Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

3 Things Startups Need to Know to Move to the Cloud

Published 05/05/2015

3 Things Startups Need to Know to Move to the Cloud

By Shellye Archambeau, CEO, MetricStream

Despite concerns around data security, businesses are optimistic about the cloud. In fact, software-as-a-service adoption has more than quintupled from 13 percent in 2011 to 72 percent in 2014, according to a cloud computing survey conducted by North Bridge Venture Partners and Gigaom Research.

For startups, the cloud has always been a great equalizer, enabling nascent businesses to compete on par with their larger, more established counterparts. In a Rackspace survey on the economic impact of the cloud, a quarter of small and medium enterprises indicated that they had increased profits by at least 25 percent, and up to 75 percent, as a result of cloud computing. What’s more, 84 percent of companies were able to increase their investment back into the business by up to 50 percent, and 34 percent saved between $7,500 and $45,000 on IT spend—all because of cloud computing.

Lower upfront costs, greater flexibility, and scalability—these are just a few reasons why your startup might be excited about jumping onto the cloud bandwagon. Before you do, here are a few things to think about:

1. Public, Private, or Hybrid Cloud?

Deciding what kind of cloud model to adopt will depend on various factors, such as the mission criticality of your applications and data, regulatory compliance obligations, and the scope of your IT budget.

Most businesses that are just starting out find great value in opting for public clouds, where the core infrastructure is shared by many organizations and hosted by a third party. The perks are many—easy access to computing resources and relatively low costs due to a pay-as-you-go model.

However, the public cloud comes with its own concerns around data security and performance slowdowns. So, if you’re in a highly regulated or sensitive industry such as banking and financial services, healthcare, or online retail, it might be wise to consider a private cloud.

Or better yet, you might opt for a hybrid cloud model which combines the best of both public and private clouds. RightScale’s 2015 State of the Cloud Report indicated that 82 percent of enterprises today have a hybrid cloud strategy, up from 74 percent in 2014.

With the hybrid cloud model, you get to keep confidential customer and financial information and high performance applications on the private cloud, while using the public cloud for less mission-critical operations, like e-mails and data backup.

2. Know Which Services and Applications to Move to the Cloud

According to RightScale’s report, 68 percent of enterprises run less than 20 percent of their applications on the cloud. However, 55 percent of enterprises also reported that a significant portion of their application portfolio is built using cloud-friendly architecture, and is therefore able and ready to be moved to the cloud.

When it comes to cloud workloads, the RightScale report revealed that 38 percent of enterprises run all or most development and testing on the cloud, while 34 percent run all or most websites on the cloud, and 30 percent run all or most Web applications on the cloud.

My advice for startups is to begin your cloud journey with applications that don’t require very low latency or high performance and availability. Once you get a feel for how these apps function in the cloud, you can move your core databases in there.

Generally, most services can be easily migrated to the cloud, including e-mail, messaging, file sharing and backup, as well as accounts, expense reporting, and customer relationship management. However, if you have any critical applications or transaction-intensive systems where the risk of network outages or downtime could seriously hamper your business, you will want to consider this carefully.

So, do the research, and make informed decisions about how the cloud can help your business. Also, don’t neglect to plan a cloud exit strategy. If, for whatever reason, you no longer want to depend on a particular cloud service provider, you need to be able to get your data back as effectively and cost-efficiently as possible.

3. Balance the Rewards and Risks of the Cloud

For startups, the cloud equals low capital expenditure—you don’t have to buy servers, or hire dedicated IT personnel. You can use as much or as little capacity as you need, and you can deploy and scale quickly. One of our customers, Zurich Insurance, discovered the benefits of the cloud when they were able to implement and derive value from the MetricStream Vendor Risk Management App over the MetricStream GRC cloud in just 12 weeks.

The other bonus of the cloud is better collaboration—in today’s global, mobile, social world, the cloud makes it easier to communicate and exchange information with teams and customers across different time zones.

Startups have a lot of options when it comes to the cloud. Cloud service giants like Amazon, Google, and Rackspace offer a number of incentives including free cloud credit, technical training, and support for new businesses who are looking to get started on the cloud.

Yet, as with everything else, there are risks associated with the cloud—primarily around data security. The good news is that most major cloud service providers have extremely sophisticated security mechanisms built into their offerings, which are much better than what most startups could afford to invest in themselves.

There are things that startups can and must do in order to protect their data and assets in the cloud. Remember, make cloud security a top business priority. Check the credentials and certifications of your cloud service provider. Also, evaluate their security measures against established frameworks such as the Cloud Controls Matrix from Cloud Security Alliance (CSA).

Then, assess your security risks, and prioritize your assets and data accordingly. Establish risk tolerance levels—particularly when using public clouds with multi-tenancy models. For each cloud application, identify potential threats, and define a detection and incident response plan. Also, ensure that there are controls in place to comply with data security laws such as PCI DSS, HIPAA, GLBA, and relevant state regulations.

Conclusion

With attractive incentives, as well as strong security measures, the cloud is becoming an increasingly hospitable environment for startups to get their business up and running. The key is to find a cloud model that suits your unique business needs. Identify which services and applications will work best for you on the cloud. Most importantly, be risk-aware—when you know and understand your risks in the cloud, you can better protect your business, while reaping all the benefits that the cloud has to offer.

(Originally published in Xconomy)

Shellye Archambeau is CEO of MetricStream, a Palo Alto, CA-based company offering governance, risk, compliance, and quality management solutions to enterprises in the pharmaceutical, medical device, high tech manufacturing, energy, financial services, healthcare, manufacturing, food and beverage, and automotive industries.

Share this content on your favorite social network today!