Are you in highly a regulated industry? Do you have issues with “the cloud” and compliance and regulatory challenges? Let’s talk about how Office 365 IS and IS NOT just “cloud.” Once we’ve cleared the air a bit, you should take another look at Office 365 with a fresh set of eyes and reconsider Office 365 for at least some of your workloads.
I recently blogged extensively on this topic on the Oakwood Insights site. In the future, I’ll be posting complimentary articles there and here and will link them together.
What Office 365 IS NOT:
Everyone talks about what Office 365 IS. I’d like to contrast that with what Office 365 is NOT:
|Office 365 IS||Office 365 is NOT|
|A suite of hybrid on-premises and cloud-hosted services and software:||JUST e-mail in the cloud|
|A highly-available service developed for business||A consumer-grade e-mail solution for end-users|
|Private and transparent||A vehicle for generating more advertising revenue|
|Compliant to regulatory requirements||An all-in cloud solution unable to handle on-premises data requirements|
|Secure – both for physical and logical access||Always a valid answer for every security requirement|
|A licensing vehicle for flexible access to the Microsoft Office suite of applications||A replacement for your EA licensing agreement with Microsoft|
|A great solution for businesses that need the flexibility to go to the cloud on their own terms at their own speed.||Just for business – education and government organizations at all levels are using Office 365|
Addressing Compliance and Regulatory Requirements
Office 365 addresses a comprehensive list of requirements including:
- Data Processing Agreements (DPA)
- Federal Information Security Management Act (FISMA)
- ISO 27001
- EU model clauses
- U.S. – E.U. Safe Harbor
And here are some of the security and privacy tools used to address compliance and regulations:
- Restricted physical data center access
- Encryption at rest and during transmission
- No use of customer data for advertising
- Regular back ups of data
- Enforcing “hard” passwords
- Data Loss Prevention (DLP)
- Granular, role-based permissions
- Transparent operations – know where your data is and who has access
- Visibility in to availability and a 99.9%, financially-backed up time guarantee.
Some of the industries with the heaviest requirements (finance, healthcare, power and utility, government and education to name a few) have just written off the cloud entirely and I think that’s a big mistake. On a quarterly or even monthly basis, Microsoft is improving the service, continually adding capabilities and looking at additional security and management features. Frankly, investing in the types of features and controls that Office 365 provide in an on-premises environment can be very expensive and labor-intensive and most small and medium sized organizations struggle to comply with complex and intrusive regulations.
So, I hear a lot of: “we can’t move anything because we can’t move everything.” Organizations assume that if they have one workload or one class of user that requires high-security or is highly regulated that they cannot move any of their workloads or users. This simply isn’t true in most cases. Microsoft has invested much effort in developing products that offer “Hybrid” on-premises / cloud functionality. Let’s talk about that next…
What Hybrid Does for You
|Typical Components of Cloud Computing Systems|
First, what does “Hybrid” mean? Hybrid configurations take the best of on-premises and cloud-hosted systems and tie them together. While hybrid configurations can be more complex they also afford much greater flexibility and functionality.
Here’s what that means: you can selectively choose workloads that are more appropriate for the cloud and move just those while leaving the remainder of your IT infrastructure on-premises where you have full control of it. Take advantage of the scale and pricing efficiency you get in the cloud but do so only for those users and data for which it is appropriate.
The real trick is categorizing your data, users and business processes to understand which platforms are best suited for them. The same way you now evaluate storage… tier 1/2/3… you need to evaluate platforms. Consider on-premises traditional, public cloud and private cloud options and make a chart for each use case and where that workload belongs.
Well, it’s WPC (Worldwide Partner Conference) time again and that means changes to the Microsoft Partner Network. Most years we see several new and changing competencies and this year is no different. With Microsoft’s recent focus on cloud and the phenomenal success of Office 365, however, it should be no surprise that the Cloud Partner programs (Cloud Deployment and Cloud Accelerate / Essentials) are being revised retired.
None of this should be a shock… we’ve heard rumblings since late 2013 that changes were coming. In November, Julie Bennani (General Manager, Microsoft Partner Network) released the timeline for some of the changes announced at WPC in 2013 (see Partner Program Updates. What you need to know). Included was the retirement of the Cloud Essentials, Accelerate and Deployment programs. In January, a Technet article (see Cloud Program Update: Your Questions, Answered) clarified some of the reasons for the changes and how the retirement of the programs would work and how Partners would be affected.
In a post titled “Making Cloud core to the MPN Program”, this week at WPC 2014, Gavriella Schuster (General Manager, Worldwide Partner Group) confirmed the program update and announced some significant changes that will simplify partnering with Microsoft for public and private cloud while providing additional resources at the same time. Unfortunately, some of the differentiation for top Office 365 partners is falling by the wayside as a result… as her article title suggests, cloud is now core to the MPN program and Microsoft will be expecting more and more partners to get on the cloud bandwagon.
Here’s a summary of what’s new and changed:
|Action Pack||5 seats of E3
5 seats Intune
Action Pack Purchase for $475
|Replaces the Cloud Essentials program. Phone support, trial invites, delegated admin.|
|Silver Cloud Productivity Competency||25 seats of E3
25 seats Intune
|One Office 365 tech
One messaging tech
Deployed Office 365 active use requirement
|Roughly replaces Cloud Accelerate. Office 365 demo tenant, Signature Cloud Support, trial invites, delegated admin, etc. Switch from assigned seats sold to active use as metric.|
|Gold Cloud Productivity Competency||100 seats E3
100 seats Intune
|Two Office 365 techs
Two messaging techs
Deployed Office 365 active use requirement
Additional program fee
|Roughly replaces Cloud Deployment. Same as Silver but adds more internal rights, Enterprise Mobility Suite (EMS) and direct-to-partner support by a tele-partner account manager (tPAM).|
One of the big challenges for partners working with Microsoft on funding offers (BIF) like the enterprise E3 $40/seat FY2013 offer and more recently the watered-down FastTrack Office 365 offer has been the deployed seat metric. It looks like the competencies are going to use a similar metric for now until Microsoft can come up with a good way to accurately measure “active use” of the service. Right now they judge deployment using the number of assigned seats… just due to lack of a better metric.
The Office 365 Marketplace and Pinpoint still have the existing filters (Cloud Deployment, Top Cloud Experts, Cloud Accelerate, etc.) but I would guess those will be replaced by a simpler “Cloud Productivity” filter or such at some point. When that happens those companies that have fought hard for their premium cloud designations may be a bit unhappy. Hopefully the additional resources like EMS and Signature Phone Support being provided offset the loss though.
More information and links to additional material can be had at Cloud is our core – Build a profitable cloud business on the Partner Network site. See a good breakdown of the specific benefits and requirements between the Silver and Gold competencies at Cloud Productivity, also on the Partner Network site.