The Most Common Surprises When Moving to the Cloud
Fluffy Clouds.
Recently, I took my kids to see the movie Cars 3. If you have kids, there is a good chance that you’ve seen the movie too. Then, you know how they use the term “Fluffy Clouds” in the movie. There is the scene where our hero, Lightning McQueen, is trying to calm the nerves of Cruz Ramirez. On the track, he tells her to think of fluffy clouds — fluffy, fluffy clouds. In the movie, it works well. However, as I was sitting in the dark theater and the movie reaching its undeniably happy ending, all I could think about was a Fluffy Cloud.
The vision of a perfect, fluffy, white, billowing cloud is how many Board Members and C-Level Executives perceive moving to the cloud. It’s their answer to everything. What can ever go wrong in the cloud? After all, the cloud providers have security, don’t they?
In this three-part series, I’m going to talk about the most common surprises I see when those companies move to the cloud — and how they could have avoided them.
What is Your Security Posture?
For some companies, there is a huge disconnect around security. The posture is either described as “We can’t stop all of the attacks, so why even try?” or, “We don’t have anything anyone wants to steal.” (I wrote an entire blog post about that subject here.) If this describes your company’s security posture being used today, then moving to the cloud is a good strategy and you should start at once. Gaining the default cloud security is better than nothing.
On the other side of the spectrum where you understand the importance of data security (as it is pointed out in this Forbes article: Why Data is the New Oil), you already understand that moving to the cloud is just like moving to someone else’s datacenter. (You don’t control the infrastructure, but other than that nothing else changes). On this side of the spectrum, your data is valuable and it needs to be protected regardless of where it resides.
If you are moving to a hybrid cloud model where the consistent workloads are staying in your datacenter and the elastic, on-demand, kind of spin-them-up-and-tear-them-down are going to the cloud, you are like a lot of my customers. Completely getting out of the “host your own datacenter” business doesn’t make financial sense in all cases. However, the benefits of moving to the cloud for its flexibility, elasticity and geographical diversity can’t be denied.
Suprises In the Cloud
Surprise #1 – Redundant systems.
As you move to the cloud, you quickly have another virtual datacenter. This is great. It’s exactly what you wanted and it was quite simple. However, if you were not moving to the cloud and you were simply building a redundant data center yourself – somewhere in another geographical location – as a best practice you would still use the same set of tools to manage both.
What I see a lot of newbies to the cloud do, are to simply use the new tools which are provided to them by AWS or Azure or a trusted third-party of the cloud provider. It works well because it meets their needs, but now you are managing two separate systems. One that provides X in your datacenter, and one provides the same X in the cloud. But they have two separate systems.
Redundant Security Controls–
Even if the cloud partner is a vendor that the customer used in their physical data center, often times I see a separate console or cloud control center. So as an example, if you use Palo Alto to secure your physical datacenter and Palo Alto to secure your cloud, that’s great. It’s the same vendor. But you don’t have the same controller controlling both and the logs are disjointed.
Redundant Back-Up Systems –
At least in the case of Redundant Security Controls, you have the same vendor. What about backups? Let’s assume we are using o365 for email. A user deletes important mail and needs to get it back. The retention time for deleted items in o365 is 14 days. When mail was hosted on site, you would go to a tape or a digital archive and bring it back. In this case, bringing older emails back is not even possible.
This scenario is obviously solved by some type of cloud backup provider and now you are covered for archiving/regulatory/retention requirements. Is it the same console that you use for backups in your physical datacenter? Is it at least the same vendor?
Planning is the Key
Fast forward six months. When, all of a sudden, companies are managing two distinctly different datacenters with two distinctly different sets of tools. All the skillsets are different and the breadth of knowledge is quite different.
Planning for this is key. Maybe it’s not possible to move your current physical datacenter vendor to the cloud because of a lack of features or functionality. Maybe they just are not as good in the cloud as they are in the physical world. That is ok, but at least understand that limitation. When you make the move to the cloud, choose a vendor in the cloud that can also secure your physical assets and, when it’s time for a refresh at the physical level, move your cloud vendor into your physical world.
This is just a growing pain. Everyone will eventually figure this out. However, the vision of the fluffy clouds can be achieved. If you don’t have to experience the pain to get there, the happier you will be.
In part two of this three part series, I will be discussing the second most common surprises when moving to the cloud. Accessing the Cloud- Getting there and monitoring the traffic.