Page 1 of 2 12 LastLast
Results 1 to 20 of 30
  1. #1

    Default What's your biggest cloud fear?

    So I deal with clients on a daily basis and hear a variety of issues in regards to cloud, and the most common concern that I witness is that of security. I'm curious enough to know what your concerns are or were when you were moving your workloads to the cloud, and whether those concerns ultimately prevented you from moving to the cloud or not.

  2. #2
    Join Date
    Apr 2015
    Posts
    168

    Default

    I tend to come across the same issues and from what I see it most of the fears and concerns are based in the unknown aspect of any major transition. but overall adding a well trusted service provider bring both solutions and risk.

  3. #3
    Join Date
    Apr 2015
    Posts
    151

    Default

    Quote Originally Posted by AshtonK View Post
    I tend to come across the same issues and from what I see it most of the fears and concerns are based in the unknown aspect of any major transition. but overall adding a well trusted service provider bring both solutions and risk.
    I know for a fact that security concerns come up a lot but if the client has a very well documented security policy and has made it a priority for a long time then I don't see why not?

  4. #4

    Default

    I agree that a cloud storage company should have a concrete and transparent security policy. I think the guys should have a page dedicated to this alone wherein you can go through their security policies. Another thing that I am concerned about is data loss. Companies like Dropbox have lost have lost millions of files and have set a lot of their customers back in the process. If I were to search for a cloud solution, I would make sure things are in place to prevent any loss of data.

  5. #5
    Join Date
    Apr 2015
    Posts
    168

    Default

    Another concern concern has always been outages, either on the vendor side or my own, when dealing with cloud solutions. While everyone has outages, those outages don’t have to take down your application. It all comes down to application architecture. If you expect and anticipate that cloud failures will occur, you will architect your applications to use redundancy and data replication so that they can continue to operate in the face of outages.

  6. #6
    Join Date
    Apr 2011
    Posts
    216

    Default

    Not having compliance or regulation bound workloads in cloud is one of the biggest cloud fear. But today, the cloud providers are allowing all types of workloads to pass or live through their infrastructure with high number of certificates updated to accommodate it. They include SOX, PCI/DSS, HIPAA, IEEE, FISMA and many more.

  7. #7
    Join Date
    Apr 2015
    Posts
    168

    Default

    It depends location wise according to me. Like for instance the US market, if I remember it correctly is more concerned about Total Cost of Ownership and ROI.

  8. #8

    Default

    Quote Originally Posted by Robin03 View Post
    It depends location wise according to me. Like for instance the US market, if I remember it correctly is more concerned about Total Cost of Ownership and ROI.
    I am guessing this issue might have arisen due to the nature of the companies they have worked with Or is there any other reason behind it?

  9. #9

    Default

    Quote Originally Posted by Chris Jenkins View Post
    I agree that a cloud storage company should have a concrete and transparent security policy. I think the guys should have a page dedicated to this alone wherein you can go through their security policies. Another thing that I am concerned about is data loss. Companies like Dropbox have lost have lost millions of files and have set a lot of their customers back in the process. If I were to search for a cloud solution, I would make sure things are in place to prevent any loss of data.
    Could not agree anymore. Data is of utmost priority for companies and if that is nowhere to be seen then it's dead end for the business as data is more important to them rather than employees.

  10. #10

    Default

    Quote Originally Posted by JustinW07 View Post
    I know for a fact that security concerns come up a lot but if the client has a very well documented security policy and has made it a priority for a long time then I don't see why not?
    The reality is that we can move compute tasks around pretty easily, but moving data around can be a lot more challenging. It's really interesting to see how the concerns are different in the different geo's.

  11. #11
    Join Date
    Apr 2015
    Posts
    168

    Default

    but from a small team perspective, I look for services that have a free-and-pay-to-scale model. This lets me try the service/platform out first, under "realistic conditions" before taking it as a dependency. Also, I don't trust any 3rd party with customer Personally Identifiable Information (PII) unless they explicitly have auditing and/or certification in that area.

