It is already common knowledge among IT professionals that cloud is no longer merely "hype" and is fundamentally changing the way companies buy and use IT. Over the last few years, I have had the chance to talk with IT leaders in different industries, and at different points of the cloud adoption curve, helping them to remove barriers and define the best strategy for each situation faced during the cloud journey. During these conversations, I heard a set of recurring misconceptions that still undermine their cloud adoption.
Myth 1: Cloud is not secure — This is probably the most recurrent issue in all cloud conversations, and is a valid concern since IT deals with sensitive data, your company reputation, and your customers’ experience. The truth is, the cloud can be as secure as your on-premise IT environment. In addition to the traditional firewalls, cloud providers adopt a layered security approach, beginning with physical security (rigorous access control procedures, and sophisticated surveillance systems), then logical security with network segregation among the cloud tenants, and separated firewall contexts for each environment managed by the user. Additionally the use of state of the art intrusion detection and DDoS protection systems help protect the cloud platform.
From a customer perspective, additional security can be achieved by encrypting the data stored in the cloud, and by extending company access controls and role-based access to the cloud environment.
Myth 2: Cloud is a "best effort" environment — I think the best reaction to this statement is that it depends. One great thing about cloud computing is the wide variety of different solutions available. If you want something simple for your personal web page, you got it; if you need a basic web commerce portal to sell homemade cookies on line, just conduct an online search and you will find a huge number of cloud providers offering it for a very reasonable price, and there are also the clouds made for the enterprise. The message here is that not all clouds are equal, but consider that neither are all business requirements. There are cloud solutions for every need and every budget, but when looking for an enterprise-grade cloud provider, the conversation is different. There is no best effort in the cloud; it is all about performance and availability, backed by meaningful and comprehensive SLAs, with penalties in case of violations.
Myth 3: Once you’re in, you will never move out — Vendor lock-in is a big concern among enterprises, and unsurprisingly cloud shouldn’t be different. Data migration, even in the traditional IT world, is one of the biggest show-stoppers when adopting a new technology platform. Many believe that once data is deployed to a cloud environment, they will never be able to get it back, or will never get it back out in a format that is useful. When choosing a cloud provider, enterprises need to pay special attention to which standards are being used and which compatibility to industry standards are being offered. The ability to use open application programing interfaces (APIs), import and export virtual machines, and the seamless integration with private networks and private clouds needs to be accommodated by the cloud provider, and should be a centerpiece of the customer’s overall cloud strategy.
Myth 4: I’ll lose what I have invested so far — This concern is very common among businesses that have relied on building their own data center and invested into dedicated hardware over the years. The key message here is that using a public cloud doesn’t mean that you have to retire your actual equipment, in many cases, a cloud environment will complement what you have and give you the agility and flexibility your business needs, avoiding over building your internal platforms. There are many tools in the market that integrate data and systems across on-premises environments and public clouds. The secret is to find a cloud provider that can help you map out a cloud strategy that makes use of what exists in the company’s data center today and provides a growth path for tomorrow, leveraging public cloud environments.
Myth 5: Information security compliance and cloud don’t live together — Nowadays companies see themselves in a constant battle to be compliant with security standards, whether is HIPAA, PCI, ISO, SSAE16, etc.; every industry has its compliance challenges. When you add a public cloud in the equation, the first reaction is to think that it will become more complicated than ever. Well, first impressions are not always the most accurate. Sometimes, there is a need for a closer look. In the cloud provider’s world compliance is as important as in any other industry, as we actively seek to address security compliance requirements in order to help our customers with their own compliance programs. Using Verizon Terremark as an example, we offer services that are SSAE16 audited, PCI compliant, ISO 27001 certified and healthcare enabled. We’ve also passed the Department of Defense's stringent DOD Information Assurance Certification and Accreditation Process. These give enterprises more confidence when moving to the cloud, and at the same time complement their internal compliance processes.
Myths are often the results of outdated information, rumor, or logical conclusions from faulty assumptions. The best defense is simply to do research, ask questions, and for you to find out what solutions will best fit your company’s needs. There is no one "right" answer any more than there is one "right" cloud environment. Simply know what you need and want, and ask providers how they can best meet your needs.
