3 Challenges of Public Cloud Storage and How to Overcome Them
Cloud computing solutions are becoming increasingly popular for operational and cost reasons. The pandemic has caused many businesses to move to remote access and working from home environment, and often to an online e-commerce existence.
There are two types of cloud, public and private.
A public cloud moves the client data centre to a managed service provider, (“MSP”) who provides managed services to several clients on the same physical infrastructure. In the past, physical connections to the MSP data centre were provided using dedicated high-speed telecommunications links, but nowadays it is much more likely to be a connection delivered over the Internet.
A private cloud is operated by a single organisation. It can be supported by an external MSP in a dedicated server environment or internally by an organisation’s own IT services.
Hosting your data and applications on a public cloud platform brings several concerns with it, those primarily security, managing cost, and resource availability. Other issues such as Governance and Compliance will arise.
Finally, a combination of private and public cloud technologies is increasing in popularity – a hybrid solution. An organisation keeps its sensitive systems and data behind a corporate firewall but integrates with a public cloud for customer and public-facing systems.
To look at the major concerns in turn:
Security
Recent surveys have highlighted security as a major concern by senior executives when considering remote access and cloud-based solutions. They hear daily reports of data breaches, compromised credentials, and successful hacking attacks, some at major enterprises, and have reservations about opening systems to remote access or committing resources to a move to the cloud. However, sometimes for business survival, they have no choice.
As a result, Cloud Security is at the forefront of the IT head’s mind. Trusting an organisation’s critical data to a third party in a public cloud can seem a step too far. A Due Diligence exercise is essential to ensure that the third party’s user identity management, access, and authentication protocols and procedures are secure. The exercise must also cover business continuity policies regarding backup and recovery.
If they operate in different legal jurisdictions it is wise to understand the legal environment of each, the data protection, privacy, and security laws and regulations they operate under, and how they relate to the laws of the home base. In a global environment that can be an exercise in itself. It also feeds into compliance.
In all cases, the organisation must have a Data Protection plan in place to ensure that the organisation can be up and running once again as fast as possible should there be a loss of service or data.
Cost Management
It’s generally accepted that a move to the Cloud will save costs, perhaps not initially, but certainly in the longer term. By outsourcing to an MSP, equipment, software, and resource costs can be moved to a third party. As a result, Capex can turn into Opex, providing a degree of certainty about the future cost profile.
Having said that though, scaleability is still an issue. IT systems have an unfortunate reputation for costing more and taking longer than budgeted, and unexpected changes in the business environment may need urgent attention. At some point, hardware and software will need to be replaced or upgraded.
Additional hardware and software Capex costs are absorbed by the MSP and transferred to Opex, but as discussed below, resource costs will be variable.
What will be essential are excellent financial analytics and reporting, clear, implemented, and managed policies for cost containment, and an active management reporting environment.
Resource Availability
Moving to the cloud and maintaining a cloud infrastructure needs resources, some temporary, some permanent. Managing and developing in-house and cloud-based systems need different skill sets. Gartner has stated that a major cloud challenge to enterprises is a shortage of resources and expertise, which of course drives up costs and increases the delay in sourcing the proper skills.
In many cases, SMME organisation cannot afford cloud specialists and can either outsource the skills to their MSP as part of the public cloud hosting deal, train up their existing staff, or as is becoming more common, automate where possible.
Network management, with the new Software and Intent-based networks, is already well down this road. A new range of DevOps tools is automating common management functions such as automated backups, monitoring resource usage, and issuing alerts for uncommon usage patterns.
Finally, Compliance and Governance. Organisations are required to comply with local laws and regulations, and in some areas, industry regulations. This is best dealt with during the Due Diligence phase of MSP selection.
In a similar vein, governance issues need to be addressed, particularly in matters of infrastructure management. Existing policies and procedures need to be reviewed and revised.
Public Clouds are rapidly becoming a fixture, but need to be handled with care.