Trusting Cloud Providers: Trust your mother (but cut the cards)
Risk is a part of life, of business, and fundamental survival. Crossing the road, getting in a vehicle, and picking up the phone all require you to assess the rational, potential outcome, and likelihood for success behind the activity. And yet we carry on, learn, and strive to improve tomorrow. As business technology evolves, the principles underlying the foundation and operational aspects of data storage and the functionality of our tools is continually critiqued. Change is constant, truths of yesterday no longer apply, and risks we have not yet considered will undoubtedly be encountered. So what path do we choose to follow when considering overall approach to our business technology?
Data breaches, extensive downtime, and lack of compliance mechanisms are issues that IT Pros fear. How can an outsourced cloud provider be trusted? These concerns must be addressed before they consider moving business critical systems to the cloud. Rather than hitting that head on, let’s circle our current state.
“If my Internet connection goes down, I can’t access my systems.” This is the common retort to avoiding cloud adoption. Let’s think through that scenario. Is that in any way the cloud provider’s issue? No. What is impacted if your office loses connection in a cloud based model? Your office. What is impacted if your office loses connection in an on-premise model? Everything. Customers, Vendors, Remote & Field staff (and your office still can’t access the Internet). The likelihood that your business will have a redundant Internet connection in the next 3 years is very high. Dependency on Internet for communication and transactional interaction will demand high-availability to internet resources in nearly every business regardless of level of cloud adoption.
Single Point of Failure
Redundantly redundant. Cloud providers stake their business on providing service in a highly competitive market. They are in the business of providing reliable systems to a broad customer base. The days of a hosting provider delivering services from a server in the lunchroom are long gone. Today’s providers deliver services from equipment, facilities, and connections far beyond what Widget Manufacturer A or Service Provider B can ever justify. Every aspect is controlled and monitored, from connection quality, power conditioning, cooling, physical access, and on and on. Consider the server you have nicely racked and locked in the back room closet. Raid5, redundant power supplies and all. Realistically considering the potential failures that could render it useless is staggering. Power outage, Fire, Water, Backplane, Internet Outage, Corrupted Raid Config, Ransomware, Smash-n-Crash burglar, IT Admins spilled Coke. Unfortunately enough time in this industry and you see many things, truth often stranger than fiction but nonetheless very real.
You invest, buy the biggest and the best, and… tomorrow it is obsolete. Just as scaling user counts is inherent, the burden of allocating resources is entirely upon the cloud provider. Managing the infrastructure and platform for your systems is no longer an issue. Never will the business controller be asking themselves “Why is it my problem that Microsoft is ending support for server version XX and the new server version YY isn’t compatible with my legacy software AA?” While infrastructure responsibility is eliminated, interoperability of systems will become the focus of technology development. Choosing systems that complement one another and provide solid interaction with other systems will become an opportunity for differentiation of businesses and professionals.
Full circle to Security
The simple fact is that businesses hesitating to embrace cloud technologies are very likely not accurately assessing risk to their current technology approach. The pitfalls and potential for failure for on-premise IT are many and great. In 1980 it was uncommon to wear a seatbelt, yet many survived and thrived. Today it is accepted that seatbelts are safe, pose less risk and provide greater likelihood of success to arriving safely when advancing from point A to point B. The real issue at hand is selection. Choosing providers who are reputable, with strong products. Acquisition of tech companies will continue to prevail, how does that impact the future of data and systems we rely on? Assessing and managing risk continues to be the differentiator for those who succeed, but the first step is moving onto the appropriate playing field.