The question most organizations are asking themselves today is not, “Should I move to the cloud?” but rather “When/How should I move to the cloud?,” as the cloud becomes increasingly relevant for business.  As we discussed in Part 1 of this blog series, there are many organizations making the transition to cloud, ready to reap the benefits of streamlined processes, flexibility and capital cost reduction. However, with any decision comes risk – deciding to transition to the cloud is no different.

Allen Shortnacy , cloud security specialist at VMware states, “there’s no reason to let your fears about the cloud keep you from realizing its benefits.” In Part 2 of this series, we’ll provide tips and a breakdown as to how your business can address common concerns using smart policies, state-of-the-art technology, and partnerships with the right cloud vendors. We’ll also explain how VMware addresses these concerns, with solutions like the VMware Cloud Credits Purchasing Program.



When it comes to mitigating the cloud’s security, compliance, and budgeting risks, Dave Shackleford, a Cloud Security Alliance contributor, says it begins with policy. Companies must draft clear rules about who can set up new cloud-based solutions, how those systems are paid for, and what can or cannot be stored in them. These rules must be disseminated broadly, with vocal support from senior leaders, as well as be enforced vigorously.

State-of-the-Art Technologies

However, policy alone is just the start. Businesses must also use state-of-the-art cloud platform technologies, and ensure that their vendors do the same. Some of the key features to look for in these technologies include comprehensive security protections for hosts, networks, virtual machines, as well as consistent application of those safeguards across public and private clouds. Virtual workload visibility, auditing capabilities and robust reporting tools are also musts, as is functionality for embedding authentication, access control, privacy and confidentiality policies within virtual machines.

Qualified Cloud Vendors

Every bit as important as the technology an organization uses is the cloud vendor they partner with. Savvy companies maintain a list of preapproved service providers and restrict employees from working with those not on the list. Chris Richter, VP of Security Products and Services at Savvis, says those seeking to transition to cloud should ask potential providers to see an architectural diagram showing how the provider locks down its environment. He advises to study the provider’s security policies and compare them to your own. “If there’s a disconnect, the cloud provider should be willing to recommend a way to address that gap,” notes Richter.

Centralized Payments

If employees continue to set up “rogue” cloud deployments (as discussed in Part 1),  company policy, state-of-the-art technology, or a qualified cloud vendor won’t do much good. To address this problem, establish a dialogue with your non-IT counterparts. Often, users don’t realize that IT can provide exactly what they would otherwise buy on their own. Users are more likely to choose IT-endorsed cloud services if identifying and paying for them is simple. Creating a portal that provides direct access to cloud-related funds, as well as self-serve tools for spending with preapproved vendors is an important best practice.

How VMware Can Help

VMware has the software and partnerships to make addressing the challenges of cloud computing easier. The vCloud Suite infrastructure solution is the cornerstone of our cloud security and compliance offerings. As the industry’s only integrated end-to-end cloud platform, it includes a rich set of sophisticated firewall and gateway security services. By choosing VMware vCloud Datacenter Services and VMware vCloud Powered Services from partners in the VMware Service Provider Program, vCloud Suite users can ensure that their external cloud resources are every bit as safe and legal as their internal ones.  For a look at the VMware partners offering these services visit

To make consuming public cloud services from VMware partners easier, VMware offers the VMware Cloud Credits Purchasing Program. This program enables technology managers to buy credits from their preferred VMware Solution Provider and then allocate them to the company’s various business and IT units through the MyVMware management portal. Through the same interface, users can redeem their credits with approved VMware vCloud Service Providers on a self-serve basis.

The VMware Cloud Credits Purchasing Program also enhances your budgeting flexibility. By centralizing all of your cloud-related transactions in one place, you can monitor and control cloud spending with greater precision. The end results are a simpler, faster cloud procurement process, more accurate budgeting, and significantly improved security – a combination anyone concerned about cloud security, compliance, and funding issues can appreciate.

For more information on Cloud Credits, watch this video:  

For more information on ensuring a clear path to cloud security, compliance, and cost control, download the White Paper here.

To watch a replay of a virtual event on bringing greater security and compliance to the cloud, click here.

For future updates on the vCloud Service Provider Community, follow us on Twitter @VMwareSP and Facebook at