When companies look to cloud adoption for servers and storage, they do so anticipating a series of benefits, such as greater availability (46%), reduced costs (41%), and increased scalability (36%). But, even with the numerous benefits of the cloud, nagging cloud adoption fears tend to slow down the process of migration.
What if an outage brings our entire company to a halt?
What if an unauthorized user gains access to my data?
What if something goes wrong in the cloud, how will we get our files?
Will we be non-compliant with regulations?
By educating yourself on the common fears that your industry peers have already tackled, you’ll be able to overcome the hurdles that keep your business from operating in the cloud.
Here are the top cloud adoption fears according to the 2016 Cloud Security report from Cloud Passage.
Cloud Adoption Concern #1 – General Security
Year over year, the top perceived barrier to cloud adoption remains to be general security. According to the CloudPassage: Cloud Security Spotlight Report, respondents continued to raise concern over security, an 8% increase versus a similar survey in 2015. The uncertainty and fear of having your data housed offsite and “out of your control” boils down to a lack of trust in the cloud providers. Additionally, security concerns exist due to a lack of education and training as well. If you find yourself hesitant to consider a cloud adoption strategy, ask yourself this one simple question.
“In what ways do we have less security risk keeping our data on-site versus utilizing a cloud provider?”
In doing so, you’ll be able to identify a variety of risks that exist regardless of if data on-site or cloud based. Additionally, some core practices should be in place to see secure success in your cloud deployment. These include
- Implementation of a 2-factor authentication system like Duo Mobile.
- A successfully rolled out encryption practice for both data at rest as well as data in motion.
- A strong key management solution that is NOT located in the cloud provider but somewhere locally within your organization. We feel Gemalto is an excellent solution for key management.
As with all concerns, seeking wisdom and expertise will help you determine the cost and business case for (or against) cloud migration.
Cloud Adoption Worry #2 – Legal & Regulatory Compliance
It’s no secret that the cloud continues to amplify all the legal, security, and regulatory challenges that exist for IT today. With the original focus of cloud providers to grow their subscriber base and storage levels, they overlooked many security and compliance measures that are needed before many organizations could make the shift. A lot has changed in the past 18 months to satisfy the compliance needs that exist in the industry today.
Cloud provider’s compliance practices are now more rigorous than most of the customers who utilize them. In some cases, these providers are doing security better than most organizations due to the data responsibility that both legal and leadership demand of them. Both AWS and Azure list all the standards that they meet or are seeking to meet such as ISO:27001, PCI, and HIPAA online. As well, the top providers in this space have developed substantial educational and compliance portals to put these concerns to rest. Take a moment and learn more from the compliance sections from Amazon Web Services and Microsoft Azure. As mentioned before, this concern is often satisfied once you discuss it with someone who has been down this path before.
Cloud Adoption Hesitation #3 – Data Loss & Leakage Risks
Another common concern is the reality and ramifications of unauthorized access via misuse of employee credentials and improper access controls. Many organizations often haven’t taken the time to have a Data Loss Prevention (DLP) system plan put in place. This means that a user, even non-maliciously, could post information or upload a file which contains sensitive information without the awareness of IT. It’s a training problem, it’s a visibility problem and it’s a business ethics problem. This concern though exists regardless if you use cloud services or not as most employees are able to take devices home, have access to personal cloud services, and have the freedom of remote access nearly whenever they want. Losing data happens, and so should preventing it.
Cloud Adoption Worry #4 – Integration with existing IT environments
Every industry and every department has concerns over how do we mesh the old with the new. When considering a public, private, or hybrid cloud, 4 new considerations should be made outside of security, compliance, and data-loss.
Latency: Considerations should be made for latency and it’s the potential impact on business productivity when implementing a cloud practice. Many companies pursue tools like Office 365 without properly planning and testing for the volume of up/down traffic it introduces when everyone is using this cloud based solution. Ask yourself if the bandwidth and throughput of your network devices are sufficient for the increased traffic.
Connectivity: Companies also need to ensure they have the right connection model to facilitate the integration of legacy systems with redundancy accounted for across the network.
Visibility: Companies should ensure they have visibility and can see that systems are talking to one another and that the connection is reliably maintained. We highly recommend tools like ThousandEyes to have visibility from the endpoint to the cloud provider. It allows you to easily visualize where any QOS issues exist and reduces your mean time to resolution.
Business Continuity Plan/Disaster Recovery Plan: Finally, we must realize that the risk of cloud providers going down still exists. The AWS outage in March of 2017 is a perfect example of the reality of this. When managing a hybrid cloud environment, be sure you have in place a business continuity plan and/or a disaster recovery plan. We’d also suggest having a backup system in place in case anything were to happen with the cloud provider that would impact day-to-day operations within your company.
Cloud Adoption Concern #5 – Lack of expertise
One of the more rapidly growing concerns in the CloudPassage survey is due to lack of expertise in cloud adoption. It’s no secret that a talent gap exists in IT, and it only widens as the speed of technology increases. This concern though is by far the most intriguing out of the top 5 because the lack of expertise is one of the key reasons the top 4 landed where they did. Think about it, if more IT professionals existed with cloud experience, our concerns over security, compliance, data loss, and integrations would be severely reduced.
The Solution: Experience must either be hired, trained, or sourced
The “lag” associated with cloud adoption is similar what existed when VMWare came on the scene. IT originally feared control, visibility, and just a general understanding of how to implement and manage it. The concerns with cloud adoption can easily be alleviated with the proper training and certifications; which provide the necessary understanding of the inner workings of cloud providers and the industry best practices you should follow. At CentraComm, we recommend the training our teams have gone through to become experts in this topic. Below you’ll discover a great starter list of where to get your geek on and better understand the cloud providers.