29/10/17 - 5 step checklist for operating a cloud service
06/08/17 - 4 step cloud provider impact assessment
30/05/17 - Comparing and selecting cloud providers
02/04/17 - Cloud security service evaluation checklist
News, updates, business and technology articles presented in this section are in accordance with Astute's disclosure and disclaimer policies.
5 step checklist for operating a cloud service
The final step in the Astute Astute cloud IT services strategy is for businesses to operate the selected cloud service; ensuring the service delivers products and services to the business and customers of the business.
When operating cloud services Astute recommends that business periodically (e.g. monthly, bi-monthly or quarterly) re-use and re-apply approaches and concepts from their developed Astute cloud strategy to ensure:
- The specified success criteria is still being met by the
- Customer acquisition, experience and satisfaction
- Employee experience and satisfaction
- Service charges are within the specified service operating budget and
- Criteria defined to retain the service is still being met.
- The cloud service information classification and conditions have not changed.
- The cloud service provider is continuing to offer the service using the identified and specified risk mitigations (controls) as supported by the service evaluation and checklist.
- Remedial actions, implemented by the service provider, are continuing to reduce or remove identified impacts to business operations, products and services.
Changes identified in the review of the cloud service above are addressed using the approaches and concepts developed in the cloud strategy.
This article concludes Astute's series on developing a business cloud IT strategy. We hope you have found the series helpful.
Astute's consultancy services are used by businesses to evaluate, select and operate cloud services.
Simply contact Astute or take advantage of our free and no-obligation quotation to discuss how Astute can help your business evaluate, select and operate cloud services.
4 step cloud provider impact assessment
An impact assessment is used in the Astute cloud IT services strategy to identify and address impacts to business operations, products and services by using the selected cloud service.
Astute recommends a four step approach to identify and address any business impacts introduced by the selected cloud service:
- Review the results of the cloud service features and functions assessment. An impact exists where the service meets result is NO.
- Review the results of the security and privacy assessment (per classification). An impact also exists where the service meets result is NO.
- Review the cloud service online documentation, especially the how-to guides. An impact exists where the use of the cloud service conflicts with the way the business is structured or operates
- Identify and apply remedial actions to reduce (or remove) each of the identified impacts. The sections below lists common impacts (and typical remedial actions) for businesses adopting a cloud service.
Impact - Cloud service support in the business
Impact - Cloud service business user (employee) training
Impact - Improved customer experience and support
Impact - Customer awareness of the new service
Impact - Features and functions not provided by the new service
Impact - Security controls not provided by the new service
Astute's consultancy services are used by businesses to develop and deliver cloud service impact assessments.
Simply contact Astute or take advantage of our free and no-obligation quotation to discuss developing and delivering a cloud service impact assessment for your business.
In our next article Astute presents an approach businesses use to operate a cloud IT service.
Comparing and selecting cloud providers
A service checklist, created from the Astute cloud IT services strategy, is used to compare and select an cloud IT service provider.
The service checklist typically:
- Lists the features and functions of a cloud IT service that are needed to meet (business) outcomes and objectives
- Lists the security controls needed to protect employee and customer data in the service and
- Uses the features, functions and security controls to compare the offerings of multiple cloud IT service providers; the comparison is then used to support the selection of an IT cloud service provider.
It is important to note that the comparison of cloud service offerings is implemented using a spreadsheet; the format and the content of the spreadsheet uses the 3 item service checklist above and is presented below.
Step 1 - Features and functions
The features and functions of the cloud service re-use and apply the information developed in the Astute cloud IT strategy, specifically relating to:
Step 2 - Security controls
The checklist of controls required to ensure that information stored in the cloud remains safe, secure and private.
Step 3 - Assessment and selection
Business assess and compare cloud service offerings using the criteria defined in Step 1 and Step 2 above using the following (spreadsheet) format as follows:
- Column 1 lists the source of the feature or function (from Step 1 above) or the security controls (from Step 2 above)
- Column 2 is a text description of the feature
- Column 3 - "Meets" - a Yes / No result indicating whether the feature or function is supported
- Column 4 - "How" - a web site URL, brochure page, email, or comment that supports the "Meets" assessment
The following are examples of assessment and selection criteria using the above spreadsheet format.
3.1.1 - Alignment - Features and functions as per Step 1a above; from the Alignment section of the Astute cloud IT strategy.
3.1.2 - Success criteria - Success criteria as per Step 1b above; from the Success criteria section of the Astute cloud IT strategy.
3.1.3 - Type of service - Service model as per Step 1c above; from the Type of service section of the Astute cloud IT strategy.
3.2 - Security controls. Re-use the spreadsheet format of the checklist of controls section of the Astute cloud IT strategy. I.e.
Once completed the service checklist provides the business with a "side by side" comparison of cloud service provider offerings, as well as identifying a preferred cloud service provider.
Astute's consultancy services are used by businesses to assist in the comparison and selection of cloud service providers.
Simply contact Astute or take advantage of our free and no-obligation quotation to discuss assisting your business compare and select cloud service providers.
Adopting and operating a cloud IT service will require changes (or create impacts) to business products, services and operations. In our next article Astute presents an approach business use to identify (and resolve) impacts introduced as adopting and operating a cloud IT service.
Cloud security service evaluation checklist
The evaluation of cloud service provider offerings is implemented using a spreadsheet (checklist); the format of the spreadsheet is as follows:
- Column 1 lists the each of the seven (steps 1.1 to 1.7) classifications identified in the risk mitigation.
- Column 2 lists each of the identified and specified controls for the classification
- For every cloud service to be evaluated:
- Column 3 - Meets? A Yes / No result indicating whether the controls are provided by the cloud service
- Column 4 - How? Documentation (e.g. website URL, brochure page etc) that supports the Meets assessment
The following are extracts of a spreadsheet per classification, used by businesses to evaluate cloud service control offerings; extracts are formatted using the above approach.
Astute's consultancy services are used by businesses to ensure the information used in the cloud is safe, secure and private.
Simply contact Astute or take advantage of our free and no-obligation quotation to discuss developing and delivering a cloud service security and privacy risk assessment for your business.
In our next article Astute presents an approach used by businesses to develop the criteria used to compare and select a service or application from one or more cloud service providers.