Cloud Myths - Sanjay Kumar


See how experts and industry analysts take on prevalent myths surrounding the cloud.

While the Cloud eliminates numerous challenges in environment management, particularly in the area of deployment it is also creating new ones, like in the area of change monitoring and configuration management.

The myth and mistaken assumption has been propagated that monitoring applications in a cloud is only slightly different from monitoring traditional internal enterprise applications. That assumption is far from the truth.

To bring more clarity to managing the data center in a cloud platform, we illustrate and explore some of the prevalent and persistent myths surrounding cloud-based operations, revealing the truth.

Myth: Cloud Configuration Management is Less Complicated for IT Operations

Take the management of the automation deployment infrastructure. This is still another software system that itself must be installed and maintained.

There is the mistaken assumption regarding script-driven deployment, that you don't need to check the scripts. However, like any other software system, scripts could be quite sophisticated, with varying tasks executed based on parameters.

The actual results of the scripts execution, i.e. the actual configuration needs to be analyzed and controlled together with the scripts themselves. When errors occur in the automated scenario, they happen on a much larger scale, and hence additional processes and tools are required to recover from them.

Cloud configuration management is also affected as there is no control of artifacts or monitoring across environments, making partial deployment rollback extremely difficult. When deployment errors occur, lacking the ability to easily investigate the errors and recover can lead to failed launches, with costly downtime delays.

Let's Trade Myths For Reality: What Are You Really Doing In The Cloud?

Today In my oodles of conversations with enterprise clients about cloud, there isn't a day that goes by without some myth about cloud use coming up. It's time we, together, did something about this.

If it's not "devs are only using it for test & dev," then it's "all those cloud apps are noncritical experiments." The other common ones are "it's all startups and web businesses" and "nothing critical is going there because of security." I use our ForrSights survey data, aggregated learnings from client inquiries, and evidence gathered through case study analysis to refute these rumors - all of which are untrue - but some beliefs just won't die. This week, we published an update to our definitive report from 2008, "Is Cloud Computing Ready for the Enterprise?" that shows that, yes indeed, the leading clouds have matured to the point that there are few legitimate excuses left for not using them. Who isn't ready are the enterprises - IT ops team in particular. And frankly, many enterprise IT ops teams aren't moving quickly enough to get ready for cloud because they don't see the sense of urgency - they believe the myths above.

5 Big Myths Of Cloud Computing

We are living through a wave of cloud computing hype. It seems like there is a new cloud feature or product being launched by big technology companies almost every day - and sometimes concurrently - and the cloud is at the center of all the important tech industry discussions today, from job creation and destruction to the growth and decline of companies. This hype generates a number of false expectations and concerns that may lead companies into making bad decisions about the technology.

The simple possibility of helping people avoid bad decisions would be reason enough to look into these “myths” that surround the cloud, but other advantages may also come from this exploration: a better understanding of fundamental concepts that can help in the dialogue between vendors, early adopters and those who are still holding back.

The Myth of the Green Cloud

For a few years before the 2008 crisis hit the world’s economy, being green was even more fashionable for tech companies than being in the cloud is today. Green IT movements were in full force, and some cloud vendors have been once again raising this banner claiming that moving to the cloud is the greenest decision a company can make. The logic behind this myth is that cloud data centers can optimize the use of computing resources, making them more efficient than any privately-owned data center around.

This, however, is only partly true. What most companies forget is to look for the source of that energy for their data centers. If you operate your own servers in a country where most energy comes from renewable sources (such as Brazil, with a large percentage of hydroelectric power), and you move them to a cloud based in a country whose energy matrix is dominated by thermoelectric power (coal and oil), the net effect may be an increase in your company’s carbon footprint. Any cloud is only as green as its power sources.

The Myth of “No More IT Worries”

This is one that almost always causes troubles for first-time cloud users. People move their servers/applications to a cloud environment (IaaS or PaaS) and think that everything will be magically backed-up and updated regularly and that multiple server copies will be hosted on redundant servers without them having to ever worry about it again. This is not true. In fact, Rackspace has been sending out emails to its customers warning them that cloud servers don’t come with automated backups enabled, and that they must do this manually. The same thing goes for having contingency servers: you must set this up manually.

