Cloud computing is uniquely susceptible to the confusion and hype that surrounds it. Here, we provide a top 10 list of the most common misconceptions that CIOs should look out for.
Cloud computing, by its very nature, is uniquely susceptible to the perils of myths. It is all about capabilities delivered as a service, with a clear boundary between the provider of the service and the consumer. From a consumer perspective, “in the cloud” means where the magic happens, where the implementation details are supposed to be hidden. So it should be no surprise that such an environment is rife with myths and misunderstandings.
Even with a mostly agreed on formal definition (see “NIST and Gartner Cloud Approaches Are More Similar Than Different” ), multiple perspectives and agendas still conspire to mystify the subject ever more. Add to this the incessant hype (see “Hype Cycle for Cloud Computing, 2014” ) and we get the resultant confusion that permeates IT (and beyond) today.
Myths are sometimes harmless but they do have an effect on how we approach solutions:
- They slow us down and distract us from the real issues and the real solutions.
- They can cause us to make decisions based on assumptions that are wrong, or even dangerous.
- They impede innovation.
- They slow progress toward real goals and real accomplishments and outcomes.
- They scare us. Many myths are rooted in fear and misunderstanding. They can drive decisions and strategies based on fear and this leads to oversimplifications and mantras that are the real dangers.
There is no shortage of candidates for the top 10 cloud myths. Below is a list that highlights some of the most dangerous and misleading ones.
Myth 1: Cloud Is Always About Money
Rarely are financial considerations not part of an IT decision process, especially when that process concerns cloud computing. However, the prevalent myth about the cloud is that it always saves money. While this is sometimes the case, there are many other reasons cited for migrating to the cloud, the most common of which is for agility.
Gartner’s 2014 CIO survey shows that cost savings account for only 14% of the reasons for organizations’ use of the public cloud (see “Taming the Digital Dragon: The 2014 CIO Agenda” ). While prices are dropping, especially for infrastructure as a service (IaaS), not all cloud service pricing is coming down (for example, most software as a service [SaaS]). Assuming that the cloud always saves money can lead to career-limiting promises. Saving money may end up one of the benefits, but it should not be taken for granted.
Many myths also have seemingly contradictory counter myths — in this case, the belief that an organization is capable of matching or beating the price points of the public cloud. Counter myths are usually a result of different perspectives and personas and can lead to extremes that appear to be contradictory. The reality is that these extreme positions are held by different people — not that we find single individuals believing both extremes. While it is true that some very efficient organizations with extremely high-volume needs can indeed run infrastructure costs efficiently, this is not the norm. Often, calculations trying to prove this “conveniently” omit real estate, utility and other types of costs.
Advice: Don’t assume you will save money unless you have done the hard work of honestly analyzing the situation. Utilize total cost of ownership and other models on a case-by-case basis. Segment cloud into use cases. Look beyond cost issues. Also, be certain to check with financial specialists about the implications that a switch from capital expenditure (capex) to operating expenditure (opex) may have. Don’t assume that opex is always better than capex. Keep revisiting analysis as the market and prices change often.
Myth 2: You Have to Be Cloud to Be Good
This is the manifestation of rampant “cloud washing” (referring to the tendency to call things cloud that are not). It is not just vendors that do this, although many have been guilty of it. Some cloud washing is accidental and a result of legitimate confusion, but some is also based on a mistaken mantra (fed by hype) that something cannot be “good” unless it is cloud. IT organizations are also increasingly calling many things cloud as part of their efforts to gain funding and meet nebulous cloud demands and strategies. The resultant myth is that people are falling into the trap of believing that if something is good it has to be cloud or that if it is not cloud based it cannot be good.
Advice: Call things what they are. Many other capabilities (e.g., automation, virtualization) and characteristics can be good and do not need to be cloud washed. Allow these strategies to stand on their own. Avoid misplaced expectations.
Myth 3: Cloud Should Be Used for Everything
This is related to Myth 2 and refers to the belief that the actual characteristics of the cloud are applicable to, or desirable for, everything. Clearly, there are some use cases where there is a great fit. Examples include highly variable or unpredictable workloads, cases where there are clear savings, and those where self-service provisioning and reprovisioning are key. The cloud fits where value is placed on flexibility and the business has the ability to consume and pay for only what is needed when needed. However, not all applications and workloads benefit from the cloud. Unless there are cost savings, moving a legacy application that doesn’t change is not a good candidate.
Advice: The cloud may not benefit all workloads equally. Never assume that it does. Analyze applications on a case-by-case basis. Don’t be afraid to propose noncloud solutions when appropriate.
Myth 4: “The CEO Said So” Is a Cloud Strategy
When asked about what their cloud strategy is, many companies don’t have one and the default is often (stated or not) that they are just doing what their CEO wants. Sometimes the CEO has actually dictated that the cloud is the strategy (without a connection to an actual business goal). Not unlike other examples of “airline magazine syndrome,” hype and unrealistic expectations are often behind the interest. This is not a cloud strategy and is often based on one or more of the myths outlined in this note.
Advice: A cloud strategy begins by identifying business goals and mapping potential benefits of the cloud to them, while mitigating the potential drawbacks. Cloud should be thought of as a means to an end. The end must be specified first.
