The public cloud has gained significant traction over the past 15 years. AWS has been scaling rapidly in recent years — in the second quarter of 2020 alone, AWS generated cloud computing and hosting revenues of almost $11 billion. Momentum in the space continues to build pressure for companies of all sizes to shift to the public cloud. As an analyst, I like to take a step back and examine people’s strategic decisions, so my question to everyone making this leap is simply: Why? What research and analysis went into making this choice?
I’ve heard answers ranging from “The CIO told me to do it” to “It will save money” and “The board thinks it’s a good idea,” but rarely are these reasonings backed by data or critical thinking about the most “cloud smart” decisions for the business. Rushing to the public cloud without first thinking critically about technical, operational and financial due diligence is reckless — and it could cost you. Here are three considerations for building a truly cloud-smart strategy.
Factor No. 1: Security
On-premises security practices don’t translate to public cloud environments, and many leaders fail to adequately consider public cloud security concerns before making the jump. The 2019 Capital One breach of about 106 million customer records illustrates a prime example of the mess that can result from public cloud security lapses. Beyond compromised consumer data (which should be reason enough to prioritize cloud security), the financial repercussions of security breaches are significant — a single security breach costs organizations an average of $8.64 million in the U.S, according to a 2020 report from the Ponemon Institute and IBM.
Take security into consideration by thinking through how well equipped your team is to handle cloud changes. Public cloud tooling is different than that of a traditional enterprise — instead of perimeter firewalls, there are security groups. Access is also different, and you will need to redo honed security practices. Public cloud providers can correct security flaws fast, but sharing hardware between customers can make them more vulnerable. Also, consider whether you have the right skilled security talent on board to manage new public cloud practices. According to David Linthicum, Deloitte Consulting’s chief cloud strategy officer, “The skills gaps — not only in cloud security but cloud databases, cloud networking, and cloud monitoring — [are] becoming the real barrier to enterprise cloud adoption.” Without the team to make it happen, your public cloud strategy could fall flat and cost you.
Factor No. 2: Migration And Other Hidden Costs
I’ve heard people compare the cost of public cloud deployments to medical billing costs because you may never know what the bill will say until after the fact. This article (registration required) on how public cloud costs can soar illustrates how companies are often surprised by their public cloud bills — and may not be able to remediate the cost issue until it’s too late. One Nutanix customer realized halfway through its public cloud migration that costs would be much higher than anticipated and came back on-premises. According to a recent Hybrid Cloud report by Nutanix, organizations also face challenges moving applications to the public cloud — including needing to rearchitect or replatform applications when moving them across clouds (75%) and dealing with the complexity of the migration (71%) — and these actions can be costly.
When they’re considering reducing the costs of migration challenges, companies should again think about talent first. Prioritize hiring for redundancy, and back up specific skill sets (either specialized staff or consultants). And before even getting started with the public cloud, think about which workloads make the most sense there. Fluctuating, burstable workloads typically work well in the public cloud because you can oversubscribe your resources safely, while predictable workloads often run at a much lower cost on-premises. Know that sticking to your cost needs will depend on your workloads, and often, predictable workloads are better suited to hybrid cloud solutions.
Factor No. 3: Immobility Risk
If you go natively to the public cloud, you become dependent on its methodologies and tools, and it can be a time-consuming shift. Say your public cloud provider raises prices or fails to meet SLAs or maybe starts to compete with you — there are myriad reasons you may want to switch from a public cloud provider. And if you’ve gone natively to the cloud, you’re left high and dry. One service provider we worked with, for example, had spent a great deal of time and money refactoring for AWS but ran into problems when a large new potential customer would only work with Azure.
Before you jump to the public cloud and assume it’s right for your organization, consider the financial ramifications of lock-in. If you provide SaaS for external customers or consider cloud cost minimization as a primary concern, or if you wish to enhance resilience by utilizing disaster recovery in a separate cloud, consider incorporating an abstracting layer to enable cloud mobility.
The public cloud can be costly and complex; hybrid and multicloud environments might be better approaches for some and provide the best of both worlds. Cloud is not a destination — it’s a software-defined approach that can enable the automation of IT infrastructure management. Any infrastructure — public, private or hybrid cloud — needs to be evaluated with financial concerns top of mind and within the context of the organization’s long-term business goals. Don’t be seduced by low-cost narratives. Do your homework.