Debunking Common Cloud Computing Misconceptions
| nmb@konfitech.com
The expectations from cloud computing were and still is huge, many analysts and experts alike are anticipating most of the cloud computing workloads to be done in the cloud. Especially for enterprises, who are the most technologically advanced companies. However, there is a clear lag in the number of enterprises having their workloads in the cloud. One can only imagine what this number looks like in other sectors, and those industries mostly neglected by cloud providers.
The lag in cloud adoption has not come from people not seeing the value of cloud. Most people do see the value of cloud, rather the block comes from the roadblocks and concerns that has appeared along the way their operating models are.
Many have concerns about security, costs, latency, development model, etc. and stop adoption while not properly understanding the cloud. Leading to common misconceptions about the cloud for the business stakeholders and sometimes IT leaders. The best cloud companies have understood these common misconceptions and addressed them accordingly. Today in our article about the cloud we will give you the opportunity to get the overview of what these cloud misconceptions are, and how you can mitigate some of them.
Misconception no. 1: Clouds biggest value add is the cost reduction.
Cloud computing is great because it is on demand and pay-as-you-go. Meaning that the expenditure shifts from up front capital expenditure to an operating expenditure. Where you only pay for what you use, and you get as much compute as you want. With it, the cloud brings a radical shift in the potential cost structure of IT. In another blog post of ours, we talked about what you can do to make the most out of the clouds consumption model to impact your bottom line:
https://www.konfitech.com/konfitechs-blog/how-to-optimize-for-cost-in-the-cloud-sourcing-and-consumption-models
However, even though the cloud has amazing cost benefits, it is not the most impactful piece of it. The potential cost reduction is a nice side effect of it. The most impactful thing of cloud implementation that many fail to realize is the impact on the business and IT. While application spend may be cut in half, that is only pennies compared to the impact it has on speed and flexibility. Spend on IT is generally not higher than 10% depending on industry of course and reducing that to 5% will have an impact. However, leveraging the cloud and the computational powers it has improve the speed of innovation, reducing the time to deliver product, and other incremental improvements will eat the hard cost reduction for dinner.
With the capabilities of cloud computing, you are now able to boot up experiments quickly. Such as a proof-of-concept Natural Language Processing LLM to handle customer requests. Bring it to production and quickly iterate on it, without having to make the capital expenditure up front. You can now make these experiments in under a day, by taking what is available to you in the cloud and booting it up. Driving competitive advantages, and strategy execution faster than never.
This is just one of many advantages you could get, imagine the capabilities in data analytics, automation, automation of development like DevOps, integration of security in all processes like DevSecOps. The biggest value does not come from cost, but the impact it must transform the core business because of how the consumption model of the cloud is.
There are also huge horizontal opportunities, with now industry specific content emerging. In one of our other articles where we write about industry clouds and its impact.
https://www.konfitech.com/konfitechs-blog/what-are-industry-clouds
We find that now, more and more specialized software, infrastructure, and platforms are being made readily available in the cloud. Meaning that you no longer require specialized developers, software, or competency to deploy some of these applications. They will be there, ready for you to consume, whenever you want it. All in the cloud.
Misconception no. 2: Cloud is more expensive than on-premises computation.
In certain scenarios, there is often a misconception that the actual hosting in your own private cloud is cheaper than moving to the cloud. So let us carefully carve out the most common scenarios where cloud seem more expensive than on-premises and break them down.
The first batch of scenarios is mostly related to the starting point of the organization. This is important because depending on where an organization is now, the cost image might be drastically different. Operating model, architecture, and governance plays a major role in explaining the reason the organization are not getting the expected benefits from the cloud. This is because once they are in the cloud, the optimization games begin, and to reap the benefits they need to optimize.
Starting points such as maturity in the life cycle of various infrastructure and applications plays a part in starting point.
- You might have made a new or better licensing agreement for on-premises.
- You just updated your data centre.
