Top 10 Cloud-Based Myths Part II


We continue our conversation from the past few weeks about Cloud Based Solutions vs. In-House. Last week we talked about Garner’s top 10 most common myths for cloud solutions analyzing the first 5. For Part I Click Here

Here are the next 5 Myths:

Myth 6: Cloud Is Less Secure Than On-Premises Capabilities

Cloud computing is perceived as less secure. This is more of a trust issue than based on any reasonable analysis of actual security capabilities. To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments. The majority of cloud providers invest significantly in security technology and personnel and realize that their business would be at risk without doing so. However, assuming they are secure is not advised.

There is also an opposing view that cloud platforms are actually more secure than on-premises platforms. This may, in fact, be true for many small or midsize businesses, some of which cannot make the necessary security investments, and even for some large enterprises that recognize that their security efforts may be lacking.

Security is not one monolithic entity. It is also important to identify where security responsibility lies and where the dividing line is. For example, if a customer uses a cloud IaaS provider, that provider is responsible for IaaS-level security, but the customer must own the overall security strategy and take ownership of application and other higher-level security issues.

Advice: Don’t assume that cloud providers are not secure, but also don’t assume they are. Cloud providers should have to demonstrate their capabilities, but once they have done so there is no reason to believe their offerings cannot be secure. There are enterprises whose security capabilities are formidable, but so are the capabilities of most cloud providers. However, the security levels of cloud providers will vary. Assess your actual capabilities and your potential provider’s capabilities and hold both to reasonable standards. Assuming on-premises capabilities are more secure can lead to a false sense of security.


Myth 7: Cloud Is Not for Mission-Critical Use

Cloud computing is not all or nothing. It is being adopted (and should be adopted) in steps and in specific cases. Therefore, it is not surprising that early use cases (e.g., development/test) are mostly not for mission-critical systems. However, many organizations have progressed beyond early use cases and experimentation and are utilizing the cloud for mission-critical workloads. Some of these uses are true cloud services (SaaS, cloud native), while others are hosted models where the cloud benefits are at a lower level but still represent a genuine use. There are also many enterprises (not just small startups any more) that are “born in the cloud” and run their business (clearly mission-critical) completely in the cloud.

Advice: Mission-critical can mean different things. If it means complex systems, approaches such as taking a phased approach can ease the movement to the cloud. Hybrid solutions can also play a key role.


Myth 8: Cloud = Data Center

Most cloud decisions are not (and should not be) about completely shutting down data centers and moving everything to the cloud. A cloud strategy should also not be equated with a data center strategy. Neither should be done in a vacuum — you need to have data center space for things not in the cloud and, if you move things out of the data center, there are implications. But they are not the same thing. In general, data center outsourcing, data center modernization and data center strategies are not synonymous with the cloud.

It is common for people focused on one area (data center, for example) to think cloud computing is only about that. Continued use of the term “clouds” (rather than cloud services) leads to the perception that cloud = data center. The focus should be more on cloud services. There are multiple cloud services even within vendor cloud offerings. For example, within Amazon Web Services there exists Amazon Elastic Compute Cloud (EC2), Amazon S3 cloud storage and Amazon Elastic Block Store (EBS).

Advice: Look at cloud decisions on a workload-by-workload basis, rather than taking an “all or nothing” approach. Cloud and data center outsourcing strategies are related but they are not the same thing. Assuming that cloud is “all or nothing” leads to the wrong analysis. Look to link cloud and data center strategies. Focus on cloud services and service interfaces.


Myth 9: Migrating to the Cloud Means You Automatically Get All Cloud Characteristics

Cloud computing has unique attributes and characteristics. Gartner’s cloud attributes include scalability and elasticity; they use service-based (and self-service) Internet technologies; they are shared (and uniform) and metered by use. Many migrations to the cloud are “lift and shift” rehosting, or other movements that do not exhibit these characteristics at higher levels. Being “hosted in the cloud” (even if on cloud IaaS) does not mean that what is hosted is also a cloud service. There are other types of cloud migration (refactoring and rewriting, for example) that typically do offer more of these characteristics. The most common use case for the cloud, however, is new applications.

Advice: Don’t assume that “migrating to the cloud” means that the characteristics of the cloud are automatically inherited from lower levels (like IaaS). Cloud attributes are not transitive. Distinguish between applications hosted in the cloud from cloud services. There are “half steps” to the cloud that have some benefits (there is no need to buy hardware, for example) and these can be valuable. However, they do not provide the same outcomes.


Myth 10: Virtualization = Private Cloud

Virtualization is a commonly used enabling technology for cloud computing. However, it is not the only way to implement cloud computing (established SaaS vendors such as make very limited use of it, while new approaches such as containerization are gaining traction). Not only is it not necessary, it is not sufficient either. Even if virtualization is used (and used well), the result is not cloud computing. This is most relevant in private cloud discussions where highly virtualized, automated environments are common and, in many cases, are exactly what is needed. Unfortunately, these are often erroneously described as “private cloud” (see Myth 3 above).

Advice: Use the right term to describe what you are building. You don’t have to be cloud to be good. Avoid mis-setting expectations and adding to cloud confusion.


If you take away anything from this post is PLAN. I agree with Gartner’s assessment that Cloud is not necessarily lower-cost than on-premise and cloud isn’t always about the money. However, you must start with a base line and plan from there. Even though cost comparisons among the various vendors guide you initially, that it will change over time and at a more rapid pace than you can handle. Unless you can accurately identify what you business needs are, choosing between cloud-based and on-premise solutions will be the last of your worries.


You might also like:

The Future Of APIs Is Here…

SaaS or On-Premises?


Posted by Alvaro Tassano on InterConnecta

Published by InterConnecta on under: , , , , , , , , , , , , , .