I’ve been asked numerous times over the past few months on whether or not clients should be using the cloud. The original “cloud” providers were web hosting organizations. These providers provided redundant internet paths, redundant hardware, networking infrastructure, power, cooling and all the bells and whistles now touted by some of the larger cloud vendors. They simply “rented” space on their physical hardware for a low monthly price. Many customers chose to host their web content on external providers assuming that a dedicated provider would be able to patch and maintain a web server much more efficiently than their own staff. While true, much of the web content hosted 10 years ago was static content, contained really no sensitive data and was accessed by relatively few individuals.
Fast forward to 2011 and the explosion of on demand services, hardware, virtual-desktops, hosted Microsoft Sharepoint & Exchange, hosted apps like SalesForce give organizations a choice between in-house or in-the-cloud. These dynamic applications rely upon a tremendous amount of information being stored and hence the security concern. We all understand that security is a trade-off between risk and cost. The more money you spend on security should buy us additional security, but at a certain point the risk / reward just doesn’t make sense. We should take the same approach to the cloud. Many clients today are conducting SoS (Statements of Sensitivity) on applications. Depending on the level of risk an organization is willing to undertake with specific applications may make them perfect candidates for the cloud. For example, an e-commerce site with a limited number of products and a hosted payment page may be a perfect candidate to try out the cloud. By completing a statement of sensitivity it may become clear that there isn’t a tremendous amount of risk or exposed data. Why not use this as your cloud trial?
In 2010 Tiffany Bova from Gartner hosted a session and described the cloud as simply a different method of service delivery – perhaps we should think of the cloud as we did with virtualization six or seven years ago, start with some light weight, low resource intensive applications that aren’t mission critical to get comfortable with the cloud infrastructure. Who knows? You just might like it – just don’t wait 3 days to call it back.
This post deals primarily with the concept of 'public cloud'. If you have questions or comments regarding this subject, or would like to talk to someone regarding the distinction between public, private, and hybrid cloud, please leave a comment or contact us via our contact page.