Are you part of an IT department that has been told to manage the online accounts of cloud applications? Here’s a few recommendations that we’ve been giving to our customers in this boat.
I met with a customer this morning who runs the IT department at a large retail company (you would know who they are). He was recently told to start managing all the IT for the marketing and sales departments in his company which had, until now, been off doing their own thing. One of the things he discovered was that they use a product called Basecamp from 37Signals extensively. The different groups within his company have over 10 separate paid accounts, and they are storing GB’s of files and data in their accounts and sharing that data with partners and customers. The manager came to us for a solution to back up all of this data in one place but asked me if I had any other thoughts of things that needed to be done since I had quite a bit of experience with Basecamp. My thoughts immediately went to the more general concerns that businesses have in adopting cloud based applications and so I think that these thoughts are applicable to all applications.
There are typically 3 main concerns when a business looks into adopting a hosted application (aka Cloud or SaaS): 1) Security; 2) data ownership; and 3) vendor lock in. We have some recommendations for each of these.
Cloud Security
When an IT shop thinks about security there are lots of things to address. One thing that businesses have been working on for a long time is centralized access control so that there is on place to revoke an employee’s access. With cloud applications that has all been thrown back out the window. Now if an employee leaves or is fired their access needs to be revoked in numerous places. We recommend to our customers that they (as the IT department) need to have a master account in Basecamp that has access to all of their Basecamp accounts as an administrator. This way they at least have the ability to go in and revoke access to individuals as well as partner companies if needed. This is possible now that 37Signals rolled out the 37Signals ID which allows one user to have access to multiple accounts. Having administrator access in each of these accounts is key for an IT department as it allows them to control access as well as have a complete picture of what is happening within the Basecamp account.
Recommendation: You must have an administrator level account in all online applications your company uses.
Data Ownership
This is a pretty hot topic lately. Businesses want to be sure that they maintain control of their data that is stored in online applications. Sometimes this is out of fear of a catastrophe, other times it is peace of mind, sometimes it is the need to have a local copy of data, but it is always just good practice. If a company has an in house application running on an Oracle database, they are for sure backing up that database to ensure that their data is safe. The same applies to online applications, although the company running the application is probably doing their own backups, your business needs to know that that critical business data will always be available no matter what and in a timely manner. Many of these online application offer solutions to backup all or most of your data, and there are starting to be some 3rd party tools available to automate these types of tasks. However you do it, it is imperative that you are backing up this data. For Basecamp this means that you need to be backing up your data, files and Writeboards on a consistent basis.
Recommendation: Create a scheduled backup of your data stored in online applications that delivers your data to you so you have a local copy of it.
Vendor Lock In
A final area of concern is vendor lock in. This is nothing new, we had the same problem with in house systems, but many of the more mature tools offered migration utilities between their top competitors and there were a number of 3rd party tools that did this as well. As we look at online applications like Basecamp we seem to be back to square one. So many of these online applications are so new that there is little in the way of standardization, and API’s are lacking in many areas so writing your own migration tool is often next to impossible. We’re starting to see a few competitors to Basecamp offer partial migration tools to their offering, but the mappings are not complete. They don’t import files for example. There isn’t a lot that you can do to limit vendor lock in, but having complete exports of your data is a start. This removes one portion of the hurdle. For Basecamp you’ll want to do scheduled exports of your data. If you do find that you need to move on to another tool, whether hosted or in house, make sure that the new tool will map your projects and the data that you use often to a like mechanism within the tool so that you don’t lose so much of what you have been building up in these applications.
Recommendation: Ensure you have full exports of all data on hand and evaluate new products for potential gaps in data mapping.
I’d be interested in hearing what other recommendations people have…
No comments:
Post a Comment