As you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at when you try to migrate to the Cloud:
- Compliance and Risk Management
- Identity and Access Management
- Service Integrity
- Endpoint Integrity
- Information Protection
The details on these five points are in the paper above. However, I was missing customer stories on that. I had a lot of discussions with customers and they all agreed on the model, but I had few customers that were ready to talk about these challenges publically.
Recently we published some customer stories, which are worth looking at – even though they are “just” Microsoft case studies.
Let’s start with Why Phaeton Automotive Chose Exchange 2010: There were a few statements that struck me (those are customer quotes, not ours). The customer said that We'd been using Google Apps to manage employee messaging and collaboration needs but wanted better security and privacy. Google Apps was inadequate in meeting business needs. I do not want to challenge Google’s security. What I want to show here is that obviously the customer moved to the cloud “just trusting” that the provider will solve their security challenges – see Consideration #1 above. Even #2 was violated: It didn't allow single sign-on service, user migration and couldn't help us centrally manage multiple domains.
When we move on to Rexel: Electrical Distributor Picks Proven Microsoft Messaging Technology over Google Apps, we see Consideration #3 kicking in: With Exchange Online, we knew that we were not taking major risks. Google has less experience in the corporate world, and I don’t think it makes sense to take risks that you can avoid.
Last but not least, Serena: Customer Story: Why Serena Software is Going with BPOS. It is again about the the service delivery and service integrity: They deliver trustworthy, enterprise-class solutions – with the performance, security, privacy, reliability and support we require. We know that Microsoft is a leader in providing these kinds of solutions, and in our discussions with them, it became clear that they are 100% committed to Serena’s success and delivering solutions that drive the future of collaboration
So, it seems that these considerations are really important. We did not look at #5 – Information Protection which is the absolute base for any cloud implementation. You have to understand what you want to move to which implementation of the cloud and which cloud provider.
Roger