Cloud success means more than just having faith
How justified is our faith in the cloud? While it has its advantages when everything goes well, according to Gartner, throughout 2023, 99% of cloud security failures will be the customer’s fault. In order to protect the organization, and themselves, cloud advocates need to take steps to ensure they are prepared for what could happen.
Among many – both in the IT department and among executives – “The Cloud” has become an article of faith. If we move everything to the cloud, our scalability issues will be solved. In the cloud, we’ll have access to the latest software and systems. In the cloud, we’ll be able to quickly turn around products and ensure full collaboration of all teams. In the cloud, many, if not all, of our IT problems will be solved.
How justified is that faith? Well, if everything goes well – if data isn’t lost or stolen or corrupted, if clients or employees are able to get to the resources they need when they need them – then the answer is “very.” But just as there are no atheists in foxholes, there are no true believers when services go down or ransomware invades a company’s data via its cloud server. If that happens, those who advocated for moving to the cloud in order to save money (on equipment, personnel, licenses, etc.) will quickly find themselves transformed from “heroes” to “goats.”
SEE ALSO: Proactive security engineering
It’s just the nature of things. There’s no question that companies can indeed save time, money, and resources by moving IT to the cloud; based on the numbers and the experience of many others, faith in the cloud is absolutely justified. The lesson is that IT leaders need to prepare themselves for the worst – for the possibility that their services could go down (even in a cloud environment) and even when you don’t have full control over the entire environment. To protect the organization, and themselves, cloud advocates need to take steps to ensure they are prepared for what could happen:
The first step is knowing who is responsible for what, and under what circumstances. According to Gartner (Feb 2019) “Through 2023, 99% of cloud security failures will be the customer’s fault.” In its Shared Responsibility Model, AWS specifies that its obligations extend to operating, managing, and controlling the “components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.” Microsoft Azure and Google Cloud use a similar shared responsibility model, The responsibility to operate, manage and verify controls of the IT environment is shared between cloud provider and its customers.
Though the division of responsibility is clear, the reality of maintaining a fully operational environment can be challenging as environments are often hybrid and employ diverse technologies. In addition to on-premises and legacy infrastructure, an enterprise may be leveraging multiple technologies (such as microservices and containers), layers, connections, and dependencies. The same reality implies that infrastructure resilience misconfigurations are an inevitable outcome.
Manual detection and resolution of these incidents is practically impossible because of the dynamic nature of a cloud environment. To resolve those incidents, you need an automated system that can proactively and consistently pinpoint and repair misconfigurations in your cloud environment before they lead to service disruptions and downtime.
Focusing on operational reliability
What are the contingency plans if something goes wrong? The cloud should become an integral part of your IT disaster recovery and contingency plans. Whether you are using the cloud as your primary or secondary site, backing up to the cloud or from the cloud – -all questions that IT teams need to know the answers to before they need those answers.
Cloud resources are great and can provide organizations with far more resiliency than their on-prem operations – if they know how to take advantage of those resources. That the cloud offers opportunities for automation, expansion, and collaboration is clear. Faith in the cloud is justified – but with that faith needs to come some practical, worldly action.