As the IT Manager for a geographically dispersed organization, I spend much of my time “keeping the lights on” - meaning making sure that the voice & data networks are up & running. A better way to refer to this is IT Operations and that is what I spend the majority of my time on.
Now the cloud computing proponents out there would tell you, “Hey, with the Cloud you have nothing to worry about” but that is not actually the case. All the Cloud does is make computing resource available over the Internet (via web services). End users must still get to the Cloud and most folks still work in an office building which means a Local Area Network (LAN) so people can share local computing resources. And Local Area Networks, just like Wide Area Networks (WAN), mean Identification & Authentication (IdA) plus don’t forget Authorization. Because I manage a geographically dispersed network, I deal with LAN and WAN networking as well as Cloud issues – has anyone heard of DNS (aka Domain Name Services)? If you have, good and if you haven’t, do a bit of homework because it’s important. Both internal & external DNS must be managed so whether the SoA (Start of Authority) for your organization is your ISP or a third party vendor, someone within your organization still must be in charge. There is always a person responsible for the important things.
How about Software-as-a-Service (SaaS) or Cloud-based applications? Your company is still responsible for the customer & client data in the databases that are the backend systems of all SaaS solutions. It is immaterial whether the server housing your confidential customer data resides locally (meaning “on premises”) or in the Cloud – you are still responsible for protecting it. Who administers the user accounts of SaaS applications? The Cloud vendor’s responsibility is to make sure “the lights are on” – meaning the application is up & running and nothing more. Your firm must still decide which employees get access to what data and that is an organizational decision. What doesn’t have to be done is the maintenance work on the individual servers that would house the application software if they were on premises. That is one advantage of the Cloud that is undeniable and a reduction in the amount of work the internal IT staff has to do by about 10%.
So your organization has moved its critical systems into the Cloud (public, private, or hybrid it doesn’t matter – all that matters is that the systems are not on premises). Ensuring that the end users have access to these systems is IT Operations and still the responsibility of the internal IT staff. Teleworkers working remotely from their homes, sales people on the road, and employees spread out among branch offices all represent the different kinds of access required for an organization to function. Oh, did I forget to mention phone service? Well, these days with simple VoIP solutions such as Skype or more complex telephony solutions, phone service is just another form of data – getting access to your phone is the same as getting access to your applications.
A good principle to remember is C-I-A which means Confidentiality, Integrity, and Availability. Integrate these principles into your IT Operations so that regardless of where you compute from (locally or in the Cloud), you can feel confident in your systems.