I’ve been asked over the last few months quite a bit about virtualization and cloud computing.  Virtualization is something most people understand, but cloud computing baffles many professionals because there is often not a clear nomenclature used to describe products and services in the space1. In fact, my father in law asked me if I was somehow involved in weather forecasting (jokingly) after looking at what my current employer does.

King Cloud, by akakumo

It’s like PCI DSS in the vendor space. “Install my product, and I GUARANTEE you are PCI Compliant!” Except in the cloud world, it goes something like: “I got me some sexy, fluffy cloud stuff JUST FOR YOU!”

This post is not meant to explain cloud computing to you, and before reading any further you should have familiarity with the differences between the private and public cloud, as well as the different offerings and configurations of cloud services.

Got it?  OK, here goes.

The “Should” Rule of Cloud Computing simply requires users to ask the following: “SHOULD this data be put into a cloud service? And if so, what kind of security and configuration SHOULD this cloud service have?”

We can learn quite a bit by answering those two questions, and we bypass the “can we do this” question, because invariably you always CAN do it, especially if you are asking a consultant and money is not an option.

Before you consider anything related to cloud computing, you really should have a good grasp on the types of data housed in your enterprise, and where they live.  And not just an armchair understanding either, but something detailed and fairly concrete. Once you have that, consider the types of data you have, and what could go into a cloud service, and what just should not.  Here’s an example I have used many times over the last month.

Consider an online retailer that is prepping its catalog for Cyber Monday.  With thousands if not millions of netizens brushing off work to do a little holiday browsing, they will need some infrastructure to handle the traffic as to not risk sending their customers to competitors to shop. When customers pay for their order, we have sensitive data to secure, but while they are shopping, we probably do not.

Leveraging a public cloud service here may be a prime example of when you should embrace the cloud. Putting your catalog in the cloud will rarely (there are exceptions) cause the cloud service to have to comply with a security or compliance regulation.  It’s only when the customer enters personal information about themselves to pay for the goods that we get into that situation.  So throw your catalog into the cloud, and when it comes time to pay, bring them back to your non-cloud (or private cloud) setup to process the final steps and secure the data properly.

If you think about your data and applications in that regard—public data vs. private or sensitive data—it becomes pretty easy to see how you could potentially leverage cloud services safely in your environment. It passes the SHOULD rule. Applying this rule to your cloud initiatives will more quickly help you see where the quick or easy wins are, and where the more complex implementations are lurking.

This post originally appeared on BrandenWilliams.com.

  1. I just saw an ad for a “Dynamic Cloud Server.”  For real. []