Cloud facilitates a new generation of technology and related impacts that have never been seen before.

With utility computing and on demand capabilities, many organizations want to jump on the bandwagon as soon as possible. As the Chief Executive, there are some tough decisions to be made. There will be people in your organization who say that Cloud is the best thing that happened since the emergence of the internet. Others will paint a picture of gloom and doom by citing issues such as security, privacy, control over data etc.

Cloud can enhance productivity by providing the infrastructure or application platforms and related tools to respond to customer needs quickly, giving organizations an edge over others that have not assessed such mechanisms, and the on-demand capabilities can lead to efficient utilization of resources. Cloud also facilitates mobility services since such services are available at a cheaper cost to the enterprise.

As the Chief Executive, the first step is to determine the existing business problems, how cloud can solve them and which areas can realize cost savings. The key is to look into return on investment and by doing a cost benefit analysis. The set up costs for the cloud are crucial in addition to the utility costs, since they can add up based on the complexity of the cloud service migration. It is important to decide which applications will be moving to the Cloud based on factors such as alignment with business requirements, cost savings, level of effort, benefits of the new solution, risks and a full assessment to determine business and functional benefits. One of the other aspects to look into is the existing staff, potential new hires and how resources can be dedicated to cloud initiatives.

I strongly encourage the Chief Executives to have a defined mission, vision and strategy in hand prior to any actions related to the cloud. The shift to the Cloud is may not be easy to reverse based on the complexity of the migration. While the move to virtualization introduced enhanced utilization, the Cloud migration can substantially revamp processes and technology. That's why decisions have to be made with a lot of thought and careful deliberation. For example, for software as a service, there may be some situations such as new applications that need to be spun up quickly and require relatively minimal integration with existing systems that are no-brainers. There are legacy systems and mission critical applications that may be left alone the way there are without any movement to the cloud.

Organizations should develop sound service level agreements based on overall objectives. The service agreements should outline service operations and what happens if these operations are not fulfilled. The service levels should be regularly monitored and updates should be made based on service monitoring. In addition, there have to be proper change management processes and procedures to make sure any cloud service provider changes do not adversely impact operations. This may occur if the provider upgrades the service or components on their end and these updates are not compatible with internal capabilities. Management aspects such as access, update, tracking policies for cloud related resources should also be specified. Data protection and security mechanisms should be defined to prevent the data from being compromised. A Cloud catalog that contains all available services and supporting mechanisms should be in place to facilitate effective service management.

The tough decisions are for applications that are non-mission critical and have medium integration impacts. The initial and projected cost implications for services have to be monitored regularly since services that are cost effective initially may end up being more as more users are brought on board. That is where the short term and long term gains have to be determined and documented. Standards should be followed, vendor lock should be avoided and a thorough assessment of vendors should be done based on vendor experience, ability to fulfill requirements, service management capabilities, features, portability, interoperability, security, training and related factors. From a security perspective, for government agencies compliance with FISMA and NIST requirements is important, also FedRAMP provides a standardized approach for security assessments, authorization, and continuous monitoring. Some cloud vendors have included information related to compliance programs, for example SSAE 16. This program provides guidelines and auditing reports of controls such as security, integrity, and privacy. This program is audited by a third party, and provides the assurance that the controls and policies specified are valid and being adhered.  Executives have some tough decisions to make for moving to the cloud, however with a good strategy, sound assessments and a clear path forward, the march to the new frontier can be successful and rewarding.

(This has been extracted from and is reference to Ajay Budhraja's blog)

• Cloud Expo NY: Enterprise Transformation Using Cloud and Cloud Platforms