Case Study: What could happen when all your IT is in someone else’s cloud
A company – lets call them Solid Worth – outsourced their IT services and support to a provider hosting their IT in the cloud. Good move for all the right reasons:
- Removes the risks around responsibility for infrastructure and some single points of failure.
- Potentially delivers a more scalable, agile solution where everyone can work from wherever they happen to be.
Solid Worth handed over to their IT Provider er.. Tangled Web, who promised all would be smooth sailing, the data and applications would all be hosted in their multi-redundant “cloud” data centre, they would guarantee the backups and all Solid Worth would need to do was get on with growing their business.
Solid Worth has 50 staff and operates in the Financial Services space. They use specialist modelling and portfolio management, email and a range of everyday office suite applications. Naturally, the company needs all the users centrally managed, with clear, well defined access restrictions that separate the duties of the various groups in the company. All this Tangled Web migrated to their hosting service with a link back to the Solid Worth office for staff access.
It all worked, more or less, but not as fast or as trouble free as had been promised, and over time Solid Worth became dissatisfied with the level of service and the continuing problems. Easy solution? They went to tender and selected a new IT provider.
So how does Solid Worth change providers? Well, that will be no problem, they own their data so it can just all be moved to another “cloud” service with business as usual. Here is the catch:
Tangled Web point out that while Solid Worth owns the data (actual files and folders and actual databases), it is Tangled Web that claims ownership of:
- The user accounts, groups and all the permissions setup
- The server operating systems and all the customisation of these
- The customisation of the applications
- Active Directory which manages the whole environment
- The desktop setup and all the user profiles
What Does This Mean for the Company?
In a more reasonable scenario, the new IT provider would be able to take a copy of each of the servers, and restore them to a different location (cloud or otherwise). The whole process could be accomplished in a day and would cause very little downtime for Solid Worth. They could get on with business as usual barely missing a beat.
Instead, to recreate the environment starting with just the data means reinstalling all the servers from scratch, reinstalling all the applications and then rebuilding all the customisations Solid Worth needs for their business to function. All the staff will lose their familiar desktop: shortcuts, browser favourites, email address cache. Potentially the productivity hit and downtime for Solid Worth is considerable.
Privacy and Protection of Sensitive Data
Of equal significance: the hosted servers provided by Tangled Web turn out to be not exclusively dedicated to Solid Worth: they are shared servers where Solid Worth services and data are on the same servers as many other clients, and not firewalled off so the multiple clients could be seen. For a Financial Services firm, this is a serious risk that potentially breaches APRA guidelines. When they first signed up, the nature of the service they were purchasing was not clearly explained and Solid Worth did not have the expertise themselves to know what questions they should ask.
So What is Cloud Anyway?
When it really comes down to tin tacks, “cloud” is just servers in someone else’s office. Its nothing magic. There are increasingly great tools and technologies to manage those servers with clever interfaces and the ability expand and reduce what you are using on the fly. It’s undoubtedly worthwhile to make good use of the cloud services that are available, but when you hand over the family jewels, be as rigorous as you would be in signing up for a business merger, or handing over your books to a new accountant.
Tips Before you Sign Up
Have a discussion with your provider and confirm the detail. Don’t stop asking questions until you truly understand. Call in an expert who will look out for your interests to review and ask the questions for you. Here are some of these:
- What exactly do you own?
- How can your services be moved if you choose to change?
- What format and in what way will your data be provided to you if you choose to change?
- How is your data separated from other clients?
- How and where is your data stored?
- How and where is it backed up?
- What does the backup consist of? Just data? Installed applications?
- In case of a disaster to your provider, how will they guarantee your access to services and data?