I love learning how people come from different places based on their perspectives. The March 2017 meeting of the Indy CIO Network took up the topic of cloud strategy and the conversation was remarkable.
What Kind of Cloud?
As a pilot, I was trained to identify different kinds of clouds so that I could avoid getting caught in weather that either the pilot (me) or the plane couldn’t handle. I came to appreciate the number of different kinds of cloud formations there were and how knowing what they were could keep me safe.
When we’re talking about technology clouds, there are a few options:
- Infrastructure as a Service (Iaas) – Virtualized machines that you can manage as if they are on premises.
- Platform as a Service (Paas) – Containers that you can deploy your solutions into to take advantage of larger data centers and other resources that may not be practical to deploy yourself.
- Software as a Service (SaaS) – A software package licensed with hosting of the application included. This bypasses the hidden maintenance costs of running a server and managing a software package.
With flying, the challenge was always safety; with the technical cloud, it comes down to security.
Security – Better or Worse
On the one hand the availability of cloud-hosted resources would seem to have a worse security profile than something locked away in our respective data centers. After all, availability and security have been natural-born enemies since the beginning of time. It intuitively makes sense that if it’s more available then it’s got to be less secure.
On the other hand, the cloud service vendors generally have better resources than a small- or even medium-sized company might have to purchase intrusion detection and pay security analysts to continuously monitor what’s happening on the systems. So they’re a bigger target in aggregate, but they’re also bringing substantially more resources to bear than we could if we had the services in our network.
From a practical point of view, the surface area – or availability – isn’t all that different between a server hosted in the cloud platform vs. one that’s on your local network. Most organizations recognize the need for employees to work while traveling. As a result, virtual private networks (VPNs) have become common, so most employees really have availability to get to information no matter where they are on the planet – or in the air.
In the end, the kind of security technology being deployed and the rigor of the security policies – including checks and balances – generally means that cloud-hosted systems are more secure, even if this seems at times to be counter-intuitive.
The group agreed that cloud hosting doesn’t save you direct costs – or at least not much. What the cloud services give you are features that you can’t afford to implement on your own. Whether it’s a service level agreement (SLA) that includes a lot of 9s or elasticity, cloud isn’t about cost savings. It’s about mindshare and capital savings.
In some scenarios, the goal is to increase uptime and geographic diversity to handle outages in a way that just isn’t practical to do internally.
Very High Availability
Some systems just can’t be down. The business cost of being down, both directly and in terms of the brand damage, are just not tolerable. Even when the primary operations are on your environment locally because of proximity or other needs, having the ability to switch to a cloud backup when you’re not able to service customers is essential.
While there are very high profile outages at Microsoft, Amazon, and others, these outages are, generally speaking, quite rare. The amount of redundancy that exists in their environments simply isn’t practical for the mid-sized organization to buy.
The Real Risk and Opportunity
It seems that the real risk and opportunity with developing a cloud strategy is scaring your IT professionals with not having a job. My observation, and those of some of my national peers, has been that it isn’t IT professionals losing their jobs – it’s that their jobs are changing to be more customer-focused and interactive.
So while the fear of being replaced is there, the real opportunity is for our IT staff to become more closely aligned and embedded in the organization, so that IT isn’t seen as something distant and far away, but is instead seen as a partner trying to help the business get things done.