When it comes to designing and building hybrid cloud projects we understand that in addition to the technical issues like security and safety, the matter of organisation and buy-in can be challenging.
A great deal of this surrounds the various cloud myths and the beliefs held by certain members of the board.
We hope this article acknowledges and solves some of the concerns we hear from customers that you may relate to.
One should note that while this article uses Microsoft Azure for many (but not all) of its examples, some of the commentary equally applies to other leading cloud solutions (like Amazon Web Services).
1. Cloud myth – the cloud is not secure enough
This seems to be the most common cloud myth…
It would be prohibitively expensive for most (, but not all) organisations to match the physical security measures and controls of these world class facilities.
The security of your services and data leans on how well engineered your own security technologies, processes, policies and controls are combined with the out-the-box security measures.
In short your cloud deployment can be as secure as you want it to be, however, start from a mind-set of knowing that its within your power to build the environment that is as secure as you need it to be.
Security flaws are frequently introduced through misconfiguration.
However, in utilising the cloud, PaaS capabilities normally have less configuration items to get wrong meaning set-up is simpler, and hence more secure.
Example: Azure has created a “Security Centre” which is a dynamic “best practice” analyser for your environment. This means that if there are configuration issues with the Azure layer, Azure will let you know and recommend fixes.
2. The cloud actually costs more than running services in my own data centres
Yes and no – like most cloud myths.
The benefits of data centres
In a scenario where you’ve made a heavy investment in traditional data centre facilities and have significant spare capacity within your existing hypervisor clusters.
The problem occurs when you choose to develop your estate, lets say a simple “lift and shift” of all VM’s (IaaS). This would lead to you to run them “always on” and a business case on run costs alone will be weak.
Saving money in the cloud
However, in another scenario where you are looking to expand your data centre capacity and you have categories of workloads that benefit from cloud capabilities, such as:
- Switched off when not in use
- Scale-out and burst
- Disaster recovery capacity just when needed
- Those that can be moved to PaaS alternatives
This is where the business case often becomes very compelling.
Most large enterprises we work with clearly see the benefit of having both sets of capabilities (data centre and cloud) at their disposal to be able to make an informed choice about which classes of workloads should run where.
Azure and other major public cloud providers will often provide capabilities that many companies would never be able to justify in their own data centres, from an investment standpoint.
Example: Azure runs a fully loaded cost for resources. When you consider the cost of your VM/Database/Website includes:
- The datacentre
- Internet pipe
- Surrounding infrastructure
- Logical monitoring
- Service and orchestration toolkits.
And then factor in the constant innovation, upgrades, break-fix, expansion that is happening all the time; then the cost of that resource in Azure starts to look quite appealing.
Infrastructure costs are hard to budget for
These days upgrading from a 100Mb to 1GB internet pipe is common-place.
This type of migration might include upgrading firewalls, load balancers, switches, routers, bearers etc. Then when considering capability across multiple sites that becomes doubled.
Then there’s the technical resource and planning required to make it all happen. Try asking the business for £1M to complete that upgrade.
How would that be allocated between different business units?
Yes, it’s possible, and you’ll write that down over 5 years, however it’s easier to let companies like Microsoft, Google or Amazon do it and present a far flatter cost to the business.
This will make the process transparent, predictable and doesn’t leave you asking for some very large sums of money which by themselves don’t actually provide any business value.
Moving to the cloud would mean a large infrastructure project like the one above could be a thing of the past.
Cost models in the cloud
Cost models need to change in order to accommodate the cloud.
Cost models that say “my application is going to cost X for 5 years” don’t work anymore in the cloud. It is possible to do that, but it’s not the best use of the resources.
If you can get more business value – would you spend more? If you could deliver reports or quotes faster – would you spend more?
The cloud is all about dynamic scale – scale when necessary and if that costs more than the on premise monolithic server then there’s probably more business value being derived from it.
If there isn’t, then something’s wrong.
3. Cloud vendor staff can access my data
Well only if you permit them. Like the previous cloud myths, the cloud can be twisted both ways.
The cloud providers are maintaining the platforms upon which your services and data reside. The deployment of the applications, services and data are down to you.
You control access to those services and data.
Example: Within Azure, Cloud employees have no access to any resources unless there is an active ticket. The Ticket grants them access to resources. Let’s say you open a ticket relating to a resource group on a subscription: the cloud employee may gain some access to the resource group – but not necessarily the resources inside (depending on your own security).
As soon as the ticket has been closed – the access is revoked. Hence Azure’s support model is truly based around the principle of least privilege; employees have access to the minimum possible set of resources for the minimum possible time.
Many enterprises may claim to run the principle of least privilege, but few take it as far as Azure.
On-top of that – you have the power to manage the accounts, the passwords, the access controls, the level of encryption, the obfuscation processes, the audit controls, the recovery processes, the encryption keys and more.
Engineering a better cloud solution
By engineering both the various technology layers and processes you control, you are in a position to negate or mitigate any perceived risks.
It’s also important to choose the right cloud provider and make sure they are compliant with the policies, processes, standards that you would expect in your sector to ensure they have all the appropriate measures in place as another layer of control.
4. The transition from on-premises to cloud is too much change organisationally
This is a concern we have come across a lot over the last few years.
Our experience tells us that larger organisations are now making provisions to get ready to operate traditional data centres and cloud data centres.
It remains an important part of the transition process to ensure that operational teams are naturally given the time or are supported by 3rd parties in making this transition, depending on how aggressive the change schedule is.
Many of the good processes that exist today hold true, some need simple adjustments, whereas others need to be engineered to accommodate new classes of services that did not exist before.
We see operational teams begin to make this transition relatively quickly once they have the “cloud operating levers” in their hands.
Once the infrastructure teams “own” the transition challenge, then the pace of operational process change to accommodate this new environment increases.
Which cloud myths are true?
As you can see above, cloud myths cover the topics of security, cost, access and adoption.
Our view is that there will always be a belief that the latest technology is not for everyone. Which, in certain circumstances is a plausible argument.
However, it is equally important to not be stuck in the dogma of the past, and embrace the tools needed to achieve digital transformation and business objectives.
If you have any questions or thoughts, please make sure to note them below. Should you wish to learn more, download this guide on choosing your IT Partner ⇓