The cloud trend 2022:10 things to consider before going public
Businesses are increasingly embracing cloud-based services in an effort to boost IT responsiveness, lower costs and increase the flexibility of the infrastructure. A recent survey by Dimension Data shows that public cloud adoption rates have nearly doubled over the past two years, with about 77% of organizations saying they are at least considering migrating some or all of their application environments to the cloud.
The good news for organizations is that they now have more choices than ever when it comes to public clouds. More providers means more competition and lower prices, which in turn streamlines IT transformation by offering a greater number of use cases for workloads beyond basic infrastructure such as compute and storage. Public cloud services provide an attractive option to more and more organizations looking to leverage cloud for various business use cases.
Despite this rapidly growing trend of public cloud adoption, the journey is not without risk. As with any major technology transformation, giving thought to potential challenges will ensure a smoother transition and better results over the long term. Below are ten of the most common risks associated with public cloud adoption and the steps you can take to prepare.
1. Vendor lock-in risk increases as computing moves to public cloud
The need for customers to identify long term strategies is often ignored in the rush to embrace new cloud capabilities. They must plan ahead, carefully considering their application portfolios and how they will benefit from progress made by current providers and this year's marketing hype.
Businesses must identify those applications that deliver core differentiation from competitors, those that will gain competitive advantage from running in the cloud and those best suited to remain on-premises. In addition, organizations need a strategy for getting data into and out of public clouds that is secure as well as cost effective.
2. Cloud sprawl is on the horizon for many organizations
Internal IT departments are often slow to act on new cloud trends, with risk aversion and resource constraints causing them to "kick the can down the road". If not managed properly, this can lead to a sudden surge in demand for resources that's difficult to meet when budgets are tight.
This is especially true now that public cloud services are available on demand. If you don't want to be caught with your pants down, it's important to implement a proactive cloud management strategy that both delivers the flexibility required by today's IT department and reduces risk for tomorrow's business users.
You should also plan ahead - long before you begin the transition to public cloud. This involves having a clear strategy for managing applications, workloads and data across your traditional infrastructure, private cloud and public clouds so that there is no single point of failure in your IT operations.
3. Shadow IT could leave organizations vulnerable
There's something naturally appealing about shadow IT— departmental or business unit-driven use of cloud services outside the umbrella of organizational governance and IT controls. It's common for departments to want their own resources in support of their unique needs, plus it is often a necessity when your organization lacks a cohesive cloud strategy or your IT department fails to deliver on time and within budget.
The problem is that shadow IT activities are typically not tracked, monitored or included in budgets. This makes it difficult for organizations to provide a consistent level of service across business units and can lead to avoidable security, financial and compliance risks.
It is important that you define a comprehensive cloud strategy that includes clear roles and responsibilities as well as policies and processes required to govern your organization's use of cloud services. You should also consider implementing a unified IT management platform that provides end-to-end visibility into applications, workloads and data in both private and public clouds to help you identify shadow IT activity, prioritize resources and enable compliance.
4. Cloud sprawl could lead to increased costs
Public cloud is cost-effective in the short term because usage-based pricing allows you to only pay for what you need, when you need it. But this type of cost structure can be detrimental over time if demand exceeds expectations or budgets, causing increased costs and unpredictable expenses.
To prevent runaway cloud sprawl, organizations should define a clear strategy for managing applications and workloads across traditional infrastructure, private cloud and public clouds. This should include using a unified IT management platform for end-to-end visibility into applications, workloads and data across both private and public clouds to help identify potentially harmful sprawl activity.
5. Public cloud security is still not fully mature
The public cloud offers organizations improved agility, scalability and cost-effectiveness over traditional data centers. However, the shared nature of public clouds means that your organization's data will be commingled with other users' data in a multi-tenant environment. This could result in availability issues, security breaches and compliance violations.
It is important to remember that public cloud services are not inherently more secure than your organization's own data center. Whether you use a private cloud or public cloud service, it is critical that you have strong policies, processes and technologies in place to govern the security of your applications and data.
领英推荐
6. Compliance violations could take down your organization
Organizations adopting public cloud services must comply with regulations including HIPAA, PCI DSS, FERPA and more
For example, if you believe your organization is not in scope for HIPAA, think again. If you ever share protected health information (PHI) in an email or with an offsite business associate on a public cloud service that isn't HIPAA compliant, the entire organization (not just the business associate) is responsible for regulatory compliance. This means you need to ensure that your cloud service providers are adhering to the necessary regulations and protocols.
As part of your strategy, periodically review your cloud services with each auditor or regulator involved in reviewing your organization's reports to validate that everything is compliant (and doesn't violate any of the controls they've established).
7. Regulatory changes could damage your business
Regulations including HIPAA, PCI DSS and FERPA are constantly changing
For example, some organizations using public cloud services face new risks from the revisions to the Federal Information Security Modernization Act (FISMA) in 2014. FISMA is a law governing information security in the public sector and requires federal government agencies to follow specific guidelines when using off-the-shelf products. The revisions came about because of the increased use of public cloud services
As part of your strategy, review your regulatory landscape regularly. Even if you're not directly impacted by any changes, it's likely that your peers are. Your strategy should include a plan to incorporate changes into your organization before they become problems.
8. Unauthorized third parties could access your data
Public cloud services offer many benefits, such as scalability and agility, but they also come with significant risks due to the shared physical and virtual infrastructure where multiple customers might be hosted
For example, one organization that used a public cloud service for its email was sued after an ex-employee accessed and copied more than 500 sensitive emails and posted them to the plaintiff's website. The lawsuit claimed this would hamper the organization's ability to conduct business
To prevent this kind of risk, you need to know your cloud provider's security procedures and the type of encryption in use. You need to determine if these procedures are sufficient for your organization's needs, so it might be helpful to create a checklist with specific questions you can ask when evaluating different services.
9. Threats go beyond cyber-attacks
While many organizations focus on network attacks, there are hidden security risks outside of their control which could threaten your business
For example, one organization that used a public cloud service to host its CRM applications lost $29 million after ransomware affected the provider's servers. The CRM data was never recovered and it took six months to recover from the loss
With this kind of risk, you need to know what will happen if a service is discontinued. You also need to understand the penalties and fees for leaving early and how your data could be impacted
It's important to require this information as part of your contract with the provider so that there are no surprises should you need to terminate your agreement.
10. You don't have full visibility and control
In many cases, organizations lack appropriate insight into what's happening on the infrastructure that supports their cloud services
For example, one organization was blindsided by a $20 million bill from its public cloud service provider after it experienced an outage that lasted three days. The company had no way to verify how the service had been delivered until after it was over
This is an obvious risk, but one that's often overlooked. It's crucial you maintain visibility of your environment and ensure that appropriate logs are available if there is ever an issue with any aspect of your environment.
You also need to define the appropriate level of control you need to manage your processes and procedures. For example, you can choose a public cloud service that allows for the creation of private clouds within the infrastructure
If you define what you need ahead of time and clearly communicate this to the provider, it will be easier to make informed decisions when selecting a solution. You also won't be stuck paying extra for features you don't need.