Today’s Cloud solutions range from platform services to full-blown ERP holding the key to Enterprise Information. It is very easy to get carried away and forget the efforts of creating the Enterprise Data and existing Analytical capabilities. Getting rid of the cost of managing the HW/SW and other Operational expenses is only part of the story. Any company which does not take into account the exposure and the amount of data being transferred to cloud applications will be grossly mistaken.
I learned from my CIO during my tenure as Data services manager for a hospital, how important it is to read the fine print when signing the contract with the hosting vendor. Especially in Healthcare it is typical to have third-party hosting and a handful of employees managing the application. The same rigor applies to Cloud applications, with vendor consolidations and not having proper SLA/Contract, the impact to the business will be very high. Data implications are enormous if the disruptions are real. Migrating from one application to another is not trivial especially if IT is not in the loop.
Regular audits and exposure compensations are not negotiated upfront causing overall concerns. As per Gartner “Concerns about the risk ramifications of cloud computing are increasingly motivating security, continuity, recovery, privacy and compliance managers to participate in the buying process led by IT procurement professionals.”.
Here are the four areas Information Governance should consider for cloud applications, especially if it is part of the Enterprise Strategy.
- Is security comparable to what you might have in your Enterprise?
- What is your exposure if there is a security breach?
- Do you have an SLA / expectations spelt out in your contract?
- How granular is the access for information?
- What level of controls you can put in place to meet your regulatory and other expectations?
- Business continuity – plans, measures, SLA’s
- How well the data is integrated into Enterprise data?
- What is the backup/recovery plan and access to your data?
- Who is involved in selecting / benchmarking the Cloud applications?
- What is the process for signing up Cloud services? Is it departmental or Enterprise Involvement?
- Is overall SLA’s / Governance process defined for the Cloud Application?
- Financial strength of Cloud Vendor