A CIO's guide to cloud risk management
A comprehensive collection of articles, videos and more, hand-picked by our editors
Part one of this two-part tip examined why CIOs and companies should consider a diversified cloud strategy to mitigate...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
the risks associated with a fast-moving, volatile cloud marketplace. Part two explores some of the complexities of this strategy, and how a company can know when it may not be a good fit.
Although a diversified cloud strategy can be effective in risk reduction and optimizing workloads, it's important to know when and how to use it. According to David Rutchik, a partner at Pace Harmon LLC, a management consulting firm that provides IT consulting and advisory services to Fortune 500 and middle-market companies, the factors that play into this decision include what type of cloud computing (e.g., public vs. private) a company is using; what type of data and applications it plans to put in the cloud; and whether it is using a diversified strategy in order to reduce risk or to optimize workloads.
Companies looking to outsource to multiple cloud vendors in order to optimize workloads will be taking on -- to put it mildly -- a complex task, said Rick Villars, analyst and vice president for datacenter and cloud at IDC. "Now you are not just having a bilateral relationship; you're going to have to manage the flow and movement and the quality of service over many different clouds," he said.
So, the strategy is two-fold. CIOs need not only to decide which suppliers to go with, but also to implement a governance structure for getting everything to work and flow together.
This is one aspect of a diversified strategy that concerns Jonathan Reichental, CIO of the city of Palo Alto. "There's a map of complexity to that. Everything has to talk to each other," he said. Plus, this strategy may require hiring new personnel "because not one person can know it all."
Rutchik agrees that a diversified cloud strategy may not be a good fit, especially when it comes to mission-critical applications and projects.
"You wouldn't want to parse up your SAP environment into five different places just because you want to have protection," he said.
As for using a diversified cloud strategy for mitigating risk in a volatile cloud vendor marketplace, Reichental, for one, prefers to solve that issue by choosing a cloud provider that isn't going anywhere -- in his case, Microsoft Azure. "This is not a startup, this is a significant global player," he said.
Though Reichental may have a point, Pace's Rutchik said forming a cloud strategy is not as simple as picking a successful cloud provider who isn't likely to go out of business. Azure, for example, had a global outage November 19, 2014, that lasted about 11 hours, and there have been times where businesses' websites have been down for 18 hours due to an outage with their "significant global" cloud provider. "That's just not an acceptable way to do business," Rutchik said.
In his view, the type of cloud provided by the cloud vendor plays a significant role in whether a diversified cloud strategy is really needed. With the public cloud, there are no protections or redundancies guaranteed, he said, so a diversified cloud strategy is necessary in order to gain some protection. With private cloud, not so much: "You can get service levels, you can get multi-year contractual commitments. You protect yourself … by having redundancy built into your overall agreement that has separate disaster recovery capabilities, that has termination rights, things like that," Rutchik said. "It's a different offering."
Fourteen questions to develop a cloud strategy
Strategies to migrate e-discovery to the cloud
How to exploit the cloud for business gains