If you’re old enough, you might remember a best-selling self-help book published in the 1990s that was called Who Moved my Cheese? If you don’t, you should check it out, as the points it makes (in parable form) are still applicable in today’s business world. It’s all about how we react to change.
Resistance to change is part of human nature, and that’s as true of IT pros as any other group (maybe more so, since we tend to be control freaks who like to know what’s going on with everything on our networks all the time). Even good changes can be scary, and moving from the familiar on-premises data center environment that has been our domain for decades to a cloud-based networking model where the physical infrastructure is beyond our reach (and its location possibly unknown to us) makes us uncomfortable.
Putting on a blindfold and trying to negotiate through the familiar rooms of our homes or attempt to drive our everyday route in heavy fog impresses upon us just how much we rely on visibility to accomplish what we need to do. In IT, that means we know all the nooks and crannies of our networks. We know where each server is physically located, its age and tech specs and its history – maintenance and hardware replacements and such – which virtual machines run on which physical machines, and so forth. Most of the time we might not actually need to know all this, but in certain circumstances it means the difference between floundering in the dark about communications and connectivity problems vs. being able to quickly and accurately troubleshoot, diagnose and address what’s wrong and why.
The public cloud removes that physical layer of your network from your purview pretty much completely. This can be a good thing, as it gives you one less thing to be responsible for and shifts that responsibility to others with more resources and better response and diagnostic tools who specialize in the infrastructure issues, often resulting in less down time and less stress for you. Nonetheless, something inside us balks at giving up that visibility. Why are so many people anxious about flying but blithe about driving when the chances of injury or death are much higher in a car than in the air? It’s because when you’re behind the wheel, you can see everything that’s coming at you and you have at least an illusion of control. We’ve been “driving” our networks for a long time, and it’s hard to just sit back and close our eyes and trust someone else to fly the plane.
When we move to the cloud, we may have to adjust our standards regarding bandwidth and speed of communications. Data simply doesn’t move over the Internet as quickly as it can move within a local area network. Gigabit Ethernet is commonplace and 10Gbps is available now, although still not in widespread usage. 40Gbps and 100Gbps Ethernet is slowly appearing. Meanwhile, 1 gig Internet connectivity is considered blazing fast and most of us are still making do with speeds of under 100Mbps.
According to Akamai, as of the end of last year the average connection speed in the U.S. was only 12.6Mbps, despite urban pockets where Google’s fiber, Verizon/Frontier’s FiOS, AT&T’s Uverse and even more cable companies offer speeds ranging from 100 to 1000Mbps. When you go global, the average speed drops to just over 5Mbps, except for a few high tech countries such as Norway and South Korea, where it averages 16.5Mbps and 0.5 Mbps, respectively.
When your apps and data are stored in the cloud, access to them won’t be as instantaneous as you’re used to on a local network. For many applications, such as email, this won’t matter. For other, real-time communications, it might. Downloading or uploading large files to your servers will take noticeably longer when you’re doing it across the Internet. This is one of the unavoidable tradeoffs for enjoying the benefits of cloud computing.
Reliability is a double-edged sword in the context of moving to the cloud. On the one hand, the major public cloud providers have the money, personnel and other resources to provide for extreme redundancy, which allows them to guarantee SLA up times of three nines (99.9%) and more. Most providers will have more and better backup systems than that of a private organization.
On the other hand, cloud services are prime targets for Denial of Service (DoS) attacks because of their high profile – what hacker wouldn’t love to brag about bringing down Azure or AWS or Google Cloud? And deliberate hacks aside, a fast-growing cloud provider can become overwhelmed simply by the growth that comes with success, leading to outages. Finally, it doesn’t matter if your CSP’s data centers are up and humming along 100 percent of the time; if your own Internet connection is down, you won’t be able to access any of those cloud applications and data.
What this means for you is that it’s time to start thinking about reliability in a whole new light. You’re going to need a different kind of backup plan that includes redundant connections to the Internet (preferably through different ISPs) and on-site copies of mission-critical data as well as at least minimal locally installed applications so the most important work can still get done in the case of hours (or heaven forbid, days) of lost Internet connectivity.
The Security Quandary
Similarly to the reliability issue, the cloud offers both advantages and disadvantages when it comes to security. Since the beginning of the push to “cloudify” all or most digital assets, the biggest obstacle to adoption has been the wariness of businesses – from small operations to enterprises – regarding the security of precious data in the hands of third parties. This has caused cloud providers to invest millions in securing their data centers, both on the physical access level and at the network level. Major CSPs implement the highest standards of security, often even refusing to reveal the geographic locations of their facilities to the public, deploying the most sophisticated (and most expensive) tools and hiring top-tier personnel to monitor, analyze and pinpoint threats – sometimes even before they happen – and respond quickly and effectively.
Nonetheless, just as big CSPs are targeted for DoS attacks that can impact reliability, they’re also targeted by hackers who are looking to gain unauthorized access to data. And let’s face it: the very nature of cloud computing increases security risks. When your data is going over the public Internet (even encrypted), that introduces additional points of potential security failure where it can be intercepted. The multi-tenant environment also creates possible gaps through which a malevolent customer could target the data of fellow tenants, although of course providers take steps to prevent this.
Cloud communications can be made very secure, but having your sensitive and confidential information, which may even fall under regulatory compliance rules, “out there” doesn’t feel as secure as keeping it in house. It goes back to the visibility issue; just as you aren’t privy to the details of the physical infrastructure, you don’t have full insight into the security measures in play. Yet you can’t just hand it all over and forget about it, either. When you move to the cloud, security becomes a shared responsibility between your company and your provider. As IT pros, security is something that we don’t like to share, so this takes some major attitude adjustment.
Note that CSPs don’t shut you out of these details merely because they like to keep secrets. The fewer details regarding their security are made public, the less information hackers have to work with. Yes, it’s security through obscurity, which should never be relied on by itself to protect anything – but it can help to slow down attackers as part of an overall security strategy.
The good news is …
Although IT pros tend get set in our ways, over the years the role has taught us that we must be able to adapt in order to survive. That doesn’t mean we necessarily enjoy change, but we recognize its necessity and we find ways to make the best of it and to embrace its positive results. And there are many positives associated with the cloud.
It reminds me of how, twelve years ago, my husband and I decided to trade up from our smaller house to the large home on the lake where we live now. Our business had become successful and there was no doubt we could afford it, or that it was a good investment, or that we would enjoy waterfront living – but he, in particular, had a hard time adapting to the change at first. It was new, unfamiliar, and a little overwhelming. He wanted to “go home.” But it didn’t take long for him to fall in love with this lovely house and beautiful surroundings and now it is very much “home” to us both.
If you’ve been working in the on-premises data center (or small business server room) environment for decades, you’re likely to experience some discombobulation in response to a move to the cloud. Once the “settling in” period is over, however, you just might start to appreciate the “access anywhere” convenience, the flexibility, improved collaboration, the cost savings, and having someone else take care of mundane tasks such as the dreaded server software updates. Then the question becomes not “Who moved my network?” but “Why did they wait so long to do it?”