Public and multi-cloud configurations imply various types of risk: financial risk, privacy risk, and regulatory risk.
Let’s sum up some of the more important concerns about cloud computing.
Security, trust, and ownership
How do you secure your applications and data—and your financial assets upon which they rely—when someone else is running your software, servers, and infrastructure for you in the cloud? How can you trust your cloud provider’s security policies—policies that you don’t directly control?
The conventional wisdom is that your security depends on the components you actively control. But at what point does attempting to hold onto control with on-premises IT strategies threaten your organization’s agility and competitiveness?
It is important to recognize that security in the cloud is not a monolithic entity, and that you are responsible for owning your overall security strategy. An infrastructure as a service (IaaS) cloud provider is responsible for IaaS-level security but not more than that. That’s your job.
Complexity of deployment and execution
The greatest hurdle in deploying multi-cloud configurations is often their inherent complexity. By definition, multi-cloud deployments involve different technologies, interfaces, and services—even different terminology.
So, where does that leave you? Without the standardization of terminology or methodologies among cloud vendors, you need to orchestrate your infrastructure and application components in a way that rises above what individual providers supply. That’s not easy.
What happens when you don’t have proper or sufficient cloud governance?
“Bad things happen,” says cloud consultant and author David Linthicum, including bad things such as “million-dollar cloud bills resulting from resources that are overprovisioned without limits or restrictions.”
To mitigate financial, regulatory, and other acknowledged risks, governance needs to pervade all layers of the cloud. Governance must extend to the physical layer (the native realm of the provider), the virtualized services layer (including compute and storage resources), the networking layer, and the application layer.
Linthicum says that applications are especially important because when they “are not governed as well as—or better than—the cloud infrastructure that they run on, you take the risk that the apps will be used in incorrect and possibly harmful ways.”
What’s more, when processes occurring in the cloud lack transparency—when you can’t see what is running inside the workload, where the workload is running, or when the workload is scheduled to run—governance quickly breaks down, and along with it, control and security.
You can innovate with confidence and trust
But the important thing to remember is that these cloud computing concerns should not get in the way of your transformation. Organizations are experiencing a rate of innovation that is unprecedented, and a heightened focus on orchestration, policy (including enforcement of that policy), and governance can pave the way for technology-driven companies to innovate at speed with complete confidence and trust.
In other words, you can have your cake—and eat it, too.
To explore both concerns and possibilities for a multi-cloud environment, please read our white paper: How to Get the Multi-Cloud Business Advantage Without Sacrificing Security or Control.