Cloud Services at NC State: Recommendations and Checklist for Prospective Users

These recommendations and checklist are based upon the report: Adopting Cloud Services at NC State: Guidelines and Considerations

Recommendations

  • Communicate early and often with your IT staff about your cloud service interests.
    IT staff should provide input early in the assessment and selection of cloud services. This will help ensure that the cloud service is supportable and integrates well with the campus portfolio of services, and that expectations and roles are clear. IT staff can help ensure that all of the considerations in this report are accounted for.
  • Think about security.
    Some data can be stored in the cloud, some cannot. Become familiar with university policies and procedures, and talk with OIT Security & Compliance before making large commitments.
  • Be familiar with the considerations in this report.
    You should have a grasp of the issues at a high level before adopting any cloud services, even “small” ones.
  • Be prepared for change.
    Rapid change is a feature of cloud computing. Using cloud services can change your relationship with your local IT staff. Your business processes may need to change. In short, embrace change.
  • Take advantage of IT governance.
    Working with IT governance can help you get the most for your money and effort, and provides a mechanism for finding resources and support. It may slow you down a little bit, but it leads to a better result.

Checklist

  • Determine Suitability.
    Determine that a cloud solution is indeed suitable for the purpose for which it is intended. This requires a careful analysis of the problem cloud services are intended to solve.
  • Perform a Business Process Analysis.
    How will your business practices be impacted? Analyze costs, but also the practical impact of rapid changes, customizability, and integration with campus data sources and processes.
  • Consider Risk Management and Security.
    The university’s reputation and resources, including data, must be protected. There are risk management issues both when adopting and discontinuing a cloud service. The use of cloud services raises both common and unique security challenges. Relevant university policies must be followed.
  • Maintain Data Privacy.
    The privacy of the university’s data must be maintained, and individuals must be protected from the disclosure of private information.
  • Plan for Legal issues.
    The selected cloud service must comply with applicable laws, regulations, university policies, and other legal requirements.
  • Evaluate Accessibility.
    All cloud services must comply with NC State’s accessibility regulations, and accessibility must be a consideration in service evaluation and selection.
  • Consider Staffing and Skills for Cloud Initiatives.
    Are appropriately skilled staff available or are supplements needed?
  • Think about Support Considerations.
    What continuing support do you need from the vendor and how will you obtain it?
  • Think through Infrastructure as a Service.
    In obtaining cloud storage and hosting, have you considered all of the visible and not-so-visible costs? Think about what it will take to integrate with campus services, and talk it through with the service providers.
  • Ensure alignment with NC State IT Strategic Plan.
    Significant investments in cloud services should be consistent with the guiding principles and goals of the NC State IT Strategic Plan and be approved by NC State’s IT Governance.