Watch Out for the Top 6 Cloud Gotchas!

Written by

 By Margaret Dawson

I am a huge proponent of cloud-based solutions, but I also have a bailiwick for people who look to the cloud just for cloud’s sake, and do not take time to do the due diligence. While the cloud can bring strong technical, economic and business benefits if managed correctly, it can also cause pain just like any solution with which you do not follow clear criteria for evaluation to make sure it meets your needs today and in the future.
In my many discussions with IT leaders and from my own experience, I have outlined the top six cloud gotchas that you need to watch out for:

  1. Standards: The cloud, while filling our life right now, is still relatively young with minimal standards. This one is particularly important with Platform as a Service (PaaS) vendors. Many of these platforms provide an easy-to-use and fast-to-deploy application development and life cycle environment. However, most are also based on proprietary platforms that do not play nice with other solutions. It’s important to understand potential proprietary lock-in as well as how you interface with the cloud platform or with the API infrastructure.
  2. Flexibility: This seems odd for a cloud gotcha since flexibility and agility is touted as one of the cloud’s greatest benefits. In this case, I’m talking about flexibility within the cloud environment and in the way you interact with the cloud. What communication protocols are supported, such as REST, SOAP, FTPS, etc.? In the PaaS world, what languages are supported – is it flexible or, for example, a JAVA or .NET environment only. Does it have a flexible API infrastructure?
  3. Reliability & Scalability: Everyone knows that the cloud provides on-demand scalability, but make sure your solution scales both up and DOWN – with the latter being the stickler for most companies. Burst capacity and quick addition of scalability might be easy, but what if you want to scale back your deployment? Make sure it’s just as easy and without penalties. Overall, know the bandwidth capability across the deployment, not just the first or last mile. On the reliability front, be wary of claims of four or five nines (99.999% uptime) and ask for an uptime report from your cloud vendor. Build uptime into your SLA (service level agreement) if this cloud deployment is mission critical for your business.
  4. Security: This one is probably the most discussed and debated. I believe, and many vendors have proved this, that a cloud-based solution is as secure if not more secure than an on-premise approach. But as with technology in general, not all clouds are created equal, and security needs to be evaluated holistically. The platform should provide end-to-end data protection, which means encryption both in motion and at rest, as well as strong and auditable access control rules. Do you know where the data is located amid the vendor’s many data centers, and is the level of data protection consistent among all of those environments? Does the vendor use secure protocols for moving the data, such as SSL. Look for key compliance adherence by the vendor, such as PCI DSS and SAS 70 Type 2. There’s a reason the Cloud Security Alliance (CSA) is now developing a PCI courseware – it’s because there’s a clear link between the security capabilities of a cloud platform and its ability to meet the most stringent security and data protection demands found in the PCI mandate.
  5. Costs: I can hear everyone now saying “duh” this is obvious. Yes, the initial cost of deployment or your monthly subscription fees are an easy evaluation. However, look for hidden or unexpected costs, and make sure you fully understand the pricing model. Many cloud solutions are cost-effective for a standard deployment, but then each additional module or add-on feature slaps you with additional costs. Does the vendor charge a “per support” charge? Are upgrades to new versions included? Also, there are often pricing tiers or “buckets”, and when you hit that tier, your costs can significantly increase. Finally, look for a way to clearly show your ROI or success metrics for this solution. Align your costs with your expected results, whether quantifiable or qualifiable. This is particularly important if your company is new to cloud consumption, as your ability to show success with an initial deployment will influence future implementations.
  6. Integration: Integration is truly the missing link in the cloud. It’s so appealing to put our data in the cloud or develop new applications or extend our current infrastructure that sometimes we forget that the data in the cloud needs to be accessible, secured and managed just like on-premise data. How are you migrating data to the cloud? If you are putting everything on a physical disk and shipping it to the cloud vendor, doesn’t that rather run contrary to the whole cloud benefit? How are you exchanging and sharing information between cloud-based environments and on-premise infrastructure or even between two clouds? Think about integration before you deploy a new cloud solution and think about integration among internal systems and people as well as external partners and corporate divisions. Gartner is doing a lot of work in this area, and has a new market category called “cloud brokers”.

As I’ve said many times in presentations on the cloud, you should first buy the solution, then buy the cloud. The cloud is not a panacea, and while a cloud architectural approach brings strong business and IT value, you need to thoroughly evaluate any solution to ensure it not only meets your company’s technical and business requirements, but also enables you to grow and evolve.

Margaret Dawson is vice president of product management for Hubspan. She’s responsible for the overall product vision and roadmap and works with key partners in delivering innovative solutions to the market. She has over 20 years’ experience in the IT industry, working with leading companies in the network security, semiconductor, personal computer, software, and e-commerce markets, including Microsoft and Dawson has worked and traveled extensively in Asia, Europe and North America, including ten years working in the Greater China region, consulting with many of the area’s leading IT companies and serving as a BusinessWeek magazine foreign correspondent.

What’s hot on Infosecurity Magazine?