In my previous article, Cloud Hosting Reaches an Inflection Point, I outlined how enterprise adoption of cloud hosting is accelerating and described some of the drivers behind it. But not all cloud hosting solutions are the same. Here are five myths to watch out for.
Myth 1: All security is created equal
Every vendor is different when it comes to security.
When you select a vendor, you should understand how they treat physical, host, and network security and whether their security standards and practices exceed your own security environments and requirements.
Many smaller vendors may not be SAS-70 certified because of the expense associated with it. It’s not necessarily a deal killer. I think the most important question to ask is: does the certification meet your specific security requirements?
My view is that eventually every cloud vendor needs to be certified in order for customers to gain confidence and for the adoption of cloud technology to really take off. Think about the comparison with people depositing their money and valuables in a bank. Today, people don’t worry about putting their money in a bank because it is safer there and they are confident they will get it back because the government stands behind the banks with safeguards such FDIC insurance and other protections.
You should really ask for a security review especially if you are a big company dealing with a smaller company and the risk to you is greater than the risk to them in case of a security breach. On the other hand, if you are a small or medium-sized business (SMB), your risk is much lower if you are dealing with a well-established large cloud vendor such as Salesforce, Amazon, or Microsoft, who are betting their business on their cloud services.
Many SMB executives I speak with believe that cloud vendors have much at stake and have specialized skills to make the cloud as secure as an on-premise system.
At a minimum, you should verify if you are getting security, firewalls, intrusion detection and prevention, anti-virus scanning and data protection from your vendors as part of the deal.
Myth 2: Cloud storage is fast and available
Cloud storage is evolving rapidly, but performance and access speeds will always be issues because of bandwidth constraints and network latency. Typically, access to cloud storage is via Web-services (e.g., Amazon S3) and not via a traditional file system, which means applications have to be written specifically to store and retrieve data from such storage. Furthermore, storage associated with a single compute node instance is not persistent (i.e., if you lose the node or terminate it; you lose everything that is in its temporary storage).
This means that you cannot rely on this kind of storage for mission-critical production workloads. Look for a network-based storage solution that provides highly reliable, clustered storage similar to a SAN in a physical environment that is highly:
- Scalable– You should have the ability to scale your storage requirements to meet your load requirements, both manually and automatically via a Web services interface.
- Available – Make sure that the storage components used for storage are highly reliable, redundant, and clustered and ensure that there is an auto backup system in place. This will guarantee that failures in any one component will not bring the whole storage system down.
Myth 3: You pay for exactly what you need and use
Pay-as-you-go is an attractive option with public clouds. The key question is: are you paying for exactly what you are consuming? Some cloud providers will lock you into instance tiers that have fixed compute, memory and storage capacity. For instance, Amazon Web Services offers small, large and extra large instances. So you have to carefully plan your capacity so you don’t end up paying for much more than what you actually consume.
Look for a cloud provider that provides you the flexibility to scale compute, storage and memory independently based on your needs. This can save you enormously over a period of time as you scale your resources.
Myth 4: You can easily port your applications without changes
Virtualization architectures and private cloud solutions reduce costs and improve operational efficiencies, but often the complexities of application and data migration present a significant challenge.
Cloud architectures allow for elasticity: the ability to respond (scale up and down) rapidly to changing business demands. When the application load increases, more resources (CPU, memory, storage, etc.) can be added dynamically to handle the load. Even if the underlying private cloud infrastructure supports scaling, the applications themselves may have to be re-factored to take advantage of this, adding to the complexity and cost of the migration effort.
A majority of Web-based applications designed using modern three-tier architectures are typically better suited for a public cloud environment because they are easy to move around once they are virtualized. Rather than host these applications on a physical environment, one strategy is to have these hosted by a third-party managed services cloud vendor. This way you get economies of scale and other benefits of the cloud while also having high security.
For best results, the technology stack you use should be compatible with the hosting provider’s stack. For example, if you have a .NET Windows-based application, look for a vendor that supports native Windows-based cloud and virtualized (hyper-V) environments. If you have already virtualized your windows applications with Hyper-V, your applications could easily migrate and execute in your vendor’s Hyper-V based environment.
Myth 5: Cloud providers have managed service offerings
Managed service versus self-service? Which direction will the market move towards? This is the debate that is going on today. Pure self-service cloud vendors such as Amazon Web Services do not have robust support and service offerings. In most cases, such vendors abstract the entire infrastructure stack and provide a set of APIs to interact with these resources. This means that the bulk of the management of operating systems, virtual machines, security, network monitoring, performance management, service and support, and application management fall back on you. While these cloud vendors may provide massive extensibility and flexibility, their offerings come with a pretty steep management cost on your end and, at a certain scale, may prove to be cost neutral.
These solutions may be fine for non-mission critical applications; but when it comes to your most critical systems, you will need to look for better service level agreements (SLAs), great service and support for your systems a/k/a a comprehensive set of “managed services.”
If you require such services, look for a vendor that provides high-touch, fully managed services, which includes everything from backups, updates, security, monitoring, etc.
Falling for these myths can lead you to choose a solution that can cost precious time and money, not to mention lost customers and reputations. Consider the business implication and select the solution that’s right for you.
Kamesh Pemmaraju heads cloud computing research for Sand Hill Group. Follow him on Twitter @kpemmaraju.