I was a very early adopter of cloud related services, personally. Truth be told, I’m an early adopter of any new tech. However, when it came to adopting those services for the companies I’ve worked for, I was much slower to pull the trigger.

Recently my approach to cloud-computing services has been shifting. Cloud providers’ platform maturity over the past few years coupled with changing the industry I’m in, had me rethinking my position on these services.

In order to move our Company from scrappy startup mode to a more mature company with a scalable infrastructure, my IT team set the goals for ourselves - to improve our users’ experience of the company’s IT toolset, while guarding against potential security threats to our corporate assets. Given convenience and security are diametrically opposed, this wasn’t an easy feat.

We were able to successfully meet both of these objectives by essentially dismantling the corporate network. Over the last year or so, we were able to build a robust toolset for our users by pushing most services out to cloud providers. File Share, Backup, eMail, Calendaring, PBX, Contact Center, Video Conferencing - we’ve moved it all external. For the most part, our server rooms are now only MDF/IDFs housing our switches for connectivity to our outside services. …And most importantly, our reliability went from hovering around 98% to 99.95%.

By simplifying our infrastructure, we were able to drastically improve our service reliability and security, as well as increase our users’ satisfaction.

Having to secure and defend the perimeter around the business is getting increasingly complex/expensive. You use to be able to build your “wall” high enough that attackers would go elsewhere to find an easier target. Today, the attackers have better tools to get over those corporate security walls in record time.

SaaS providers today are able to focus on securing their services with a reduced attack surface compared with the traditional corporate infrastructure housing many different services. In most situations their platforms are much less porous than a corporate environment with all of its various services, hosts and open ports. All of which need maintained and patched on a frequent basis.

It probably goes without saying, but if you decide to make the cloud leap, this doesn’t mean you’re able to solely rely on your providers for securing your data. When selecting a provider, having a rigorous security vetting process is extremely important.

In addition to being arguably more secure, today’s SaaS providers’ services are much more reliable and accessible. For example, with our new infrastructure design, should disaster strike at one of our offices, our users could still conduct the majority of their day-to-day work outside of the office and do this for an extended period of time.

Whether your systems are housed on premises or in the cloud, your users are still one of your most likely vectors for attack. Providing them with tools like 2FA (two factor authentication) and security awareness training will minimize the risk of a security breach involving social engineering.

You’ll want to ensure your new solution(s) are a better experience for your end-users than what they’re using today and are seen that way by your users. Employing a robust SSO (single sign-on) solution to help manage passwords and proper PR, explaining the “why” for the changes and “how” it will make life better for them, will drastically increase your chances for a successful rollout and adoption.

To recap the advantages (and add a few more)…

• Security - Cloud services offer a few advantages over maintaining your own local services. As mentioned before, the providers’ incentive is huge to ensure your data remains safe. They usually have a much smaller attack surface to defend. In addition, with proper policies in place, your data is not stored on portable laptops that can be stolen exposing critical company data.

• User flexibility - If you have an Internet connection, with cloud computing you’re able to work. Most SaaS providers offer mobile apps which opens up your flexibility all the more - not tying users down to their PCs.

• Less Shadow IT - Shadow IT is alive, well, and in the cloud. If you don’t provide your users an easy option to use/share data within the organization and outside it, you can be absolutely sure they will find a way to thwart your organization’s policies.

• Elasticity - SaaS offerings are ideal for businesses with fluctuating or increasing bandwidth demands. Scaling up your capacity should your needs increase is extremely easy. Also, if you need to scale down, you have that flexibility. This level of agility gives businesses using cloud-computing a significant advantage over their competitors.

• Business Continuity & Disaster Recovery - As mentioned above, with cloud computing your users are able to work from any location. This doesn’t negate the need for a DR/BC plan clearly communicated, but makes executing those plans much easier.

• Automatic Software Updates - IT/Security peeps, need I say more?

• No CapEx - Most SaaS providers are kind to your cash flow, cutting out the upfront cost for hardware.

• Increased Collaboration - Cloud based workflow makes collaboration in real-time easy. We’ve found when your team can access/share data from anywhere the productivity increases significantly.

• Document Control - If you’ve ever traded documents via email, you know how difficult version control can be. Sooner or later you’re going to end up with a mess and the wrong version is going to bite you in the posterior.

• Competitiveness - For all of these reasons, companies are able to be much more competitive.

Here are some points to keep in mind to increase your level of success for your rollout:

• Communication is key. Make sure you always lead with the “why” and have your end-users’ experience in mind.

• Be transparent with your IT team. A project like this is bound to cause some insecurities with junior IT staff members. Let them know outsourcing “commodity” IT solutions like the ones mentioned in this article doesn’t reduce the need for their positions. It frees them up to do more meaningful projects for the company.

• Include your users in the POC (proof of concept) tests and listen to their feedback.

• You should be able to morph your POCs into limited test environments enrolling power-users to test the waters before making the final leap.

• As you move services out, take the opportunity to put proper monitoring of those services in place. Knowing about an outage before your users is always a good position to be in. Proper monitoring will also ensure your providers are living up to their SLAs (service level agreements). You’ll also be able to show improvements post change with proper measurements in place.

• Security is always a matter of layers. There is no silver bullet. Having layers in place like 2FA, SSO, security awareness training, sane password policies, etc. will greatly increase your level of security.