There are many reasons for an organisation to move to the cloud, we find the most popular to be the reduction in costs as a result of moving from capital expenditure to operational expenditure. With cloud computing being taken up so rapidly and by so many, it’s hardly surprising that cloud security is a high priority.
By migrating to the cloud, an organisation is effectively moving data from internal storage, into a third party’s. It is imperative that the way in which that data is stored is scrutinised in order to ensure compliance with industry regulations, for an internal cloud solution, this may take the form of internal compliance checks or service line agreements. An external cloud solution means liaising with the vendor regarding the type of data being stored, how it is protected and how security will be audited to meet with industry regulations. These regulations are constantly changing to keep up with the explosion of cloud computing, and it’s fair to say that organisations may struggle to meet their legal obligations surrounding the data stored in the cloud, it goes beyond data storage.
[easy-tweet tweet=”Organisations may struggle to meet their legal obligations surrounding the #data stored in the #cloud” user=”LDLtd” usehashtags=”no”]
Software Compliance in the Cloud
Moving to the cloud will likely simplify the management of your organisation’s hardware, however it is a very different story when it comes to licensing of software. In the first instance, licensing models that predate the cloud are likely not to mention it in any agreement or licensing contract, posing legal questions about implementation and usage. On the other hand, cloud vendors with specific cloud licensing agreements present a different set of problems as they are complex and can vary depending on your software licensing model.
Moving to the cloud will likely simplify the management of your organisation’s hardware, however it is a very different story when it comes to licensing of software
If an organisation’s existing contract includes cloud-based products, it may be that the existing license can be renegotiated to a cloud-based model. Similarly, if there are no restrictions in the agreement, it could be that an organisation’s named or concurrent user-based licensing model can be applied to the cloud. Other vendors, however, calculate fees based on the server processor or number of cores, which often don’t map easily to vendor CPU units.
Some vendors forbid the use of their software on any third party hardware that is hardware not owned by the licensee, or within a virtualised environment. For some organisations, this could prevent migrating to the cloud completely or enduring huge licensing fees.
Migrating any licensed software to the cloud will introduce a third party cloud vendor, which may bring restrictive licensing practices such as insisting an organisation is responsible for their own non-compliance. Alternatively, as the cloud duplicates data in order to make it available, your number of copies could exceed the permissible number of backup copies stipulated in an agreement. If this data is also unavailable across any geographical boundaries, it’ll complicate matters even further!
Every cloud has a silver lining
It’s not all bad news, though. Some vendors with strict on-premise offerings have made it possible to deploy their software via the cloud. Take Amazon EC2’s collaboration with IBM as an example:
“If you have acquired software entitlements under IBM’s International Passport Advantage or Passport Advantage Express Agreements (collectively PA or PA Program), you may have the ability to run IBM software programs on Amazon EC2 and you will simply pay the normal Amazon EC2 hourly prices for OnDemand or Reserved Instances.”
IBM makes it clear that it is allowing its software to run using Amazon’s cloud computing services, which operate on a “pay for what you use” basis. It sounds flexible, it sounds accessible and it sounds easy – which, after all, is what cloud computing is about.
[easy-tweet tweet=”Flexible, Accessible and Easy – what #cloud #computing is about” user=”LDLtd and @comparethecloud” usehashtags=”no”]
Planning for the Cloud
Ultimately, organisations are going to have to know their licensing agreements inside out before they can know if software compliance in the cloud is possible. There are lots of creases to iron out in the run up to migrating to the cloud, and understanding what restrictions and limitations there are from both the software vendor, and the cloud vendor (if applicable) is the only way to be sure. Without this fundamental business intelligence, organisations can find themselves committing to long term, costly business relationships with on-premise software or expensive cloud vendors.
Larger organisations would do well to implement a License Management Service or application to handle the level of scrutiny necessary to ensure licensed software is not misused via the cloud. For those organisations where a License Manager Platform is less feasible due to scaling costs, resource should be allocated to configure a monitoring script to alert servers if or when the number of instances running licensed software exceeds capacity.