5 cloud dos and don’ts

Look around businesses, and it’s easy to point out companies struggling with cloud adoption. They often end up in the news, with one data breach or another.

So, which companies are shining? 

Netflix is the perfect model, the “epitome of what everyone should be doing” in the cloud, M. David Peterson, cloud architect at MasterControl, told CIO Dive. 

It’s a lofty example for other companies to live up to.

Netflix has a well-documented approach to cloud technology, an approach it began in August 2008 after it experienced a major database corruption, which stopped it from delivering DVDs to its subscribers (the quaint days of yore).

The scalable compute and storage needs the cloud offers allow Netflix subscribers to binge 24/7. Availability, cost reduction, elasticity, reliability … Netflix boasts about it all. 

At its core, Netflix is a tech company. And for the average organization, its tech model is a far-off pinnacle. 

One takeaway is clear. Netflix went all in on the cloud, relying on Amazon Web Services to grow its infrastructure. It became a backbone of the company’s strategy. 

CIO Dive spoke with cloud experts to understand what companies are doing right — and wrong — with the cloud. 

Have other dos and don’ts? Email us at [email protected].

#1 – Don’t: Move to the cloud without understanding a business case

Do: Connect with business stakeholders on how cloud can support the bottom line

Companies understand the need to move to the cloud, but don’t always understand why they’re moving to the cloud. 

That’s not to say business blinders are on. CIOs see the cloud as the principal modernization enabler, necessary for meeting C-suite priorities, recent McKinsey research found.

Businesses are moving to the cloud for efficiency, digital efforts or a combination of both, said Mukesh Ranjan, senior analyst, information technology services at Everest Group.

Making cloud technology interoperate with other systems, working seamlessly between efficiency and digital standards, poses a stiff challenge. 

Peer pressure comes into play and companies want to move to the cloud to optimize costs or drive operations, without a strategic business case, Ashwin Venkatesan, VP of information technology services at Everest Group, told CIO Dive. 

A business objective, for example, would be healthcare company wanting to use the cloud to solve challenges with claims processing, according to Venkatesan. 

Cloud strategy cannot come from the CIO alone. Rather, IT leaders have to partner with the C-suite to articulate the business benefits of IT transformation, aligning the CEO and CFO with technology strategy.

#2 – Don’t: Bank on lift and shift

Do: Migrate to the cloud with a cloud-native approach

In the early years of the cloud, companies could treat Amazon EC2 as their data centers, said Peterson. Industry has shifted toward service-oriented architectures in the cloud, catering to a cloud-native approach. 

In an infrastructure as a service (IaaS) model, companies no longer have to worry about the bare metal of server hardware. 

When migrating to the cloud, companies have to entirely rethink their operating model and the services management layer, Venkatesan said.

Rather than shifting existing on-prem applications to a cloud environment, companies are better served adapting applications for the new, more agile environment. 

It’s a common folly, Venkatesan said. Not all applications or workloads in an existing environment are “designed or architected” to get the maximum value of the cloud, when considering agility and performance.

Application-driven design will dictate where apps go in the cloud. 

Besides best fit for purpose, consider cost. 

Companies can save money if they rethink technology in the cloud, Peterson said. If an organization is set on mimicking the data center in the cloud, it will waste resources.

#3 – Don’t: Live in fear of vendor lock-in

Do: Consider efficiency and integrated services when adopting a single vendor

Fearful of a past era of technology, dictated by service lock-in, companies are adopting a hybrid cloud strategy, weaving together on-prem and cloud systems and capitalizing on a kaleidoscope of vendors. 

Vendors, too, are offering interoperability options, appeasing eager customers. 

Though well-intentioned, companies often “shoot themselves in the foot” when they try to get developers to architect in a cloud-agnostic way, said cloud architect Andy Barr. 

“What ends up happening is you actually get the worst of all vendors” because you get inefficient developers, he said, in an interview with CIO Dive. Companies miss out on tight knit service integration from a single provider.

Once a company has a cloud architecture in place, it’s not a simple change to migrate to another cloud. 

The reality of switching cloud providers one an infrastructure is built is a “vastly overblown possibility,” Joshua Hutt, cloud architect, told CIO Dive. 

A hybrid strategy, too, emerges as a stopgap, and companies end up adopting full cloud eventually.

#4 – Don’t: Follow dated administration practices, which could hamper developers

Do: Execute a top-down strategy, architecting the cohesive messaging and team structures

Companies have entrenched processes for working with technology. Even when a new technology comes along, it does not break old habits. The same administrators want to be in charge of credentials and the same developers want to push the boundaries of rules. 

Offering cloud credentials and keeping talent happy is a delicate process. 

If a company is just starting to look at the cloud, grant each developer or team their own account, said Hutt. Limit their expenditure, but also allow them to run with the technology. 

Where teams fail is when they receive access to the cloud, start working and when they get ready to ship they are blocked by a network or system administrator who pushes back on data access.

“It really does have to be a top-down strategy,” Hutt said. “I think there has to be the right messaging and team structures around it so when these requests do start coming in, they are paid attention to and triaged and actually addressed in the right way.”

Developers are not cloud royalty, with teams required to appease their interests in the name of progress. Developers need to understand how their code fits into the larger technology strategy. 

Businesses cannot have people who understand just infrastructure or networks, according to Venkatesan. It requires a T-shaped model, where cross-functional skills enable design. 

Building a secure cloud requires people who understand security in a particular environment, he said. It’s more than just understanding security and the cloud, separately, but rather how they work together. 

#5 – Don’t: Believe on-prem systems are more secure than the cloud

Do: Encrypt by default

Since the advent of cloud technology, C-suite executives have fretted over security. 

Rightfully so. The news is filled with stories of open buckets and credential mishaps, as was seen with Capital One’s breach. 

But technology experts are convinced: Third-party cloud providers are fundamentally more secure. The real breaches that happen usually occur at the operations layer.

“It’s because the policies, the controls have not been implemented in the right fashion,” Venkatesan said. “It just ends up leaving lots of data that is open in the public forum and the cloud providers have nothing to do with that.” 

It all comes down to how operations are set up, how configuration and security policies intersect and how users are educated. 

One deterrent could save many companies: Encrypt. 

“In this world encryption is the fundamental basic building block of everything,” Peterson said. Too many people try to get into systems and eventually someone does. 

If the files are encrypted, there’s no issue, he said. 

Source link