Why you're still scared of the Cloud (it's not about security or reliability)

It should be easy for an SMB to take advantage of cloud-based infrastructure and application workloads, but it frequently isn't. Why the resistance?
Written by Jason Perlow, Senior Contributing Writer

Video: 3 things you should know about cloud v. data center

One of the things I enjoy about returning to services delivery at a large solutions provider partner since my tenures at IBM and Microsoft is that I get to interact in a trusted advisor role with small and medium-sized businesses.

I can affect changes that I know will really help them improve their processes and become more agile -- which will ultimately help them grow their business to the next level.

It's very, very different than dealing with IT departments in large corporations, where there are usually multiple levels of responsibility. More often than not I was dealing with C-seats and prime stakeholders, the very folks who were signing the checks.

In this capacity, these executives know exactly what is at stake if they don't modernize, if they don't embrace agility, and if they don't reduce their capital expenditure and optimize their operational expenses. Their jobs are on the line to make their organizations perform.

So when it comes to making strategic changes like migrating infrastructure and applications to the cloud, it's a relatively straightforward value proposition.

Indeed, in a much larger company, it can take years to migrate complex workloads and upgrade associated applications for cloud readiness, and it's almost never an all-or-nothing proposition.

But large organizations understand why their cloud migrations have to occur. They understand that postponement isn't an option. Regulated industries, non-regulated industries, verticals, institutional accounts, government shops, it doesn't matter. They get it.

Where I find the most resistance and the most difficult conversations regarding cloud are with the SMBs. And really, that shouldn't be the case. It should be easier for an SMB to take advantage of cloud-based infrastructure and application workloads, but it frequently isn't.

And it has very little to do with trusting the reliability or security of public cloud providers, even though that is often the reason given.

That line of reasoning is a red herring, because as I tell every single SMB that brings this up, that a hyper-scale public cloud provider like AWS and Microsoft can not only build a more reliable and more resilient datacenter than they can, but they also can build a far more secure one.

The level of redundancy strictly in how distributed the availability sets/scale units in one of these datacenter regions are -- often split between multiple buildings each with independent power backup -- is astounding. And regions are paired with other regions to prevent an entire cloud from coming down.

Also: Google I/O 2017: Here's what we learned | VMware's Horizon Cloud will support workloads on Microsoft Azure | SAP now offering multicloud option with AWS, Azure, Google | 3 things to know about the cloud v. data center decision

Yes, there have been some highly publicized outages in the last year or so. But in every one of those instances, they were localized to a specific datacenter region; there has never been an outage that has taken out every single region of a hyper-scale provider at once.

Could a total public cloud failure happen? Yeah, I guess so. A super volcano could go off, an asteroid could hit the earth, a global zombie apocalypse or pandemic could plunge the world into disorder, aliens could invade -- these are all within the realm of possibility.

World War III could also plunge us into nuclear holocaust tomorrow.

But if it does happen, the last thing you are going to worry about is your datacenter.

Yes, you can do a deployment that can go down due to a regional failure at a cloud provider, particularly if you cut corners in your architecture. But you need to prioritize your workloads: For example, your Dev/Test doesn't need to be as available as your production.

Any organization following best practices in their cloud deployments with mission-critical workloads is using multi-region workload replication and will not affected by a regional outage if they architected their cloud tenancy correctly.

As far as security goes, the level of lockdown for physical access at any one of these hyperscale datacenters is beyond the comprehension of most IT folks. Go tour one if you ever have the opportunity.

You'll learn that the level of network and storage security used to enable multi-tenancy at this scale is far beyond what an SMB could ever dream of building for itself.

And you'll discover -- once you understand how the technology works. -- that the very idea of one tenant being able to access another's data or network traffic within a shared infrastructure is utterly ludicrous.

And data transmission ingress and egress from your premises? The encryption methods in transit and at rest used by site-to-site VPN, direct cloud connectivity (like Azure Expressroute) and storage accounts for these clouds also provide very strong security if they are used correctly.

And there are 3rd-party appliances and other options that can be layered on top if you have specific requirements that aren't addressed out of the box.

The very sight of one of these hyper-scale datacenters will make you feel shock and awe, and you'll think twice about investing any further or expanding your own infrastructure rather than doing the bare minimum for replacement cycles.

And remember that a public cloud provider replaces its equipment much faster than a typical enterprise does in order to maximize tenant density and to keep its offering competitive.

Don't get me wrong: I work for a reseller. We sell a lot of datacenter gear. I'm happy to sell you plenty of it. But I'm going to tell you flat out when it doesn't make sense; otherwise, I'm not doing my job correctly and I'm not providing you the value-add you expect from a partner.

If you, as an SMB, don't have the expertise to design your cloud tenancy to take advantage of the security and resiliency of one of these public clouds, then bring in a solutions provider partner to do this for you.

But here's a dirty little secret: The IT people doing the pushback at these SMBs know all of the above already.

They're just using redundancy and security as an excuse for saving their own jobs, because they know their skills are outdated and they refuse to learn a new way of doing things, even if it is against the best interests of the companies they are working for.

They know they are personally inadequate to the task, and they refuse to update their skill sets to compensate for it. They refuse to pivot in a direction that threatens their career path.

The sad thing is that in reality, it actually makes them more marketable if they acquire those skills.

Continuing to propagate cloud FUD within their organizations is only in their own ill-conceived self-interests -- not in the company's interests.

And this is why I, as a solutions provider partner, want to talk to the decision maker, the business owner who signs the checks at an SMB -- and not solely with the people in IT who have been tasked with investigating a solution.

Because at the end of the day the cloud is a business driver, not driving technology for its own sake.

Is your SMB acting against its own self-interests due to Cloud FUD? Talk Back and Let Me Know.

Editorial standards