Lots of companies are moving IT workloads to the public cloud, but is this the right strategy for your business?
I’m sure you’re aware by now that many businesses are moving their IT systems and applications to the cloud. In fact, according to LogicMonitor’s Cloud Vision 2020 report, 83% of enterprise workloads will be in the cloud by 2020. The survey also predicts that 41% of these workloads will run on public cloud platforms such as Amazon AWS, Google Cloud Platform and Microsoft Azure.
Chances are good that your company is already using the cloud for some of your IT needs. Like many other companies, there’s lots more of your platform, infrastructure and applications you could be running in the cloud. And as on premises servers, routers and firewalls reach end-of-life, the question will inevitably arise: “Rather than buying new equipment, can’t we just buy a cloud subscription and move it to the cloud?”
The answer of course is ‘Yes, you can.’ But the bigger question is: which cloud offering should you choose?
On the surface, all the major cloud computing players offer the same basic set of services:
- Infrastructure as a Service (IaaS), which includes things such as virtual servers and storage.
- Platform as a Service (PaaS), which includes the tools and services that enable software developers to build applications without worrying about which servers they’re running on.
- Software as a Service (SaaS), which refers to the applications that run in the cloud.
As you delve deeper into each layer above, key differences start to emerge. For example, software developers may prefer using the AWS platform to test new apps. Executives and office workers who are using Office 365, on the other hand, can benefit from Microsoft’s custom mobile application support only if Office 365 is running on Azure. And Google’s live virtual machine (VM) migration feature is a must-have for other clients.
In addition to choosing the features and functions that are unique to a particular cloud provider, don’t forget about something that’s equally important — the safety of your data. Here are three specific safety concerns you should think about before putting your data in the public cloud:
1 – The Shared Responsibility Model
The majority of companies (68%, according to a survey conducted by research firm Vanson Bourne) believe that when they put their data in a public cloud environment that the cloud provider is responsible for protecting it. Not true. Public cloud providers only protect their platforms — not the data that’s housed inside. The fact is that the public cloud is built on a “shared responsibility model,” which means the provider has some security responsibilities, but customers bare part of the burden, too.
According to statistics by security firm Skyhigh Networks, 7% of all Amazon Simple Storage Service (S3) buckets have unrestricted public access, and 35% are unencrypted, meaning this is an endemic problem of the entire Amazon S3 ecosystem.
These lapses in security best practices have resulted in some serious breaches, too, affecting Army contractors, 198 million American voters, 14 million Verizon customers and several Viacom networks.
Companies who put their data in a public cloud environment must implement layered security, including a public cloud firewall and two-factor authentication (preferably with a password management solution).
2 — Back Up Your Cloud Data
Backups are another important public cloud consideration, especially for companies operating in highly regulated industries such as financial services, healthcare, or legal which have strict data retention requirements. Public cloud providers typically offer 30 days’ worth of data retention, which is inadequate for some industries. Public cloud providers also may not be able to guarantee a data recovery time that meets a customer’s RPO (recovery point objective) and RTO (recovery time objective) needs, which is another reason why it’s necessary to use a third-party cloud backup solution.
3 — Ensure Data Governance
Another public cloud concern for companies in regulated industries is knowing where their data is being stored. For a US-based company in the financial services sector, for instance, it’s imperative that the data is stored in a facility that’s located within the continental United States.
In some instances, a public cloud provider won’t be able to meet a company’s data storage and security requirements. That doesn’t mean the cloud isn’t an option for that company; it may simply mean the company needs to use a private cloud service.
While private cloud providers may not have the same name recognition of an Amazon, Google or Microsoft they’re gaining a lot of market share in the business world. A study by IDC estimated sales from private-cloud investments hit $4.6 billion in the second quarter of 2018 alone, which is a 28.2% increase from the same period in 2017.
Prepare for the Hybrid Cloud Reality
For most businesses, their IT strategy will include a combination of on-premises, public cloud and private cloud, which makes it difficult to achieve true interoperability (as pointed out in a recent webinar by Comcast Business and 451 Research). Instead of a harmonious hybrid environment, companies end up with multiple disconnected services. Added to this complexity is the fact that the next wave of connectivity, the IoT (Internet of Things) is bringing tens of billions of new devices online. All these devices, connections and different clouds can create gaps in network and asset security.
This is where an IT solution provider’s expertise is needed to create a unified, secure and managed hybrid cloud environment. With the right help, you can start enjoying the benefits of the hybrid cloud model today — without the drawbacks.
