse in the event of issueswith service delivery — thus transferring theincidence of risk disproportionately onto the clientcompany.12Mitigation:Approach contracts for enterprise-focused, cloud-based services expecting providers to providesimilar protections — related to performanceand liability — to traditional services contracts.Changes in service terms must be based on mutualagreement rather than a unilateral right for theprovider. This will lead to some providers beingexcluded from consideration. Build compliancewith your desired contract terms and key servicelevels into your evaluation of any cloud service, aswell as the usual solution functionality and costsavings. If you cannot accept the risks, exit thenegotiations.Control Transition and Transformation RisksRisks:Because most cloud offerings are not matureenough to support moving traditional enterpriseworkloads to cloud-enabled application platforms— and migrating and transforming applicationportfolios to support cloud services can be costly— failures in either area can pose critical risks.Mitigation:Understand that application transformationand replatforming are necessary prerequisitesfor the transition to cloud-based services. Youshould incorporate transition costs into the cloudbusiness case and manage any transformationactivities as higher-risk projects.Define clear provider obligations for yourmigration to the cloud and link one-timetransition payments, and the start of ongoingcosts, to the acceptance of specific deliverablesrelated to the transition. During the pilot stageassess cloud implementation providers on theirtrack record in similar exercises and on theirability to use repeatable conversion/migrationprocesses to reduce transformation risks.Leverage established operational frameworks toreduce transition risks.Beware Unintended Price ImpactsRisks:Cloud contracts rarely guarantee reduced costsover time (see Note 3) and present a range ofhidden costs that can lead to adverse pricingvariations, as we see in many mobile phonepricing regimes.Mitigation:For enterprise-based services, negotiate acommitment to annual unit price reductions andbuild in volume-based pricing bands to avoidescalating costs.For commoditized cloud services use themarket’s natural competitive forces to drive downpricing, but ensure you can renegotiate pricing ona regular basis.
  8. 8. 8Avoid Hidden “Gotchas” ThatPose Significant Operational andFinancial RisksMitigate Provider Lock-InRisks:Risks related to provider or technologydependence do not vanish with cloud services.Once contracted, a cloud service provider maydeliver its contracted services in perpetuity. Inreality, and with providers having control overmost parts of the standardized delivery model,client companies are more critically dependent onproviders than in traditional models.Getting your data back after a contract termination(see Note 4), as well as the time it takes to switchto a new provider, can pose significant risks (seeNote 5).Mitigation:• Review the architectural compatibility ofyour service options to minimize the risk oftechnology lock-in.• Ensure that any termination clauses have clearprovisions for protection of intellectual property(IP) and transfer of data to you smoothly andwithout cost.• Prepare for a provider switch to be executedquickly to ensure continuity of service.• Ensure that contracts provide for all data to bereturned in a predefined format within 30 daysof termination and for the provider to maintain,back up and secure the data until it is returned.• Negotiate terms that allow no termination forthe provider’s convenience and, failing that,negotiate for at least six months’ notice forthe provider to terminate (see the previousdiscussion on balanced contract terms).Retain Control Over Offshoring DecisionsRisks:Global service delivery models are a key tenetof many cloud service offerings. Withoutappropriate visibility, clients may find asignificant part of their service delivery beingcarried out in offshore locations, often withouttheir knowledge.13This can expose clients toprivacy and security risks as well as significantlyhigher cultural, reputational, customer retentionor political risks, even if providers ensureappropriate controls over operations.Mitigation:Identify which roles must remain onshore (oreven on-site) and which roles can be deliveredfrom offshore locations. Retain control overapprovals for any offshore delivery resources.Specify data access standards and policies,including technical standards for encryption andtransmission; access controls at the offshoredelivery location; and background and/orsecurity check protocols for offshore resourcesthat access client data.Avoid Shelfware as a ServiceRisks:Shelfware as a service is the concept ofpaying for a software subscription that is notbeing accessed by an end user. Underutilizingthe contracted number of licensed seats orprocessing units leads to hidden costs andsuboptimal ROI.Mitigation:Ensure you have good demand managementpractices in place for your cloud services anddevelop integrated and proactive capacityplanning practices to address changes across thetechnology stack.
