Cloud Computing: Challenges and Best Practices
Migrating to the cloud model does not boil down to simply taking all the content from the data center to the cloud. The technology brings a series of questions, ranging from the simplest aspects, such as the choice of the ideal model and the right moment of migration, to the more complex ones, such as monitoring data security and the need to change the infrastructure without affecting the service. Also, you need to evaluate which applications can be replaced by software as a service (SaaS), remodeled or recreated.
Not all projects can use cloud services because of regulatory, security, or even the high value to be invested in the initiatives. In addition, many companies lack skilled professionals to manage this deployment.
Accurate and clear assessment of the entire technology environment, including infrastructure and applications, and the development of a gradual migration plan for the cloud is currently the biggest challenge for companies to adopt the cloud computing model, especially among the larger ones which are usually those with a larger legacy of applications, many of them completely customized to their realities, which makes the process of change even more complex.
Another challenge of migration to Cloud Computing is the formation of a new professional profile of information technology (IT). He will also have to become an expert in several areas, be it in the creation of apps, in the analysis of unstructured data or in the elaboration of a plan of expansion of the matrix and support to branches of the company where he works, for example. In addition to keeping abreast of the latest developments in products and solutions, it will participate in decision-making with managers and, most important, in different IT environments.
Many security professionals are highly skeptical about the security of cloud-based services and infrastructure. In this sense, some practices and guidelines are recommended to leverage your strengths and overcome issues that have traditionally been labeled as weaknesses.
One is the ability to encrypt sensitive data, whether it is static or in transmission over a network. It is the only way to confidently comply with privacy policies, regulatory requirements, and contractual obligations for the handling of sensitive data. Data stored on disks in the cloud must be encrypted using AES-256 (Advanced Encryption Standard) and keys must be encrypted with a set of regularly changed keys.
It is important to have privacy controls on who can access your company data and for how long it can be used. In addition to ensuring that the service provider has maintenance and management controls to ensure that the system is always protected and updated with the latest security patches.
Vulnerability testing must be rigorous and continuous. The cloud service provider must employ industry-leading incident and vulnerability response tools. For example, incident-response tools that enable automated security assessments that can identify and test system vulnerabilities.
Another best practice is to have a data exclusion policy defined and applied. After the data retention period of a customer (as specified in a contract) has ended, the data must be deleted programmatically.
In the general context, companies still need to get a lot of knowledge to become digitally, and that will not happen so quickly. For a long time, we will witness the coexistence of hybrid environments. So choosing to delegate this entire process to a cloud service provider, which provides the right and capable professionals to meet all these tasks, has been a compelling alternative for managers to achieve their goals.
In the next post we will close this series addressing the main trends and transformations related to cloud computing.