By Rajat Bhargava Posted April 21, 2015
Businesses can feel intimidated when improving their IT systems, especially when that means making the “move to the cloud.”
The switch to cloud-based systems can be overwhelming because it is still such a nascent concept. It involves adopting new processes and new infrastructures. IT admins either (1) don’t feel comfortable letting go of their existing systems or (2) don’t feel confident leading the overhauling of existing processes.
There are a few core reasons for the hesitation: security, control, compliance, and costs. Let’s explore each of these potential impediments and some solutions to them.
4 Reasons Organizations Hesitate to Move to the Cloud
The cloud has been widely reported as being more insecure than on-premises infrastructure. There is definitely some truth to this claim. Most cloud-based systems are available over the public Internet and subject to all of the malicious traffic and bad actors online. That has fueled speculation that the cloud is less secure than on-premises infrastructure.
But conventional infrastructure also has its fair share of risks. In many cases, it can be argued that the on-premises IT resources may actually be less secure than those in the cloud.
To determine whether or not the cloud is more secure, it is critical to understand that cloud security has very different considerations than on-premises infrastructure. With on-premises infrastructure, IT admins often leverage the location of the systems to help with security. In the cloud, location is not a factor since it is remotely accessible from anywhere.
Cloud systems can be more exposed, house multiple customers, and often tie their systems to financial transactions. These end up requiring more significant layers of security. But since cloud security can be averaged over a larger number of customers and systems, it is often more cost-effective on a unit economic basis.
When you move your systems to the cloud, you may feel a loss of control. As an IT group, you controlled the entire stack from the actual hardware and network through all of the operating system and application choices. In the cloud, choices are made for you and you will often choose from a more limited number of decisions.
For example, when you choose an Infrastructure-as-a-Service provider (IaaS), you don’t generally get to choose the brand of equipment, the bandwidth providers, or the locations of your systems. For many organizations, these choices are a distraction and only equal extra cost and maintenance. For others, having a choice in these matters is important to their business.
The simple way to deal with the control problem is to clearly decide on what layers of the stack you must control in order to create your competitive advantage. There is no right or wrong, just what is best for your organization. Once you make that determination, you can effectively figure out where and how the cloud can support your mission.
Many organizations today are subject to regulatory standards. These can be governmental statutes such as FISMA, GLBA, and HIPAA. Others are subject to commercial compliance regulations with the most common being the Payment Card Industry Data Security Standard.
IT organizations subject to these regulations often hesitate when thinking about the cloud. The cloud is multi-tenant, abstracts away control, and relies on third parties. For compliance, all of those issues make an IT admins job harder.
Compliance is all about controlling the scope of the audit surface and cloud computing can make that difficult. Cloud infrastructure providers recognize this issue. To make it easier to attract clients, cloud infrastructure providers will often undergo their own audits which can be leveraged by their customers. Still others will focus directly on this market, creating products that specifically provide the controls and reporting that organizations need to pass audits.
So, in a sense, an organization can move to the cloud and make their compliance issues easier. That’s not always the case, but if you are hesitating moving to the cloud because of compliance, understand that you can always choose a provider that is focused on your compliance area.
Many organizations with extensive IT infrastructure postulate that the cloud will be more expensive than running their own infrastructure and applications. These organizations often have tremendous sunk costs in their equipment, the value of which has inevitably depreciated. So while the costs in the cloud are more operational, there is a discrepancy for many larger organizations. Smaller companies have an advantage because they often need less quantity and are also unable to amortize purchases of equipment and applications over a broad enough user group. In either case, though, there is the perception that cloud services are more expensive than keeping the services in house.
While the numbers are the numbers and there aren’t any silver bullets, the “solution” to this problem is to deeply analyze all of the costs. Often as IT teams review all of their costs, they realize that their in house costs are really much higher than they originally believed. For example, the time to administer equipment and software must be accounted for, along with the cost of data center space and equipment. The difference in reliability is also a factor, if that is important to the organization. These ‘hidden’ costs often level the playing field or at least make it a close decision.
The last thing to look at is the value to the organization of running the particular service in house versus outsourcing it. If the service is part of a core competency or competitive advantage, then it likely should not be outsourced. If it doesn’t fall into that category, then even with a cost discrepancy, the organization should not be focused on those tasks because their time is better spent elsewhere.
Is there Reason to be Hesitant?
Moving to the cloud for any organization is a major shift in their business. It is easy to get stuck weighing the options. When you are considering implications related to security, control, compliance, and cost, IT admins need to think through their situation to determine if their concerns are valid or if unwarranted preconceptions about the cloud are holding them back from progress.
Whether you move to the cloud or not, even the process of analyzing the move will help make your organization better and give you increased clarity on what you value and don’t. If you would like to talk about some of the challenges when moving to the cloud, give us a call. We would be happy to work through the issues with you.