The misconception cloud is insufficiently secure has been an issue since the beginning and has yet to be entirely rectified by the industry. As such, it remains a key concern and a primary goal when organisations think about moving over to the cloud. Malware, data theft, data leakages; they all remain as top security challenges.
A recent report from Intel Security, entitled ‘Building Trust in a Cloud Sky’, showed organisations’ concerns about security and expertise, as well as a lack of resources, remains some of the most significant challenges for companies.
Yet it also revealed some additional echoes from the past, with issues faced by early adopters still having their part to play in today’s cloud market. Specifically, organisations are still facing shortages of in-house IT staff with the appropriate skills, knowledge and experience of cloud technologies and security.
The issue is that many organisations have yet to fully realise their ambitions when it comes to the cloud, and there are some lessons that still have to be learnt, and certainly there are some improvements to make.
However there are lessons in the past that are still relevant to companies today, particularly when plotting early roadmaps, and planning for achievable results.
Too much talk, not enough caring
Michael Cares, director of service delivery and cloud services at TUI Infotec, began to plan for the cloud back in early 2009. He claimed the early adopters were disappointed by what the reality of cloud was beyond the marketing hype.
“Expectations were much higher than what was really delivered,” he explained to Cloud Pro. This was caused by cloud providers not caring, in his view, about the business of the customer.
Cares said relinquishing control of your own assets was something of particular concern, but the early adopters at the time didn’t have the right level of maturity to support their own cloud.
The tools that were available at the time were also immature, but the focus was more on the cloud technology rather than on service delivery. Cares claimed cloud hardware and software vendors like HP, VMWare and IBM simply focused on delivering their technical capabilities in order to be cloud-ready, whilst they should have focused on the needs of their customers’ businesses.
However, it wasn’t all bad, as he claims that BMC Software, of which his organisation is a customer, had a different approach, driven by service delivery rather than technology.
Either way, Cares felt the need for a service level agreement was still very important to ensure IT services contribute to the performance of the customer’s business.
Happy in the cloud
However, Alan Williamson, chief architect of Mediafed, had an altogether different experience with early cloud adoption.
His company is a customer of Amazon and began using cloud technologies in 2007. Unlike Cares, Williamson said he has never been happier, although this doesn’t mean there wasn’t potentially a gap in expectations.
“In the early days the marketing departments got a little excited with the terms and as usual with new buzzwords, and so they may have over sold the capabilities of the cloud at times”, admitted Williamson.
Yet he said many of the new customers who had believed that hype soon realised “the cloud did not offer the same performance as their physical servers.” This was down to a certain amount of ignorance and uncertainty about virtualisation.
New customers made the mistake of thinking one virtual machine was going to equal the performance of their own servers.
“In our experience, you have to go for three cloud servers for each and every individual physical server”, said Williamson.
He then suggested a move to the cloud could not be done in one go as it requires the organisation to re-define its IT architecture, necessitating some re-engineering to make the cloud work to its full potential.
“You can’t treat the cloud like you would a physical set-up.”
Simon Bocca, chief operating officer at Fourth Hospitality, deployed Salesforce CRM 12 years ago and he also praised his organisation’s initial move to the cloud.
“We have used both the Salesforce Sales Cloud and Service Cloud, so that they would fit together effectively,” he said, in a past interview with Cloud Pro.
Bocca was pleased with the much improved connectivity since the early days of cloud – citing integration with social networks like Twitter as an example. He also argued everything was more scalable today and the applications available are more robust.
“I think the key is to think big and don’t develop and define your cloud-oriented needs half-heartedly,” said Bocca. “We found that planning for the cloud was vital and I would urge any organisation contemplating a move to the cloud to get a thorough understanding of its capabilities.”
This means thinking about the future strategy of the business before diving into any cloud adoption project.
Migrating to the cloud
IT leaders must have a robust plan of action before embarking on a cloud migration project, according to Specsavers' CIO Phil Pavitt.
"This is tough and needs a proper plan, ownership and timetable," he said. "Do not underestimate the amount of effort required."
Projects needn't be all encompassing, as a simple starting point for a CIO to test the waters can be just as effective. However, the main issue facing companies is that it's not always clear what that project should look like.
"The decision as to what to move to such a platform is not one that is black and white," explains Clive Longbottom, founder of analyst firm Quocirca. "[Some] will prefer to start with low-level workloads and wait until these are proven before they move anything business important or mission critical over."
Other firms will see the cloud as a means of propping up the changing needs of their operations, moving as much of their workloads as possible at an early stage and hoping for the best.
The initial project should be aligned to a company's aims and capabilities, and as such can differ wildly between organisations. Some may be attempting to move processes and data stored in older systems to the cloud where vendors will maintain the infrastructure. Other cases involve firms choosing to work alongside a collaboration service, such as Microsoft Office 365, to enhance their current systems.
Deciding on the initial look of the project will lead to another major decision - whether to go for public or private cloud, or stick with a software-as-a-service approach. However, as far as Specsaver's Pavitt is concerned, "the answer is hybrid, a mix - start private and move towards the public".
Top tips from the early adopters
So what can we learn from these early cloud adopters?
- Make sure your whole IT department is aligned with the cloud and discourage it from developing its own applications or bringing in its own bespoke software.
- Avoid disappointments by looking as far ahead into the future as possible to develop a cohesive strategy. “Stitching cloud and non-cloud systems together because you aren’t brave enough to invest fully in the cloud will never be successful,” warned Bocca.
- Ensure your IT architecture is built for failure, as it’s a matter of ‘when’ a disaster may occur with the cloud, not ‘If.’
- Engage with a cloud service provider or partner that cares about the needs of your business and not just about the delivery of technology.
- Make sure your organisation retains control of its IT. Vendor lock-ins were an issue before the cloud and still live on today.
- Use a proof of concept methodology at every step of a cloud deployment in order to succeed.
- “Align cloud services to your maturity, or re-think about whether your organisation is mature enough to deliver cloud technologies and services,” advised Cares. This includes analysing whether your staff have the necessary cloud skills, or whether any given cloud provider or consultant has the aptitude and resources to help you.
- Remember that some things may never change: security will always be a priority and a concern, but with the right policies and best practices in place the cloud can be very safe.
- Don’t go the cloud just because it seems like the cheaper option. This is not always the case.
The clouds have shifted
“Standards are improving all of the time, but there were too many groups working on overlapping ones,” said Longbottom. “Yet expectations are maturing.”
The issues faced by early adopters should be examined closely by those wishing to migrate to the cloud today, according to Longbottom. "Yet too many people are replicating the mistakes from the past."
The Intel Security research is a reflection on the issues occurring with the cloud today, as much as they were with the real early adopters. Some things clearly do not, and perhaps will never change, as we all know history has a habit of repeating itself.