  9. 9. 9Evidence1Gartner analysts take regular calls on cloudservice options. We have also taken an average of11 sourcing strategy calls per month in the pasttwo years, which invariably include discussion oncloud service options. In addition, a range of clientexamples and material cited in the notes emanatefrom Gartner’s consulting assignments.2Gartner’s Hype Cycle analysis shows that, whileglobally many cloud service offerings are in earlyphases of adoption, the level of adoption of keyservices like IaaS and SaaS varies considerably indifferent countries around the world.3At a major global company with operations acrossthe Middle East, Asia and Africa, the majority ofemployees were unable to access cloud-basedservices due to issues with network availabilityand/or access, leading to cloud services beinglimited to mature locations in North America,Europe and parts of Asia/Pacific, and use ofalternative local solutions for other markets,leading to significantly higher complexity and cost.4High-transaction application platforms (ERP orbanking, for example) often need a distributedarchitecture across multiple high-availability datacenters.5A major North American company evolved tofour different versions of IaaS architecture, eachtailored to specific virtualization technologies andservice models, leading to the inability to executeenterprisewide architecture or sourcing strategies.6For a major global company, the federated ITdecision-making model and high level of businessunit (BU) autonomy led to multiple initiatives andstandards. The company needed to evolve a strong,centralized decision-making and governanceprocess to coordinate standards, service delivery,and delineations between local and central IT, andinclude other functions such as procurement, legal,and architecture in the governance model.7For example, while the Patriot Act provisionsrelated to data located in the U.S. is a commonconcern for companies located in other countries,similar risks exist in several other jurisdictions.Several major countries, such as China, India andthe U.K. seek similar or higher levels of visibilityinto data by law enforcement agencies. There arealso specific considerations in banking and healthin Europe to name a few regulatory, privacy andsecurity constraints.8Canadian public sector organizations and otherentities with significant sovereign oversight findmigration to cloud-based services a challenge dueto the location of most mature cloud providers inthe U.S., which limits the range of services that canbe migrated to the cloud.9In some North American and Canadian states orprovinces, the need for personal data to be residentwithin the boundaries of the state/province posesan additional barrier to cloud execution.10One large U.S. healthcare player’s cloud vendormoved unilaterally to a new architecture andtook data outside of its protected environment— leading to significant issues with regulatorynoncompliance.11Several popular cloud providers are wellknown for contracts that offer a lower level ofcommitment to warranty, fit for purpose, regulatorycompliance, or limitation of liability, which are allcritical considerations.12A major North American company had tolearn the hard way that cloud service providerslike Amazon and Google would not bend froma contractual standpoint. For example, Amazonwould not even agree to a nonassert clause, whichessentially meant that the client would have noprotection of their IP.13For a large Canadian client with a significantstrategic role in economic management and publicpolicy, the outsourcing vendor gradually movedcritical technical skills offshore without informingthe client. This led to significant issues in thesupport of complex high-volume transactionalapplications and inability of the client to accessspecialized resources when required.
  10. 10. 10Note 1Cloud-based services include infrastructure as aservice (IaaS), platform as a service (PaaS), softwareas a service (SaaS) and integrated platform-basedbusiness process services — business process as aservice (BPaaS).Note 2Two major Gartner clients have adopted privateIaaS as a pilot of cloud use, focusing initiallyon nonproduction application developmentenvironments and eventual expansion to otherenvironments upon successful execution of thepilot against predefined success criteria.Note 3In traditional IT service contracts, clients expect areducing cost profile for services, based on threefactors: declining cost for technology inputs overtime; increased productivity of service delivery;and reduced costs based on higher volumes.The first two factors can lead to a 5% to 8% peryear reduction in annual costs over three to fiveyears (as described in the presentation “DrivingOutsourcing Cost Reductions Through Innovationand Productivity Improvements” presentedat the 2009 Gartner Outsourcing and VendorManagement Summit. The third factor can lead toas high as a 50% to 70% reduction in unit costs forincremental volumes 25% higher than baselines,based on Gartner’s review of recent unitizedpricing in traditional managed infrastructuredelivery models.Note 4When a contract does not specify that dataneeds to be returned in a specified file structureat termination, and providers use proprietaryencryption for data storage, clients have significantissues with access to data and providers havescant motivation to assist. Some contracts alsostate that, if a client has not transferred the datawithin 30 days, the cloud services provider hasno obligation to provide security or backup of thedata and can destroy it after this period unlessprohibited by law. Providers also charge transferfees (per GB of data, for example) to return data,which can be a significant cost when you includebackup files and archives.Note 5A number of cloud contracts allow the providerto terminate the agreement with 30 days writtennotice, or within 30 days of renewal. For somecloud capabilities, it would be almost impossibleto find an alternative solution and migrate to itwithin 30 days. For example, a major Canadiancompany was presented with a “take it or leaveit” contract from a cloud service provider thatcontained no provisions for data access andtransfer upon termination, giving the provider theunilateral right to destroy data after termination.Despite a favorable business case for the migrationto cloud-based storage, this provision made thetransaction unviable for the client.Excerpt from Gartner RAS Core Research Note G00239237,J. Longwood, E. Wilson-Smythe, 18 January 2013