These two scenarios will make the move of those types of systems to the cloud be duplicate costs. Meaning that it will not make too much sense. However, do not let this be a showstopper for moving the workloads that you can to the cloud. As these two events are not impossible to work around until their lifecycle is up.
The reverse of these two scenarios, when you are at the end of the on-premises data centre migration, or application licensing agreements it can be extremely attractive to move to the cloud. As you can rid yourself of the expensive capex infrastructure and move to the more agile cloud way of consuming resources.
However, setting the starting maturity away for a moment we need to examine other consumption practices for the cloud.
One example is the general consumption model many businesses have aside from the individual cloud they select from like Azure, AWS, or GCP. Moreover, the cloud solution providers, who are the middlemen certified by Azure, AWS, or GCP to provide services on their behalf, usually with some additional packaging around the cost. As your computational needs increase, you pay the CSP for a CPU. A common word for this used in the world of cloud is Total Cost of Ownership, or TCO for short. The benefit of the cloud is that you can automatically scale the computational resources needed to run the application at a good level. While purchasing hardware you are paying for a fixed amount of compute around the clock. The cloud-based model will allow you to adjust to need and therefore save cost, as you never have to invest or decommission in hardware to accommodate for variable traffic.
The TCO is the actual cost of purchasing, deploying, using, and eventually retiring a piece of equipment. Basically, a summary of all the cost it accumulates over its lifetime. One of the misconceptions is that the autoscaling of cloud does not save money in this manner as many have complained about after lift-and-shift migrations. However, this is not due to the cloud itself, rather a resource governance specific problem.
For it to make sense to migrate an application to the cloud, you need to make sure that the application architecture is reflecting a need for resource scaling and adjustability, alongside governance, and transparency of those processes. Being realistic about what applications will save money going to the cloud.
Because the reality is that TCO in the cloud is usually lower, which is including the short-term cost pains of implementation. Because you have to factor in the benefits mentioned in our first point, that the side-effects of the cloud such as increased speed, feedback loops, and capabilities will make it all worth it in the end.
Misconception no.3: The security of a private on-premises infrastructure is better than the cloud.
The fortress of network security is not that much safer than the identity heavy cloud. Yes, you do outsource part of the security process as now the datacentre and network security are in the hands of a Cloud Solutions Provider or CSP. Many are concerned about that just because they can’t control the physical environment around the hardware and the network that the cloud is not safe enough. All CSP are hiring the top security people around the world because a breach in security for them would be detrimental to their brand, image, and reputation.
Most of the breaches of security has been due to faulty configurations by end customers.
This means that the cloud providers themselves are very safe. However, the competency to build safe practices on the cloud are in demand. So, the misconception that the cloud is less secure is simply not true, you might just lack the capacity to build a secure cloud for yourself.
One of the most key traits of security in the cloud is therefore governance. As in the past security the premises could and sometimes was more than sufficient from preventing malicious actors from getting in. Now you need to protect the freedom of movement for identities to secure what is capable. As the layer of security around the premises is something that you outsource when using the cloud.
These governance decisions impact the users of the cloud, typically developers or similar users. Are you building and enforcing policies of what they can or cannot do in the cloud? These are the things that really creates a big security impact. As you can enforce the type of behaviour you want to see, such as all data at rest must be encrypted, or require backups.
In the cloud it can be useful to have a security operations centre or SOC for short. However, this traditional enforcement of security as an after thought of many processes is no longer valid. The SOC is no longer a controlling organ of security in the organisation, but a centre of live security practices being pushed out in the organisations. All areas are now required to execute on cyber security, and the SOC is the centralized controller still, but no longer the executor of cyber security. In the cloud this model is distributed to superusers of the cloud and normal users.
As we described in one of our articles on DevSecOps which is the combination of Software Engineering or Software Development and Cyber Security. How the model nowadays is in the cloud.
https://www.konfitech.com/konfitechs-blog/combining-security-and-devops-devsecops
The policies are set by the SOC and the developers for example work alongside project managers and all others to take cyber security in account during their development process. Making it an integrated part of the process and building automated security checks into testing of new additions of code.
