The cloud has become a common fixture for most businesses, more so in the last 12 months, with over half (51%) of UK business leaders saying their shift to the cloud has saved their company from collapse during the pandemic. In this article, Leon Godwin, Principal Cloud Evangelist for EMEA at Sungard Availability Services discusses why that for all the great reasons organisations choose the cloud, there remain common mistakes that are made that make it difficult to embrace the full capabilities of cloud infrastructure.
Most organisations operate in the cloud in some way or another. But, because of its complexity, not every organisation is doing so correctly.
According to IDC, by 2022, over 90 percent of enterprises worldwide will be relying on a mix of on-premises/dedicated private clouds, multiple public clouds, and legacy platforms to meet their infrastructure needs. The global technology research and consulting services firm expect 2021 to be the year of multi-cloud, with the vast majority of enterprises deploying combinations of on-premises, off-premises, public and private clouds as their default environments.
Growth in cloud computing has been one of the largest tech trends of the past decade, and yet there remain common mistakes that many organisations continue to make when migrating or adopting new services. In doing so, they open themselves up to countless business and reputational risks.
These sort of mistakes, particularly in the turbulence of today’s current climate, can’t afford to be made, so how can organisations avoid them?
Mistake 1: Not sizing bandwidth to meet business needs
Connectivity is key. If an organisation chooses the wrong connectivity, it will degrade the end user’s experience. This will ultimately undermine the quality of service that it is trying to offer.
Nothing ruins a cloud — or any computing experience — like sluggish application and internet performance. When moving to the cloud, organisations must have a realistic understanding of the amount, and quality, of bandwidth that they need.
Unfortunately, many organisations fail in this regard, because they don’t consider the network implications of data leaving the cloud.
Egress charges are the cost for data leaving the cloud provider, allowing end users to lift and shift their data into different locations for different uses. These will typically make up a large chunk of an organisation’s cloud expenses as the data is constantly on the move.
On average, data egress is charged at 7p per gigabyte. Moving 25 terabytes out of the cloud and on-premise data centre or another cloud provider could cost £180,000 in egress fees through the public internet (even via a virtual private network). However, many examples of applications may create data-egress costs, some of which may come as a surprise. Restoring backups in the cloud to an on-premises location, hosting a website and delivering web content into someone’s web browser, and consuming remote desktops hosted in the cloud are just a few.
Network connectivity needs to be flexible too. That way, organisations can improve agility and respond faster to changing business conditions, something many IT leaders have struggled with over the last twelve months.
Working with a provider that can provide high-performance, low-latency connectivity that can be scaled up or down on demand will allow a real-time response to workload fluctuations and changing business demands while also preventing bill shock.
Mistake 2: Not planning for applications
Frequently, organisations view the cloud from a “server” perspective rather than from an “application” perspective.
The term “cloud” remains nebulous, as cloud implementations include ever-changing technology offerings. This can make it difficult to discern how to optimise a cloud solution to meet business needs.
The needs and goals of each organisation and industry differ, making it impossible to adopt a one-size-fits-all cloud strategy or even the same strategy for each workload within an organisation.
When making a cloud-hosting decision, businesses need to be sure they understand their workload attributes – performance, security, integration and data volume – and consider the cumulative impact of these on workload-placement decisions.
During the decision-making process, IT decision makers need to factor in the following:
- Business considerations – top business problems the organisation is working to solve, and the main use cases to enable or enhance, including time to market, agility, and legal and regulatory
- Technical considerations – attributes like performance, security, integration, data volume and workload elasticity
- Ecosystem considerations – factors like software as a service maturity, cloud service provider offerings or the market accessibility of cloud expertise
- Other considerations – consider existing applications and their cloud-readiness, application licensing, global data centre operations, and organisational practices, like disaster recovery and business continuity
Some applications are better suited for public cloud, while others are better in private cloud. By focusing on application needs, rather than server needs, the best decisions can be made.
Mistake 3: Not adapting to the cloud security landscape
When adopting cloud, organisations often implement new technology without fully understanding it and updating their security posture to match. This makes them susceptible to all sorts of risks.
Here are four common cloud security mistakes and how to solve them:
- Granting overly broad permissions
Rein in permissions by adopting a least privilege access approach. That way access is limited to only those who need it to do their job. If someone does require broad permissions, make sure those accounts are locked down with multi-factor authentication.
- Storage misconfiguration
To limit the consequences of storage misconfigurations, employ encryption anywhere you can, including the encryption of storage at rest. That way, if encrypted data is stolen, it will be unreadable by hackers.
- Inefficient application protection
Firewalls were once considered sufficient perimeter protection. Not anymore. A traditional firewall can be locked down to allow web traffic through only on a specific port. In many cases, that’s all a hacker needs to compromise your network. To properly protect business applications, implement effective patch management and web application firewalls (WAFs). Ensure regular scans are carried out, maintaining visibility and automating the patching process.
- Compliance issues
When moving to the cloud it’s important to identify which countries the data will be processed in, what laws will apply, and what impact they will have. Then, follow a risk-based approach to comply with them. Enable compliance and application-level monitoring and assign an owner. That way cloud compliance, the collection of audit evidence, and misconfigurations can be easily tracked and identified, preventing any non-compliance.
- Security and Compliance in the Age of Cloud-First Working
- Xactly Expands EMEA Growth Through Collaboration with Oracle Cloud
- Groundbreaking Research From Xactly Highlights the Disruptions that Transformed Sales Organisations in 2020, Presents an Outlook for the Future
- What can corporates learn from digital transformation in the COVID era?
Increasing cloud adoption is on the horizon
Research from TCS has identified that 51 percent of organisations have increased cloud spending due to the pandemic, with only 27 percent of those surveyed having their core enterprise systems in the cloud pre-January 2020.
With the number of organisations keen to expand into cloud platforms comes a rising number of businesses falling victim to some of the most common cloud mistakes. By adopting a cloud readiness approach, that already identifies possible problems before they occur and prevents a shift back to on-premises data storage when it goes wrong, businesses will be better placed to reap the benefits the cloud can offer.