As automation touches more of your organization, security will be far from automatic. Bots’ privileges need close scrutiny, for example.
CIOs: beware of the bad cloud
An interview with Eric Johnson, SVP and CIO of Informatica, which provides data integration software.
The Enterprisers Project (TEP): Informatica has a 'cloud first' approach to IT. But I was interested to hear you warn other CIOs against 'bad cloud'. What makes a product bad cloud rather than good cloud?
Johnson: Many CIOs are realizing that not all cloud vendors are created equal. Companies like Salesforce.com built the model of what good cloud looks like. A lot of vendors are aspiring to that model but they don't always meet that goal.
For instance, you should avoid any solution where you're not seeing a regular cadence of updates, typically three times a year. Sometimes they claim to do that but either they don't actually do it, or the updates don't have good QA. Their QA processes are immature. That can be disruptive to your business.
TEP: Are there particular issues you look out for when evaluating a cloud solution?
Johnson: There are pricing models that can get to be trouble with updates, where their core functionality starts to grow and they either want to charge you more or break that functionality apart into two separately billed services. It can be tricky when a vendor releases some new functionality that's very much part of the core product you already own.
TEP: Sounds like something to watch out for in contract negotiations.
Johnson: Yes! Once you determine a cloud technology is right for you, the next most important part of that solution is the contract. You're pretty much handing over all control of that infrastructure and application to a third party. So if you're using it to run an essential business function such as sales or marketing and your contract doesn't provide you with price protection, as well as the ability to step away if the service isn't at a certain level—can you imagine the business problem you might have?
This is also why you can't leave contract negotiations till one month before the contract expires. It takes time, so we start re-evaluating at least a year in advance, especially for key systems.
TEP: What are the items you evaluate before you even get to the contract with a new cloud provider?
Johnson: At the very beginning of the process, when we're assessing our needs, we have an enterprise architecture due diligence process. What's their ecosystem, architecture, security? What are the finances of the company? You have to have a heavy degree of rigor, especially if it's mission critical.
Other important questions include data ownership. At the termination of the contract, how do you get your data out, and how much will it cost? That's even more important than with on-premises technology. Integration is an issue we're finding with bad cloud vendors. The ability to integrate data in and out of a cloud solution must be robust.
TEP: Any other qualities you look for in a good cloud vendor?
Johnson: Someone who is continually improving the product. I also think it's how they manage their accounts. I've seen really good cloud technology, but the top providers also do a good job of regularly touching base with customers, making sure they understand what customers are doing and giving them the opportunity of beta testing the product. They make them part of the product roadmap.