So yes, cloud can be more or equally as secure as on-premises given that you adopt the right ways of working and competency to be able to make it secure. You need competent personnel to set the best policies and adopt operating models such as DevSecOps to make the cloud safer.
Misconception no. 4: The cloud is further away and faces more traffic so it will be slower for our users.
Many organizations are afraid that the cloud brings with it increased latency. This misconception is not rooted in if the cloud is slower than a traditional data centre or not. It is more actually at root a security concern, as the clouds data centre itself is not slower than a traditional one. It is probably faster due to the delivery model of the cloud.
The cloud is slow if it needs to be routed through a core on-premises network to fetch data to distribute. However, if utilized correctly, meaning that you trust to store data in the cloud and change the architecture to reflect a cloud intended distribution. You will see that you will decrease latency as you can distribute delivery better geographically, and with a scalable workload across regions.
To mitigate the issues clients, have in relation to security and speed of network connectivity, the cloud suppliers have created a multitude of options for the clients. They now have VPN and other Network security tools specialized for cloud so that you no longer need to send data over the public internet. Some cloud vendors also have facilitated for an internet connection via fibre directly to their data centres.
However, the core issue will be resolved once companies stop routing data via the cloud and their data centres. Arguably when this shift in architecture occurs, cloud native applications will deliver faster and better than the on-premises.
Misconception no. 5: The cloud will decommission the need for infrastructure specialists.
Adopting the cloud which delivers Infrastructure-as-a-service or IAAS for short, does not mean that you will not need infrastructure people anymore. Although in the process of adopting the cloud you do shift the responsibility of things such as network, hardware, maintenance, etc. to the cloud provider. Key tasks still remain and with the increased speed and flexibility of cloud you do need infrastructure people to manage governance, set up, security, among many.
Overall, there is a shift in what skillset is the most needed for the workers, and the operating model changes that is happening will reflect that.
Moving into the cloud you will need to configure and set up thousands of services, and data shows that the largest security breaches in the cloud are due to faulty configuration by clients. The infrastructure team will play a pivotal role in setting the standards in the cloud, ensuring architecture is compliant with the standards they set. Similarly, like a Security Operations Centre, they should work in a hub-and-spoke model. Pushing responsibility to set up and configure out to superusers such as software engineers or developers or project managers. While they train them to make the right choices and set governance policies to ensure that they can’t operate outside of the perimeter the infrastructure team decide.
The infrastructure team is a key part in enabling lean, fast, deployment of required infrastructure to run the business while maintaining secure operations.
Misconception no. 6: You must lift and shift entire applications or data centres to be successful.
FALSE.
Moving an application to the cloud can save a little bit of cost, possibly, however if there is a part of the application, such as the identity piece that is still running in the on-premises data centre. The organization will not be able to reap all the benefits of moving because the business domain that the application helps enable will not get the speed of innovation and flexibility that the cloud brings.
Sure, moving to a hybrid model can be helpful for cost, or in a transition period, but the most valuable is when you can enable an entire core business unit by moving their entire domain to the cloud.
Moving entire data centres bring a lot of risk, it is a big investment then, and you also do not know what will work well in the cloud and what will not. Giving time pressure to rearchitect applications. Moving a business domain is better, as you can put one ecosystem at the time in the cloud.
A problem may arise if different business domains are sharing applications for synergies. Then the hybrid model will be good for a transition period until you can confidently lift the application.
Misconception no.7: When migrating an application to the cloud I need to keep it as is or refactor the entire architecture.
If you do decide to lift and shift, as we have discussed above, the architecture is most likely not adapted to the scalability and consumption model of the cloud. Leading to inefficiencies in cost and speed.
If you then do decide to rearchitect the entire thing to be optimized for cloud, this will take a lot of time, effort, and complexity risk.