  12. #12
    Join Date
    Apr 2015
    Posts
    151

    Default

    Quote Originally Posted by AshtonK View Post
    Another concern concern has always been outages, either on the vendor side or my own, when dealing with cloud solutions. While everyone has outages, those outages don’t have to take down your application. It all comes down to application architecture. If you expect and anticipate that cloud failures will occur, you will architect your applications to use redundancy and data replication so that they can continue to operate in the face of outages.
    Well outages are survivable if you plan for them. It all comes down to application architecture. If you expect and anticipate that cloud failures will occur, you will architect your applications to use redundancy and data replication so that they can continue to operate in the face of outages. If you’re simply “lifting and shifting” old-fashioned enterprise apps from the last decade into a public cloud provider, you should expect that they will suffer the same issues as when your own data center went down, previously. Categorize your applications according to their requirements and create an appropriate strategy.

  13. #13
    Join Date
    Apr 2015
    Posts
    168

    Default

    Quote Originally Posted by JustinW07 View Post
    Well outages are survivable if you plan for them. It all comes down to application architecture. If you expect and anticipate that cloud failures will occur, you will architect your applications to use redundancy and data replication so that they can continue to operate in the face of outages. If you’re simply “lifting and shifting” old-fashioned enterprise apps from the last decade into a public cloud provider, you should expect that they will suffer the same issues as when your own data center went down, previously. Categorize your applications according to their requirements and create an appropriate strategy.
    My thoughts exactly and once you have detected that there is a problem, You’ll need to get timely status updates and determine what actions they are taking to resolve the problem. Some providers will have live phone support; others will have a specific website or page with posted updates; still others might just have a dedicated Twitter feed. Some may use all these channels. Whatever the mechanism is, make sure you understand it and you’re comfortable with the service being offered in case you need to rely on it.

  14. #14

    Default

    Quote Originally Posted by Robin03 View Post
    My thoughts exactly and once you have detected that there is a problem, You’ll need to get timely status updates and determine what actions they are taking to resolve the problem. Some providers will have live phone support; others will have a specific website or page with posted updates; still others might just have a dedicated Twitter feed. Some may use all these channels. Whatever the mechanism is, make sure you understand it and you’re comfortable with the service being offered in case you need to rely on it.
    Outages are indeed a big concern. I have been on both sides of that situation, as a consumer and as a provider. Strategies should be in place on both sides to prevent significant downtime and money loss in the event of an outage. On the provider side, there should be redundant backups and systems to help ease the pains of a piece of hardware going down or a code bug causing automatic file deletions.

    On the user's side, it is important to have your own backups and strategies in place. I usually suggest saving copies of critical files to your computer, then to an external drive, then the cloud. that way, there is always a backup, and worst case, you can email a file to someone as an attachment or use another cloud service temporarily.

  15. #15

    Default

    The greatest fear I have is, as expected, security. Specifically, I have concerns that any provider has been audited, and audited to a level that gives me a good idea of their methods and procedures. If you tell me you have great physical security, two man teams, man-traps and no outside electronics allowed in the computer room but have no 3rd party audit to back it up, I do not have faith in your security.

  16. #16
    Join Date
    Apr 2015
    Posts
    168

    Default

    Quote Originally Posted by Chris Jenkins View Post
    The greatest fear I have is, as expected, security. Specifically, I have concerns that any provider has been audited, and audited to a level that gives me a good idea of their methods and procedures. If you tell me you have great physical security, two man teams, man-traps and no outside electronics allowed in the computer room but have no 3rd party audit to back it up, I do not have faith in your security.
    @ Chris With regards to security: I have observed a huge gulf between 'intuitive security' and 'trained security' (might not be the best labels but serves as a named entity for now).

  17. #17
    Join Date
    Apr 2015
    Posts
    151

    Default

    1) lock in due to design or data
    2) risk of changes in cost or licensing model, related to above
    3) legislative change

  18. #18
    Join Date
    Apr 2015
    Posts
    168

    Default

    According to me security is the number one thing I hear, which is why I recommend finding cloud SAAS providers that are SOC 2 certified.

  19. #19

    Default

    Quote Originally Posted by AshtonK View Post
    According to me security is the number one thing I hear, which is why I recommend finding cloud SAAS providers that are SOC 2 certified.
    Good that you mentioned about SOC2 certification. i'm going through, FedRAMP, a similar process with a client this month and SOC2 was brought up as an alternative model.

  20. #20
    Join Date
    Apr 2015
    Posts
    168

    Default

    I believe the strategy should involve data shipping and DR and I wonder why it is not present in most cloud providers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •