How to Control Cloud’s Undesirable Side Effects
How can I minimize cloud’s undesirable side effects?
IT leaders reaping the benefits of cloud understand its strengths and weaknesses. To minimize adverse outcomes, you need to understand that cloud’s positive benefits come with opposing risks. This brief explores how, by focusing on cloud’s risks, you can maximize its benefits.
Cloud services are simpler to obtain, easier to use, and can be much less expensive than traditional IT. Cloud computing makes IT simpler and faster by reducing IT complexity, providing:
- Efficiency gains from higher resource utilization and reduced system administration
- Agility improvements from faster provisioning
- Innovation from easy prototyping and using service performance to identify improvements
Yet, cloud’s benefits also introduce risk. That means it’s imperative that you examine cloud benefit/risk pairs for each application. Top cloud risks include:
- Dynamic workloads affecting performance and security
- Network and access dependency making cloud services unreachable
- IT skills not being aligned with cloud
Before you jump into cloud computing based on the promise of reduced time, money and people needed to build and deploy applications and related hosting infrastructure, be sure to balance cloud’s benefits and associated risks against your unique situation.
What You Need to Know:
An information asset risk assessment is ideal to determine the benefit/risk ratio for a cloud solution. Understanding the inherent benefits and risks of each cloud model helps you make better decisions for your organization. Even if you decide to proceed with risks, having awareness of the risks enables you to develop countermeasures in advance.
|Cloud Benefit||Associated Risk|
|On-demand self-service access to infrastructure, platforms and applications delivered by a pay-as-you-go model based on usage||Inconsistent availability and/or performance, especially for workloads starting from or moving to different geographical locations|
|Broad access through mobile phones, tablets, laptops and workstations||Access networks or devices are out of your control; unreliable or unavailable access networks mean unreliable or unavailable services and applications|
|Resource pooling and automation that combines resources into managed services||Cloud consumers (end users or IT administrators) sharing infrastructure, applications and data may affect one another’s performance, security, or privacy|
|Cloud Benefit||Associated Risk|
|Rapid elasticity that scales automatically and quickly with demand||Amount of data cloud consumers need at any given moment could exceed a cloud carrier’s capacity, making
it difficult to extract data or switch providers; dynamically assigned resources do not always deallocate, potentially increasing costs
|Measured service with usage monitored, controlled and reported||IT may not have the skills to acquire, provision, operate, and audit cloud services and access systems (local networks, clients, security, etc.) and provide secure access to the cloud|
What You Need to Do:
Follow this three-step process to move an existing IT service or application to the cloud:
- Classify your information assets to determine your requirements and risks.
- Using that information, locate a cloud provider that can deliver your requirements while keeping the risks at an acceptable level.
- Calculate your return on investment (ROI) and compare that to your existing costs using your needs, assets, risks, and requirements.
- Assume that your team hasn’t performed such a risk assessment. Use templates, require objectivity, and guard against overzealousness. Be on the lookout for vague descriptions of risk, and talk to others you trust who have completed a risk assessment. At this stage, focus on the negative impact that the positive features have, regardless of how improbable such impact may seem.
- Investigate the risks for your cloud solution carefully, and ensure that assumptions are validated with pilots and trials. Be especially aware of:
- Security and privacy. Cloud increases the number of people with potential access to sensitive information due to the inherent loss of control.
- Federated identity and single sign-on required to access information from multiple locations and services. Omitting these requirements can increase your costs later.
- Interoperability, portability, and how to avoid vendor lock-in. Fast becoming top concerns of cloud customers, these should be fully considered. Your ROI may change if you choose to avoid using vendor-specific libraries.
- Service-level agreements and IT service management processes, such as ITIL. The skills needed to create, execute, and manage these now rise to the top of the list of competencies required for cloud success.
- Availability and performance are critical and often overlooked. It is common for an application that works great in development to fail when deployed to a hosting provider.
- Assess business value, not IT value. Savings on hardware, staffing, power and cooling, application changes, and organizational efficiency are beneficial to the business and easily calculated. However, business benefits include more than cost savings. Time to market, innovation, and agility are often cloud’s biggest business benefits. They’re also the hardest to measure. Make them your top priority, and work with your business to ensure you’ve selected the right measures of success.
- Get started by ensuring your teams have a standards-based and vendor-neutral understanding of cloud roles, benefits, features and service and deployment models. Develop a formal worksheet that you use consistently to control the risks of cloud computing and assist in your decision-making.