Top Three Cloud Risks: Myth or Fact?
Conventional wisdom being what it is, we all “know” a few basic truths about the benefits of the cloud: businesses making use of cloud-based software or data storage solutions can expect cost savings, scalability, and a far easier path to deploying cutting edge technology (e.g., without the need to support upgrade of systems and infrastructure internally).
Similarly, the dark side of the cloud is also presumed true: businesses leveraging the cloud expose themselves to greater security risks, loss of control over data, and a lack of flexibility to tailor the experience to the unique needs of their end users.
Of course—as in all things—our assumptions here may not always reflect the rapidly-evolving reality. Today we look at the top three cloud critiques and attempt to determine: myth, fact, or somewhere in between?
#1: “The cloud is less secure than on-premise solutions.”
Cloud security breaches are highly publicized affairs—whether tied to celebrity privacy violations or massive losses of user data. This visibility, however, is largely driven by the novelty factor and ironically obscures the recent evidence indicating at least a parity between cloud and on-premise security. A 2014 security survey, compiled by Alert Logic, highlights this discrepancy:
Cloud platforms are indeed slightly more likely to be attacked (44% v 40%).
However, across all exploit types (app attack, brute force, malware, recon, vulnerability scan, web app attack), on-premise-reliant businesses are almost 10% more likely to come under attack repeatedly (e.g., from the same source) than their cloud-based counterparts.
In addition, on-premise environments are 12 times more likely to have exploitable configuration issues.
The key takeaway seems to be that either approach requires thoughtful implementation. Cloud solutions are typically more secure than on-premise implementations, where security may not be a particular expertise. That said, incursion attempts on both are on the rise. Choosing a provider with exemplary security bona fides is an absolute must, regardless of approach.
Finding: (Mostly) Myth
#2: “Moving to the cloud means losing control of your data and, worse yet, being locked into a particular vendor.”
The usual narrative around the cloud involves a leap of faith—trusting sensitive data to third parties and, thereby, ceding some level of control over that data and how it is stored and maintained. Worries abound over contract length and termination clauses that could chill shifting to a competing product and/or taking advantage of other advances in technology or efficiency. While these concerns are certainly valid and reason for careful selection of third party providers, recent industry trends have done much to alleviate the worst of these pain points. For instance:
Many popular SaaS providers have adopted easy (or relatively easy) and affordable data exporting functionality into their core offering.
Tools now exist to migrate data from the three major server entities: VMWare, OpenStack, and Amazon.
Greater competition has driven an increasing number of vendors to adopt some level of freemium or try-before-you-buy models.
Market forces have pushed cloud-based services to address the worst of the concerns over control and lock-in. Even the most competitive spaces have adopted some degree of data fungibility and freemium level access. While it remains crucial to carefully investigate agreement parameters and export functionality, on balance the scales have shifted toward purchaser-friendly practices.
Finding: Was a Fact, now mostly Myth
#3: “Moving to the cloud makes it harder to shape data or solutions to your own needs.”
On-premise solutions, almost by definition, are often focused on design and customization options to meet the specific needs of a specific business. In contrast, cloud based solutions are typically designed to be adopted by many different businesses—hopefully with as little aftermarket customization as possible. While this certainly does create some of the tension implied by statement above, a deeper look indicates that this “con” may actually be a “pro”:
Businesses choosing to adopt existing software sets avoid costly investment in customization that may ultimately prove unnecessary.
By “trading” customization for off-the-shelf solutions, organizations gain the ability to quickly scale without cumbersome internal upgrades or dedicated internal training resources.
SaaS and cloud providers seem more apt to adopt open API approaches that allow for customization through integration with other third-party providers.
So while this edict does appear to be grounded in reality, many businesses are benefitting by forgoing initial customization in favor of low-cost initial entrance, scalability, and the option to customize through open APIs and third-party offerings after internal needs are better-defined. As above, however, carefully selecting a cloud/SaaS option with strong training, support, and flexible architecture is a must.
Finding: Fact (but don’t let that stop you)
Wrapping Up: So, what have we learned? Some concerns about cloud implementations certainly remain relevant. That said, the takeaway is not to cavalierly reject the cloud (and related advantages), but rather to carefully review cloud providers for security practices, data portability, and configuration flexibility. In short, apply another piece of conventional wisdom: “buyer beware” (but also easily benefited).
