What is the best way to take a holistic security approach when you are using public and private cloud environments as well as a traditional data center?
It is best to take the same approach you would in an off-premises solution. You will need to deal with the same compliances applicable to your business, i.e. HIPPA, and government regulations. It is important to interview the cloud provider as you would your own networking and IT staff. Start in your physical data center first, look at the environment, then the network and down to application security. You will need to apply due diligence as you move applications to the cloud.

Do I need to consider ITSM with my cloud environments?
Just because you move things to a public cloud, it doesn’t mean the need for ITSM is eliminated. It is important for your company to define what this will look like internally (if you haven’t already) and to look for a cloud provider that can achieve your specific needs. Some partners will provide it as a service, others will provide the infrastructure, leaving the rest up to you. It is very important interview and select your cloud provider carefully to make sure you know what they can do for you.

I’m experiencing issues with the performance of some of my applications in the cloud? How can I get better performance?
Applications are really important and can often dictate what you can do with regard to the cloud. First, you want to do a review of each app and determine the best place to run them. Despite the fact that there are over 26 carriers available and a mega-load of bandwidth, you still need to run the test to see how much you need. You might need a LAN acceleration device.

Email and other web-based apps are simpler, but when it gets to ERP level and production-critical applications you have to do a deep look at them.

You can also look at different ways of developing apps, you can scale out and not just up. There are better ways to design applications for scale now to leverage the elasticity of a cloud environment.

I want to outsource my DR to the cloud. How do I know that it is going to work when I need it to? Can I require the provider to run tests on a regular basis as part of my agreement?
You can and should require the provider to run tests on a regular basis. It is important for your company to set a DR strategy and think about continuity, just having a technical solution in place isn’t enough. You need to create an ongoing development plan to put DR strategies in place. Applications change, the way of doing business changes, and therefore you DR strategy also needs to be changing.

What kind of connection is required between our site and the cloud? Is it better to use programs like Citrix to stream apps back to the site, or is speed not an issue when the data is in the cloud as opposed to onsite?
It is important to do bandwidth tests that way you can see what requirements you would need. Certain applications work better than others and with choice comes a competitive spirit. Making your choice from the competition based on what will meet your requirements. It is also important to take into consideration what kind of applications you want to move to the cloud, how they will be hosted and then to create a back-up plan and have diverse options.