Best Practices in Cloud Usage Policy

Best Practices in Cloud Usage Policy

April 27

As more companies migrate services, applications and infrastructure to the cloud, the more important it becomes to have a solid cloud usage policy in place. I’ve witnessed managers who decided overnight that this or that service must be moved to the cloud ASAP. With little time for proper planning, these projects can easily end in disaster.

I had one such disaster take place at a small company I worked for a while back. After returning from a convention where an executive from Amazon spoke, one manager decided that all client materials would be moved from internal servers to a Microsoft SharePoint server in the  cloud. To all of us project manager it sounded like a good if hasty idea. Instead of sending large files back and forth over email and FTP, our clients could access everything they needed from a simple URL. At least that’s how it was supposed to work.

Illustration of cloud network with multiple nodes and connections - cloud usage policy

It all sounded great in theory. But a number of security snags slowed the testing and the initial rollout. Around the time we finally rolled out the sites to our clients, our ISP performed a major update to SharePoint and our servers went down for the count. It was an embarrassing situation made worse by the fact our clients had hired us to be their technology consultants.

This week I’d like to discuss some of the best practices around cloud usage policy. I’ve seen companies struggle as they migrate services to the cloud, and I’ve seen a number do so smoothly with little interruption. Even those that experience a smooth migration still need to train their users on how to utilize the cloud properly.

Include Users in the Review Process

Don’t run your cloud project like a skunkworks project. That means, get as many actual users involved in the review process as possible. Help them understand how they can use the cloud to improve their work. Include them in your meetings and updates, and ask for their feedback. I bet you’ll find that many of them already use the cloud in some capacity. Find out why and how they are using it. But don’t assume everyone shares your enthusiasm for the cloud. You might find that employees from finance are worried about security. Assume they’ve heard the horror stories, and spend time helping them understand what you’re doing to best secure their data.

Never assume that your concerns match the concerns of your users. I can’t tell you how many times I’ve learned this lesson. The cloud might be part of your everyday vocabulary, but it’s a still a scary concept to many people. Help them by addressing their concerns. Doing so will pay dividends when you ask them to use new products and services they used to run locally.

Not everyone will have the luxury of including users as part of the review process. That means you’ll need to prioritize education. Doing so will help set clear expectations among all employees, and make it less likely they will use cloud resources inappropriately. When users feel they have a say in the process, they will be more likely to follow the guidelines and policies.

Maintain an Up-to-Date Usage Policy

This might seem like a no-brainer, but many IT managers overlook this step. Here’s what you don’t want: a policy that’s full out outdated products, services and buzzwords. If your company has standardized on a messaging application such as Slack, make sure you list that instead of an older product nobody uses anymore. The same goes for cloud storage and other services. The quickest way to encourage users to tune you out will be to hand over an outdated policy. Doing so overshadows the message you’re trying to share.

I currently work for a company that maintains its own wiki. I know that sounds incredibly geeky, but it works for a company full of geeks. The owner has assigned one person to maintain the recommended cloud applications and services we all use. All of that is kept on the wiki alongside the usage policy. Every new employee must read through this page on the wiki before she’s assigned a computer. What I like about this approach is that it sets the right tone. This company has invested a lot of resources into providing the tools each employee needs. Each month an experienced employee trains a group of new employees on our cloud-based tools and services. The training helps the new employees get off on the right foot.

Cloud computing data security

Prioritize Cloud Security

Ask a few people who have yet to embrace the cloud what’s holding them back. I bet you’ll find that most of them don’t trust the cloud. Specifically, they don’t trust the cloud with their data. Security will always be a concern of cloud computing. There will always been an inherent risk in maintaining data outside your company’s firewall. This shouldn’t stop you from using the cloud, but understand that nearly everyone has security concerns.

One suggestion I have is to help your users understand why your company has standardized on certain applications. You might have employees who have used Dropbox for many years. And now you’re asking them to use another service to store or share their files. Helping users understand the security implications around your decisions can assist them in making wise decisions.

Users become quite adept at routing around security hassles. That reminds me of a company that required all employees to change their passwords each month. All that did was increase the number of passwords found on sticky notes and white boards. Users often consider security only in terms of how it affects them individually. When they understand how their actions affect their colleagues, they may reconsider their approach. As with most new policies, early training is critical in getting buy-in.

Proper Network Usage

Your cloud computing platform requires a healthy network. And yet it doesn’t take much to bring a corporate network to its knees through improper usage. I’ll start by saying that it’s never wise to assume users understand what it proper network usage means. You need to define it for them. For example, most employees understand that running bots or mining for Bitcoins can slow the network. But what about uploading videos to YouTube or streaming Netflix and Spotify during their lunch break?

Just because an action is legal doesn’t mean you should allow it on your network. I recently found our company’s VOIP system unusable. I could connect to our service, but the call quality was abysmal. After asking around the office if others were experiencing the same issues, we found out that two employees were live-streaming from Twitch. This was saturating the network to the point that our VOIP service wouldn’t work.

So many networking hogging applications come and go that it’s nearly impossible to keep track of them all. It’s also not easy for the employee to determine how much network bandwidth these applications require. Network monitoring tools are a godsend in this regard. Use them!

Cloud Usage Policy Makes a Strong Company

The cloud brings new tools into the hands of IT and employees. The best tools help us create high quality work in less time than before. That’s the good news. The bad news is that it’s not uncommon for most of the planning around cloud services to focus on the technology. This often leads to the users being little more than an afterthought. The two must go hand-in-hand.

You can mitigate this disconnect by following these best practices. Maintaining an open dialog between IT and the users is more important than ever. Don’t let the human element get lost in your sea of technical details. The cloud usage policy should be something employees understand and comply with because it makes for a strong company.

Good luck, and be careful out there!