Define the nature and scope of the services that are cloud candidates\nNo matter how interested executives or users are in the promise of cloud computing, not everything should be considered, much less moved there. Mature services are better candidates than new ones, as are temporary or peak-period applications that are resource-intensive to bring up and take down if kept on in-house systems.\n\nDetermine the risk threshold\nHigh security is not always necessary. To determine security requirements, perform a classification of assets reflecting the company's tolerance of risk.\nNegotiate terms for all scenarios\nMany vendors advise giving your company room to grow in the cloud, but you should also anticipate needing the ability to scale down.\n\nLock in standards\nOnce a decision has been made on what is moving and where, create a mechanism to enforce standards for the new processes.\n\nRationalize policies\n\nDon't assume automatic buy-in. To head off pushback, share the rationale for policies, particularly those that deny users functionality\n\nInsights collected from participants at the CIO Perspectives Forum in San Francisco, Calif., Sept. 23, 2009, and the CIO: The Year Ahead Summit in Indian Wells, Calif., Nov. 10, 2009. Register for upcoming CIO Perspectives at www.cio.com\/executive-programs.