Cloud services are simpler to obtain, easier to use, and can be much less expensive than traditional IT services. Yet cloud benefits also introduce risks, and you need to examine cloud benefits and risks for each application. Cloud providers naturally downplay some cloud issues as they play up others. Cloud computing makes IT simpler and faster by reducing IT complexity. Reducing complexity gives three main benefits:
- Efficiency gains from higher resource utilization and reduced system administration
- Agility improvements from faster provisioning
- Innovation from easy prototyping and using service performance to identify improvements
Top cloud risks include:
- Dynamic workloads that affect performance and security
- Network and access dependency that makes cloud services unreachable
- IT skills not being aligned with cloud
Still, cloud can reduce the time, money, and people it takes to build and deploy applications and related hosting infrastructure, but only if you balance its benefits and risks against your unique situation.
What You Need to Know
Understanding the inherent benefits and risks each cloud model includes helps you make a better decision. Even if you decide to continue with the risks, you’ll be aware in advance. This lets you develop countermeasures.
|Cloud Benefit||Associated Cloud Risk|
|On-demand self-service access to infrastructure, platforms, and applications delivered by a “pay-as-you-go” model based on usage||Workloads starting from or moving to different geographical locations may experience various delays that may result in inconsistent performance and/or availability|
|Broad access through mobile phones, tablets, laptops, and workstations.||You must depend on access networks or devices outside of your control. If the access network is unreliable or unavailable, then the services and applications are too.|
|Resource pooling and automation to combine resources into managed services.||Clouds share infrastructure. Workloads from cloud consumers sharing infrastructure, applications, and data may affect one another. This includes performance as well as security and privacy.|
|Rapid elasticity that scales automatically and quickly with demand.||Cloud consumers access cloud services through a cloud carrier. It’s possible that the amount of data can exceed a cloud carriers’ capacity, making it difficult to extract data or switch providers. Also, dynamically assigned resources do not always de-allocate, potentially increasing costs.|
|Measured service with usage monitored, controlled, and reported.||Cloud consumers (end-users or IT administrators) still need secure access to the cloud. IT needs the skills to acquire, provision, operate, and audit cloud services and access systems (local networks, clients, security, etc.)|
What You Need to Do
Follow a three-step process to move an existing IT service or application to the cloud.
- Classify your information assets to determine your requirements and risks.
- Using this information, locate a cloud provider that can deliver those requirements while keeping the risks at an acceptable level.
- Calculate your return on investment (ROI) and compare that to your existing costs using your needs, assets, risks, and requirements.
- Assume that your team hasn’t done this type of risk assessment. Use templates and be objective. Be on the lookout for “soft” descriptions of risk, and talk to others you trust who have done such assessments in the past. At this stage focus on the “negative impact” that the “positive features” have, regardless of how remote they appear to you now. Risks include network dependency, need for new IT skills, restrictive service level agreements, hidden workload locations, multi-tenancy security and privacy issues, data import/export limitations, inconsistent performance, and variable costs.
- Investigate the risks for your cloud solution carefully. Use trials to validate your assumptions. Be especially aware of:
- Security and privacy. Cloud increases the number of people with potential access to sensitive information due to the loss of control inherent with cloud.
- Federated identity and single sign-on required for access from multiple locations and services. Omitting this can increase your costs later.
- Interoperability and portability and how to avoid vendor “lock-in” is fast becoming the top concern of cloud customers. Be sure these are fully considered. It may change the ROI if you choose to avoid using vendor specific libraries.
- Service level agreements and IT service management (like ITIL) are traditionally minimally or poorly executed by IT. These skills now rise to the top of the list of competencies required for cloud success.
- Availability and performance are critical and often overlooked. It is common to develop an application that “works great” in development but fails when deployed to a hosting provider.
- Assess business value, not IT value. Hardware, staffing, power and cooling, application changes and organizational efficiency savings are easily calculated. But they don’t always benefit the business. Business benefits include more than cost. Time to market, innovation, and agility are often the biggest business benefits. They’re also the hardest to determine, so make these your top priority, and work with the business to ensure you’ve selected the right measures of success.
- Get started by making sure that your teams have a standards-based and non-vendor-specific understanding of cloud roles, benefits, features, and service and deployment models. Develop a formal worksheet that you use consistently to control the risks of cloud computing and assist in your decision.
Cloud Computing Training