Although it would be best if everything in the cloud was optimized for the cloud, it does not have to. There is a reason that we see an increase in hybrid cloud models. You can apply a variety of techniques from containerization of applications, automations, and integrations to make the application better than it was on-premises. Which will make the investment worth it to move to the cloud, and you don’t have to take all the up-front risk of rearchitecting the application up front either. You can now dynamically do it, test, and experiment with it in the cloud.
Workload by workload, segmented by domain.
https://www.konfitech.com/konfitechs-blog/a-cloud-first-approach-to-source-modern-applications-that-innovates-and-transform-the-business
Now that you know the misconceptions about cloud, how should you address them and get the most out of cloud computing?
Funding and investing in cloud computing.
The pace of innovation has not slowed down over the last 20 years, and the cloud is one of the innovations during this time that improves business capabilities and cost. Unlike the other technologies, the cloud is most likely here to stay as it just makes more sense to outsource the networking, hardware, etc. alongside the consumption model the cloud brings.
The economics of the cloud involves building talent and moving applications to build better business capabilities such as speed, flexibility, scalability, and lower cycle times. This is where the biggest benefit of cloud is, and the cost reductions is a very welcome side-effect.
As a leader looking at adopting the cloud, you should get the most out of it. For the moment you should acknowledge the cost reductions it brings, but it is not why you should move to the cloud. As a leader you need to invest for the business itself, the future, the benefits you will get from gaining competitive advantages.
Changing the operating model and how you fund the operations. Now projects and capital expenditure is a thing of the past, and in the cloud, you are now giving operational expenditure to fund the operations of the cloud. Migrating (hopefully) business domains and enabling them through funding platforms with operating expenditure. The platform-based IT infrastructure model will allow for continuous funding, improvement, and innovation. Rather than the project based up-front improvement investment of the past.
This type of shift in funding, and where to get the funding for are pivotal questions that needs to be addressed by the leadership in the business. As you need to allocate resources and capital from various places to make the shifts required to improve the business.
Operating model for cloud computing.
Whenever the way of gaining funding is straightened out, and a shift has been made. The ways of working need to change, as parts of the service has been outsourced and now organizational structures will change, alongside skillsets.
The operating model needs to be created in such a way that it now supports a continuous lifecycle which a platform requires, rather than a project, as the cloud economics will reflect.
This new operating model of the cloud will have many requirements to the core business, as we see that much responsibility has been pushed out to superusers. There is more responsibility on the users of the cloud, and hub and spoke models has been set to enforce governance and policies.
These decisions of governance and standards in the cloud will affect how the business can interact with clients and users of their IT infrastructure. Therefore, these decisions are key that they are involving leadership teams.
The security of cloud.
As we discussed in our misconceptions above, there are many misconceptions that are rooted in security concerns. The business and leadership need to be aware of these risks, and that they are out there if not dealt with properly. Because they might hurt themselves not knowing that they are mitigable, and what the appropriate steps should be to address them to safely adopt the cloud. Risk should not stop the innovation or progress; however, a measured possible hybrid approach should be taken. Based on risk strategy, what is an acceptable amount of risk given that you can now execute better on your strategy.
Changing your organization for the cloud and improve interactions with the core business.
Achieving the promised speed and agility that the cloud promises can be hard without engineering for it. This does not only mean your applications but also your people. Single thread of ownerships should be established for decision makers of business systems and processes to be effectively made decisions for. Which needs to be accounted for in the greater context of the business strategy and cloud strategy.
One way of doing this is to go agile, and change the ways of working from reactive, to continuous proactive. To match the continuous development of platforms, and optimization that is needed. Breaking platforms down into modules and containers, to quickly scale and improve them as needed.
If you do want to learn more about this, feel free to contact us for additional information and a nice conversation: https://www.konfitech.com/contact-us
Or learn more about us on the homepage: https://www.konfitech.com/
Need more insights check out our blog: https://www.konfitech.com/konfitechs-blog