The Myth of 100% Uptime

This is perhaps the culprit of the “no worries” myth above. Service providers, especially on the IaaS level of the cloud stack, have for some time been offering 100% uptime guarantees. What they don’t seem to understand is that no technology is foolproof. I haven’t heard of a single service provider out there that has actually been able to deliver on this 100% uptime promise for all customers, so this is simply a misleading promise that may make newcomers feel more at ease than they should. As I’ve said before, your cloud servers will eventually suffer downtime, and you better be ready for it.

The Myth of Security

The second most discussed issue about the cloud is security, and saying that the cloud is less secure than a private setup has become sort of a knee-jerk reaction for many companies. The truth of the matter is that the cloud by itself is no more (nor less) secure than anything else. On one hand, having services and data concentrated on just a few data centers makes these places much better targets; on the other hand, the concentration increases the likelihood that security patches and updates get properly applied to servers. Who is more likely to maintain updated servers with security monitoring: Rackspace or the thousands of small businesses with Windows XP servers out there?

That is not to say that security shouldn’t be a concern. In fact, cloud vendors tend to downplay security to such an extent that it only makes companies more worried about what is going on. What they need to understand is that in order to keep the cloud secure, they need to work together with their customers to establish the proper processes. And, in working together, they need to share the responsibility for the security of the environment as a whole.

The Myth of Cost Savings

Saving the best for last, we come to the greatest enduring myth about the cloud: cloud computing will result in great cost savings for companies. It won’t. Cloud computing is about the optimization of computing resources, not their reduction. It allows savings only in the sense that you no longer have to provision servers based on your peak demands, but can instead dynamically grow and shrink your capacity as necessary, paying only for what is in use. If your computing resource needs are fairly steady, there isn’t any real gain.

One possible origin for this myth is the fact that, by using the cloud, startups can avoid spending large amounts of money upfront on infrastructure or software licenses. They perceive this lack of upfront investment as cost savings, even if in the long run they may actually spend more.

Myths are a natural part of any hype cycle. Some come from vendors who are overeager to please their customers, others from early adopters who desperately want to defend their positions. By looking at them in a detached manner, we can improve the dialogue surrounding the cloud. While I tried to cover the greatest cloud myths, this list is far from complete.

2 More Cloud Myths Busted: Lock-In And Locked Up

The world of cloud computing grows like a weed in summer, and many assumptions are being made that just aren't correct. I've previously exposed four cloud myths you shouldn't believe. Now it's time for me to climb up on my soapbox and correct a few more.

Myth 1: Cloud computing is bringing back vendor lock-in.

The notion that using cloud computing features (such as APIs) created by one provider or another causes dreaded lock-in seems to be a common mantra. The reality is that using any technology, except the most primitive, causes some degree of dependency on that technology or its service provider. Cloud providers are no exception.

Here's the truth about technology, past, present, and future: Companies that create technology have no incentive to fly in close enough formation to let you move data and code willy-nilly among their offerings and those provided by their competitors. The cloud is no different in that respect.

We can talk about open source distributions and emerging standards until we're blue in the face, but you'll find that not much changes in terms of true portability. As long as technology and their service providers' profitability and intellectual property value trump data and code portability, this issue will remain. It's not a new situation.

Myth 2: Cloud computing use will put you in jail.

Yes, you need to consider compliance issues when moving to any new platform, including private, public, and hybrid clouds. However, stating in meetings that moving data and processes to cloud-based platforms somehow puts you at risk for arrest is a tad bit dramatic, don't you think? Yet I hear that attention-getting claim frequently.

We've been placing data, applications, and processes outside of our enterprises for years, and most rules and regulation you find in vertical markets (such as health care and finance) already take this into account. Cloud computing is just another instance of using computing resources outside your span of control, which is nothing new, and typically both perfectly legal and not at all risky. Cut out the false drama as an excuse to say no.

