As many people know we are in the age of the cloud. The entire purpose of the cloud is to minimize implementation timelines and reduce costs. Typically, with these savings come some risks.
Risks of the Cloud
- Hidden Costs
- Lack of Accountability
- Insider Threat
- More Silos
The cloud isn’t all bad, but there’s an old saying of “junk in, junk out.” If you move all your servers to the cloud, all you did was move your problems. You need to optimize your environment. You still have vulnerabilities and things to patch – you just moved them into a shared environment. A shared environment that is still prone to the same vulnerabilities as your previous environment, only now you don’t know what the underlying software and hardware is.
A one-time move can cost thousands of dollars! You have data storage costs and network bandwidth to think of. These are things you did all in-house previously that you took for granted. You’re paying for long term storage of data and the growth you accumulate every month. Integrating Apps become even more complex when you think about trying to integrate a cloud hosted email provider with a different cloud hosted UC solution. Remember the goal of moving to the cloud was to have that instant on and off capability. This complicates things a little bit. It’s not impossible, it’s just complicated!
Embedded costs such as power and rent are not always embedded into IT budgets. These are things you had previously that you took for granted. Well now all these costs are embedded into the cost of a hosting provider. By having to include things such as power costs and floor space this can negatively increase IT budgets. To be frank, these are IT costs. They should be included in all costs! If you purchase a server that consumes enough floor space to warrant the need for a huge warehouse it needs to be a factor of the purchase!
Lack of Accountability
I’m the most important customer! I can easily hold my cloud provider accountable! Well, I hate to break it to you, but that’s not true. In September 2015, Amazon had a massive outage that took Netflix, Airbnb, Tinder, and IMDB offline. It was huge! You have to realize these are high dollar spenders that 100% require their services to be online or it will have a significant impact to their revenues. There wasn’t an apology, or a viable explanation for the outage. Now think about government users where the outage costs lives or a failed mission! I’m not trying to bash Amazon, it’s just a scary truth about shared resources that you have little to no control over. I don’t know about you, but I like to be able to control my destiny.
Data breaches are now becoming every day occurrences. Dropbox, Ashley-Madison, OPM, ADP, IRS, and more. The point here is that it’s a serious threat! Your virtual machines will be no less prone to security vulnerabilities just because it’s moved to a shared service provider. You still have to patch and maintain all of you servers. The real issue here is you inherit all vulnerabilities of the software and hardware of your cloud vendor. Who is liable when a security incident occurs? What do you do? Read the fine print. Most cloud provider’s customer agreements say if your operations are down because the cloud provider has an outage, then they are not responsible.
Insider Threat has never been more of an issue than it is today. Data is available at lightning speed and the everyone keeps track of everything on everyone forever. Think finances, medical records, phone, text media, social, etc. Who has access to what information is not only a concern for the government, but by HIPAA and Sarbanes-Oxley. You don’t want anyone to have access to your private medical records, financial records, or better yet, the private conversation you were having with a spouse. This is what is at stake here. Insider threat and the cloud is where things come off the tracks. Do you know exactly who has access to your data at the cloud provider? Should they have access to it? Do they have the proper training to handle the type of data you have?
The biggest complaint I have about the cloud is it creates yet another silo for your organization. Or better yet, it can create a virtual junk drawer to throw everything in and forget about it. As a small business, we internally have seven cloud applications that each have a username and password. You have to manage all the provisioning of users, authentication, licensing, and more and more. The silos that exist today don’t just go away because you moved to the cloud. They are amplified under a magnifying glass. You now need a cloud authentication provider to manage all your user accounts. You still have a networking team, a storage team, an Active Directory Team, and a security team. These things are all compartmentalized. It’s just virtual and not in your hands.
What do I do about the Cloud?
The intent of this post was not intended for you to think the cloud is entirely risky. It’s intended to make you change your conversations about the cloud and to think it through. I personally like to control my own destiny. If you like to control risks and be the owner of your destiny, then sign up today to see if you qualify for a free data center assessment.
- Top Data Breaches of 2016 – http://www.crn.com/slide-shows/security/300081491/the-10-biggest-data-breaches-of-2016-so-far.htm