In Oklahoma, we know how quickly a sunny day with just the right amount of clouds to provide occasional shade, can turn into a devastating storm that takes months and thousands of dollars to recover from. The Cloud of the IT world could behave similarly, and just like the atmospheric phenomena it’s named after, knowing when and what precautions to take with The Cloud is important.
What The Cloud is Not.
Even its definition is Cloudy. Is it Time Sharing? Is it distributed computing? Is it Client/Server Computing or Mainframe/Terminal computing? Or all of the above? Regardless, The Cloud is not a solution to all your IT problems. It’s a powerful tool if used appropriately with a knowledge of the weaknesses and how to compensate for them.
Reduces Some IT Costs, Not All.
The Cloud will not allow your business to reduce your IT costs (including staff) to anywhere near zero. The Cloud can greatly reduce capital expenditure and data center related operating cost (along with a loss of visibility and control). However, application/server maintenance and patch management are not usually part of the feature set included in that monthly fee. This will require an IT staff to manage for an additional monthly expense.
Access to the Unaccessible
The Cloud can allow access to computing resources that are beyond the capabilities of most companies to develop or maintain. Examples here would be AI, such as Watson or Google Analytics, and cognitive computing/analytics. This could mean allowing third parties access to sensitive or proprietary data.
The Cloud affords an opportunity to practice the Disaster Recovery part of the companies COOP that has never been updated in the last five years. It can even act as a Hot/Warm site without the cost of maintaining an additional fully function data center. Again this could require storing company backups and possibly live data with a third party. It might be a good idea to brush up on how to encrypt backups and “Data at Rest” whether it’s just files or databases.
Yes, You Will Still Need a Plan B.
Neither your Server Infrastructure or your data will magically be protected once they’re moved into The Cloud. This will take a staff that has knowledge and experience in managing and maintaining backups and Disaster Recovery Planning.
Be Aware of Vendor Lock-In.
Most Cloud Providers will make it very easy to migrate to their services. But what happens if you need to move part or all of your infrastructure out? This can be accomplished but at what expense?
None of the big three cloud providers (AWS, Azure and Soft layer) utilize VMWare in their virtualization platform even though VMWare has the largest market share for data center vitalization. This means migrating to the cloud or from the cloud will require converting Virtual Machine configuration files and Virtual Disks to whatever format your cloud provider supports and a mechanism to transport the data to the cloud hosted datacenter (either over the internet incurring cost or by portable disk through the USPS/FedEx with all the security issues that go along with that)
Preparing your current Virtual Environment for transport and then the process of transporting could take a significant amount time, effort and monetary cost for the company’s IT staff to accomplish.
The Cloud is Less Secure.
The least expensive Cloud Hosting options are “multi-tenant” which means your servers and data are stored in a shared environment with other customers. This includes physical as well as virtual environments. Yes, your virtual server is a completely separate server to include the virtual disks but they will be running on the same hypervisor and in turn, on the same physical server and SAN as other customers. Private environments are an option at an additional cost.
Any and all security policies, be they physical or electronic, that are implemented in the data centers that your cloud providers are using can be replicated in your local data center. The cloud, however, has what could be unacceptable deficiencies around visibility and confirmation because, in a cloud environment, the following information is inaccessible:
Who are the people that have physical access to the data center?
Were background checks done on these individuals?
Do they meet or exceed your company’s requirements?
When and why are they accessing the physical data center?
The same concerns apply to physical access to the servers that have your company’s data on them. The switches and routers that your company’s data flow across including the firewalls that protect all that infrastructure.
Are all security policies being followed?
Are appropriate disciplinary actions being taken in the event of negligence?
Physical Security is an “out of sight, out of mind” but critical part of the overall security posture and I am sure most Cloud Providers take physical security very seriously. That being said, seceding all visibility and control of physical security to a third party is a security risk. Period. The question to ask is “Is it an acceptable security risk”.
It’s no secret that the cloud is causing a tremendous shift in how we all do business and its benefits are profound. But like any well-intended technology, it comes with its downsides and risk. Keeping those in mind when determining your next move will help you avoid being caught out in the rain… or hail storm, wind gusts, tornado, etc.
Jonathan is an infrastructure technology professional with success in multiple industries. From defense to corporate America, technical experience is reinforced with process management and IT architectural design. Experience leverages strengths with business disaster response and providing timely and relevant solutions to industry professionals. He holds certifications through Microsoft and CompTIA. Jonathan is based out of the Oklahoma City office.