Companies of all sizes, large and small, say they will begin moving an important part of their business to cloud services in the next year or two. However, while every business today is starting to get a start on deploying cloud computing, not all businesses are getting the results they want. This article analyses the five major mistakes that enterprises often make in implementing and deploying cloud services to your enterprise for reference, so as to avoid committing similar errors when deploying your organization:
1, did not choose the right cloud model
Companies moving to cloud computing can choose public cloud, private cloud, community cloud, or hybrid cloud.
Public Cloud: A cloud service owned by a cloud service provider that provides a multi-tenant service to the public and pays for the use of resources.
Private cloud: This is a form of deployment that is used internally by the enterprise as a single tenant.
Community Cloud: This is a cloud service shared by a group of tenants, often from the same industry.
Hybrid Cloud: The cloud is deployed in a way that spans all of the cloud deployment models listed above, allowing applications and data to move easily from one cloud to another.
Each type of cloud deployment has its advantages. Factors to consider before choosing a cloud service for which model to use include the importance of an application that the enterprise wants to migrate to the cloud service, related regulatory issues, the level of service required, the usage pattern of the workload, and how to make the application compatible with other related features of the enterprise.
2, does not integrate the cloud computing security policy into your enterprise's overall security policy
You must integrate your enterprise's cloud security policy with the enterprise's overall security policy. What your business needs, however, is not to create a new set of security policies for cloud computing, but to extend the enterprise's existing security policies to accommodate the additional platform of cloud computing. To modify your organization's original security policy for cloud computing, you need to consider similar factors such as where the data is stored, how the data is protected, who has access to the data, and the compliance with the relevant regulations, service level agreements, and so on.
When the above points are correctly completed, using cloud computing will become an opportunity to improve your enterprise security policy and overall security situation.
3, rely too much on the security of your enterprise cloud service provider
Do not assume that your company's data is safe because you are being serviced by a service provider. You need to conduct a comprehensive review of the security technologies and processes of your enterprise's service providers and learn how they protect your data and their infrastructure. Specifically, you should consider the following elements:
Portability of applications and data: Does your provider allow you to export existing applications, data, and processes from the cloud? and is it just as easy to re-import the data?
Physical Security in Data centers: How do service providers secure their physical data centers? Are they using SAS70II data centers and are their data center operators well-trained and skilled?
Access and operational security: How does your vendor control access to the physical machine? Who has access to these machines, how are the machines managed?
Virtual Data Center Security: Cloud architecture is the key to efficiency. Learn about details such as the architecture of compute nodes, network nodes, and storage nodes, and how they are integrated and secure.
Application and data security: to implement your strategy, cloud solutions must enable you to define groups, role-based access control, correct password policies, and data encryption during transmission and rest.
4, think your enterprise no longer need to be responsible for the protection of data security issues
Never assume that after you outsource your enterprise's application or system, you can give up the responsibility for defaulting on the data. It may be easy to misunderstand, but you must understand that your company still needs to be responsible for the data of the end customer and other stakeholders. Simply put, if there are related legal irregularities, it will be the CEO of your business to take the risk of going to jail, not the cloud provider.
5. It is not clear which regulatory laws should be used in the location of your business
The fact that data is safe in one country does not mean that it is equally safe in another country. Although in many cases, users of cloud computing services do not know exactly where their data information is hosted. At present, in the uniform data and its member law, the EU advocates very strict privacy protection laws, while in the United States, Governments and other institutions can access almost unlimited data information belonging to the enterprise.
Therefore, be sure to always know where your enterprise's data information is stored. Store the data in more than one place if necessary. It is certainly sensible to choose a jurisdiction in which your business still has the right to terminate a contract with a cloud service provider at any time when your data is unexpected. The service provider should also be able to provide the relevant data flexibility.
In short, companies must evaluate and consider relevant risk aversion before adopting cloud technology, and only those companies that have had a well-planned plan to start implementing and deploying cloud services can truly maximize the return on their cloud investment.