7 Stubborn Myths About Cloud Computing

Early adopters of the cloud had to iron out a lot of teething troubles. Because of their pioneering work, building and deploying a cloud is now much easier, making the benefits available to all kinds of businesses, says Gerry Carr, Director of Communications at Canonical.

The cloud has been the preserve of technology-focused companies until recently - but not any more. IT departments across all industries are getting interested in what the cloud can offer - from increased service flexibility to lower capital expenditure and infrastructure costs.

Although many companies are turned on to the cloud, there are still barriers to adoption. A common one, for example, is the lingering perception that cloud environments are too complex, difficult to deploy and onerous to manage.

Here, we show how the cloud has come of age, and de-bunk some common cloud myths that are holding back adoption.

Myth 1) Building a cloud can take months

Not any more. The whole operation now takes just a few days. This is largely thanks to the global open-source community, which has developed great tools speeding up cloud deployment - from installing and configuring physical servers in the cloud, to creating, deploying and scaling cloud-based services dynamically.

Myth 2) You need new hardware to deploy a cloud

Not necessarily. The best cloud solutions can be deployed on your existing X86 hardware - increasing server utilisation and performance. What's more, you can convert old servers into additional compute nodes - increasing your processing capacity at no extra cost.

Myth 3) There aren't many applications available for the cloud

Not true. There are now a large number of excellent open-source applications designed specifically for the cloud - from databases and web-based applications, to big data applications.

Myth 4) Developers need to learn new languages to deploy services in the cloud

No. While working with new languages such as Node.js or Go is useful if you want your cloud-based apps to look like desktop apps, they're far from essential.

Myth 5) It's complex to move from public to private clouds (and vice versa)

Only if you choose proprietary platforms, which use their own APIs. By choosing the best open-source clouds instead, you can ensure compatibility with all the major public and private clouds, and move workloads around easily in the future.

Myth 6) The cloud isn't secure

It is if you do things right. If you take services from a public cloud provider, you should review the security service level agreement (SLA) thoroughly. If you're building a private cloud, you should standardise the way software is deployed in the cloud and regularly review your firewall rules.

Myth 7) It's hard to support a cloud environment

Not at all. There are now great support packages specifically designed for open-source clouds - both public and private.

As we've seen here, the old barriers to cloud adoption are falling away. This is largely thanks to the immense effort of the global open-source community, which is building cloud products and standards that simplify cloud deployment, management and support.

4 Cloud Myths That Won't Go Away

You would think that rank-and-file IT staffers and leaders would understand the advantages and disadvantages of cloud computing by now. However, the misconceptions continue to show up, some of which are disconcerting. Here are a few of the most common:

If I use public clouds, I give up security.

This one is tossed at me about once a day, and I've addressed it in this blog many times. The fact is, when you use public clouds, you do not necessarily put data and processes at a security risk. The degree of risk comes down to your planning and the use of the right technologies -- just as it does in an on-premises deployment.

Cloud computing will put my job at risk.

Chances are, if you're worried about the use of some technology taking your job, you're already at risk. In reality, cloud computing won't displace many jobs in enterprise IT, but IT roles and responsibilities will change over time.

Cloud computing is an all-or-nothing proposition.

Not really. You can move to cloud-based systems, such as storage and compute services, as needed, both intersystem and intrasystem. Moreover, you can move in a fine-grained manner, shifting only certain system components, such as user interface processing or storage, and leaving the remainder on premises. You do have to consider the colocation of data for data-process-intensive system components.

Cloud computing requires a complete replacement of the enterprise network.

This is true only if your existing network is awful and needs replacement anyway or if you plan to keep most of the data in the cloud, with the data processing occurring within the firewall (a bad architectural call). Other than that, bandwidth is typically not an issue. However, bandwidth does need to be considered and monitored, as it is a core component to the overall business systems that use cloud platforms..

