Strategize and Organize – SMBs’ Best Use of the Cloud

Why your SMB cloud strategy could benefit from an integrated approach

Via ZDNET (Heather Clancy)

For many small businesses, one of the biggest perceived advantages of migrating to cloud applications and infrastructure services is the management proposition, the idea that it will free up their staff from an unwanted IT burden.

In some ways, that’s very true, since updates happen behind the scenes and provisioning usually can be handled very easily by individuals.

But if your small company decides to embrace a whole suite of cloud services – especially if it wants to integrate them with existing applications hosted within an on-premise server — it should consider working with a managed service provider (MSP) to make the administration simpler. The benefits of doing so include being able to offer employees access from a centralized Web portal for all applications, consolidating where data is stored and secured, and ensuring that collaborative processes can bridge multiple applications.

There are literally dozens of former VARs and IT solution providers cropping up to offer this sort of functionality as a managed service. One example is TOGLcloud, a hosted offering developed by a group of MSPs that felt most of the current offerings weren’t designed with smaller businesses in mind.

I’m not going to try to name all the options here, but there are several lists published by MSPMentor that offer a good jumping off point for anyone wanting to research their options. (Warning, you’ll have to register to get to most of the content.)

One of the more established players included on MSPMentor’s North American lists that is focused specifically on helping small businesses build an integrated approach to cloud strategy is eight-year-old, with its ITAnyWhere Cloud offering.

“Small businesses can log into one place, all their files, all their productivity tools are there. Their is there, too,” said Kirill Bensonoff, founder of the company. “They no longer need to have any infrastructure other than these services.”

What makes interesting are relationships with some pretty big–name players when it comes to hosted desktop and cloud infrastructure services: it is an Amazon Web Services Consulting Partner, specializing in the cloud service provider’s QuickStart services; a Microsoft Gold Certified Partner that can migrate small companies to a managed Office365 service; and a Citrix Silver Solution Advisor and Service Provider that offers access to the cloud through Citrix XenApp and Citrix XenMobile. It has VMware, ShoreTel and SonicWall credentials. What’s more, is even a member of the Apple Consultants Network.

The ITAnyWhere Cloud service, currently in its third generation, runs on top of AmazonWeb Services, for scalability, compliance support, security and multiregion access. Small companies can log in through a portal, where managers can handle provisioning, or remove and add users quickly. The services are supported 24×7 by, which also handles migration of legacy applications into the hosted environment if appropriate. It’s a fixed-fee offering, but Bensonoff declined to reveal pricing. That depends, in part, on the migration and setup required by the business.

Most of’s customers are small businesses with 30 to 50 employees that originally had at least one server managed in-house, Bensonoff said.

Maybe all of this is more than your business can handle, but if a piecemeal cloud apps strategy is starting to create management headaches as your team grows and becomes more mobile  — and you don’t have the in-house staff to sort them out — a turnkey approach like ITAnyWhere Cloud might be worth an evaluation.

Legal Issues Entering the Cloud…

Cloud computing” has been around for decades, but has mushroomed in recent years due to the improvements in our communications infrastructure and the growing utility of managed service offerings to businesses of all sizes.  But how does the average SMB achieve a good working relationship with their cloud provider, given the huge differences across this booming industry?  Cloud providers can differentiate their services only to a limited degree, so businesses should be open to finding a good balance between the service offerings and the service terms.



Big Players Lead the Market, but Don’t Define It Completely

The major cloud providers include IBM  Microsoft, Amazon, Google and Their Terms of Service (ToS) are generally standardized for single and small users — however, major customers can and do negotiate their arrangements.

Most users won’t have the leverage or opportunity to negotiate terms and conditions, particularly with the largest national providers, who tend to use boilerplate “click-wrap” terms and conditions that cannot be modified. They have to agree to terms that are likely confusing without a lawyer’s help. For example, the standard terms and conditions for Microsoft or Amazon will contain multiple bundled documents that are present for you to accept or deny, with no chance to negotiate or modify the ToS.  Some typical terms and conditions may include:

  • Acceptable Use Policy
  • Customer Agreement
  • Service Terms
  • Trademark Guidelines
  • Privacy Policy
  • Terms of Use

However, when the opportunity presents itself with small- and medium-sized cloud vendors, take every chance to negotiate on the terms vital to your situation.  Don’t bicker or haggle just for sake of argument.  Understand your own needs and communicate them to your business partners, which is generally the most effective way of realizing that each party has some legitimate objectives in the contracting process.

Consider the Important Legal Issues

If your company is using the cloud to store or access business data, and if you have the clout to negotiate, there are a few key issues you should address:

How can I ensure seamless and efficient return of data when I cease using the cloud?

Inevitably, each cloud customer will stop using its cloud provider at some point for some reason. When that happens, options are limited to: 1) moving the processing back in-house and off the cloud; or 2) moving to another cloud provider. Diligent customers need to negotiate with their cloud providers to clearly define closure and termination issues, including the data format and the cost for migration of the data to another location. Failure to address this could result in an expensive and painful migration, or a business decision to be stuck without the practical ability to change, similar to the days when changing cell carriers meant losing your cellphone number, making customers reluctant to switch.

How do you confirm and ensure your sensitive data has been appropriately deleted upon termination of your cloud services?

It is vital that the old cloud provider not retain the customer’s business data, such as financial documents, accounting records, customer data, or other business records. Deletion is particularly important because of laws and regulations related to privacy (including credit card information and/or HIPAA personal health information). The cloud provider agreement must obligate the cloud provider to delete data from its system (including backups) after the customer has migrated away. Additionally, the cloud provider should be bound to protect all confidential data at all times.
Understand data backup obligations.

Speaking of backups, companies routinely create data backups, and cloud providers are no different. Therefore, cloud provider agreements must clearly delineate how customer data and systems are protected from disaster, including sharing where customer data is stored and how the customer can access that data if and when it is needed.

Ensure protection of trade secrets.

If the cloud customer has trade secrets, such as proprietary customer data or software, that customer must properly protect its data or software and have tangible evidence to prove in a lawsuit that it made appropriate efforts to protect those trade secrets. One of the best ways to prove that a trade secret has been properly protected is to show that only the trade secret owner can access the protected information. One solid way to do that is to have the ability to audit.

Establish the right to audit cloud IT operations.

The Sarbanes-Oxley Act (SOX) requires publicly traded companies to comply with laws of the Securities and Exchange Commission (SEC) including the ability to audit and verify accounting data. In order to conduct a SOX audit of IT/Internet services, customers need audit rights in the agreement. For companies not covered by SOX, but for which a formal CPA opinion is required by stockholders, the right to audit the cloud provider is essential. Even if your provider is not so large to be covered by these scenarios, a responsible small or medium sized firm should still have some reasonable means and methods for customers to conduct audit and assurance functions, so don’t expect less from the little guys.


Each business has its unique requirements for using cloud services. Signing the standard cloud provider agreements may be convenient, but risky. Any company using the cloud needs to properly protect its IT and data with a well defined cloud services agreement that is clear and specific to the customer’s own requirements.

%d bloggers like this: