TO CLOUD OR NOT TO CLOUD

Figure 1.0 (Slidegeeks.com) Should you unlock the scalability of the cloud?

To cloud or not to cloud that is the question. It has been a question and will continue to be a question because many believe risk outweighs benefits at this point in time. Cloud computing has been credited with increasing competitiveness through cost reduction, greater flexibility, elasticity and optimal resource utilization. According to IBM here are a few situations where cloud computing is used to enhance achieving business goals.

Top 7 most common uses of cloud computing

1.     Infrastructure as a service (IaaS) and platform as a service (PaaS) ...

2.     Private cloud and hybrid cloud. ...

3.     Test and development. ...

4.     Big data analytics. ...

5.     File storage. ...

6.     Disaster recovery. ...

7.     Backup.

 

Gartner research has similar ideas about why a company might want to subscribe to the cloud. Five attributes of cloud computing according to Gartner are:

Service-Based: Consumer concerns are abstracted from provider concerns through service interfaces that are well-defined. The interfaces hide the implementation details and enable a completely automated response by the provider of the service to the consumer of the service. The service could be considered "ready to use" or "off the shelf" because the service is designed to serve the specific needs of a set of consumers, and the technologies are tailored to that need rather than the service being tailored to how the technology works. The articulation of the service feature is based on service levels and IT outcomes (availability, response time, performance versus price, and clear and predefined operational processes), rather than technology and its capabilities. In other words, what the service needs to do is more important than how the technologies are used to implement the solution.

Scalable and Elastic: The service can scale capacity up or down as the consumer demands at the speed of full automation (which may be seconds for some services and hours for others). Elasticity is a trait of shared pools of resources. Scalability is a feature of the underlying infrastructure and software platforms. Elasticity is associated with not only scale but also an economic model that enables scaling in both directions in an automated fashion. This means that services scale on demand to add or remove resources as needed.

Shared: Services share a pool of resources to build economies of scale. IT resources are used with maximum efficiency. The underlying infrastructure, software or platforms are shared among the consumers of the service (usually unknown to the consumers). This enables unused resources to serve multiple needs for multiple consumers, all working at the same time.

Metered by Use: Services are tracked with usage metrics to enable multiple payment models. The service provider has a usage accounting model for measuring the use of the services, which could then be used to create different pricing plans and models. These may include pay-as-you go plans, subscriptions, fixed plans and even free plans. The implied payment plans will be based on usage, not on the cost of the equipment. These plans are based on the amount of the service used by the consumers, which may be in terms of hours, data transfers or other use-based attributes delivered.

Uses Internet Technologies: The service is delivered using Internet identifiers, formats and protocols, such as URLs, HTTP, IP and representational state transfer Web-oriented architecture. Many examples of Web technology exist as the foundation for Internet-based services. Google's Gmail, Amazon.com's book buying, eBay's auctions and Lolcats' picture sharing all exhibit the use of Internet and Web technologies and protocols.

What are some company challenges to cloud adoption? In a presentation, Jeff Behl at Logic Monitor outlines several of the challenges companies face when considering the cloud.

Figure 2.0 Cloud Vision 2020: The Future of Cloud by Jeff Behl, Chief Product Officer at LogicMonitor and William Fellows, Research Vice President and Founder of 451 - Dec 11, 2018

Unrelated to Jeff and William, here are eight benefits of the cloud versus 8 fears of the cloud:

1.      Cloud Storage Can Save Costs. Economies of scale. ...

2.      Data Redundancy and Replication. Data redundancy is included. ...

3.      Data Tiering for Cost Savings. ...

4.      Regulatory Compliance. ...

5.      Ransomware/Malware Protection. ...

6.      Backups May Be Slower. ...

7.      Restores May Be Slower. ...

8.      Higher Internet Utilization.

8 Reasons to Fear Cloud Computing

1. Someone else is looking after your data

Unlike a data center, which is run by an in-house IT department, the cloud is an off-premise system in which users outsource their data needs to a third party provider. The provider does everything from performing all updates and maintenance to managing security. The bigger picture, however, is that users are trusting their data for someone else to look after, said Steve Santorelli, a former Scotland Yard detective, now manager of outreach at the Internet security research group Team Cymru. 

"The downside is that you are abrogating responsibility for your data. Someone else has access to it and someone else is responsible for keeping it safe," Santorelli said.

Although cloud providers may ensure your data is safe, Santorelli said some are not always looking after your best interests. 

"No business is ever going to be as rabid about looking after your data as you would or should be. They are in the business of making money from you, after all. Securing your data sometimes becomes a marketing mantra more than a way of life," he said.

2. Cyberattacks

Any time you store data on the Internet, you are at risk for a cyberattack. This is particularly problematic on the cloud, where volumes of data are stored by all types of users on the same cloud system.

"The scary thing is the vulnerability to Distributed Denial of Service (DDoS)attacks and the concentration of so much data," Santorelli said. "The single point of failure is the cloud. If something goes bad it impacts a very wide group of people. It's easier to steal and disrupt in bulk." 

Although most cloud providers have stringent security measures, as technology becomes more sophisticated, so do cyberattacks.

"When cloud companies get the security right — and many actually do a pretty reasonable job — then miscreants have to get creative to get to the data," Santorelli said. For instance, instead of hacking the cloud, hackers will attempt to hack your account instead.

