In this day and age, with technology development making leaps and bounds, I am surprised at how many business leaders are uninformed about “The Cloud” – what it is, what it means for business, and how common myths about The Cloud are just that – myths.
Whenever I am working with customers I always aim for them to have an understanding of the options available and how the technology fits together so that they can make an informed decision on the right path forward for their business.
To that end, I’d like to lay to rest some common myths about cloud services in Australia. But first, let’s get some background.
What is “The Cloud” really?
In short, the cloud is simply someone else’s computer.
Instead of having business data, software and workloads running on an on-premise server, they are on a set of service provider servers and storage in a data centre.
Many service providers build their cloud solutions in different ways, but they all essentially aim to offer the same things; high up-time, business continuity, cost effective and secure.
Not all clouds are created equal …
In the world of cloud services there are three types of cloud that you will come across; public cloud, private cloud and hybrid cloud.
Public Cloud refers to cloud services made available via public facing portals and applications where users can login to access corporate data over the Internet. Public cloud solutions are typically multi-tenanted where corporate data for multiple companies resides on the same set of hardware but is segregated at a software level to ensure security. Examples of public cloud services are Dropbox, Microsoft Office 365 / Azure and Amazon Web Services
Private Cloud refers to cloud services which provide either multi-tenanted or dedicated hardware and require a user to connect to a corporate network to access data – IT providers who sell their own cloud solutions use this model. Connection to a private cloud environment is through Virtual Private Network (VPN), Remote Desktop Services, or a Wide Area Network (WAN) between the data centre and the office.
Hybrid Cloud, as the name suggests, is a blend of public and private cloud as well as on-premise hardware to create a converged IT environment.
Now that we’ve established what the cloud is and what types of services are available, it’s time to look at common myths and misconceptions that business leaders often have. These are either based on outdated information, or via poor advice.
Myth #1 – Private cloud is more secure than public cloud
This is a common argument from IT providers who have built their own cloud solutions rather than using public cloud providers. They have made a significant investment into hardware, software and data centre space which they need to recoup and maintain, but to say that it is more secure is just not true.
Fact #1 – Public cloud services like Microsoft Office 365 and Azure are built across geographically dispersed data centres with significantly higher physical access restrictions than most local data centres.
Fact #2 – Data stored in public cloud services is protected with strong encryption algorithms to prevent unauthorised access and ensure that multi-tenanted data is not compromised.
Fact #3 – Users access data via secure connections and two-factor authentication.
Fact #4 – Cloud services are the primary focus of major providers like Microsoft who are constantly developing their solutions, adding features and functionality, and ensuring that services are always available regardless of location, connection or device.
Conversely to the above, private cloud solutions are often:
- Located in a single data centre or geographically dispersed data centres within the same city.
- Built on aged or even second hand equipment to keep costs to a minimum.
- Dependent on the size, capabilities and expertise of the provider’s technical team to ensure that everything is set up correctly
- Dependent on the provider’s financial position to ensure that bills are paid and service availability for their data centre environment is maintained.
- Higher cost to the customer than public cloud.
Myth #2 – I have to use private cloud or on-premise servers because I have sensitive data
This comes up quite often when it comes to data that is bound by sovereignty laws and must reside in the country of origin.
For a time, this was an issue for Australia as major providers had their data centres overseas but is no longer the case – and has not been the case for over 2 years now. However, it does depend on which service that you are using.
Microsoft and Amazon have Australian based data centres in Sydney and Melbourne with measures in place to ensure that customer data does not reside outside of the Australian borders, but Dropbox still stores data in the USA.
The data centres and encryption used for services such as Office 365 and Azure are tightly secured and compliant with government information storage requirements. In fact, both have been certified to comply with a variety of international standards including the following:
- CCSL (IRAP) by the Australian Signals Directorate
- ISO/IEC 27001 and 27018
- HIPAA-Business Associate Agreement
- FISMA/FedRAMP Authority to Operate
- FIPS 140-2
- Microsoft Data Processing Agreement
- PCI DSS Level One
Certain standards like PCI-DSS do have considerations which may define design and suitability of public cloud services for higher levels of certification, but do not necessarily rule them out completely.
Since all standards certifications involve regular and thorough auditing by independent parties, many private cloud providers do not have these in place due to the high the cost for compliance.
Myth #3 – I lose control of my data when it’s in the cloud
A common objection to moving to the cloud is “I like knowing that my data is right here” – referring to their on-premise server. “If something goes wrong I can use the disk from home to get back up and running”.
While it is true that as a subscriber to cloud services, you do not have control over the physical hardware or location of your data, the terms and conditions offered by cloud providers do provide you with assurances for service availability and geographic boundaries.
Regardless of location your data is your data and you can get your data back at any time.
To ensure that your data is safe, cloud service providers offer advanced protection features on their platforms such as Data Loss Prevention and Rights Management Services. These provide you with protection from internal and external security threats while your data is both at rest (stored) and in motion (active / transmitted).
Most adopters of cloud technology have found that while they relinquish control of the physical environment, by moving their data to the cloud they gain greater control of their information.
Need help with your cloud migration?
Resolution Technology is a Microsoft Gold Partner with competencies in Cloud Productivity and Cloud Platform. Our team are experts in planning and executing cloud migrations of all sizes, and we are happy to assist with yours.