Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171

Report Details

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer. The risks associated with Cloud computing depend upon both the service model and the delivery model adopted. This document focuses on two specific risks – availability and lock-in.

A major objective of IT services is that systems, applications and data are available to authorized users when and where they are needed. Benefits of the Cloud are that, because of its scale, it can potentially deliver services that are more resilient to failure, and more responsive to changing levels of demand. However adopting Cloud computing necessarily cedes some control of some of the IT infrastructure to the Cloud Service Provider (CSP). So how can an organization adopting the Cloud make sure that this will satisfy its need for business continuity?

KuppingerCole’s opinion is that organizations adopting the Cloud need to determine the business needs for continuity of any services and/or data being moved to the Cloud. They should have policies, processes and procedures in place to ensure that the business requirements for business continuity are met. These involve not only the CSP, but also the customer as well as intermediate infrastructure such as telecommunications and power supplies. These policies, processes and procedures for the Cloud should form part of a complete business continuity plan. Such a plan is part of the operations of what KuppingerCole defines as the “IT Management and Security” layer within IT organization, which is described in the KuppingerCole Scenario “Understanding IT Service and Security Management” (#70173).

It is often claimed that the Cloud provides flexibility but how easy is it to change CSPs? There are a number of factors that can make changing provider difficult. There may be contractual costs incurred on termination of the service contract. The ownership of the data held in the Cloud may not be clear and return of the data on termination of contract may be costly or slow. When data is returned it may not be in a form that can easily be used or migrated. Cloud services (built using Cloud Platforms, PaaS in particular) may be based on a proprietary architecture and interfaces making it very difficult to migrate to another provider.

KuppingerCole’s opinion is that organizations need to balance the benefits of adopting a particular Cloud model and CSP against the potential risks and costs of becoming locked into that provider. Contracts should be carefully reviewed to ensure that ownership of data is clear and the terms for its return on termination of contract are acceptable. The risks of building business services based on a proprietary technical architecture are high and technical standards should be adopted where possible.

When selecting a CSP how can the customer ensure that the claims (for example regarding service availability) made by the potential providers be substantiated? The customer may wish to perform an audit of the provider but it may not be practical for the provider to allow every potential customer to perform their own audit. Certification of providers by a trusted third party is a way to satisfy this need.

KuppingerCole’s opinion is that certification of providers can provide an independent confirmation of their claims about services provided. However it is important to understand what these service organization controls (SOC) reports cover.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Oct 06, 2011

Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a…

€295.00 Get Access
Mastercard Visa PayPal INVOICE

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

Not Just Another Buzzword: Cyber Risk Governance

Today, companies are increasingly operating on the basis of IT systems and are thus dependant on them. Cyber risks must therefore be understood as business risks. The detection and prevention of cyber security threats and appropriate responses to them are among the most important activities to [...]

Latest Insights

Hot Topics

Spotlight

Privacy & the European Data Protection Regulation Learn more

Privacy & the European Data Protection Regulation

The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00