Cloud migration? Factors to consider! Part I

May 6, 2020
 |  No Comments

We are bombarded daily with advertising and questions about cloud computing! Today I bring you some arguments to consider for cloud computing! Before launching yourself into the wind and jumping wholeheartedly into the cloud, consider how these arguments about cloud computing can affect you and your business.

We constantly hear that “Cloud Computing” is ideal for individuals and companies today. But that does not mean that there are no disadvantages to this computing format and that everyone should immediately launch their servers and desktop software and carry out all business operations into the cloud.

Over the years I have been analyzing a series of issues related to this subject and I constantly feel confronted with the different approaches that can be used to address this challenge and for “professional defect”, I always prefer a cautious approach. The preference for this type of approach is mainly related to the fact that each and every topic can be viewed in a way that considers its advantages and disadvantages, which is how to say the related opportunities and threats, or how one might also call a SWOT analysis.

In a first phase, it is necessary to understand which events or risk factors are related to the cloud in general and to each of the implementation models in particular. This is one of the biggest obstacles to the adoption of cloud computing systems, that is, clarifying the risks we already know and those we don’t know.

I leave an approach to some risks that any company faces as a customer of a cloud service in order of severity.

Data possession / ownership

For me it is the most important point of all! This is a risk that is almost always a surprise to cloud customers, since many public cloud providers, including the largest and best known, have clauses in their contracts that explicitly state that the stored data belongs to them and not to the customer.  All word processing documents, spreadsheets, databases, etc., cease to belong to us and become the property of the service provider. This makes no sense and is, in my opinion, very dangerous for an organization! Should we entrust our information to strangers?

Cloud computing means computing on the internet, right from the start you should limit the information you provide as long as you consider it to be confidential, important, well… any information thats crucial for your bussiness!

Cases are known in which the service provider has ceased to operate and provide the service, and has sold its customers confidential data as part of its assets… WTF!

It is very important to make sure that this risk is foreseen in the service contract and must make it very clear that the owner of the information is the customer and not the supplier.

It is necessary to analyze in detail and very carefully all the options for protecting sensitive data offered by the cloud computing service providers.

Multitenancy

One of the fundamental principles of cloud computing is the multitenancy model (Shared Access), of a single logical instance shared by hundreds or thousands of customers. In other words, the typical architecture that allows the optimization of the infrastructure and software resources, keeping the data of companies, customers, suppliers and even business competitors (I will call these CFC’s), logically separated. It is common for customers to share the same computing resources: CPU, storage, memory, network, etc.

So multitenancy is in fact an unknown risk not only because our private data may be accidentally shared with other CFC’s, but also because of other additional risks resulting from resource sharing. The multitenancy vulnerabilities are very worrying, because a flaw could allow another CFC’s or attackers to have access to all of our data.

Vulnerabilities are known to derive from the very nature of the cloud, for example in accessing third party data in new storage spaces, as well as resources from shared networks that ended up being accessible in various environments, among others.

I venture to say that multitenancy will increasingly become a major and increasingly common security problem.

Availability

Can your business function in the event of prolonged interruption of your cloud services?

When we are a customer of a cloud vendor, redundancy and fault tolerance are not under our control. Generally what is provided and how it is done are not disclosed. They are completely opaque. All cloud services claim to have fantastic fault tolerance and availability, above 99%, even though, month after month we hear about service interruptions for hours or even days. What if Internet access simply fails?

In last years, there were numerous interruptions to cloud services, such as those from Amazon Web Services, simply because a service engineer typed a command incorrectly, and most internet services including many business platforms went offline for 4 hours, availability issues storage reached Microsoft’s Azure public cloud for more than eight hours, IBM was also affected when the Bluemix service access portal was inactive for a few hours. (Service redundancies must not have worked in these cases…)

Of even greater concern are the cases where customers have lost data due to problems with the service provider or malicious attacks. The cloud vendor generally claims to back up customer data. But even with guaranteed backups, entities have already lost data and permanently. If possible, your company should always back up shared data to another solution, or possibly conclude a contract, establishing the supplier’s responsibilities for data loss.

Cloud computing makes the company dependent on the reliability of the Internet connection. When you are offline, you are offline, without accessing anything !!! If your internet service breaks down frequently, has low speeds, cloud computing may not be adequate!

How secure is your data?

As mencioned before, cloud computing means computing on the internet, right from the start you should limit the information you provide as long as you consider it to be confidential , very important or crucial for your bussiness activity!

Cloud computing providers have made great efforts to promote the idea that they have the latest and most sophisticated data security systems, however, their credibility in this regard is suffering greatly in the wake of the some reports of espionage and the security breaches that have exposed thousands of users’ personal data / passwords in recent times.

Also keep in mind that your cloud data is accessible from anywhere on the globe, which means that if a data breach occurs through hacking, a disgruntled employee or poorly implemented security can compromise your private and commercial data . Increasingly there are reports of loopholes with supposedly secure companies.

As large cloud computing companies have more resources, they are often able to offer levels of security, a small / medium business may not have the resources to deploy on their own servers“. I ussualy call this the outsourcing of IT Headaches to the Cloud.