You are not alone. Huge cost advantages may have pushed IT managers to go for public cloud overwhelmingly but security concerns do remain.
In public forums, any question regarding cloud security is summarily dismissed by vendors—and some enterprise IT managers—as being too 2012-ish. While vendors do maintain that stance during private conversations too, trying their best to convince you—many CIOs and CISOs do open up. Cloud security is still a significant issue in their minds but expressing any doubts about it is seen as politically incorrect—a sort of backwardness in evolving with time.
To be fair, public cloud backers have their point too. For a majority of small and medium companies for whom today’s sophisticated security threats are too complicated to handle, public cloud is a more convenient and safer option. Add to that the complexity of management; and public cloud seems like God’s gift.
It is an entirely different story for the enterprise, though. According to a new study, 2017 Data Economy Report, based on responses of more than 9,000 IT leaders across twenty-four countries spanning North America, AsiaPac (APJ) and EMEA/ Russia, a significant number of companies that ran workloads in public cloud environments have actually moved some or all of those workloads back on-premises in last 12 months. As many as 43% of businesses in North America and 65% in EMEA said they have reduced use of public cloud in the last 12 months because of security concerns.
The study results are not an exception. Another such study, involving responses of 1500 professionals, by cloud services company, Evolve IP, results of which were released this week, has similar findings.
As many as 50.5% respondents in this survey said security was a concern for them when it comes to public cloud. Asked where their data was safest under three common risk scenarios: environmental disasters, malicious attacks and hardware failure, executives and IT professionals said it was safest in private cloud. For hardware malfunctions, the most common scenario for disaster recovery, 49% felt their information was safest in a private cloud compared to 33% who said it is safest in a public cloud. For malicious attacks, 51% felt private cloud is safest while only 14.5% public cloud is safest. In fact, significantly more respondents (34.5% ) said traditional on-premises was safest. For environmental disasters, 49.5% found private cloud to be safest as compared to 40.5% who thought public cloud is safest. This survey was restricted to North America, considered to be the most mature cloud market.
It’s three Cs—Cost, Cost and Cost
Despite the security concerns, public cloud adoption is expected to go up. According to the above report (2017 Data Economy Report) as many as 61% say that they will increase their investment on running the workloads in public cloud, as compared to only 52% who say they will do the same with private cloud.
Their planned storage strategies are in sync with where they plan to run the workloads. Public cloud storage investment is tipped to increase in 56% of businesses while 50% increase is expected in private cloud storage in the next 18-24 month time frame. About 35% of organizations expect to see increase in traditional on-premise storage during this time. On average, 39% of storage is currently run on traditional on-premise, with less on public cloud (26%) or private cloud (24%).
So, clearly public cloud is the model that businesses are moving to. On one hand, there is so much of concern around security. Yet, there seems to be a rush to public cloud. What explains this anamoly?
Elementary, My Dear Watson. Cost.
While you may or may not get the answer if you ask directly with Indian CIOs, get into a conversation and in 15 minutes, you will be clear that cost is the driving factor and in today’s hypercompetitive ‘business outcome’ driven IT, no CIO would like the opportunity to impress the big bosses by drastically reducing cost.
In short, the attraction of cost is so high that it makes IT managers overlook all other perceived shortcomings—including security.
The attraction of cost is so high that it makes IT managers overlook all other perceived shortcomings—including security.
Are public clouds really less safer than private clouds? That is a bigger debate but what clearly seems to be a myth is that security is no more a concern for public cloud.
While other perceived advantages and concerns about cloud remain, it seems to be a trade-off between cost and security mostly.
The organizations have found their solution by going hybrid—combining the best of both worlds, as the vendors promoting the model describe it as.
‘Best of both worlds’ reminds us of this conversation between George Bernard Shaw and Isadora Duncan.
‘My dear Mr. Shaw: I beg to remind you that as you have the greatest brain in the world, and I have the most beautiful body, it is our duty to posterity to have a child,’ said Ms Duncan. ‘My dear Miss Duncan: I admit that I have the greatest brain in the world and that you have the most beautiful body, but it might happen that our child would have my body and your brain,’ Shaw replied.
A hybrid strategy would be best of both worlds only if it leverages the best of both worlds. It could possibly just be the reverse.
The Data Economy Report suggests it is.
“There is a high degree of variation and fragmentation here which suggests there is still a lot of confusion around the most optimal solution for each workload,” notes the study.
A good hybrid strategy should be optimized based not just on workloads but the existing infrastructure, organizational structure, availability and many other factors.
Of course, cloud is a journey. And organizations are still on the learning curve. With technologies as well as business environments changing, it is as challenging as it could get.
It is tough. Lack of a perfect or even optimized cloud strategy in place is not something one should be defensive about.
But then, pretending otherwise is not the solution.