Please ensure Javascript is enabled for purposes of website accessibility

Transitioning to cloud-based services: Due diligence is key

Transitioning to cloud-based services: Due diligence is key

Listen to this article

With many companies already moving toward greater use of the cloud pre-pandemic, the COVID-19 outbreak has accelerated that trend. Those in the field say they are some things companies need to be aware of as they make the transition.


“There has been an increased interest in cloud-based services, mainly for collaboration and communication,” says Ben Wilcox, vice president of cloud consulting and security at iV4, a ProArch Company.

Cloud computing is defined as using hardware and software services from a provider on the Internet.

A cloud service provider is a third-party company offering a cloud-based platform, infrastructure, application or storage services. The two most popular cloud service providers are Amazon Web Services and Microsoft Azure.

Among the reasons why businesses are switching to cloud-based services includes adjusting to the new normal of having staff working remotely, Wilcox says.

The cloud allows employees to work virtually anywhere and provides additional security, he notes.

When thinking about transitioning to cloud-based services, Wilcox says companies need to understand their business needs, from who will be using the services to where they will be accessing them.

It is also beneficial to see how the cloud-based service ties in with applications a company is already using, he notes, as is making sure companies are in compliance with regulations related to their data, whether it be employee, customer or financial information.

“Knowing what (regulations) you have to adhere to helps you understand your overall goals,” Wilcox says.

A business also needs to have a good handle of its costs when it comes to cloud computing services. That includes start-up costs and monthly fees.

Wilcox also recommends undergoing a trial run before permanently making the change.

For example, if a company is considering using a cloud-based application such as QuickBooks, they would be well served to use the application over the course of a month while simultaneously doing the work the way it has traditionally been done.

By running parallel programs, a business and see where there are differences and an adjust accordingly, he says.

“That way they won’t be caught by surprise when they make the switch,” Wilcox says.

Paul Bornemann, vice president of consulting at Entre Computer Services Inc., also sees an increase in the number of businesses using cloud-based applications, such as Zoom, as well as cloud-based phone systems during COVID-19.

Some businesses, such as restaurants, have had to switch to cloud-based systems due to the need to give customers the ability to order online, he adds.

While it can be easy to install such applications, Bornemann says companies should take their time, and do their research, before making a decision.


“Sometimes it’s too easy to buy an app in the cloud,” he says.

Bornemann works with businesses to evaluate their needs and find the best solution when migrating to the cloud.

Data security is a priority when it comes to researching a provider, so Bornemann will ask the vendor a series of questions on the topic, such as how they protect a customer’s data, how they handle a breech, what is their disaster recovery plan and how they have handled issues in the past.

It is also important to see how a company would go about getting its data back if it decides to switch providers, he notes.

Cloud-based services can be used by companies of all sizes and has many benefits, from providing cost-effective solutions to additional security.

Most small- to mid-sized businesses do not place a strong enough emphasis on computer security, he says. In contrast, corporations such as Amazon and Microsoft are among the leaders in cybersecurity, largely because they have to, Bornemann adds.

“They are good at protecting data and invest heavily in security,” he says.

In addition to researching a third-party provider, Bornemann also provides security awareness training for a company’s employees when transitioning to a cloud-based service provider.

That includes getting the employees up-to-speed on a company’s policies related to areas such as accessing company data from remote locations and offering tips on cybersecurity, such as using company-issued devices instead of home computers.

In addition, he recommends company’s use a data center that is located near the business and that their Internet connection is strong enough to support the transition to the cloud.

Bornemann says it is beneficial to have multiple vendors who provide Internet service, especially for continuity in case there is an issue with one, and that company’s review annually their contracts with Internet service providers since they often have deals in place that may provide better coverage and a better value that an older plan.

“There could be a major benefit there that a company may have never thought about,” he says.”


Jenny Holmes, an associate with Nixon Peabody LLP who is deputy leader of the firm’s data privacy and cybersecurity team, says there are a number of federal, state and international laws and regulations that businesses need to adhere to as they transition to cloud-based services.

That includes the New York Stop Hacks and Improve Electronic Data Security Act, which took effect in March. The SHIIELD Act has strict implications for businesses around the world that hold data from New York residents.

Where data is stored is important, she notes. If it is stored by a could service provider in a data center in another country, for example, a business has to make sure it is complying with the privacy laws in that country. The same is true if data is stored among multiple jurisdictions.

Holmes also stresses the importance of using due diligence when selecting a cloud-based service provider.

It is important to understand their business practices and how they protect customer’s data, she says.

It is also important to make sure a provider is not using a company’s data for their own benefit, she notes.

Holmes says a robust data security section in a contract that spells out what a provider is, and is not, allowed to do with a company’s data is a must.

“Due diligence is key as companies move to this cloud-type model,” she says.

Andrea Deckert is a Rochester-area freelance reporter.