The public cloud is here to stay. According to Gartner, in the next 5 years public cloud spending will increase to 45% of all enterprise IT spending, up from just 17% today. With all the investment in the public cloud there are still a number of myths about the cloud floating around causing people and organizations to defer or delay projects leveraging the platform. We’re going to examine the most common myths and see if any hold up under scrutiny. Before we dive in, let’s define some terms.
What Exactly Is The Cloud?
For the purposes of this article, the terms ‘cloud’ and ‘cloud computing’ are used interchangeably. The National Institute of Standards and Technology (NIST) defines cloud computing as:
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.2
The service models include Software-as-a-Service (applications running on a cloud infrastructure), Platform-as-a-Service (hardware, databases, and the environment required to run your web application), and Infrastructure-as-Service (cloud computing, storage, network configuration, and resources). You can see where each of these service models fit in the technology stack:
(image from Wikipedia)
What Cloud Deployment Models Exist?
There are three cloud deployment models:
- public cloud,
- private cloud, and
- hybrid cloud.
Public cloud refers to an organization that connects to the cloud services over the internet and typically includes many organizations sharing the same infrastructure. Public cloud infrastructures are owned and maintained by third party cloud service providers such as Amazon, Microsoft or Google.
Private cloud refers to an organization that wants dedicated cloud services not shared with other organizations. Infrastructure is either owned by the organization or managed by a third party, but is always dedicated to a single organization. Access to private clouds can be over the internet or through a private internal network.
Hybrid cloud is a combination of public cloud(s) and private environment(s), either private cloud services or on-premises infrastructure. This is a very common deployment model used to try and leverage the benefits of multiple deployment models. Multi cloud is a subset of hybrid cloud and is when organizations leverage multiple public cloud providers in order to reduce reliance on a single cloud provider.
What is Cloud Compliance?
Cloud Compliance is the need of an organization to comply with regulatory standards that apply to their business. These regulations were developed from industry guidelines as well as local, national, or international laws. Examples of common regulations/standards are:
- HIPPA (Health Insurance Portability and Accountability Act)
- SOX (Sarbanes-Oxley Act)
- GDPR (General Data Protection Regulation)
- PCI DSS (Payment Card Industry Data Security Standard)
- ISO/IEC 27001 (ISO - International Organization for Standardization) (IEC - International Electrotechnical Commission)
What is the Shared Responsibility Model?
Is security in the cloud the responsibility of the cloud provider or the customer? Unsurprisingly, the answer is both and the Shared Responsibility Model is a tool cloud vendors use to define those cloud security responsibilities. Amazon Web Services (AWS) published a graphic which illustrates the responsibility of the customer vs. the cloud provider clearly. AWS defines the cloud providers’ responsibility as security ‘of’ the cloud while the customer’s responsibility is security ‘in’ the cloud. This is a very helpful definition for understanding who is responsible for what. Other cloud providers have their own version of the Shared Responsibility Model, but they all follow the same principles.
Cloud Security Myths
Cloud Security Myth #1 The cloud is less secure than on premises systems
Cloud security tends to be one of the top concerns among organizations considering the public cloud and still a barrier to cloud adoption. However, most public cloud breaches have been the result of misconfiguration and human error as opposed to cloud security breaches. Gartner predicts that 99% of cloud security failures by 2025 will be the customer’s fault.3 Can you trust the cloud? That is ultimately up to your organization, but a better question might be ‘can we trust our cloud strategy?’ It’s important to be familiar with the Shared Responsibility Model in order to understand who is responsible for which piece of security in your organization. Cloud data centers may have adequate cloud security measures in place but without a strategy that appropriately defines responsibilities, your organization may be vulnerable.
Cloud Security Myth #2 A cloud implementation plan is a cloud strategy
A cloud implementation plan is an operational plan but does not provide an overall cloud strategy. This is a common error among organizations migrating to the cloud. A cloud strategy should be all encompassing, clearly stated and be used to inform the operational plan for implementation. It should include definitions of your baselines, clearly defined principles, an inventory of your workloads, cloud security responsibilities and may even include an exit strategy. Keep in mind that your cloud strategy should answer the “what” and “why” questions but not focus as much on “how,” that’s where the implementation plan comes into place.
Cloud Security Myth #3 Many organizations are migrating back from the cloud to on-premises systems
While this myth gains a lot of attention, there isn’t enough evidence to support the idea that organizations that have migrated to the cloud are moving workloads back to on-premises systems. According to Gartner, a more common scenario is organizations migrating from SaaS, colocation and outsourcers.
If you'd like to find out more about brining cloudficiency to your project, reach out to us.
Cloud Services Myth #4 The cloud is less (or more) expensive than on premises systems
The costs associated with cloud computing vary depending on what decisions your organization made while developing your cloud strategy. It is true that with the proper cloud strategy an organization can reduce their overall costs. It is also true that organizations can spend more in the cloud without proper planning and execution. Again, a cloud strategy is key for organizations optimizing their cloud experience and realizing the true cost potential.
Cloud Security Myth #5 Migrating to the cloud is difficult, time consuming, and expensive
Depending on the approach of the project and how experienced your partner is will determine how difficult, time consuming, and/or expensive the project will be. At Cloudficient we have seen migrations take years to complete, hampering the organization during the project and inflating overall project costs. Do your homework, learn the different methodologies, and request a proof-of-concept whenever possible.
Cloud Security Myth #6 All data in the cloud can be handled in the same way
This is a very short-sighted myth about the cloud related to cloud computing and most experts will agree it would make for a poor strategy. Organizations will benefit from classifying their data as part of their cloud strategy so they can design their infrastructure and policies to meet their data retention and compliance goals/requirements. If all data is treated the same you can liken the approach to that of a hoarder – everything is kept, but nothing can be found or discarded when it is no longer of value.
Cloud Security Myth #7 It is more difficult to meet compliance regulations in the cloud
While it could historically be argued that it was more difficult to comply with regulations in the cloud, this myth about the cloud is evaporating as more providers offer specific features designed to help organizations comply with regulations. Cloud providers are investing in teams that focus exclusively on maintaining compliance of their cloud, for their customers. For example, Microsoft Azure offers over 90 compliance offerings. This does not mean that all cloud services offerings provide the compliance that your organization needs. However, with the proper research of cloud vendors (and a well-defined cloud strategy) there should be a secure and compliant offering for most, if not all, regulations.
Is your organization considering how to leverage cloud computing? Perhaps you are utilizing some form of cloud computing today but looking to do more? Gartner makes the trend clear by predicting almost half of Enterprise IT budgets will be dedicated to public cloud spending in the next five years. Where should you start? It’s clear that organizations need a proper cloud strategy as their foundation of cloud computing. Once your organization sets a cloud strategy, you can start planning for implementation.
Most organizations will partner with cloud transformation specialists who may take the form of consultants to help plan and guide the process, tools that perform different types of user and data migrations, and/or service providers who offer turn-key solutions to move your organization and workloads quickly to the cloud. It all starts with a comprehensive cloud strategy.
Cloudficient has deep expertise migrating data to the cloud. All solutions are developed 100% in-house and help organizations migrate Exchange data, PST files, Email Archives (like Enterprise Vault) or even Office 365 tenants. With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast, and seamless.
If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.