Some organizations are still skeptical about migrating all of their data and implementing cloud services. In some ways, the term “cloud computing” is unfortunate, as the word “cloud” doesn’t conjure up images of security, or an impenetrable vault.
But it may help to remember that “cloud computing” is more of a rebranding than it is a new concept. Network computing – which is cloud computing – has been around for decades. Using the internet is taking advantage of cloud computing – and “the Cloud” really exists in a variety of highly secure data centers across the United States and the world, mostly in locations which have access to reliable and affordable power and networking. The terminology shift began as more applications were being transferred to the cloud.
Understanding that is the first step to overcoming barriers to cloud adoption. Here are some other barriers we find in our discussions with organizations of all sizes:
Migrating all of your data is a big task, and a big change
Migrating a high volume of data is a big job. It’s even more difficult if you have an older legacy system to move into the cloud environment, depending on how it’s written. There’s a lot to think through, but it’s not much different than any technology or application modernization project. Plus, staying with legacy systems is becoming less and less tenable with the evolution of technologies and employee skill sets.
Critical to success is a credible assessment of what resources you expend now versus after cloud migration. Leaving your data in a physical data center requires constant patches, upgrades and other tasks that consume in-house resources (or outside expenses). In a cloud-based environment, many of these tasks are taken care of by your cloud vendor as part of their core service.
Also, you may need fewer applications – particularly “add on” applications – with your data residing in the cloud, which can help offset the costs of transitioning it there.
And, it may make sense to migrate just some of your data rather than all. Making the best decision for your organization requires you to reconcile these factors through a thorough organizational IT assessment.
Control of your data
The fear of having less control of your data once it’s in a cloud is an impediment to adoption for many organizations.
Again, this may stem, in part, from that word “cloud.” How can your data possibly be safer in the vastness of the cyber universe, rather than in tangible, metal, humming machines in your data center that you can touch and feel?
This piece from the Crowd Credit Council actually put this barrier into a helpful perspective by likening it to air travel.
Statistically, traveling by air is safer than driving in a motor vehicle. Yet, in the driver’s seat is where the majority of us feel the safest when we travel. Notice we said “feel the safest” – we only feel safer because we have control of the vehicle.
This is what we call a cultural barrier. You are now relying on other people to secure your data; it’s not sitting in your data center anymore. Your IT department may feel like it is giving up a source of their dominion, not just by “losing” the data, but also as parts of their job that have become routine comforts associated with managing the physical infrastructure disappear.
Compliance is becoming more convoluted
What if your data isn’t actually your data, but belongs to someone else? You’re legally responsible for protecting it, but would be trusting that responsibility to your cloud vendor. Or you may have other compliance issues, such as restrictions on where your data can be.
Cloud computing has become so popular now that most regulations allow cloud adoption within specific guidelines. Just as you’ve adopted those guidelines in your data housing, so have cloud vendors — many with specialties in various regulatory certifications. You can make the best vendor selection to fulfill your requirements, and hold them to the same standards as a regulator would you.
Another compliance benefit is streamlining. Most cloud service providers conduct ongoing assessments of their compliance with applicable regulations via a third party audit. The results of this audit, in the form of a Service Organization Controls (SOC) Report, provides an independent verification of compliance with applicable regulations. While it requires effort upfront to ensure that all of your organization’s compliance requirements are covered in the SOC assessment, together with a commitment to periodic review and acceptance of the information provided in the SOC reports, it can save a lot of effort in audit, governance and other areas outside of traditional IT expenditures.
The big one: Security
The barrier here is less about security, which is an issue no matter where your data is, and more about the balancing act between accessibility and security.
While it’s true that there’s a higher risk that someone can find data in the cloud and theoretically hack into it, there are more options to restricting access to certain types of data than in a traditional enterprise network environment.
The cloud allows you to work with your hosting and security vendors to implement more stringent access controls – segmenting your data to give users “least-privilege access” so they can only access the data they need. This is far more secure than a traditional network, in which hackers can move around unencumbered once they’re in. Organizations can adopt these same practices in their own private networks, but few – especially small- to mid-sized ones – have done so due to the cost and hassle. Moving to the cloud can short circuit a lot of cost and effort.
Recovery after a breach
There are pros and cons of both local and cloud-based data environments when it comes to recovering from a cyber breach, depending on the type of breach. In this decision component, the easier it is to harden the environment, the easier it is to prevent or mitigate a breach in the first place.
A typical data center has numerous devices that require security upgrades or patches, but in a well-designed cloud environment you have just one configuration that gets sole security attention. You also remove a lot of human error from the equation, such as an older computer sitting on your network that hasn’t been patched for months or even years, giving a hacker easy access to your entire system.
Generally speaking, a well-engineered cloud environment is both more likely to be safe and makes it easier to identify vulnerabilities.
It’s a gap, not an abyss
The IT worker skills gap is another argument we see. It does take more work upfront to ensure things are appropriately designed and hardened before you start deploying to the cloud. But with some training, IT workers that have good programming language foundations should not find it difficult to get up to speed with current standards. Standards put forth by the National Institution of Science and Technology, such as NIST Special Publication 800-53, provide guidelines for hardening cloud environments that have been adopted at the federal level – and in some cases, by states and private businesses.
The bottom line…
It’s important to understand the roots of resistance to cloud adoption, and sometimes that’s difficult to discern internally. An objective assessment by an experienced IT and business process provider can pinpoint any real or perceived barriers your organization might have to cloud adoption, and suggest a course of action that makes the most sense for your business. After all, your computing solutions should be as customizable as they are robust.
Most importantly, don’t fear the Cloud.