7 Cloud Myths Debunked
Don't let misconceptions cast a shadow over your organization's ability to get the most out of the cloud. Here are 7 cloud myths that should be relegated to history.
Myths can be fun and entertaining when they involve the exploits of ancient gods and heroes. The amusement stops quickly, however, when a myth hampers IT or enterprise success.
"We are still in the early stages of the cloud revolution, but it's far enough along to see the results early adopters achieve by moving to cloud computing."
So it goes with the stubborn misconceptions that delay or prevent the adoption of potentially productive cloud services. "We are still in the early stages of the cloud revolution, but it's far enough along to see the results early adopters achieve by moving to cloud computing," says Bernard Golden, vice president of cloud strategy at bank holding company Capital One. "Failing to recognize the implications of this revolution poses dangers far beyond merely running IT a little less efficiently; it presents a mortal threat to companies that stick to the old ways of doing things in a digital age."
Is your organization using the cloud to its full advantage? If not, here are 7 myths that may be holding it back.
1. Moving to the cloud automatically saves money
This is often true, but only when planned carefully. "Due to its elastic nature, the cloud can be more cost efficient, but a cloud migration and a strong cloud-based business requires upgrades and work to an organization’s applications and base computers to fully benefit from those savings," says Paul Sussex, Americas financial services principal at financial and business consulting firm EY.
Sussex says transitioning to the cloud is like moving from a house with fixed-rate water billing to one with a metered supply. "Essentially, moving to a pay-as-you-go model for any service, water or cloud, means you may pay a little more for [what] you do use," he explains. "But if you understand your consumption model and adjust your habits to switch things off when not used, then you can achieve great cost benefits."
Cost is just one of the dimensions to consider when thinking about cloud. "It's also important to look at the context of the overall business strategy," advises Jonathan Stone, CTO and COO of Kelser, an IT consulting firm. "For instance, it may be worth an increase in cost to run workloads in the cloud if it enables the realization of a business goal," he notes. "If the main objective is business growth, and business growth depends on the ability to scale up very rapidly, then even if cloud is more expensive than on-prem, it could be a business growth enabler and could be justified as an investment."
2. The cloud still isn't safe for storing data
This is one of the biggest and most stubborn cloud myths. "Cloud providers take security extremely seriously," says Siki Giunta, global managing director and cloud strategy lead at IT and business consulting firm Accenture. "They have to; otherwise, they would have no business." Cloud providers are subject to myriad regulatory bodies and compliance requirements. "They employ dozens of different security frameworks and controls — many more than the typical company uses in its own facilities," Giunta notes. The fact is, data in the cloud is likely more secure than that in the average company’s data centers.
A reputable service provider will encrypt all data, both in transit and rest, with only the customer having access to the encryption keys, says Laz Vekiarides, CTO of cloud storage provider ClearSky Data. "Few organizations encrypt their data to this degree with traditional on-prem systems," he explains. Additionally, connecting to the cloud via dedicated private lines, instead of through the public internet, not only improves performance, but also strengthens security.
A cloud management platform should also be based on a set of security standards and security best practices that include the full range of controls necessary to create a secure environment, says Michael Liebow, global managing director of Accenture Cloud Platform, a hybrid, multi-cloud management service. "With PCI- and HIPAA-compliant blueprints, organizations can deploy a complete environment that will pass a PCI or a HIPAA audit," he adds. Liebow also urges organizations to automate the deployment of key security activities. "These include identity and access management, authentication, web application firewalls, security configuration monitoring and threat and vulnerability management," he says.
3. Cloud computing can be layered over an unchanged IT infrastructure
"...failing to migrate the entire IT estate to the cloud risks falling behind competitors more committed to succeeding in the digital age."
Cloud computing is nothing less than a major platform shift, profoundly changing application capabilities in terms of agility, functionality, scalability and cost, Golden says. "Therefore, failing to migrate the entire IT estate to the cloud risks falling behind competitors more committed to succeeding in the digital age," he explains.
Cloud computing is analogous to manufacturing's transition from handwork to assembly lines, Golden suggests. "Manufacturers that failed to migrate to the new model of manufacturing found themselves unable to compete in productivity and price; most found themselves driven out of business shortly thereafter." Similarly, failing to commit to cloud computing risks maintaining outmoded IT practices, placing the enterprise at a competitive disadvantage.
4. Transitioning to the cloud is quick and easy
Flying deeply into the cloud without spending a significant amount of time and effort carefully constructing a cloud strategy is inefficient and risky. Whether an enterprise is already utilizing the cloud, or is only ready to begin its cloud transition, it needs to think about building a cloud-ready foundation.
Chuck Kirchner, a senior director at West Monroe Partners, a multinational management and technology consulting firm, notes that a cloud transition strategy should include descriptions of guiding principles, required skills, necessary organizational changes, oversight responsibilities and the technology architecture that will facilitate an efficient transition and successful operation. "Without successful migration and operation of your systems, the cloud's benefits of controlled costs and a more responsive infrastructure cannot be realized," he explains. "If you have the right plan, and put the right foundation in place, you will be able to approach cloud migration and operations proactively and on your organization’s terms."
5. The cloud is difficult to audit
One of the most pervasive myths is that cloud data can't be audited as effectively as physical servers, which can be seized and tagged or placed into evidence bags. "In fact, with proper tooling, you can conduct much better audits in a cloud-based environment," says Marina Nitze, CTO of the U.S. Department of Veterans Affairs from 2013 to 2017. "Spending time with those who actually conduct audits day to day and walking them through how they can use tools ... and how these tools can alleviate some of the current pain points in their jobs, can help bust this myth," she notes.
6. The cloud is an IT job killer
"More importantly, while the cloud provider may manage the network and data center security, [customers] are still on the hook for administering their own logical access."
When an enterprise transitions on-prem services to the cloud, the IT administrator does not automatically lose his or her job. In most cases, the changeover transforms the administrator's role into one of a trusted advisor and technical solutions facilitator. "More importantly, while the cloud provider may manage the network and data center security, [customers] are still on the hook for administering their own logical access," says Doug Barbin, principal and cybersecurity practice leader at Schellman & Co., a security and privacy compliance assessor.
About Douglas Barbin
As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.