Still Insecure About Cloud? Then Read This Cloud Myth Debunker!
Are you like me and still hearing crazy stuff about security in the cloud?
“We don’t think public cloud is secure.”
“We’re interested in cloud, but we’d need to overcome the security issues.”
“You can’t trust cloud because someone else has control of it.”
“The on-premises delivery model is ultimately cheaper than cloud.”
Questions such as these, and similar, show that there’s still a lack of understanding (and potentially myths) out there around the use of public cloud services – to improve your organization’s IT services, flexibility for change, and bottom line.
Now before I start my blog proper (I mean rant really), I realize that different organizations are at different levels of IT service management (ITSM) maturity, have different business models, and different risk appetites. And therefore, it’s hard for me to write about cloud in the context of an average organization because I can guarantee their needs will be different to yours.
So please bear this in mind when you read my responses to many of the common objections to cloud. It’s time to make it rain cloud truths!
Myth 1: “Cloud Isn’t Secure”
Almost every time I hear seriously negative vibes towards cloud, pointing at security, they are from organizations that already have considerable on-premises management issues. So, bear this in mind when your colleagues start bringing up their cloud issues and concerns – security-based or otherwise – as they might just not want you to open up their existing “can of worms.”
Truth: Okay, so someone is probably going to bring up a cloud-breach example, probably citing an S3 public bucket breach or a similar “I left the doors to my services open and I got pwn3d – it’s the cloud’s fault!” story.
Sure, you can misconfigure an ACL, open up a firewall, expose your precious data assets to the world, and get pwn3d in cloud, JUST like you can with on-premises. This message is fundamentally flawed when it’s used as an argument against adopting cloud, as per myth #2…
Myth 2: “Cloud Services Aren’t as Secure as Our On-Premises Datacenter”
Your on-premises “datacenter” might be just a server room, and if we ignore the lack of asset management, cable management, weak access controls, lack of CCTV and alarms, poor HVAC (yes, you shouldn’t have water in your server room), and various other physical/logical controls, then we also have to look at processes.
On the other hand, cloud service providers live or die based on the quality of their security capabilities and therefore invest in them accordingly. Need I go on more about this subject? I thought not! In a cloud vs. server room security bakeoff – cloud wins!
Myth 3: “Cloud is Just ‘Someone Else’s Server’”
Yes, even serverless can be viewed as using someone else’s computer but that’s looking at one brick in the house rather than viewing the whole package.
Cloud is a service-based business model that provides customers with benefits such as: commoditizing components, enabling flexible scaling, using web technologies for interoperability, taking advantage of scale and volume, and providing customers with service stacks (SaaS/PaaS/IaaS/FaaS (function-as-a-service)), which take advantage of this. And did I mention the superior security?
Myth 4: “Cloud is Expensive”
Using a non-computing example to consider this, let’s think about transport. You have a one-off need to get from your current location to 10,000 miles north, would you:
- Plan, design, test, and build a car manufacturing facility to then build yourself a car so that you could make the one journey? No way!
- Get your wallet out and dump down a large CAPEX payment to buy a car for your one-off journey? With the costs of procurement and depreciation this surely isn’t a wise investment (remember it’s not a return trip, plus think about the maintenance, car washes, insurance, and servicing costs!).
- Rent a form of transport? Heck, we don’t even think a car is the right mode of transport, but we can’t afford to rent a whole plane. Then again, getting a seat on a non-private plane is doable – where we not only share the cost of the trip with the other passengers, but the whole plane is constantly doing these trips while being shared.
Looking at the cloud vs. on-premises total cost of ownership (TCO), the cloud economics should make sense for the majority of businesses. But this isn’t a silver bullet, some organizations have the size, scale, complexity, capability, and maturity where on-premises or hybrid cloud is right.
Is My Head in the Clouds Re Cloud?
So here comes the end to my hopefully mild-mannered rant (sorry, view) on a few of the common cloud myths I see in the field.
The reality is that, for many organizations, cloud is an opportunity to:
- Get out of the on-premises tumble dryer effect
- Start paying down technical debt in a way that gets ahead of the backlog
- Focus on business value over Blinky Boxes, and
- Redesign and architect their technology capabilities with the right supporting services, security, and operational capabilities.
Is cloud going to work for your organization in every scenario imaginable? No.
Will cloud stop people configuring systems with weak security controls, No.
However, cloud does give your organization access to a vast array of technical capabilities that, if designed and operated well, can help to improve security posture, align technology spending with business outcomes, and give it the scale and flexibility to deal with the ever-changing business-needs landscape.
It’s finally time to put the cloud security myth to bed. For most organizations without very deep pockets, the main cloud service providers offer greater levels of security that the organization could deliver themselves. Not to mention the ability to provide it with a capability that can quickly switch to meet its changing needs. What does your organization think about the value of cloud?
Posted by Joe the IT Guy