Moving to the Cloud

Today, there are many companies contemplating moving to the public cloud, but are unsure whether they can, whether they need to, or whether it is safe to do so.

The availability of high-speed fibre lines means that moving to the cloud is highly feasible. Business fibre lines are reliable, and the cost of bandwidth has dropped dramatically in the last few years. As more under-sea cables are laid, connectivity to almost any part of the world is becoming easier, faster and cheaper. Public cloud datacentres are also becoming more prevalent.

However: “Does it make sense to move my workload to the cloud?”

Workloads with high volumes of data moving back and forth may not make economic sense as public cloud providers charge for hosting as well as traffic. A typical example of this is a publishing or printing company where large jobs are worked on by copywriters or graphics designers and stored before being sent to the printing presses.

The benefits of moving to the cloud are significant, some of these include:

  • There is no need to purchase new hardware or refresh older hardware. The financial model moves from Capex to Opex, reducing the assets on your balance sheet.
  • The ability to sweat existing assets. If you move your desktop to the cloud, older hardware can be used for longer. These can later be replaced with more cost-effective, less powerful devices since much of the computational work will be done in the cloud.
  • Lower maintenance costs. Depending on the cloud model, application upgrades become the responsibility of the provider.
  • Flexible licensing.
  • On-demand scalability. You no longer have to purchase large servers where processors may be idle most of the time. Cloud computing provides scaling as and when you need it.
  • Increased reliability and disaster recovery.
  • The ability to support remote working wherever there is an internet connection.

One of the best workloads to move to the cloud is email. As a Software as a Service (SaaS) platform, the benefits are:

  • Ease of setup, maintenance, and operation.
  • On-demand licensing.
  • Accessible anytime, anywhere on any platform.
  • Automatic and non-disruptive upgrades.
  • Better collaboration.
  • Built-in policies, controls, and reporting.
  • Online anti-spam, anti-virus and anti-malware protection.

The next question we are often asked: “Is cloud safe?”

A breach could be catastrophic for a cloud provider, where a loss of revenue due to lack of customer confidence may occur, and even lawsuits and regulatory fines could apply. This is why providers such as Microsoft, Amazon and Google spend millions of dollars annually on keeping their clouds secure.

Most importantly, security is always a shared responsibility.

Depending on the level of participation that cloud plays in a business, the responsibility shifts from customer to provider. When on-premise, the responsibility for all aspects of security remains exclusively with the customer. With SaaS, most of the responsibility is with the provider. However, data classification and accountability will always rest with the customer, whilst identity and access management are a shared responsibility.

For the Infrastructure as a Service (IaaS) model, the provider is only responsible for the physical security of the environment, although they do share security of the host and network with the customer. In this regard, the traditional security precautions that are implemented for on-premise are equally relevant:

  • Firewalls need to be established.
  • Traffic and servers need to be segmented and rules put in place to manage traffic flow.
  • Monitoring and reporting need to be established.
  • Disaster recovery plans need to be in place.
  • Governance and risk compliance needs to be followed.
  • Web-facing applications need to be secured and protected.

Regardless of the chosen cloud strategy and operations, data security and business continuity are the top priorities for the selected provider to get right.

The following two tabs change content below.

Andrew Smith

Andrew is a senior systems-engineer with over 20 years experience in corporate and small business environments. This includes consulting for large ICT service providers. He has supported systems at every level in the organization, including infrastructure, operating systems, applications, and perimeter protection. He also collaborates with software development teams on web, database, and infrastructure security. Andrew has co-founded multiple ICT businesses, where he advises on cybersecurity strategies and policies. Andrew has a 3-year National Diploma in Electronics (light current).

Latest posts by Andrew Smith (see all)