Data servers have been around for a long time with massive server farms storing a myriad of data. Then, the Internet came along. Dedicated servers no longer need to be in the “server room.” Now, there is the opportunity to have hosted servers and infrastructure offsite, known as, “the cloud,” available to all from the Internet.
The cloud can be divided into two different solution types. A “point cloud solution” occurs anytime a single application is moved off company-owned equipment and placed into the cloud. Point cloud examples include Office 365, Dropbox, Box.net or any “webified” software that does not run on an organization’s own servers. The second option is a “private cloud solution,” essentially the organizations’ servers are moved from running on infrastructure owned by them to the hosting provider’s secure private cloud environment. A technology such as Remote Desktop or Citrix is typically layered on to deliver desktops to the user population. Private clouds are more flexible allowing for specific transit operating requirements to be met, which can be complex with planning and run-cutting software, fleet management, AVL and the like.
But what questions should agencies seeking clarity in selecting a private cloud solution be asking?
How will the agency manage user accounts and authentication?
The question is how the solution will fit into the existing user account management process; in the IT world this is referred to as authentication. The most common roadblock to entry is that the point cloud solution, say Box.net, Sharefile or Dropbox, requires management of a separate user account system, presenting a risk for controls such as the employee termination process.
Prior to the cloud, an employee’s departure would have included revoking access for a user account in a single server system, whereas the point cloud solution requires revoking access in multiple systems. Since user access controls are the foundational component for any compliance related industry, the right questions need to be asked before considering using a cloud solution as part of the overall IT plan. Private clouds are flexible and secure, positioned with the right IT provider at the helm, an agency’s ability to handle authentication and other security concerns are assured.
What about hybrid and onsite options?
The cloud provides a way to offload some of the risks associated with running a customized fleet operations computing environment. If the goal is risk reduction, real world issues outside of the IT service provider’s cloud must be solved with the solution. It may be determined that not all of the organization’s technology and software are cloud-ready; some of it may have to remain onsite. It is imperative that an understanding of how the service provider will manage any technology that remains onsite and what type, if any, staff augmentation can be provided should employee attrition occur.
This conversation early on helps to clarify how the service provider can reduce other aspects of risk that are not technically related to the cloud but certainly relate to overall IT risks.
Choosing the right IT provider for specific cloud-based needs
At the end of the day, it is important to partner with a service provider who understands tough regulatory, compliance and security environments like those found in the public transportation industry. The key is to identify a long-standing company that is experienced in providing customized, cloud-based IT solutions; from supporting highly sophisticated and secure technology environments for large, multi-modal regional transportation agencies to managed IT services and user support for smaller and mid-size transit agencies who may not have the technical staff on-site but still need to mitigate their IT risks.