Peter Coffee, Director of Platform Research with (, says:

Innovate rather than migrate.

If someone asks, “what should we migrate to the cloud?”, challenge the premise. Rather than migrating something that’s working well enough to be useful today, look at the list of business unit needs that may have been going unmet for months, quarters or years. Measured productivity gains on cloud development platforms such as can shift long-deferred projects across the line to viability — and even make them candidates for producing compelling returns on investment.

Lead with the data.

Apply a formal security discipline such as National Security Agency’s Information Assurance Methodology to develop an inventory of the elements of data you hold and use, and the processes that handle or change that data — as well as the duties of care that you owe to those who trust you with their information. The security that you believe you have in your on-premise systems may be more than you actually need in some respects, and may be less than it should be in other areas: evaluate cloud offerings in terms of their ability to do what’s needed, rather than merely reproducing what you have now.

Grant privileges with precision.

Legacy IT models have traditionally offered only a simple hierarchy of privilege, resulting in “superuser” administrators having access that they don’t actually need to do their jobs. Re-examine privilege assignments based on the far more granular model enabled by cloud services that distinguish creation, deletion, reading and editing privileges and allow an administrator to define task-appropriate privilege profiles.

Build a process, not an app.

It’s time to go beyond traditional models of app development, whose path of least resistance leads to creation of new data silos. Think rather in terms of functions and processes that can flow from a handheld device to a cloud-based service hub into an orchestration of both services and legacy assets — pursuing whatever directions, through whatever channels, will create maximum business value in minimum time.

Build for a world with no walls.

The view from the data center sees a trusted world inside the firewall and a dangerous territory outside. Neither of those generalizations is wholly accurate. Those inside are not automatically trustworthy, and those outside may need to be granted specific and limited trust to create competitively vital partner ecosystems and customer communities. Define associations of data, process, privilege and trust; manage those packages rigorously, no matter where they travel.