Cloud exit strategy 101

Cloud computing has been touted by vendors and bean counters as a cost effective way to reduce overheads and the need for physical IT infrastructure, but having a Cloud exit strategy is also essential if it all turns dark and stormy.

Cloud security advisor, Rob Livingstone, says that moving into the Cloud is like flying a light aircraft--easy to take off, but a nightmare to land and get out of.

“I worked with an organisation in 2011 to get it out of the public Cloud because they went in so quickly and deeply that it found the costs were haemorrhaging,” he told an audience at Trend Micro’s Cloud.Evolve conference in Sydney.

“They had audit and compliance issues as well so there is a question of due diligence.”

Livingstone said there were a number of key points IT executives should remember when doing due diligence.

Firstly, organisations should investigate the history, structure and funding model of the Cloud provider.

“Assess its market volatility and the abundance of Cloud providers because eventually some of those providers may be acquired by other companies,” he says.

The legal jurisdiction of the provider also needed investigation, especially if the enterprise was an international company operating in different countries.

According to Livingstone, the cost of legal action across international jurisdiction could be so expensive that the company would not even attempt to litigate against its provider in the event of, say, a Cloud security breach.

In-depth: Legal issues in the Cloud.

Taking an audit of the provider’s operational practices and checking for inconsistencies between the sales and marketing collateral was also essential.

“This is where the intent of what you are buying bears resemblance to the actual contract that you sign,” he says.

Assessing Cloud standards was also important so contacting an industry organisation such as the Australian Computer Society (ACS) to help understand the standards would be worthwhile, advises Livingstone.

“Some standards such as SSA16 were written before Cloud computing so it’s important to be aware of the emerging standards,” he says.

He added that enterprises should “stress test” the Cloud business case and price in a risk factor for the possibility that a legal or security incident arises.

“The board needs to know who is going to stand up in a court of law defending the company against a major law suit,” he says.

Livingstone added that if an enterprise is running a business that is dependent on an offering from a large Cloud provider such as Google and they decide to turn this capability off, the company could be left in dire straits.

“When you’re scoping a Cloud agreement you have to make sure that minimum functionality standards are guaranteed in ink,” he says.

In-depth: Data sovereignty in the Cloud.

Switching providers

Exiting a Cloud services contract and going to another provider can be complex too, especially if the enterprise holds a great quantity of data in the Cloud.

Gartner Australia research vice president for sourcing, Jim Longwood, says a water tight strategy is needed for switching to another provider or going back in-house.

“One of the risks of the less mature Cloud service providers is that it won’t guarantee performance or that the prices will stay stable,” he says.

If the quality of service changes dramatically the IT executive will need a mechanism to exit and that should be part of a general risk strategy.

“This is no different to migrating from a traditional payroll system to SAP or Oracle. As part of that, you will go through a series of tests such as functionality to make sure it meets the business needs. Finally, there will be a user acceptance test,” Longwood says.

These tests are essential so if migration does not work, the company can fall back to its existing operations.

“One of the challenges that the Cloud services market presents is that because it’s an emerging market there isn’t the level of sophistication in checking financial viability or service guarantees while you are switching provider or bringing it back in-house,” he says.

However, because Cloud contracts are on demand, if the IT executive can prove that it is not using the service then they are not paying for it. So exiting a Cloud service level agreement (SLA) should be without penalty, says Longwood.

In-depth: Cloud computing strategy guide.

Running for the exit

If an enterprise decides to move its infrastructure out of the Cloud and back in house, than there are a number of considerations IT executives need to make.

For example, he or she will need to check that they have the infrastructure to run the applications and can re-establish software licences.

There is also data capture and migration to be considered. Enterprises may also need to build interfaces to existing systems and change operating processes.

“You have to treat the return to in-house infrastructure as a transition process so getting a project team in place is essential,” Longwood says.

If an enterprise is transferring its back office systems and email back in internally, recapturing data such as email history needed to be done carefully or it could be corrupted, he warns.

“A lot of the Cloud services are around what we call the hype of inflated expectations so over the next two years I think we’re going to see war stories where people have migrated production systems to the Cloud and they’ve lost data,” he says. “It gets back to having a sound strategy and doing a pilot before you commit,” he says.

In-depth: How to create a clear project plan.

Frost Sullivan Australia and New Zealand ICT principal consultant, Andy Woo, says that exiting a Cloud contract is not the real issue; it’s the pain that comes with it.

“If an enterprise has gone through the necessary Cloud integration work, training the workforce and license costs, than they may be reluctant to bring it all in-house again,” he says.

However, with this approach comes the risks-- will the vendor be around in the near term? How viable are they in the long run or will they be acquired? Woo says these factors will change the equation and may force enterprises to think again about using the Cloud.

“Top of mind for moving data from the Cloud in-house is technical support and additional costs,” he says.

“Data migration, time frame, support from vendor, breakup clause and termination of the [Cloud] license amongst others are all critical.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow CIO Australia on Twitter: @CIO_Australia

Copyright © 2012 IDG Communications, Inc.

Security vs. innovation: IT's trickiest balancing act