In IT environments as in life, change can be hard. Change might be dictated by a serious event such as a network breach, or it could come as the result of a merger or acquisition that requires disparate networks to become one. Sometimes change is due to regulations or compliance, and frankly, sometimes change is needed because existing systems become obsolete. If change is on your horizon – and let’s face it, it probably is – you might be considering migrating some or all of your environment to the cloud to simplify infrastructure management. Many companies in your position have preconceived ideas based on marketing hype, hearsay, or simply a lack of adequate research that will color the decision.
There are numerous myths about migrating from a data-center based environment to moving to the cloud for applications, storage, or a variety of other network capabilities. Let’s set the record straight on some of the myths popular.
Cloud computing is only for big companies.
This myth often is based on a combination of multiple misconceptions about cloud computing. While cloud computing’s origins stem from the mainframe computers of the 1960s, today’s cloud can serve a variety of applications and masters.
Small businesses that have neither the on-staff expertise to develop or maintain a high-end customer relationship management (CRM) tool can find multiple cloud-based providers with that expertise. Similarly, companies that require significant amounts of data storage but have limited resources, such as a small engineering firm, can find cloud providers with secure, encrypted storage for much less than what the company might have to spend to buy the storage servers, build the data center, invest in expensive facilities, and then manage and secure the entire operation. Meanwhile, small companies such as mobile game and app developers take advantage of cloud’s pay-as-you-go model to build, test and deploy their applications without paying the huge capital expense of onsite infrastructure.
Cloud computing is confusing
There are probably more fill-in-the-blank-as-a-Service offerings than there are letters in the alphabet since many acronyms serve multiple masters (Payment-as-a-Service and Platform-as-a-Service are both reduced to PaaS.) While acronyms can add to confusion, it also shows the power of the cloud. Virtually any application a company needs probably has a cloud provider that can offer that service. For SMBs with limited financial and personnel resources, a little research can result effectively in expanding a business by adding expertise without the cost of building out infrastructure and staffing. Make sure you talk to the cloud vendor about their services for companies with your specific needs.
Some providers have what amounts to set-it-and-forget-it services for applications such as backup or server configuration. If you need your provider to manage your server configurations while you focus on doing your business, ask in advance if such capabilities are offered and what they cost. You might find “confusing” just became “simple.”
Storing data in the cloud is a security risk
A little up-front due diligence can eliminate potential security vulnerabilities. For mid-market companies with limited resources, a cloud provider that offers physical security for servers, advanced data-loss prevention and intrusion detection, 24/7/365 monitoring and Security Information and Event Management (SIEM) capabilities probably will have a safer environment than storing data on a network-attached storage server at the company’s headquarters in an industrial park or high-rise office building.
If your company must meet regulatory or compliance rules for stored data, ask your provider not only what services they offer, but also for copies of their compliance reports or security standards to ensure that you are getting what you need. In some cases, appropriate action on your part may minimize what you need from your cloud provider. For HIPAA compliance, for example, the combination of strong encryption, appropriate key management, and a vendor willing to sign a Business Associate Agreement may meet your requirements.
And don’t be afraid to ask for references. Your potential provider should be able to give you contacts for some of their customers who have security needs similar to yours. Ask their references the hard security questions for which you need answers about compliance, monitoring and possible breaches. Selecting a cloud provider is not a decision to be made lightly, so do your research up front and make sure the vendor puts their promises in writing.
Stay tuned for more cloud mythbusting. We might not blow up cars with C-4 like Adam and Jamie do on the popular TV show, but we will explode FUD (fear, uncertainty and doubt) and provide actionable recommendations when it comes to migrating to the cloud.