3 Myths Clouding CIO Judgment

For today's CIO, the perceived barriers to cloud computing remain security, regulation and compliance. The danger that data loss poses to brand equity, customer trust and share price is just the same whether data is stored in a cloud computing or traditional infrastructure model.

The severity of the issue is reflected in legislation like the recent Criminal Justice and Immigration Bill which states that the Information Commissioner's Office (ICO) now has the authority to levy fines of up to £500,000 on organisations who recklessly lose confidential or personal information.

Security quite rightly should be at the top of every CIO's agenda but there are a number of myths that lead to over-simplification or indeed dangerous assumptions about cloud computing. In light of this, we explore three myths that we have encountered recently and why they may be distracting CIOs from the real questions that need to be asked.

Security and compliance are "external issues"

Whether you choose to place your data "in the cloud" or create a hosting platform from dedicated servers, security must remain your concern. Security cannot be handed over wholesale to a cloud service provider because the very real question of security policies and procedures concerns your users as well. Firewalls and the rules that govern them still stand irrespective of whether infrastructure is virtual or physical. Likewise the usual security processes such as changing passwords and enforcing permission levels need to be observed within your organisation.

These are simple examples but they serve to illustrate the point. Robust data protection is critical to preserving the brand value and reputation of any company. Every week there seems to be another high profile example of a security breach undermining customers' trust in a brand, whether that is an online gaming site; web retailer or even government department. Regulations regarding security, control and privacy of data are complex. CIOs need to be certain that their service providers can help them navigate these rules and clearly understand where the responsibility for applying each part of the security policy sits.

Better SLAs will give sufficient protection

To some degree, the question of SLAs reinforces the same point. If you are using a traditional managed hosting service to host your data, you will ask for a robust SLA that leaves you confident that you can deliver on your SLA to the business. Businesses adopting cloud computing need to take the same approach.

However, relying on the SLA alone does not guarantee performance. It may mean there are penalties in the event of downtime, but that is cold comfort to an ecommerce organisation at the height of their busiest season faced with a website that has been offline for hours. Uptime availability figures aren't enough. 99.99% uptime may sound impressive until you work out the cost of 0.01% downtime.

CIOs should be asking the same questions around cloud services as they would do about any other IT service they use. What is your organisation's tolerance to downtime? What is the disaster recovery and back up service available? What will happen in the event of a failure at any point in the service? This does not point to lowest cost, best endeavours service. Economy of scale should mean that your chosen service provider is able to invest to minimise these failures.

CIOs have to be confident their service provider is able to respond and support their business, especially in the face of a "disaster". Furthermore this should form a key a part of your organisation's business continuity plan.

Private cloud is inherently more secure than public cloud services

Cloud services have moved on since the first definition from NIST in 2009. The background of early public cloud services has contributed to the perception that this type of cloud has lower levels of security. Private cloud should not be seen as a guarantee of security. Private cloud is dedicated to your organisation. By definition this can reduce the risk of using a platform shared by many customers, but again it is only as secure as the policies and procedures that you enforce. Firewalls still need rules. Data centres still need physical security. A private cloud can be more secure than a public cloud, but like any other system it is at risk from poor housekeeping and human error. Assumptions should not be made.

The decision criteria for private or public cloud implementation should be far wider than which is perceived to be more secure. As a CIO you will be asking what your organisation wants to achieve. Is it cost savings, speed to market, or flexibility to scale up or down, or more likely, a combination of all three?

As one of the most significant changes in IT in a generation, cloud computing can deliver real benefits in the way organisations consume IT. However, like any significant business change, careful consideration needs to be given to what the organisation is trying to achieve and why. Our own annual CIO cloud research demonstrates that the majority of businesses are using or piloting cloud computing services across parts of the enterprise, but very few businesses are deploying cloud services 'in full'.

