How many blogs have you read that have touted cloud benefits ad nauseam? We get it -- companies are adopting cloud to reshape their competitive landscape by increasing business speed and agility, lowering costs, and enabling new means of innovation, collaboration, and eventually growth.
But of course, that doesn’t just happen. You can’t review a list of cloud providers -- be it private, public, or hybrid -- choose one, sign the paperwork, and be on your way. It’s not that easy.
Those looking to quickly adopt the technology might attempt to do this for quick-hitting savings, but in the long term they will face considerable challenges from risks that were not considered. While cloud has the potential to offer more competitive compute power, no fine print is guaranteeing that.
So what can cloud do for you? For one, it can be the source of headaches from a variety of gotchas that might surprise you…so be aware of what you are getting into.
Gotcha 1: Don’t Assume There is Already Security
Homeowners know how critical insurance policies are to protect themselves in cases of disasters or other damages. In comparison, for renters there can be a gray area of responsibility, and assumption that the onus lies on the dwelling owner. When moving from on-prem to cloud, IT teams face the same conundrum and too often expect that the cloud provider has built-in security, without considering that there is a shared risk model.
Given that not all clouds are considered equal, security must always be evaluated holistically for end-to-end data protection, in motion and at rest, strong and auditable access control rules, and levels of protection among all vendor data centers, protocols, and more. Additionally, regular re-evaluation is key as many cloud vendors are modifying service terms and/or being acquired. Companies should always be informed about not only data and services, but also how information is utilized and protected going forward.
Gotcha 2: Critical Features Don’t Always Translate to the Cloud
For application-rich departments like human resources, using apps that manage payroll and expenses are second nature when they are on-prem. Once moved to the cloud, the former “experts” can find themselves scrambling for features like single sign-on, or reporting that they were accustomed to. Unfortunately, there are often stark differences in functions and experiences, which is why critical features should always be outlined and verified in a cloud environment before any application is moved to avoid user experience degradation.
Gotcha 3: Vendors Are Always Changing, and You’re At Their Mercy
In the world of cloud, competition is fierce, and vendors want to be first to market with their latest offerings. Oftentimes, they will develop their solution using an agile application development model, introducing features and fixing problems “as they go.”
While the initial costs of deployment and subscription fees can be an easy evaluation, it’s imperative to fully understand the pricing model. At any time, a vendor may change their marketing model -- what was once a feature of the basic plan, may now be an add-on feature, slapping you with additional costs at renewal time.
Another danger of shifting pricing tiers is that data can be held hostage when a subscription auto-renews. For example, if the basic level was purchased, but now a premium package is required to achieve the same access when the subscription renews, the data will be inaccessible until an upgrade and its associated costs are completed and paid. In that case, the once straightforward ROI will need to be recalculated to factor in the significant increase in costs.
Gotcha 4: Data Can Go Missing
As noted above, in some cases, data that you have stored in the cloud may become inaccessible when the cloud provider changes their policy around service offerings where free access becomes fee access requiring an enhanced (and costly) service plan to access your original information. Oftentimes, cloud vendors change packaging and pricing models as they enhance and deliver new functions or update their “go to market strategies”… to increase profits.
Cheap service level agreements (SLAs) with few day turnarounds can be appealing when there is mounting pressure to cloudify. But without considering the full ramifications of entrusting business critical data to cloud providers, pesky downtime can be much more than an inconvenience. Unlike on-prem, in the cloud, companies no longer have full visibility of where their data is located. Cloud vendors can choose to move data at any time without notifying customers, and if that data goes “missing,” customers just have to sit, wait, and probably check Twitter furiously for recovery notifications.
It’s imperative to ask questions like -- do we really understand the cloud provider’s backup and disaster recovery policies and service levels? Have we tested them? How long does it take to recover a backup, and how far back can we go, or is this something we need to configure, or perhaps handle on your own with a different service? What about compliance?
The bottom line is -- make sure you know what you are (and not) getting with any cloud solution.
Don’t Assume -- Assess and Reassess!
The danger in all of these “gotchas” stem from assumptions that moving to cloud will be just like on-prem. But instead of assuming and suffering from cloud headaches, organizations should consider assessments covering requirements and business policies.
Not sure where to begin? Try starting with the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure that all companies have a secure cloud computing environment. Using their Cloud Controls Matrix (CCM), organizations have access to a framework that serves up a detailed understanding of security concepts and principles that aligns with the CSA’s guidance on application security, identity and access management, mobile security, encryption and key management, and data center operations.
Since security isn’t the only “gotcha,” companies should consider cloud risk assessments that can determine:
What cloud apps are running in the enterprise, and the associated risks
Visibility into app and data usage, and whether they are IT sanctioned, or not
Analytics that provide comprehensive insight and forensics, including other cloud integrated tools
Data leaks and preventative measures for future occurrences
Measurements to prove SLAs for vendors that don’t provide full visibility
Cloud risk assessments can dramatically change the answer to “what can cloud do for you?” If you’re ready to change your cloud outcome, contact Edgeworx Solutions today to learn about how to begin. Contact us today at +1.647.793.4731.