Myths Around the Cloud
Cloud computing is upon us, make no mistake about it. We are long past the point of organizations considering if the Cloud makes sense. The conversations today generally focus around where it makes sense and where to use it, not if to use it. Study after study show that organizations overwhelmingly approve of the Cloud and are happy with it, but a much smaller percentage are putting critical corporate data in as of right now. No doubt that will change as time goes on.
The size, type and age of an organization is a good indicator of their propensity to go to and take advantage of the cloud. A start up? Makes perfect sense to go to the cloud from the beginning, instead of investing in a technology infrastructure. An established firm with a large on premise IT infrastructure? A bit of a different story. A more prudent approach is needed where some sort of hybrid cloud approach might makes sense to take advantage of the technology already place to help preserve (or prolong) the existing investments.
That being said, I want to discuss a few myths around the cloud that we address within organizations we work with on a regular basis. The cloud has enormous potential to change—and already is changing—the way firms utilize and think about IT. But still some of the foundations need to be addressed so people understand what cloud gives you and what cloud does not.
So here are 3 myths that I want to address and open a discussion around:
Cloud Computing is cheaper than On Premise IT
Here's the thing: it can be, but it depends on how you slice and dice it. If you have an established IT infrastructure that is fully paid for and amortized, then it might not be. For organizations just starting out and need to build out infrastructure or organizations that need to scale up and scale down quickly (seasonal, etc.) then Cloud computing can certainly be cheaper. But again, it's all how you look at it.
If you factor in all costs including software licensing, resources, DR, management, ongoing support, etc., then pricing models can look similar over a 3-5 year period of time. And if customers are looking at Opex funding for their Cloud initiatives—where their Cloud IaaS and other initiatives are part of an operational expense and not capital expenses—then cloud can seem to be more cost efficient.
But as always, it depends upon each organizations environment, needs and potential usage. The bottom line: it's not always cheaper to go to the cloud, but in many cases, it can be. And many organizations might not be going to the cloud only to save costs, it might be as simple as they do not want to maintain technology and manage their IT infrastructure anymore. They would rather have someone else do it. We see a lot of organizations looking to the cloud for specifically that and not just around costs.
Cloud Computing is less secure than On Premise IT
To state it bluntly: Cloud computing is not less secure than on premise IT. And this is not due to the infrastructure Cloud provider itself, as long as you are working with well know providers such as Amazon, Microsoft, VMware, IBM, etc. Security is all about how you architect, design and implement a strategy and your initiatives. And in this regard, it doesn't matter whether you are using cloud or on premise IT.
Sure, larger well know organizations such as the ones I mention above could have the potential to be larger targets but nature of who they are, versus the "smaller" organizations such as Vicom for example, or your organization, but the issues and challenges are the same. It's all about your security strategy. You can have very a secure public cloud infrastructure and a very unsecure one on premise or vice versa, as it's all about how you plan for and structure it.
In terms of the larger players I mention above, because of who they are, their reputations, and the types of customers they are targeting (businesses), it behooves them to bring the best possible security solutions to their cloud offerings. That's how customers are going to keep coming back and continue using their cloud platforms.
So the underlying technology and platform are certainly important when it comes to security (it's critical), but it's the overall security strategy wrapped around it that makes it work for organizations as they move towards the cloud.
Cloud Computing is more available, fault tolerant and resilient that On Premise IT
So you've decided to fully embrace a cloud strategy and put some/all of your workloads out into a public cloud provider. It's a great move that allows you to feel you are moving forward with your IT strategy by embracing the cloud. So that means that your data and workloads are protected, right? Well…maybe. And by protected I mean backup, HA, and DR. Just because your workloads are out there in a public cloud environment does not mean that they are protected should something happen, such as the cloud provider service doing down.
When adopting a cloud strategy and moving workloads to the cloud, the same rules apply as they do for traditional infrastructure. That means having a backup strategy, an HA strategy, and a DR strategy in place for when it's needed. Depending on your SLA with your cloud provider, you could be down for long periods of time and might not even have a guarantee that you'll get your data or workloads back. Read those contracts so you know exactly what you get, or have your trusted cloud partner or VAR help you navigate that. You need to know which vendors have HA as part of their base public cloud solution (VMware) and which do not (most of the others), what your SLA's are in case your service does go down (each is different) and even what your liability is with the cloud provider if someone steals your info or hijacks your workloads or bandwidth (it varies on each).
All of these scenarios above can be mitigated by having the right strategies in place for the Cloud. But that being said, you still need to backup your data. You still need an HA strategy with an SLA that you can live with, either provided by your cloud provider, or by your own efforts. You need a DR strategy and plan in case the service goes down for an extended period of time so you can continue your business operations as close to normal as possible. And you also need to make sure that it actually works so God forbid it does happen, you know it will work. So test and test often.
The responsibility on all of this falls not upon the cloud provider and their solution(s), but on you and your organizations architecture, design and strategy around your cloud solution.
So there are a few of the areas which I thought could use a bit of clarity (see blog post on IT Clarity from June 2013) around the cloud. These are conversations we are having with our customers continually to help them determine what they are or are not getting, and not high level but in detail. I think the simplest way to break it down is to view the cloud for what it is: IT infrastructure. Whether it's on premise or in a public cloud, the same rules apply. And just because your data or workloads are out in a public cloud environment, doesn't mean that they are cheaper, less secure, or highly available. They are all about what you make out of them. And you'll notice that in general my answer on the three points above is: it depends, because it does, on a lot of things.
When using the cloud consider all aspects within and that surround it (see blog post: Surrounding the Cloud) as you would do with any traditional IT infrastructure. That way you'll have no surprises. Let me rephrase that a bit: This is IT. And since this is IT, we all know and live the fact that things are changing constantly and we can be surprised just about every day. But at the least as you use the cloud, consider all of these areas and you'll be ready for any surprises that are thrown you way.
What are your thoughts and experiences around these areas and the cloud? Let me know at firstname.lastname@example.org.