Moving to the cloud: practical considerations for your organisation
Cloud technology has come a long way in recent years, to the point that an organisation moving to the cloud is more often than not a matter of when as opposed to if.
However, the popularity of cloud technology does not mean that it should be adopted without proper consideration and planning. Is it right for your organisation now? Do you need to make other changes before migrating to the cloud makes sense? What do you need to have in place to make the migration successful?
This article will offer some answers and some practical considerations. Every organisation will have different needs, but there are several more general points that can be made to give you a starting point.
Why has the cloud become so popular?
Cloud technology in all its forms has many benefits. At its most restricted, it can enable applications and tools to operate online rather than in the form of software that takes up a computer’s memory. On the other end of the scale, some organisations can run entirely in the cloud, with all their data and tools integrated with a cloud service provider.
In the past, there were security concerns over entrusting your data to an off-site cloud storage solution. These have now been largely laid to rest by the introduction of tangible quality guidelines, like the NCSC’s 14 security principles, and the knowledge that off-site data storage is often more physically secure than the company’s own premises would be.
Finally, the cost of cloud solutions makes sense for many organisations. Cloud service providers tend to charge recurring monthly fees that can be budgeted for much more easily than the cost of maintaining on-site systems, which tend to require large, sporadic expenditures to install and repair.
Businesses who move to the cloud benefit from their service providers’ economies of scale. This lowers the cost of storing their data as well as giving them the flexibility to increase the space they need.
Practical considerations for moving to the cloud
Moving to the cloud can be a complex operation, especially for larger organisations. It is important to clarify several different elements:
- The extent to which your organisation will use cloud technology;
- The criteria that you will use to determine the best cloud service provider;
- How the cloud will integrate with any existing information architecture;
- The logistics of migrating your data;
- How your staff will be trained to use the new systems in a secure and efficient manner.
Our cloud white paper covers the practicalities in more depth, including tying cloud technology into a secure data life cycle.
Choosing a cloud service provider
The first two bullet points refer to decisions that have to be made in order for your business to get a cloud service provider that meets its needs. The question of which service provider to choose is unnecessary if the organisation is simply investing in one or two cloud-based tools. For a full-scale cloud migration, both the nature of the service you need and the criteria by which you will judge potential providers need to be clear.
Trustworthy cloud service providers will follow the NCSC’s 14 cloud security principles and have official accreditations that support their commitment to data security. Complete security should be the first of two non-negotiable qualities in a service provider; the second should be reliability.
It is essential that a business can trust their cloud service provider. When Nexor assesses the quality of a solution, we look at how transparent they are regarding their security measures and whether or not they submit themselves to third-party audits. Transparency and a willingness to undergo external inspection indicate that a provider’s security is robust.
Migrating data and keeping it secure
Moving to the cloud is a big undertaking, especially for large organisations that are migrating entirely from internal servers to cloud-based data storage. There are practical considerations regarding the time that it will take to make the transition and regarding the difficulties with keeping information secure during and after the migration.
Large organisations often need data to be transferred between multiple networks, which means that complex information architectures are often in place. The challenge of integrating these with the cloud is something that Nexor will always address whenever we work with an organisation in this process. It is essential that the integration is carried out in such a way that the security of future information exchange will not be compromised. One tool we use to help assess this is the Data Security Lifecycle, recommended by the Cloud Security Alliance, referenced in full here.
Training staff to use the new systems securely
The NCSC’s 14th cloud security principle states that users of a cloud service have a responsibility to do what they can to keep it secure. For organisations moving to the cloud, this responsibility begins with proper training.
One of the most important things for staff to be aware of is access. Ensuring that only the right people can access certain levels of information is crucial for maintaining security. This is why the NCSC’s principles also ensure that cloud service providers give their customers all the data they need to periodically audit who is using their service and how.
Not only does your organisation need a complete access policy in place, it also needs to ensure that all staff know that policy. Crucially, staff should never share their access details with anyone else, especially those outside the organisation or those with different levels of access to them. If this simple rule is kept, many security risks can be minimised.
Overcoming the challenge of moving to the cloud
Cloud services can be extremely beneficial to organisations both large and small, but migrating to them has its challenges. Nexor has worked with a number of large organisations to help them stay secure in their use of cloud technology. Contact us today to discuss our cloud services in more depth.
Be the first to know about developments in secure information exchange