Cloud computing has been used for years. Be it in the form of a public or private cloud, as SaaS, IaaS, PaaS or as a combination form such as hybrid, virtual private or multi-cloud. Companies always see advantages in the flexibility of scope and application and the corresponding cost accounting based on actual benefit. These aspects are particularly important concerning the digitization of business processes in the sense of VUKA and mobile work. But there are a few very clear dos and don’ts when ascending into the world of clouds.
Don’t do it:
Not clearly defining ownership claims: With every form of cloud use, one thing must be ensured: the data is not retained by the cloud provider or managed with a technology that makes customers dependent on this same provider. This approach, known as vendor lock-in by cloud providers, is not recognizable as a problem at first glance. However, it becomes one when the provider ceases to provide services or customers switch to another provider. “In these cases, customers may be asked to checkout to regain possession of their data. If the provider has used non-standardized technologies for storage and management, it is very time-consuming to migrate data. Here, too, the customer sometimes has to make additional payments. An absolute no-go
Do not inquire about encryption in detail: Companies worry about data protection when exchanging data via the cloud. This is sometimes justified because if the data transmission is not encrypted, third parties can intercept it. As a result, only those who offer this service come into question as a provider. But there are also differences after the transfer. A cloud-only complies with GDPR requirements if storage, archiving, and management are also encrypted. »Just as the right to privacy is regulated by law, the GDPR particularly protects our data. Companies that work with such data must precisely document how they protect it, for example, through encryption during data transfer and storage. The same applies to the aspects where data is stored, for what purpose and for how long they are kept. The data must not leave the European legal area to ensure transparency and documentation. ”
Leave the measures in the event of data loss unclear: whether it is a hacking attack or the provider’s services are discontinued – data can always be lost. »Incident management is part of our industry. In these cases, companies seek support from experts. So anyone who, as a cloud provider, does not create a catalogue of measures in the case of a data loss with the potential customer during the consultation or does not even address this topic is both arrogant and unprofessional.
Not taking full advantage of cloud applications: The greatest advantages of the cloud are the flexibility of the applications and the freedom to book exactly what is needed and only pay for that. This facilitates enterprise resource planning and the implementation of test environments. Rigid constructions such as pure private or public clouds as a homogeneous solution are no longer up-to-date and limit the possibilities of combining high security and flexibility. Rather, solutions such as hybrid or multi-cloud are now the means of choice.
Maintaining compliance: As already mentioned, measures on the type and scope of data backup and risk scenarios and corresponding procedures in cloud projects are part of the contract in written form. Transparency is the keyword here. Clear information, such as data transmission and storage, and complex security concepts and action plans for incident management play a role here.
Living individuality: Before entering a cloud environment, you need to determine what is required: »What is expected of the cloud? Which processes should run through the applications? Is it sensitive data? «Entrepreneurs have to ask and define all these questions because cloud environments are now very individual – hybrid and multi-clouds make it possible. With the multi-vendor cloud strategy, companies use several providers and share services such as IaaS, SaaS or PaaS.