A second wave of cloud migration is now happening after the initial hiccups of
- Misaligned Expectations
- Increased Data Exposure and Administrative Surface Area of Risk
- Choice of newer better cloud options now available after initial “wrong choice”
Reaction to Shadow IT: A significant amount of public cloud use over the past few years was done without IT oversight and approval. As companies develop their formal cloud strategies, it often means moving away from the cloud provider that was initially chosen by a line of business or an individual group and moving to a different public/private cloud or even back onsite.
Misaligned Expectations: Many companies are realizing that they had not accurately estimated things like cost savings when they selected their public cloud environment. For example: while migrating data into a public cloud may be inexpensive, many companies have been surprised by the hidden cost of extracting data from these environments or moving data between regions. Also, without constant monitoring and management of public cloud environments, many enterprise companies failed to efficiently decommission under-utilized workloads and therefore never realize any significant pay-as-you-go cost model savings.
Another area of misaligned expectations is in technical support. Simply put, most large public cloud providers do not offer the level of technical support expected by the majority of enterprise companies. This issue becomes critical given that the typical enterprise company may only have a handful of internal employees that have a deep understanding of public cloud architectures. When you combine limited cloud expertise with the inability to get enterprise-level phone and tech support, we often see the “scaling or phase two” portion of cloud projects hit an impassable roadblock.
Increased Data Exposure and Administrative Surface Area of Risk:
While network-layer and physical security in public cloud data centers has proven to be adequate for most enterprise companies, many CISOs and security execs are very concerned about the risk of data exposure. This risk can be greatly increased in public clouds for two reasons:One, there are new administrative accounts that will have access to data and workloads. These accounts must now be managed and monitored by the IT security team and these accounts represent both a data exposure risk and a data protection risk (for example if an admin accidentally deletes a workload that hasn’t been backed up).
Two, the ability for multiple copies of sensitive data to be replicated in a cloud environment. This may be due to the public cloud provider’s underlying replication technology, or simply due to a company’s lack of data security controls in a cloud environment. For example, if a company had planned to implement business analytics in the cloud, it may require multiple copies of sensitive data to be sent to the cloud in order to complete the analysis reports. Even if this data is protected with encryption and identity management, a simple identity breach (the most common type of breach today) could expose that data in cleartext.
The result of this increased risk, especially given today’s threat climate, is causing many companies to abandon certain cloud projects unless more comprehensive data protection technologies (such as tokenization or data masking) can be implemented.
Choice: One of the simplest reasons for these statistics is the recent availability of choice. While it may be hard to believe, computing giants such as Google, Microsoft and VMware had no public cloud offering for enterprises just a couple years ago – and even companies like IBM had only very limited private and hybrid cloud options. As enterprises develop a more mature cloud strategy, they are now able to select the best cloud environment for their individual cloud projects.
Second wave of cloud migration
As these initial experiences and hiccups have been encountered, understood and dealt with, we are seeing a more serious and consolidated move to the cloud – a second wave of cloud migration.