Updated: By now, many of you have already deployed SharePoint 2010 on-premises. SharePoint 2007 Online was severely hamstrung; however, at time of writing, the release of SharePoint 2010 Online promised near parity with an on-premises environment.

Before you make the jump to the cloud, there are important risks that need to be managed with forward-thinking governance policies and procedures. Understand these risks BEFORE you make the move, regardless of which provider you ultimately select. The risks discussed here can be managed with a combination of operational, business, or legal strategies that must be coordinated during contract negotiations and careful, regular auditing.

 Some of the most important risks to consider with adopting SharePoint in the cloud include:

  • Data security: Hosting data in a remote data center exposes you to risk since data center staff or others outside of your organization might have access to your data.
  • Dedicated or multi-tenant: A dedicated environment will provide the same capabilities as a server hosted in your environment, but it will cost significantly more than a shared environment that is used by many tenants. A multi-tenant environment like Microsoft’s Business Productivity Online Suite (BPOS) will be significantly less expensive than a dedicated environment, but there will be some restrictions on what you can deploy. Which environment is right for you? Why?
  • Physical security: Data may be stored in many data centers. How can you ensure that the data centers hosting your data have adequate physical security to ensure integrity and confidentiality of your data?
  • Data ownership and control: Read the fine print and make sure you know who owns the data. How can you be sure you are not held hostage now that your data is no longer under your control?
  • Service level agreements: Do the service level agreements (SLAs) available in the cloud solutions you’re considering meet the needs of the business? Consider speed, uptime, and disaster recovery.
  • System downtime compensation: What leverage do you have to ensure that you will be fairly compensated if the service is unavailable for any length of time?
  • Data transmission across national borders: Data could be hosted anywhere in the world. What assurance do you have that you aren’t violating local laws and regulations where your data is stored or transmitted?
  • Data discovery: What happens if the cloud provider is seized or searched by a local authority hosting your data? What rights do you have to protect and preserve your data?
  • Identity management: How is the identity of users managed? Can you manage user identity and limit your exposure to outside system users through federation of identity stores?
  • Third-party applications: Are third party add-ons needed to work within your solution? If so, do they run in the cloud, and what are the licensing implications?
  • Your existing staff: How are they involved in the migration to the cloud, and what is their long-term role in a cloud-based solution?
  • Data storage limitations: How much data can you store in the cloud, and what are the costs to increase the storage quota?
  • Retrieval limits: What are the limits imposed on data retrieval? For example, can you retrieve 25,000 items from a list at one time? What does the business need? What limits are in place and what is required?
  • Development considerations: What limitations have been introduced by the cloud-based offering? For example, all custom code should be put in a Sandbox with SharePoint 2010. What other limitations must be designed within the solution?
  • Testing: How can you test prior to a full-scale deployment to the cloud?
  • Data migration: How can you migrate data to the cloud environment?
  • Data retention policies: How long is data maintained for disaster recovery purposes?

 Remember that a move to a cloud-based solution requires careful planning and governance. There are huge savings to be had. Plan carefully, negotiate up front, and get ready for a disruptive time ahead.

Additional information about SharePoint governance on premises or in the cloud can be found by consulting my new book, “SharePoint Deployment and Governance using COBiT 4.1: A Practical Approach.” You can read chapters 1-4 online at http://technet.microsoft.com/en-us/library/ff758651.aspx.