  11. 11. 11Singin’ in the Rain and Workin’ in the CloudWhether we realize it or not, most of us haveexperienced and benefitted from cloud services;Amazon®, Google, Facebook®, and Apple® haveall seen enthusiastic market response to theirproducts and solutions. Consumers now rely onthese companies to shop, read the news, sharephotos, and download music on a daily basis.Therefore, it should come as no surprise that cloudcomputing can be used by organizations of alltypes and sizes to enhance customer relationships,improve collaboration amongst employees andpartners, and achieve cost-effective and flexiblemethods for meeting market demand and growthobjectives.A Gartner report recently cited by Zack’sInvestment Research considers current demandand forecasts this segment of cloud service togrow globally from $3.7 billion in 2011 to $10.5billion by 2014.In the article, “The Four Key Risks of Developingand Executing a Cloud Sourcing Strategy,” Gartneroffers a checklist of key challenges and bestpractices to reduce risks when executing yourown plan. Gartner offers valuable insight fromindustry experts that can assist organizations of allsizes. Before you consider these key challenges,you may want to have a clear direction as to howyour organization can take advantage of cloudresources.In basic terms, cloud computing − from hostedmail and desktops to virtual private servers −allows you to rent services in lieu of purchasingand deploying new hardware and licensingsoftware. It differs from legacy hosting modelsin three key areas: cloud computing is sold ondemand; it is flexible, allowing a subscriber toemploy as much or as little as they want at anygiven time; and the service is often fully managedby the provider. Depending on your organizationand the type of data you are working with, youwill want to compare various models of cloudcomputing (public, private and hybrid) in terms ofthe levels of security, data management and thetype of support you require from your provider.Cloud computing is easier to budget for thantraditional on-premise information technology. Itdoes not always necessitate a dedicated IT team,eliminates the need to allocate funds for excessresource capacity, and never depreciates in value.Many organizations that have deployed hostedproducts are now able to re-focus existing in-houseresources on enhancing core competencies andcreating competitive differentiators.Cloud Computing is a Broad UmbrellaFor all newly initiated technologists and businessowners, it is helpful to first map your needs to thecategory of cloud service that can best serve yourorganization. Each business is a wholly uniqueentity; solutions are malleable enough to meetthose differing demands. Three categories haveevolved over the past several years and each offersits own unique set of benefits.Software as a Service (SaaS) is perhaps the mostfamiliar of the three categories. SaaS is sold on asubscription basis and offers software for commonwork functions such as e-mail (using POP mail orMicrosoft® Exchange mail), desktop applications(such as Microsoft Office), and for more specializedfunctions such as accounting, payroll, or customerrelationship management.Infrastructure as a Service (IaaS) offers businessesremote access to hardware and networkingequipment, such as servers, CPUs, and storage andbackup devices. Thus, the business owner andin-house IT team are freed from maintaining andmanaging this hardware.Platform as a Service (PaaS) provides sharedresources—including hardware and software—thatare available on demand. PaaS provides businesseswith a platform on which they can create anddeploy custom apps, databases and line-of-business services integrated into one platform.Examples of PaaS include Windows Azure andGoogle App Engine.
  12. 12. 12Leveraging the Cloud for Your BusinessCloud computing allows small and mid-sizedbusinesses (SMBs) to reap the rewards of nothaving to deploy physical infrastructure like fileand e-mail servers, storage systems or shrink-wrapped software. Additionally, the ease ofaccess and availability of these solutions leadsto hassle-free collaboration amongst employeesand business partners. Cloud services also provideemployees who work remotely, entrepreneurs,and mom-and-pop businesses with access to anarray of software and technical support that wouldotherwise be cost-prohibitive and difficult tomanage as on-premise, local solutions.It’s not a stretch to say that many of today’s smallbusiness technology needs can be fulfilled almostcompletely with cloud-based offerings.Business owners have become increasinglyconfident in the cloud as a secure, cost-effectiveoption, and IT departments now want to reducethe complexity of their own in-house computingenvironments. SMBs had previously been unableto share in these advantages because the lack ofaffordable services and the limited availability ofhigh bandwidth didn’t offer the right conditionsto build successful business models centered onoffering these businesses a full selection of hostedproducts. But now, that’s all changed.Enterprises and the CloudAdhering to regulatory and compliancerequirements and the safety concerns of dataaccess are of critical importance to healthcarecompanies, financial firms and government offices.Keeping business data and customer informationsecure has become quite an undertaking with theincreasing diversity of endpoint equipment such asservers, desktops, laptops, and mobile devices. Thechallenge and cost of securing web applicationsand complex networks have grown exponentially.Counting on in-house facilities to avoid disruptionsto computing resources is an expensive and time-consuming endeavor. Business continuity plansthat include cloud-based storage ensure thatcritical business data is available to employees,customers, suppliers and regulators. If yourbusiness were to suffer a weather or power-relatedshutdown (i.e. Hurricane Sandy), your data wouldnot only be preserved but could be accessedfrom locations other than your physical place ofbusiness. By taking advantage of hosted servicesfor disaster recovery and file back up, you benefitfrom the consolidation of your server footprint.
