What does cloud computing mean?  Is it a commercial virtualization platform like Amazon EC2, AppNexus, or Mosso?  Is it software as a service, like Salesforce.com or Google Apps?  Can you use it to describe any virtualization system, like VMWare, Xen, or Parallels?  Simply put, cloud computing defines computing resources, either as an operating system or as an application, which live on hardware and networking systems managed by someone else.  You can't walk into a datacenter and point to a system and say, "that one's mine."  It's just "out there," in the cloud.

When systems are outside of your physical control, you're putting your business in the hands of another company, and you should pay even greater attention to the continuity of those systems.  Review the service level agreement from the provider and ask questions to determine how safe your systems are in their hands.

Monitoring

Every production system should be monitored.  This holds true whether it is deployed in a datacenter on systems you own or if it is deployed inside of the cloud.  It is imperative that you know that your systems are doing what they're supposed to be doing, and if they're not, that you know how to respond.  Ask your provider if they offer a monitoring service, and if they do, look at if it's enough.  Many monitoring systems will ping the server or check that a port is open, which is different from determining the health of the application or its parts.

Backups

What happens to the data when the data is gone?  Find out from your provider if they offer a backup service, and if they don't, figure out how to keep your data backed up.  The same rules apply for a cloud environment as for a normal environment.  At the very least it should be on multiple systems, and if possible, stored outside of the provider's datacenter.  Have a written plan for recovering from a loss of application data, database content, and from a complete loss of the datacenter.  Some cloud environments have multiple datacenters and will allow you to bring up new instances in other locations.  Others have a single location, so a loss of network connectivity or power in that location will have a dramatic effect on your business.  Plan for these events and review both the plan and the backup schema on a monthly basis.  Periodically restore data from backup to verify the integrity of the backup process and to give you an idea of how long a recovery operation will take.

High Availability

How does the provider store the data?  If it's virtualized, how are the disk images allocated, and where are the images stored?  Is it possible to have multiple instances providing the same function, using load balancing or a clustering solution like RedHat Cluster Server or heartbeat and DRBD?  Cloud computing virtually eliminates the capital expense of hardware procurement, so if you can have more than one instance in operation, you should.  Many providers tout the speed with which you can bring up a new instance, and doing so in a few minutes sounds great when compared to the time required to build a new server from scratch.  This also presumes that your instance image is configured to take on the role of a failed instance with no additional configuration.  It's better to have redundant servers tested and in operation so that failover is quick and seamless. 

Security

How does the provider handle security?  Who has access to your data?  Ask your provider about the security in their environment.  If you're entrusting your company's data, or your customer's data, to a machine "image" living "somewhere" on storage systems in a company with an unknown number of IT staff, you want to consider the ease of a security breach.  Can they snapshot your database and retrieve all of the credit card data from it?  How is their edge security handled, and who controls those policies?  In the case of an automated or scripted solution, such as Amazon EC2, it's reasonable to ask for information showing that they've been audited and that they've passed a standard level of compliance certification before you entrust them with your business data.  If there's a breach, your customers will hold you responsible, not the provider.

These are just a few of the items you should consider when looking at a cloud computing provider or considering moving to an external virtualization solution, and these items don't address the system administration issues which virtualization brings.   Virtualization and cloud computing have many benefits, but entering into that arena without careful consideration can leave you with an unacceptable level of risk.