Commentary - As organizations migrate applications to the cloud, it is important to thoroughly evaluate the business implications. Lured by major cost savings, many adopt cloud services without consulting IT. As a result, mistakes are common and organizations open themselves up to serious risks.
Here are five common – and costly – mistakes you’ll want to avoid:
1. Choosing the wrong cloud environment
Not all clouds are created equal. While SaaS offerings are great for large, shared resource applications and provide major cost savings for such solutions as ERP and CRM, they likely do not fit the security and compliance needs of larger businesses. PaaS offerings are a good fit for hosting basic web-based applications but may offer little or no ability to introduce your own security infrastructure or may have limited OS options. IaaS covers the widest range of offerings, generally offering managed security services or allowing organizations to implement their own, but IaaS usually means you must maintain a decent amount of in-house IT expertise.
It is important to thoroughly understand the application and data sensitivities of your business and completely evaluate the cloud services being considered to make sure they provide the proper level of protection and isolation.
2. Abandoning security policies
Most businesses simply trust cloud providers to secure their data. This often entails some form of shared hardware-based firewall that employs a standard rule set and is often not customizable.
Contrast that to the typical enterprise security profile, which is based on layered, multi-tiered security built up over the years as a response to real-world threats, data privacy concerns, regulatory requirements (HIPAA, PCI) and business processes. Most enterprises have plenty of organization-specific security policies but often quickly abandon all of that painstaking security work to cash in on the cloud’s cost savings.
Migrating security along with applications involves both easy and painful decisions. An easy decision, for instance, is to find a way to port Active Directory to the cloud environment. More difficult is replicating the rest of the network security infrastructure (firewall, IPS, VPN, web filtering, AV).
3. Setting yourself up for vendor lock
To avoid the potential for entering into a new era of vendor lock, organizations must ensure that they have both platform independence and hypervisor independence. This is a fairly easy pitfall to avoid, but many organizations fail to take the time to investigate open APIs and embrace emerging cloud standards. In fact, recent reports indicate that the virtualization/cloud space is evolving so quickly that many enterprises are designing for a multi-hypervisor environment as an added protection.
4. Failing to consider how you’ll move assets
One of the basic assumptions of cloud computing is the use of the Internet to connect datacenters regardless of where they are physically located. Virtual machine (VM) migration is a fairly simple process, but moving VMs around the globe introduces the problem of networking continuity. VMs in datacenter 1 are moving packets around on that physical LAN and accessing core services on it. When the VM is moved to datacenter 2, those links can be broken and the VM black-holes.
To address this, there needs to be a secure way to bridge datacenters and clouds in order to create network transparency between different LANs, regardless of how physically dispersed they are. If geographic differences between the networks become transparent, then VMs can migrate freely and applications will function with no re-architecting needed.
The same is true if you decide to abandon one cloud for another. Before migrating to the cloud, be sure you have tools in place to do so – now and in the future – without disrupting services.
5. Backsliding into overprovisioning – again
Many businesses are simply moving overprovisioned datacenter assets to the cloud, where they are again overprovisioned. The problem is due to the fact that businesses often fail to monitor and meter their cloud usage.
Since cloud resources are outsourced and the organization no longer “owns” the infrastructure, many leave the managing and monitoring to the cloud provider. This isn’t wise. Organizations must monitor cloud resources as diligently as if they were in their own datacenters.
Visibility into cloud environments requires a different set of tools from those used in standard datacenters, and it’s important to adopt cloud-specific management solutions. If you don’t, you can be fairly certain that you will overprovision resources and erode ROI.
Tom McCafferty is a vice president at Vyatta and can be reached at email@example.com.