"Passwords and secret answers become the soft underbelly of your security. Just like when banks made online account hacking harder, the miscreants turned to phishing to get around the restrictions and steal your passwords," he said.

3. Insider threats

Just as cyberattacks are on the rise, so are security breaches from the inside.

"Vodafone's breach of 2 million customer records and the Edward Snowden breach at the NSA are wake-up calls that the most serious breaches are due to insider threats and privileged user access," said Eric Chiu, president and co-founder of HyTrust, a cloud infrastructure control company 

Once an employee gains or gives others access to your cloud, everything from customer data to confidential information and intellectual property are up for grabs. 

"The cloud makes this problem 10 times worse since administrative access to the cloud management platform, either by an employee or an attacker posing as an employee, enables access to copy and steal any virtual machine, undetected,

as well as potentially destroy the entire cloud environment in a matter of

minutes," Chiu said.

4. Government intrusion

With the recent NSA leaks and the ensuing reports on government surveillance programs, competitors aren't the only ones who may want to take a peek at your data.

"Something that has been in the news recently is that government entities and technology companies in the U.S. and elsewhere may be inspecting your data as it is transmitted or where it resides in the Internet, including within clouds," said Scott Hazdra, principal security consultant for Neohapsis, a security and risk management consulting company specializing in mobile and cloud security. 

Granted, privacy has always been a concern with the cloud. But instead of just worrying about competitors, disgruntled customers or employees breaching cloud security, businesses now have to worry about government intrusion as well.

"Loss of confidentiality to data is not a new risk; however, the threat sources might not have been one companies were previously worried about," Hazdra said. "For instance, a company may have a concern that competitors will try to steal their data so they encrypt transmission and storage of it. Now that someone other than a competitor may be interested in that data doesn't fundamentally change the risk." 

5. Legal liability

Risks associated with the cloud are not limited to security breaches. They also include its aftermath, such as lawsuits filed by or against you. 

"The latest risks to using cloud for business are compliance, legal liability and business continuity," said Robert J. Scott, managing partner of Scott & Scott LLP, an intellectual property and technology law firm. "Data breach incidences are on the rise, and so are lawsuits."

Scott, who is also a cloud law speaker and author, said that while the cloud is all about ease of access, collaboration and rapidity, its benefits have to be weighed against the extent of security measures. 

"Information security has always been finding a balance between ease of access and the sharing of information verses completely locked down security," he said. "The more you have of one, the less you have of the other."

6. Lack of standardization

What makes a cloud "safe"? A provider could have the latest security features, but due to the general lack of cloud standardization, there are no clear-cut guidelines unifying cloud providers. Further, given the plethora of cloud services in different sectors, this is especially problematic for users when determining exactly how "safe" their cloud really is.

"The question of how safe the cloud is has many facets, and the answer depends on the cloud services provider, the type of industry a company is in, and the accompanying regulations concerning the data it is considering storing in the cloud," Scott said. 

Since not all cloud providers are built the same, one provider's definition of "safe" may not be the same as another's, Scott said.

7. Lack of support

Imagine being unable to access your cloud before a big meeting or, worse, being in the middle of a cyberattack that has taken down your entire bread and butter —your website. Now imagine trying to contact your provider, only to find that their customer service is nonexistent. While some cloud providers have excellent customer support, others could leave you in the cold.

"The most frustrating thing when something goes wrong is not being able to speak directly with an engineer," said April Sage, director of Healthcare Vertical at Online Tech, a cloud provider specializing on compliant cloud hosting. 

"If your systems are not mission-critical, you don't need to worry so much about security and availability," Sage said. "However, if you support mission-critical systems, or your online presence is critical for your business to operate smoothly, you have to be prepared to invest in a cloud and cloud provider that is capable of providing a level of protection commensurate with your needs."

Figure 3.0 (Slidegeeks.com) Security is typically the No. 1 concern over cloud adoption

8. There's always a risk

The biggest risk when it comes to cloud computing is that you never know what is up ahead. Hackers have been around from the start and they are not going anywhere any time soon. And as technology advances, so do the risks that come with adopting them.

Given these current and future dangers, do the benefits of cloud computing outweigh its risks? Neil Rerup, author of "Cyber Peril" (Sutton Hart, 2013) and founder of Enterprise Cybersecurity Architects (ECSA), said it depends on the business.

"The cloud is not for everyone," Rerup said. "Like with all solutions, you have to weigh what level of risk you are comfortable dealing with."

For business using or considering migrating to the cloud, all you can do is be as prepared as you can possibly be. The key is getting to know providers as much as you can, both as a company and from an end-user perspective. 

"Using cloud solutions is like kissing someone you don't know — you don't know what types of germs they have and whether you'll catch something from them," Rerup said.

Given the different perspectives, would you move all or part of your business into the cloud? Most businesses still have on prem solutions, others have hybrid clouds with some on prem, still others have moved completely to the cloud. DOD is moving all their applications into the cloud under a contract called JEDI. The Federal Reserve Bank is consolidating all its data into one data center. Consider the risk involved in these solutions and ask your self should my company move to the cloud, and what value and risk will it entail? Ultimately, each company must make these situational calls, and evaluate if all or some part of their infrastructure needs to move to the cloud.

Given the current-day state of cloud computing my vote is still out and the questions remains, “TO CLOUD OR NOT TO CLOUD”.

Dave Howell is the author and has more than 30 years in technology and consulting. For more information contact Dave at [email protected] or 1(210) 618-6566.