3 phases of cloud adoption

3 phases of cloud adoption

By Ellucian on Tuesday, August 22, 2017


Institutions tend to fall into one of three phases of cloud adoption, according to Tom Dugas, director of Information Security and Special Initiatives for Duquesne University.

“The first category is cloud aware, where an organization is just thinking about moving to the cloud. The institution knows that the cloud is out there, but it’s not sure what it’s going to do with it or how to get started with cloud adoption. The second is cloud experimentation, where the institution starts to focus on one particular service—email, for example—to get to the cloud. The third is opportunistic cloud, which is where Duquesne fits. We look at cloud solutions as ‘what is the right opportunity?

My advice is, figure out where on that ladder your organization thinks it is, and then think about the considerations in each area.”

Dugas says that most colleges and universities fall into the group that is experimenting with the cloud. “What you want to think about is whether somebody has paved the path already. Higher education is rich in collaboration and opportunity, and we can use what a lot of other folks have done before us in cloud adoption without having to reinvent the wheel. Take the path already paved. Use what you can from collaborative efforts.”

Despite the collaborative nature of higher education, some institutions still have cloud security concerns. According to Dugas, however, “Going to the cloud doesn’t change your risk strategy: It just helps you focus on different aspects of it.” For example, “The important things to think about in cloud computing risk strategy are identity and access management (IAM). What is the authentication method? What kind of authorization do you use? Can you federate it? Does it work with your existing integration and existing IAM points?”

Dugas says many institutions also worry about their data. He suggests asking questions such as, “What kind of data are you looking to host in the cloud, and how will you secure those data? Are you using single tenant or multitenant? Will your data be spread out across multiple data centers across the United States or even in foreign nations?” He advises, “Don’t be afraid to ask those questions about your data.”

He also suggests that new cloud users also look inward, especially when it comes to risk assessment. “Higher education is a really great collaborative area,” says Dugas, “but I think it’s important to conduct an independent risk assessment. Don’t assume that that assessment will turn out the same as the next institution’s.”

Dugas cautions that institutions won’t necessarily need fewer resources. Instead, you may find that you use existing resources differently. “You may add resources or change resource assignments to have more systems analysts, business analysts, and integration experts rather than system administrators, database administrators, and network engineers. You switch it around a bit to focus more on all the key touch points between your cloud systems and your current systems on premise as well as your user community.

Moving to the cloud gains you elasticity. It is not always a cost savings, but rather it gives you the ability to allocate resources differently.” These resource allocations often allow for new initiatives that can enhance the competitiveness of the institution or enhance the mission, which directly adds business value.

TOM DUGAS, Director of Information Security/Special Initiatives, Duquesne University

As the director of Information Security/Special Initiatives at Duquesne University, Tom Dugas develops and oversees a comprehensive, unified information cybersecurity program that includes detection, prevention, incident response, and threat awareness. He is also responsible for identity and access management and data governance.

To see how Ellucian can help your institution evaluate its cloud options, please visit our Cloud Solutions webpage.

Permanent link

Add to conversation

* Required. DO NOT include HTML code.
* Comments are subject to moderation.