Protect Your Existing Data

Before you begin your application migration to a cloud provider, make sure that you back up your data completely so that you can later fall back, if necessary, to a known point. Then make sure you and your cloud provider agree to the backup procedures they will employ after they take control of your data. As discussed, it is easy to move a solution to a cloud provider. You need to ensure that it will be equally easy to move back out of the cloud.

Further, if your company has specific privacy requirements, such as HIPAA (Health Insurance Portability and Accountability Act) for healthcare or FERPA (Federal Education Rights and Privacy Act) for education, have your provider state explicitly, in writing, their data privacy policies and procedures. To reduce data-storage costs, cloud providers will often host data on services that reside outside of the United States. For high-privacy data, such as healthcare data, you may have requirements that the data reside on servers within the United States. In such cases, make sure you specify within your SLA that your data must reside within United States (including backups of the data). Also, make sure you not only know the service provider’s backup policies and procedures, but that you also understand their use of encryption (and encryption-key management) for such backups.