Public cloud continues to emerge
Whether it’s the growth of service providers transitioning to offer services, the emergence of Containers within Hyperconverged solutions, or the potential emergence of Google succeeding, the public cloud is set for a year of “hyper-growth”! That said we have to sort through the FUD (Fear, Uncertainty and Doubt), especially in security, to determine the appropriateness of public cloud for your organization.
Is the low-hanging cloud fruit eaten?
The rush to cloud to date has clearly been within “systems of innovation,” applications geared mostly to customer engagement (so-called “systems of engagement”). Enterprises leveraging public cloud are looking to get new innovative applications and services rapidly to market. These applications have been primarily driving customer acquisition and then fostering customer loyalty. These initiatives represent just the tip of the iceberg, the real opportunity is in moving “systems of record”, or everyday work to the public cloud.
One example is GE which is in the process of moving 9,000 apps to the public cloud. As stated in the GE plan, the criteria is to select target applications based on the understanding of the risk associated. This posture allows GE to develop their cloud skills based on their learning with “low risk” applications.
During 2016, the opportunity for I&O professionals will be to adopt cloud, like GE, for more traditional workloads. You can read more in my recent blog on the topic, and of course, Forrester’s recent landmark “The Truth Behind Enterprise Cloud”report.
Security, simply a scare tactic to delay public cloud?
The major objection to public cloud is security and concerns over data protection. It’s certainly the objection I hear the most on inquiry calls from clients who are considering a journey to public cloud. This objection, in an era of much publicized cybersecurity events, is one to be considered and should not be underestimated. That said, security should form one of the risk factors in your enterprise’s risk management approach. Security paranoia cannot be a complete block to public cloud. In fact, major cloud providers are exceptional at security, often far better than almost any enterprise. Security will remain a major public cloud fear for at least the short term, and rightly so. However, make sure that your concerns are grounded in the reality that hyperscale cloud security is excellent and take the time to understand their investments and approach.
Major cloud vendors are investing in security
Public cloud providers are serious about security. Their business is dependent upon the security of their environments and the services they offer, and, they understand that they are a target of attacks. Major cloud players including AWS, IBM SoftLayer, Microsoft Azure, and Google all provide security solutions for data protection, encryption, data governance, access control, network security (intrusion prevention), user directory integration, and configuration management. They invest in not only technology, they invest extensively in experienced security experts who are cloud focused and assure conformance with industry standards (AWS Standards, Microsoft Azure Standards). In fact, they have more security experts than you do, and they are very likely far more experienced. They work for these providers because the challenging work that they do there has much more impact than it would have anywhere else. These experts can help above the hypervisor, but from a consultative position, not within the cloud service itself. Such higher-level security requires expertise in application-level security. Providers need tight integration with your app developers to reach this level.
I&O pros must stop using security as an anti-cloud excuse
I&O pros must set expectations with their CIOs and CISOs that you cannot secure cloud workloads by retrofitting your on-premises approach and security products and solutions. Security is important as you transition to the cloud. Take the time to address user access, workload set-up and configuration scenarios for on-premises and cloud-based workloads. It will greatly simplify and strengthen cloud workload security. Configuration and process consistency is paramount, and a more industrial model of development and operations lets software perform the hard, repetitive work. Let the software also continually analyze the entire landscape more thoroughly — because humans cannot. Due the business impact of a breach, hyperscale cloud providers invest in security – in many cases – can be considered better than many enterprises.
The public cloud is ready for the enterprise; you need to determine if you are. To determine the appropriateness of public cloud, you can commence with a review of the recently released Forrester report The Truth Behind Enterprise Cloud.
Don’t forget to follow me on Twitter: @RobertEStroud