  13. 13. 13Securing Data is Not at Odds with CloudComputingCan municipalities, health care providers,insurance and law firms, and other businessesthat must follow strict security measures reallyfind security in the cloud? New security modelssuggest the answer is yes. Already, providers havetightened their virtual security belts with increasedsafeguards. Auditing standards are keeping pacewith the industry and ensure service providers havecontrols in place to protect customer data. Newcryptographic parameters have been introducedfor storing, securing, authenticating, and retrievingdata for maximum security in the cloud. Serviceproviders have developed sophisticated methodsfor protecting against intrusion software, whichattempts to break barriers between different users’programs and data. For example, virtual privatenetworks are used to encrypt data transmissions,and firewalls are employed to keep unauthorizedusers from accessing systems.Companies dealing with strict regulations, suchas healthcare organizations, are safely operatingin the cloud. An early adopter of cloud-computinguse is the National Electronic Disease SurveillanceSystem (NEDSS). Local municipalities andtownships were able to subscribe to the NEDSSBase System software, with each state having itsown version, customized to their needs – however,sharing the infrastructure and support costs forthe private data center with the Center for DiseaseControl and Prevention.For those who imagine that securing data is atodds with using hosted services, a case to considerin which the two coexist effectively is the U.SDefense Information Systems Agency (DISA). Ina 2011 article, DISA’s chief technology officerpointed to cloud computing as having been asuccessful way of sharing information across theArmy, Navy, Air Force, and Marines to facilitatejoint information sharing.What will Work for your OrganizationIt’s clear that businesses are embracing cloudservices to reduce costs, to greatly enhancethe security of private company and customerinformation, to increase the availability and qualityof computing resources, and to offer employeesmore productive and flexible work environments.With many types of these products available and,the flexibility to migrate as little – or as much– of computing resources to a cloud provider,there’s only an upside potential to be gained byinvestigating your options.SkySphere®, only from CornerStone, has broughta broad range of cloud computing and cloud voiceproducts to business customers around the globesince 2001. CornerStone’s team of software andvoice services hosting professionals has helpedthousands of customers by advising them on howto best deploy these solutions. Discover how yourorganization can utilize the elastic nature of cloudcomputing so you’re able to meet the rapidlychanging demands of your customers and continueto outpace your competitors. SkySphere productsprovide the flexibility you need to leverage thebenefits of new technology and comply withchanging industry regulations without the burdenof making substantial investments of your ownorganization’s time and money.With SkySphere, you’ll enjoy working with highlyqualified industry professionals, an operation thatis SAS 70 Type II certified and Data Centers andan Exchange Platform that are SSAE 16 SOC IIcertified. SkySphere’s product line is deliveredover robust platforms thanks to our partnershipswith international leaders. SkySphere, only fromCornerStone, is a Microsoft® Gold Certified Partner;meets the stringent requirements necessary tobecome an Intuit-Authorized Commercial Hostingcompany; is a Zix Corp.® Diamond business partnerfor the de facto standard in e-mail encryption;a Parallel’s Regional Partner of the Year awardrecipient; a member of the Blackberry AllianceProgram; and has integrated with BarracudaNetworks patented anti-spam and anti-virussystem.Source: CornerStone
  14. 14. 14About CornerStoneIn its ten-year history, CornerStone TelephoneCompany has grown from a two-person start-up to an established 110-employee advancedcommunication solutions provider, with over13,000 customers throughout the United Statesand around the world. We have been recognizedrepeatedly by Inc. 5000 as one of the fastest-growing private companies in the United States.CornerStone has grown both organically andthrough acquisition. In 2008, Richmond TelephoneCompany (RTC), and its CLEC, Richmond Networx— both based in Richmond, Massachusetts — wereacquired. In 2011, three additional companies wereadded: the cloud computing companies DistrubedApplications Technologies (DAT) and ActiveHost,both based in New York State’s Capital Districtarea, and Public Interest Network Services (PINS),a facilities-based CLEC and data-hosting providerbased in Manhattan.’ in the Rain and Workin’ in the Cloud is published by CornerStone. Editorial content supplied by CornerStone is independent of Gartner analysis. All Gartner researchis used with Gartner’s permission, and was originally published as part of Gartner’s syndicated research service available to all entitled Gartner clients. © 2013 Gartner, Inc.and/or its affiliates. All rights reserved. The use of Gartner research in this publication does not indicate Gartner’s endorsement of CornerStone’s products and/or strategies.Reproduction or distribution of this publication in any form without Gartner’s prior written permission is forbidden. The information contained herein has been obtained fromsources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject tochange without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should notbe construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research.Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input orinfluence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence andObjectivity” on its website, fromCornerStoneSkySphere