OpinionsInfrastructure

Moving to a managed cloud model for outsourced Software-as-a-Service delivery makes a lot of sense for independent software vendors (ISVs). However, I have seen far too many so-called rookie mistakes that could have been easily avoided had the ISV known what to look for in a service provider and what types of questions to ask.

Factors that cannot be overlooked in a service provider include the ability to not only deliver savings, security and breadth of choice, but also the capability to enable integration between technologies, applications and infrastructure on a global scale, both in the cloud and with legacy systems. Security, privacy and performance also cannot be overlooked.

When you're talking cloud, the first decision to make often involves whether to outsource managed cloud or build it yourself. Remember that by building your own cloud, your team will be responsible for administering and managing security and firewalls, as well as other staffing and expertise. Also, it takes a long time to build your own cloud, so you'll likely be slower to market and your technology may become outdated.

And don't forget the technological expertise needed to swap out your legacy, dedicated systems with more versatile, cost-effective virtualization solutions. Operationally, your organization will need to implement a new set of policies and procedures to administer and govern the automated systems and quickly respond to end-user support issues

What's more, you'll have additional personnel to hire and issues to address. The combination of technological and operational requirements requires staff with a new set of skills, as well as a different idea about the role of the IT department within the larger organization. In essence, the IT department must become a highly efficient internal service provider.

Are these issues ones you can tackle internally? It's a lot to think about.

When it comes to cloud, most of the questions I receive from ISVs are around security. "Will the cloud be secure?" "What do I need to do to protect my application?"

In short, cloud can be as safe as any other form of IT infrastructure. In other words, it's only as safe as the security measures you have in place.

The technologies behind best-in-class security are both expensive and constantly changing. If you think you're going to keep your equipment and software current, you're likely going to quickly burn through your IT budget. 

Outsourcing can help you protect your business more effectively. Ask potential service providers whether they can filter out threats at the network level -- it's a much more powerful method of protecting your IT infrastructure than doing it on site.

Ask service providers how they will minimize your exposure to common threats and identify and assess your system and application vulnerabilities. Do they offer 24/7 monitoring, management and response? They should.