Page 144 - Cloud Essentials
P. 144

evaluation in hand, it becomes easier to decide which alternative is better

               and would merit further detailing.
                  There  are  considerations  that  will  shape  your  portfolio  of  strategic
               options. When servers stop being available (for example, because an IaaS
               provider  goes  out  of  business),  one  alternative  might  be  to  rehost
               applications  on  different  servers.  This  could  be  done  by  moving  to  a
               different cloud provider, by hosting applications in-house, or by adopting a
               hybrid cloud solution.
                  If  a  cloud  provider  SaaS  offering  is  no  longer  available,  a  functional

               equivalent  may  be  available  by  the  same  provider  or  another  provider,
               possibly even internal to your organization. If this is the case, consider the
               data from previously used SaaS solutions and how it can be used with a
               new SaaS solution. This could require exporting old SaaS data to a standard
               file  format  such  as  comma-separated  value  (CSV)  or  Extensible  Markup

               Language (XML) before importing it to a new SaaS system.
                  An  alternative  might  be  to  migrate  to  a  different  application  (probably
               including  migrating  the  underlying  infrastructure).  This  might  also  be  the
               strategy if a SaaS provider stops delivering. Business processes that use the
               application  or  SaaS  solution  might  be  outsourced.  An  example  could  be
               credit card processing.
                  Cloud providers going out of business does not present the only future
               possibility  that  must  be  considered.  Maintaining  strategic  flexibility

               includes using the cloud to enhance business processes and ultimately bring
               value  to  the  business.  For  example,  a  business  might  use  their  own  IT
               infrastructure  during  normal  business  activity  levels,  but  when  there  are
               peaks  in  business  activity  (which  translates  to  increased  IT  service
               demand),  cloud  IT  services  (for  example,  additional  virtual  servers)  are

               provisioned only when needed during the peak activity.


               CERTIFICATION SUMMARY


               In  this  chapter,  we  began  by  discussing  how  cloud  adoption  introduces
               changes  in  how  companies  adhere  to  standards.  Cloud  adoption  means
               companies no longer have full control over all IT resources and services.
               Complying  with  regulations  or  standards  such  as  PCI  DSS  requires
               companies to work with their cloud provider to ensure both parties meet
               their responsibilities. For example, many laws, regulations, and standards
               require  companies  to  know  who  has  access  to  which  resources,  and  this
               access must be audited.

                  The cloud changes how we think of security. Security risks have always



                                                          144
   139   140   141   142   143   144   145   146   147   148   149