Data & Information Governance Insight  

MICHAEL IRENE, PhD  

Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke 

• Before migrating to cloud here are things to consider 

Most companies, these days, when asked about their IT infrastructures, or their data lifecycle management with especially storage and deletion, there is one word that hangs in the corner of most stakeholders’ mouth, it’s called cloud. It seems without existing in the cloud, most companies can’t survive. However, there is a caveat with the usage of these cloud platforms — if accurate due diligence is not executed before choosing a cloud provider companies might face a plethora of issues including deleting data, ugly litigation issues, just to mention those two. In this article I cover what companies must consider before migrating into the cloud.

The first thing is to scope exactly what you want to achieve by migrating data to the cloud. For example, a company might want to store some datasets in Amazon’s Web Service’s S3 bucket, to carry out analytics, for archiving purposes or to ensure that data is available on demand for certain business functions. They understand the implications of saving the data on cloud would reduce costs and create a stress-free approach towards data processing. This scope must document these business requirements and business justifications. It is not enough to think that because company X uses AWS then company Z, to emulate, does the same thing. In summary, scoping out the reasons will help in the migration project.

Choosing the right cloud vendor is another area most companies fall short. It is important that companies use providers that comply with recognised standards like COBIT framework, Payment Card Information Security Services (PCI DSS), International Standard Organisation (ISO) and other industry standards. It is a good practice to go to cloud providers that have these trust marks as that is a sign that they’ve taken extra steps to show that they value certain principles and standards.

One area that I must mention is that of data governance. If data has not been classified, meaning, the lack of understanding whether the data is sensitive personal information, financial data, or even personal information, the company will struggle with creating the right procedures and policies for such migration. After understanding the scope of the migration, this step is very critical as it would inform how data will be handled during migration and will inform the level of security protocols needed during data handling. This would also help companies understand the intended risks or reduce the tendency for a data breach to occur.

One key area which I’ve mentioned in past articles that must be utilised is the use of contracts. Contracts must be clear on certain areas namely: service delivery, which entails the definition of service; legal protections; data assurance; and indemnity clauses. It is good to trust but it is also good to have these sufficient guarantees documented and appended.

These are not exhaustive things to consider, but these can be used as a starting point for companies that want to migrate to cloud. The benefits of processing data through the cloud is cost-effective but it also springs a lot of security questions; as such, companies scope out the project, have the right contracts and ensure cloud vendors have trust marks by recognised standards.

 

• business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com