The story begins back to my younger childhood days when your dreams never reach the realities of practical life, and you always want to fly an aircraft.

One day my father was discussing with his colleagues about how difficult it is to fly into the clouds. He was explaining about a fatality in which he lost a few of his comrades. Coming from a defence (Air force) background, I always wondered a cloud is a cloud and what would be inside a cloud?

Twenty-five years later, when I see around my surroundings and in IT, I compare the challenges and shortcomings of essential but straightforward activities to ponder. Thankfully no one yet had to lose a precious life. I see everyone talking about moving into the cloud and why not it is a cost-effective solution and provides lots of options to scale.

I come from a Service Management background and with a recent interest in Cyber and Information Security. I always wonder how safe it is to put data, application, infrastructure into the cloud and what IT management (CIO’s) can do to enhance cloud migration and operations. Over the years, no doubt cloud migration has proven its ability in faster infrastructure provisioning, a lower total cost of ownership and course scalability to perform better. Based on my past Service management experience and recent Security interest I recommend a few of the must-haves (essential) to enhance cloud migration and operations strategy

1. In last years as we matured using cloud technology, we should include a portability clause with every cloud vendor services contract. Data portability clause would help in a natural shift of organisation data to one vendor to another in case of any service disruptions or contractual non-adherence. I had an experience where the services provided by the cloud vendor was so pathetic but because we didn’t have a well-thought service contract we couldn’t port our data and thus had to stick with them until the end term

2. We should always have unfettered access to system log files, and one should have access to them to review them as the case may be. As an experience Incident & Problem Manager, this has always come handy to investigate the root cause and contributing factors. Any cloud vendor would not be keen to provide the log files to examine. It should at least initiate a conversation of adding this in the contracts.

3. Retain the right to conduct Penetration testing- In all the Problem investigation meetings, the team always says oh! this is in the cloud. We don’t have any access to that or can check how secure a network is (of course, depending on what services we are using). Any security testing always helps both the organisation and also the cloud vendor to pinpoint best practices and areas of improvement.

4. Right to an independent third-party audit- This would always ensure that all contract provisions are carried on as per the agreed service contract. In a few cases, organisations have no idea about if they are getting the right benefit of moving into the cloud. Having an independent audit would help both the client and vendor and also would pay dividends to avoid any worst-case security breach scenario.