Security is one thing. Utilising the cloud can also mean that sensitive data is stored off-shore and IT managers must also answer the question: Where in the world is my data, and what laws apply to it?
The answer is far from straightforward. A myriad of standards need to be supported, such as ISO 27001 for information security, ISO 9000 for quality, compliance to privacy laws, the introduction of ITIL for the operations and quality of service. To do this, IT mangers must implement a robust governance structure.
Spotlight:Common cloud 'gotchas'
“IT managers must implement services according to ISO standards, with good governance and security monitoring,” says Harry Archer, head of BT Australia’s Business Continuity, Security and Governance Practice. “This should be followed up by audit and compliance checks and security testing in accordance with the ISO 27001 policy. Transparency with the customer is important during auditing and testing to ensure their confidence in the solution.”
Compliance regulations are often geographically specific. The cloud can provide for agility and unanticipated growth through ‘cloudbursting’ — dynamically deploying software into the cloud to address a spike in demand — but cloud outages render applications and data unusable.
Next: Vendor lock in