Non-Technical Checklist: CFO Audits Cloud deployment costs five points

The increasing use of cloud computing and the rapid changes in cloud adoption pose a challenge to the corporate CFO and other executive layers that need to sign or reject cloud deployments.

The executive layer may have dedicated its IT staff to technical surveys of cloud providers, implementation options, and technology choices, but what are the non technical considerations? The cost advantages of cloud computing may be attractive to senior officials, but non technical issues can affect the bottom line of delivering business services.

The following five points provide guidance to the corporate CFO in assessing possible cloud computing options.

1. Understand the service risk.

There is no single whole cloud service or cloud computing model. The different enterprise's service purchase choice is various, in order to meet its demand, from the virtual server to the http://www.aliyun.com/zixun/aggregation/13476.html "> Business process namely service." Each cloud service has the risks that the CFO needs to know, including vendor lock-in, data accessibility, and integration.

The risk of buying virtual servers on an on-demand basis is low, and it is relatively easy to convert to other public cloud providers, either to blend in or to localize all operations. If the developer is using a platform as a service (PaaS) architecture, including application and database services, they will be able to evaluate the work required to transfer the development functionality to another platform, which can help you determine the decision. If you are using a cloud service provider for core background business functions, such as human resources management, make sure that the provider integrates with other cloud vendors and if you switch to other services How to access the data. The higher the dependency on a single vendor's private system, the higher the cost of running over the long run, if you need to move to another vendor or integrate with other vendors.

2. Cloud Downtime Plan

Understand the risk of cloud service downtime. If you completely need reliable, continuous access to virtual servers, consider investing in cloud management services, which can manage access to a wide range of public cloud providers. Use multiple cloud providers to reduce the risk of data accessibility; If a provider crashes, you can switch to another. Prepare your cloud downtime plan ahead of time; planning and implementing the transition during downtime is a challenge, along with many potential bugs. For example, are your machine image copies accessible or are they only stored during cloud provider downtime?

Also consider the need for multiple copies of the data. Moving computing from one cloud to the next can be done quickly if you have a mapped or configured script available. Transferring large amounts of data can be time-consuming. Consider replicating data between a single cloud provider's data center, across cloud providers, or within its own data center. Cloud downtime can result in inaccessible applications, while downtime and low productivity for consumer-facing systems mean loss of revenue.

3. Assessment of Service level agreements (SLA)

The service Level agreement (SLA) explains in detail what you can get from your service provider. Typically, includes availability commitments and downtime compensation. Consider the time period to evaluate availability. 99.9% uptime is guaranteed to be better than the average availability commitment of the year. In the former example, you may be one months down for three hours without compensation, and the latter you may be down for 36 hours a year without compensation, either of which is not what we expect.

Storage providers should provide data loss assurance. Your backup and recovery strategy should reflect the details of potential data loss in the cloud storage SLA. SLAs are the tools of compensation if you do not receive services from the cloud provider. Pay particular attention to claims, including the need to log in to a detailed application to demonstrate downtime. If you don't advance your phone, you may not be able to sue.

4. Review compliance

Compliance is a common concern of the public cloud. The cloud provider ensures security and process certification, such as ISO 27001 and SSAE 16, to demonstrate operational control and payment card industry safety standards. In cloud deployments, these certifications can effectively address your concerns about cloud security, but will not address security practices within the enterprise. You may need to focus on the process of transferring data and applying code in and out of the cloud. Is your data transfer method safe enough to meet your requirements? Does your document retention policy force the document to exist on the cloud? Are there data classification patterns and related policies that define what data can go into the cloud and what stays local?

Clear definition of security requirements will help guide your IT staff in implementing the cloud with effective internal security controls. Error matching between requirements and controls can lead to security flaws or losses.

5. Estimate all cloud deployment costs

The CFO's primary responsibility is to control the company's finances. Cloud computing provides a lot of cost savings, but if not managed, computing and storage costs are the funnel of the budget.

On-demand computing instances are simple and flexible, but they cost more than other options. Examples of on-site instances provide low price, but less availability commitments. Similar high-performance storage is ideal from an application performance perspective, but may not be necessary or worth consuming in many cases.

Choices such as Amazon Glacier (archived storage services) offer low costs, but the relative time, like its name, is slower, measured in hours rather than seconds. When considering project costs, the CFO must consider the alternative pricing model for calculation and storage.

(Responsible editor: Lu Guang)