Myth 5: We Need One Cloud Strategy or Vendor
It is natural to want to simplify and standardize. However, cloud computing is not one thing and a cloud strategy has to be based on this reality. Cloud services are broad and span multiple levels (IaaS, SaaS), models (“lift and shift,” cloud native), scope (internal, external) and applications. The nature of cloud services and existing interoperability standards can make the issue of limiting options less important, as those details are often hidden from the consumer. However, even if one vendor and one strategy is possible, many significant compromises will frequently have to be made. In such cases, focusing on the underlying tactics can be just as important as the overall strategy.
Advice: A cloud strategy should be based on aligning business goals with potential benefits. Those goals and benefits are different in various use cases and should be the driving force for businesses, rather than any attempts to standardize on one offering or strategy. A single cloud strategy makes sense if it makes use of a decision framework that allows for and expects multiple answers.
Myth 6: Cloud Is Less Secure Than On-Premises Capabilities
Cloud computing is perceived as less secure. This is more of a trust issue than based on any reasonable analysis of actual security capabilities. To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments. The majority of cloud providers invest significantly in security technology and personnel and realize that their business would be at risk without doing so. However, assuming they are secure is not advised.
There is also an opposing view that cloud platforms are actually more secure than on-premises platforms. This may, in fact, be true for many small or midsize businesses, some of which cannot make the necessary security investments, and even for some large enterprises that recognize that their security efforts may be lacking.
Security is not one monolithic entity. It is also important to identify where security responsibility lies and where the dividing line is. For example, if a customer uses a cloud IaaS provider, that provider is responsible for IaaS-level security, but the customer must own the overall security strategy and take ownership of application and other higher-level security issues.
Advice: Don’t assume that cloud providers are not secure, but also don’t assume they are. Cloud providers should have to demonstrate their capabilities, but once they have done so there is no reason to believe their offerings cannot be secure. There are enterprises whose security capabilities are formidable, but so are the capabilities of most cloud providers. However, the security levels of cloud providers will vary. Assess your actual capabilities and your potential provider’s capabilities and hold both to reasonable standards. Assuming on-premises capabilities are more secure can lead to a false sense of security.
Myth 7: Cloud Is Not for Mission-Critical Use
Cloud computing is not all or nothing. It is being adopted (and should be adopted) in steps and in specific cases. Therefore, it is not surprising that early use cases (e.g., development/test) are mostly not for mission-critical systems. However, many organizations have progressed beyond early use cases and experimentation and are utilizing the cloud for mission-critical workloads. Some of these uses are true cloud services (SaaS, cloud native), while others are hosted models where the cloud benefits are at a lower level but still represent a genuine use. There are also many enterprises (not just small startups any more) that are “born in the cloud” and run their business (clearly mission-critical) completely in the cloud.
Advice: Mission-critical can mean different things. If it means complex systems, approaches such as taking a phased approach can ease the movement to the cloud. Hybrid solutions can also play a key role.
Myth 8: Cloud = Data Center
Most cloud decisions are not (and should not be) about completely shutting down data centers and moving everything to the cloud. A cloud strategy should also not be equated with a data center strategy. Neither should be done in a vacuum — you need to have data center space for things not in the cloud and, if you move things out of the data center, there are implications. But they are not the same thing. In general, data center outsourcing, data center modernization and data center strategies are not synonymous with the cloud.
It is common for people focused on one area (data center, for example) to think cloud computing is only about that. Continued use of the term “clouds” (rather than cloud services) leads to the perception that cloud = data center. The focus should be more on cloud services. There are multiple cloud services even within vendor cloud offerings. For example, within Amazon Web Services there exists Amazon Elastic Compute Cloud (EC2), Amazon S3 cloud storage and Amazon Elastic Block Store (EBS).
Advice: Look at cloud decisions on a workload-by-workload basis, rather than taking an “all or nothing” approach. Cloud and data center outsourcing strategies are related but they are not the same thing. Assuming that cloud is “all or nothing” leads to the wrong analysis. Look to link cloud and data center strategies. Focus on cloud services and service interfaces.
Myth 9: Migrating to the Cloud Means You Automatically Get All Cloud Characteristics
Cloud computing has unique attributes and characteristics. Gartner’s cloud attributes include scalability and elasticity; they use service-based (and self-service) Internet technologies; they are shared (and uniform) and metered by use. Many migrations to the cloud are “lift and shift” rehosting, or other movements that do not exhibit these characteristics at higher levels. Being “hosted in the cloud” (even if on cloud IaaS) does not mean that what is hosted is also a cloud service. There are other types of cloud migration (refactoring and rewriting, for example) that typically do offer more of these characteristics. The most common use case for the cloud, however, is new applications.
Advice: Don’t assume that “migrating to the cloud” means that the characteristics of the cloud are automatically inherited from lower levels (like IaaS). Cloud attributes are not transitive. Distinguish between applications hosted in the cloud from cloud services. There are “half steps” to the cloud that have some benefits (there is no need to buy hardware, for example) and these can be valuable. However, they do not provide the same outcomes.
Myth 10: Virtualization = Private Cloud
Virtualization is a commonly used enabling technology for cloud computing. However, it is not the only way to implement cloud computing (established SaaS vendors such as salesforce.com make very limited use of it, while new approaches such as containerization are gaining traction). Not only is it not necessary, it is not sufficient either. Even if virtualization is used (and used well), the result is not cloud computing. This is most relevant in private cloud discussions where highly virtualized, automated environments are common and, in many cases, are exactly what is needed. Unfortunately, these are often erroneously described as “private cloud” (see Myth 3 above).
Advice: Use the right term to describe what you are building. You don’t have to be cloud to be good. Avoid mis-setting expectations and adding to cloud confusion.