There’s a standard narrative in the cloud world. If you pay attention to the media generated around the cloud industry, you’ll be familiar with it. It goes something like this: in the early days of the cloud, security was a problem; cloud vendors focused on convenience and technology, not so much on the compliance, privacy, and security concerns that motivate enterprise IT departments; but that’s no longer the case — the cloud has come a long way since the early days and is now at least as secure as IT infrastructure solutions based on owned and self-managed infrastructure.
A recent study of over 600 enterprise IT professionals revealed that enterprise decision-makers aren’t sold on that narrative. Many have the same cloud concerns they had several years ago. The reasons for this aren’t hard to understand. Those concerns are based on legitimate worries about who has control over physical infrastructure and the data stored on it. In the case of the public cloud, it’s the cloud vendors, and that’s not going to change because it’s intrinsic to how the cloud works. Whatever convenience it may bring, the public cloud will always mean giving up a significant degree of control.
According to the report, 65% of those questioned were concerned about the state of cloud security. They’re right to be concerned. Their business depends on the security of the data it generates. I’ve known enterprise IT managers who regularly wake up in a cold sweat at the thought of what would happen to their job and their reputation if the private data of their customers leaked online. There are always security risks, but on owned or even colocated infrastructure, IT have insight into where their data is, the infrastructure on which it is hosted, who has access to that infrastructure, and the processes in place to guarantee the security of data.
The report also revealed that 37% preferred to invest in private cloud deployments and 44% thought hybrid cloud — a mixed public / private deployment model — is preferable. This accords with a pattern I’ve seen. Many organizations see the benefits of the public cloud for some use cases — cloud bursting, for example — but strongly prefer to keep business critical workloads running on owned physical infrastructure.
Other useful nuggets of information contained in the report include the revelation that 69% of companies are afraid that cloud migration increases the risk of unauthorized access to data, and 43% are concerned about account hijacking — a rogue user with cloud credentials can wreak havoc.
The cloud has a place in enterprise IT, but for reasons of security and performance, bare metal clouds on owned physical infrastructure are the best bet for enterprise deployments.