EDX ON CLOUD TECHNOLOGY MANAGEMENT

As a professional in the field, it is important to understand the procurement

process and how procurement for cloud services differs from traditional
technology purchases. This course will enable you to gain an
understanding of how to define technology system requirements, specify
performance measurements, determine selection criteria, and solicit
proposals from cloud vendors.

The first part of the procurement process involves selecting a system to

migrate (in this scenario, we will consider either mail server or web server),
based on an analysis of the expected costs and benefits of the move. Once
you have selected a system to migrate, you will develop a request for
proposals (RFP) and an executive summary to send to potential cloud
vendors.

You will proceed through a number of steps in developing the final RFP,
service level agreement (SLA), and cloud statement of work
(SOW). For Audit Learners, you will not submit your documents, and will
instead use your documents to complete the self-assessments and
exams. For Verified Learners, you will submit your documents as a final
project, and as interim deliverables. The executive board will evaluate your
RFP, SLA, and SOW based on the degree to which you are able to apply
industry best-practices and standards to meet the business needs of the
BallotOnline organization in migrating the selected system to the cloud
platform.
The first step is to decide which legacy system or service will be migrated.
It is important to examine the benefits and disadvantages of migrating a
particular legacy system to the cloud to understand potential security,
financial, workload-related, and relevant cloud-specific compliance issues
that would make certain systems or services better candidates for cloud
migration than others.

Your supervisor, Sophia, has recommended the company's mail server or

website as the best potential systems to consider. You should review the
issues associated with both a mail server and website migration, and then
make a decision as to which system that you propose migrating to.
 What are the Important Issues Related to the Migration
of this System?
 Availability of cloud-based service - does it meet the specifications of the existing
technical environment?
 Will the cloud-service be able to handle the specifications of the existing technical
environment, as well as expected growth?
 How will the cloud provider ensure that there is no organizational impact during
the migration?
 What is the cloud provider’s test/validation plan (if any) for ensuring that there are
no issues after the migration?
 How will the cloud provider handle issues during and after the migration? Will
there be a helpdesk?

Legal and Regulatory Requirements

Privacy Issues

The cloud computing model requires a shift away from locally controlled systems,
which can lead to concerns about compliance with privacy regulations. Privacy
regulations are not consistent worldwide, and therefore there is a risk of liability if
an organization shifts to the cloud, and the cloud provider does not comply with
privacy regulations. The European Union (EU) has very strict privacy protections,
and failure to comply can result in substantial financial penalties and/or
sanctions. According to the Council of European Professional Informatics
Societies, there are two main privacy related issues: 1) loss of control over data,
and 2) dependence on an external cloud provider.
Compliance Issues

In a cloud environment, there are compliance issues that are not present in a
traditional on-premise IT environment.

 Your cloud provider may need to meet the same regulatory policies and procedures
that you must comply with. You have to make sure that your contract with the
provider outlines how the provider will achieve compliance and enforcement, as
well as incur penalties for failures.
 How does multi-tenancy in a cloud environment affect security and compliance
requirements?
 Where is the cloud provider's data center located? You need to know where your
data is because you may have to comply with regulations.

Best Practices
When considering whether to adopt a cloud computing model, you need to
consider practices to adopt. Best practices associated with cloud
computing may include (in no particular order):

 Fully assess the needs of the business, by engaging with stakeholders early in the
process:
 Perform needs analysis
 Analyze current IT processes
 Seek buy-in from management
 Identify cloud solutions that offer the following characteristics:
 Mature and evolving self-service management solutions
 On-demand and quick elasticity
 Extensive reporting capabilities
 End-to-end automated management solutions
 Create a compliance program:
 Conduct compliance training
 Designate a compliance officer with ultimate responsibility for compliance matters
 Create and update policies and procedures
 Audit and report on policy compliance
 Assess performance of systems on the existing platform to establish a baseline, and
then perform an assessment on the cloud platform:
 Acquire baseline performance standard
 Perform user acceptance testing
  Perform regular monitoring to quickly identify potential issues
 Make regular adjustments to the systems based on growth
 Industry best-practices and standards:
 Many industries have specific compliance requirements, and failure to meet those
requirements can lead to criminal prosecution, monetary fines, and/or civil
sanctions. Examples include:

Industry Compliance Governing Bodies

Requirements
Payment PCI Security PCI Security Standards Council
Card Standards
Industry

Health Health US Department of Health & Human Services

Care Insurance
Portability and
Accountability
Act of 1996
(HIPAA)
Financial Sarbanes- Securities and Exchange Commission
Oxley Act of
2002
(Sarbanes-
Oxley, Sarbox
or SOX)
Dodd-Frank Securities and Exchange Commission
Wall Street
Reform and
Consumer
Protection Act
of 2010

(Dodd-Frank)
 Help America Election Assistance Commission
Vote Act of
Elections 2002 (HAVA)
Federal Federal Election Commission
Election
Campaign Act

To read more about the best practices, see this

article: https://link.springer.com/article/10.1186/s13174-016-0046-8