New Rules for Moving to the Cloud ... or Not

New Rules for Moving to the Cloud ... or Not

Assessing whether a workload should move to the cloud depends upon a different set of factors today: regulatory, demand, processing needs, internal skills and culture, cost, and corporate finance considerations.

Matt Gerber is CEO at Digital Fortress.

Let’s face it, the issues we were talking about a couple of years ago – security and reliability – are no longer barriers with public cloud. That’s not to say there aren’t risks in the cloud, just as there are inside a company’s walls, but cloud providers are generally well-prepared to defend against the next wave of hackers and other threats. AWS, for one, continues to offer new protections, such as encryption-as-a-service. Third-party products and services are also on the rise. Research firms predict strong growth for cloud security, with Synergy Research reporting 20 percent growth for the sector in 2014. As well, many mid-sized company CIOs and IT managers are acknowledging that AWS and Microsoft can do a better job running a secure and reliable data center. Assessing whether a workload should move to the cloud now depends upon a different set of factors: regulatory, demand, processing needs, internal skills and culture, cost, and finally, corporate finance considerations.

Regulatory and Compliance

When examining infrastructure hosting options, a company should first weigh any auditing or compliance requirements, especially if violating them results in hefty penalties. Banks and financial services companies, healthcare and life sciences organizations, and other enterprises capturing sensitive information about consumers must comply with a host of specific rules affecting how and where data is handled. Industry regulations, such as HIPAA, PCI and the European Union Data Protection Directive, will require certifications by cloud and hosting providers, and may preclude use of the public cloud altogether. The onus is on the customer to ensure that cloud and hosting providers are following recommended practices for compliance. In the case of an audit or electronic discovery warrant, a company may need to provide access to data wherever it’s hosted, within days. The scope of regulation to which a company must comply will help determine the optimal decision when choosing a hosting partner.

Demand and Processing

The sage advice has always been that if a workload has widely varying, unpredictable demand, go to the cloud, where it’s easier and cheaper to scale up and down at a moment’s notice. Another scenario made for the cloud are those apps and services which are predictably unpredictable, such as a business with the bulk of sales occurring during holidays or on a seasonal basis. However, in a steady-state heavy data processing or high-performance computing environment with a continuous and predictable workload, such as for processing stock trades or managing a 24X7 manufacturing floor, it can be more cost-effective to buy hardware to run the application. A general rule is that for consistent workloads, a fixed infrastructure with a fixed cost may deliver better economics. Conversely, applications with drastic spikes of minimal activity and high activity will likely run more cost-effectively in the on-demand environment of the cloud. These decisions can be complicated and may result in a back-and-forth strategy when they aren’t studied carefully at the beginning. Take Zynga, the online gaming company known for the popular Facebook game, Farmville. The company began with its own data center; then when Farmville went into the stratosphere, it moved everything over to AWS to manage the load. In 2011, Zynga decided to build its own data center again, this time customized for the specific needs of its users. Today, the company has decided to move back to the cloud and AWS, given the high cost of managing the data centers. One could argue that in a predictably unpredictable industry like gaming, it makes sense to look at cloud before investing in infrastructure.

Skills and Culture

The more we learn about the cloud, the more we know it’s not a simple shift for a larger company with an established IT department. It requires new workflows, different tools and management processes and effective business collaboration. Take the time to conduct an internal assessment of attitudes, willingness and skill sets needed for moving to the cloud. Without buy-in from the ranks at the top, moving to the cloud is a grim proposition. This tale of failed change management has played out over many different phases of IT in years past – remember the multimillion ERP failures? IT leaders have a job to do in building awareness and providing reachable career paths. There’s also the investment of time (and patience) needed to retrain or rehire people, which if it doesn’t go well and results in delays in launching competitive business strategies, the CIO is the one losing her job. Another option is to bring in an outside team to fill the skills gap, yet that also requires a proper fit. Contractors must be able to interact successfully with the internal team. Moving from traditional to cloud infrastructure is exciting but can be painful; companies may need to take this process in steps by first moving to a hybrid environment.

Capex Vs. Opex

Depending on the industry and business stage, companies may have an orientation toward capital versus operational expenses, which can affect whether going to the cloud is viable. If a company’s cost of capital is low, and a company is capital expenditure-oriented, it would be more inclined to purchase technology versus rent it. If a company’s cost of capital is high, or there are other balance sheet considerations, very often it makes sense to shift purchases to operating expenses, and cloud is a way to do that with IT infrastructure. There are, of course, other decision factors that might sway companies to move to the cloud, such as on-demand pricing (pay-as-you-go), avoidance of unpredictable maintenance, support costs for hardware, and “hidden” data center costs such as energy bills.

There’s no one-size-fits-all cloud strategy – and there probably never will be. Companies are deploying combinations of private cloud, on-premise, hybrid cloud and public cloud to reach their goals and manage risks. Consider, too, that a strategy which makes sense today may not make sense in a year or two – particularly if your business is young and growing quickly or in the middle of a merger or reinvention. It’s always smart to reassess plans and providers annually to make sure that your infrastructure matches business and customer needs.



Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.