Last month we started a discussion of five of the Biggest Mistakes Companies Make in the Cloud, including failing to utilize cloud technologies at all, failing to manage cloud usage, costs, and life cycles, among other blunders. Here are nine more mistakes I see organizations making all the time, and some advice on how to avoid them.
MISTAKE #6: FAILURE TO EXERCISE BASIC CLOUD ADMINISTRATIVE SECURITY
As a startup learned painfully a year or so ago, guard the keys to the cloud well.
It’s very easy for someone with the right admin privileges to delete all of your server instances and associated data.
If your only backups are also in the cloud and use the same or equally compromised credentials, your company can vanish in minutes. Out of business, game over.
Maintain at least two sets of credentials, and compartmentalize responsibility so that no one person could wipe everything out, either by accident or maliciously. Consider dual authorization for drastic changes — if you can find a provider who offers that feature.
Worth pondering.
MISTAKE #7: USING SECURITY AS AN EXCUSE FOR INACTION
Security cuts two ways. You can use it unwisely, as an excuse for not doing cloud. Or you can take positive steps to get the security you need.
You do need to know the sensitivity of the data and apps you’ll be placing in the cloud. And take reasonable precautions, and install reasonable controls, for the sensitivity of that data and those apps.
Security in the cloud is just like other security issues. What are your business, legal, and other requirements? Are there adequate tools and controls in the cloud, or not?
Does FedRAMP or another cloud security-certification program meet your needs, by certifying the provider passed a certain level of security standard?
In short, where there’s a will, there’s a way: If you tackle security one concern at a time, you can likely make a fact-based determination of how to use public cloud securely — or know what the shortcomings are.
MISTAKE #8: ASSUMING PRIVATE CLOUD IS MORE SECURE
Private cloud is likely using physical cabling with some configuration, possibly automated.
Public cloud shares the physical server, and uses virtual cabling whose configuration is almost certainly automated.
Which one is more likely to suffer from human error?
I would be inclined to bet that the big automated provider is likely to be more secure. You should do your own due diligence though.
MISTAKE #9: THINKING THAT PRIVATE CLOUD IS JUST SERVERS
Here in the Washington, D.C. area, private cloud is big business, likely because of security and control concerns. So it’s good that people are at least trying to do cloud, and learning.
If what you want is yet another datacenter, without having to build it out, that’s where basic private cloud comes in: colocation servers without buildout. If you can get adequate control and security, rented colocation space is about what private cloud can end up being.
That may solve some immediate problems for you. It provides some agility, at a price. It doesn’t provide the same degree of agility as public cloud, because you may have to have a longer-term contract, you may have to wait for provider build-out, etc.
We suggest that you still try to make real use of Amazon, Google, or one of the other public cloud providers. And if nothing else, take a look at their service catalogs.
If you’re doing private cloud, do you have a strategy for automating self-service, collection of costing information, and chargeback? How about automation of server instance lifecycles as well?
If you don’t, you’re missing some of the power of cloud. IT staffs keep acquiring more and more responsibilities, with constant or shrinking budget. Automation and self-service offload some of the routine work, freeing up staff time.
MISTAKE #10: FAILING TO CONSIDER THE IMPACT OF CLOUD ON YOUR NETWORK
Are you thinking about the impact of cloud on your network? It may not be huge, but how could your network work more efficiently with the cloud? See also my posted presentation, at The Four Kinds of Clouds, and How Each Affects Your Business.
MISTAKE #11: NOT HAVING COST AND OTHER VISIBILITY INTO THE CLOUD
It’s best to have a dashboard showing cost, maybe with some (development) instances subject to being cut off if you’re exceeding cost thresholds. If your cell phone provides a meter showing how many of your monthly bytes have been consumed, don’t you want the same for server instance minutes, storage consumption, and of course, greenbacks?
MISTAKE #12: FAILING TO UNDERSTAND THAT WEB APPS ARE DIFFERENT
To maximize the value, performance, and robustness of your web apps, new coding approaches are needed. So while you may be able to shift current applications to the cloud, new application development offers the opportunity to understand new ways of doing things. You can send staff to training, but there’s nothing that tops bringing one or two people who have been there and done that.
We view this as a variation of leveraging consultants and outside talent wisely. If you don’t bring in outside points of view, your in-house staff can become very stale, and not even realize they’re set in ways that became obsolete five or 10 years ago. We’re not about to espouse the “Chairman Mao theory of staff management” here – but intentionally providing new people, new approaches, and change may be the best way to get staff to open up their minds and to build new skills.
MISTAKE #13: FAILING TO UNDERSTAND HOW THE CLOUD IMPACTS CAREERS
For executives, a cloud security problem could be career limiting. Failure to leverage cloud technology for agility and cost-savings could be a problem as well, albeit a less potentially spectacular one!
Networking professionals might think about the job implications. If you’re a rack-and-stack kind of person, you may find your skills less needed by the average enterprise if and when most servers run in the Cloud, although perhaps you’ll still needed by large private and public cloud datacenters. You did notice that, over time, WLAN may replace much of the user side cabling plant, didn’t you?
If you understand networking concepts well, you may have a future role even if they become virtualized or in the cloud. People with a solid understanding of fundamentals, particularly across boundaries – e.g. VMware + solid storage, or Cisco + VMware networking – will likely be in demand for a while. A similar good skill set might be to understand hybrid cloud techniques, and how the various cloud or hypervisor approaches to virtual networking align or differ.
MISTAKE #14: FORGETTING ABOUT LATENCY
If your datacenter and most of your 2,000 or 10,000 users are within 10 to 20 miles of each other, you need to pay special attention!
Putting an application into the Cloud means you may be adding latency: the physical datacenter is probably further away from your users than they are from each other. That may not matter much in urban areas. However, adding a skoosh of latency is a great way to find poorly written applications, i.e. chatty applications that require a lot of back and forth traffic to get the job done. In-house latency validation of applications could help.
If you’re considering geographic diversity within the cloud, bear in mind that running your applications in Texas rather than Virginia may be rather noticeable to your Washington D.C. / Virginia users. Testing can spare you a hard lesson learned. You don’t want to be known as the IT Manager Who Redefined Slow!
The cloud is a great tool for managing data cost-effectively but it’s important to be careful about the way you move into it. For a longer conversation about common cloud mistakes, feel free to reach out.
COMMENTS
Comments are welcome, both in agreement or informative disagreement with the above, and especially good questions to ask the NFD9 vendors! Thanks in advance!
Hashtags: #cloud, #mistakes, #intercloud, #CiscoChampion
Twitter: @pjwelcher