The deployment of cloud services across the entire enterprise was only 16 per cent, while deployment of cloud services 'in part' averages out at 35 percent. This demonstrates that companies are engaging in cloud computing, but very few are making or will ever make the shift to cloud computing outright. Cloud computing is not simply about buying CPU cycles at the cheapest rate, it represents a fundamental change in how we consume and take advantage of IT. The consumerisation of IT is increasing this rate of change and old methods just won't hack it. While going on this journey from old methods to new is daunting, choosing who you take with you on the journey is perhaps the most important decision any CIO can make at this stage.

6 Biggest Cloud Computing Myths

It’s insecure.

People are afraid of losing control,” says Leandro Balbinot, CIO of Brazilian retailer Lojas Renner. But “just because your data is somewhere else, doesn’t mean it’s less—or more—secure,” says Accenture CIO Frank Modruson. Test, monitor and review. That’s the only way to mitigate risk in or out of the cloud.

It’s simple.

Vendors will always tell you it’s a turnkey implementation,” says Carmen Malangone, global director of information management for Coty. “But moving customized systems to the cloud takes time—eight months or more to standardize and test in the new environment.” And modify cloud systems with care. “Configuration can quickly become customization and each upgrade will be a major headache,” says Malangone.

CFOs love it.

Here’s the pitch: The cloud turns sunk capital expenditure (capex) into flexible operational expenditure (opex). But your company may not want that. “The assumption is that there’s an economic preference for opex over capex,” says Mark White, CTO of Deloitte Consulting’s technology practice. “But not every business wants opex; some want capex.” The years of friendly capex tax depreciation left on a data center may be most important.

The fact that it isn’t done much doesn’t mean that it can’t be done at all. Balbinot, for example, is running a billion dollar business’ core retail systems in the cloud.


Malangone was looking at a cloud-based single-sign-on tool, but with each additional application and user, the bill rose. “[The tool] was a great idea,” he says. “But you have to negotiate the right price based on your expected growth.”

Only the business benefits.

Most CIOs funnel cloud savings to the business. But there’s no law against reinvesting in IT. “I take some of my cost savings and put it into team building,” says David Riley, senior director of information systems for Synaptics. “We need to keep morale high.”

It can’t be used for core systems.

The fact that it isn’t done much doesn’t mean that it can’t be done at all. Balbinot, for example, is running a billion dollar business’ core retail systems in the cloud.

It’s always cheaper.

Malangone was looking at a cloud-based single-sign-on tool, but with each additional application and user, the bill rose. “[The tool] was a great idea,” he says. “But you have to negotiate the right price based on your expected growth.”

Dispelling the Cloud's Myths

The pace of cloud computing will only accelerate in 2012. The increasing development of information technology, and the intense focus on cost reduction, are highlighting the benefits of moving IT administration off-site. And one cloud computing expert wants CFOs to be aware of the short-term challenges and long-term benefits to organizations.

"Large enterprises must realize cloud computing will not(in all cases) provide immediate cost benefits to their organizations," Sadagopan (Sada) Singam, global vice president, cloud computing, of HCL Technologies, said in a recent interview. CEOs and CFOs "must understand how cloud computing technologies will drive long-term benefits two to three years following the initial implementation."

Many organizations look for cloud computing technologies to provide immediate and sustainable cost benefits to drive bottom-line improvements. However, there are a number of implementation and security issues that CFOs must address with their IT departments before a successful cloud migration takes place.

Finance chiefs and their controllers must look at information security measures beyond the minimum standards required by legal and regulatory requirements. "We consider SAS 70 (Statement on Auditing Standards) as a basic standard for cloud computing security efforts," Singam says. "Companies must recognize the value and importance of their data and ensure they have multiple backups to protect their data and information."

Cloud computing gives companies of all sizes the opportunity to quickly scale their IT operations, and minimize the fixed costs traditionally associated with major implementation efforts.

However, moving to the cloud does present a unique set of challenges for organizations of all sizes. With many IT departments now reporting to the CFO, cost often becomes the key consideration during cloud implementations. When looking for the right cloud technologies, CFOs must focus on long-term productivity and value to their companies. Cloud computing is more than a passing fad, and companies must make sure they are focused on more than the next quarter's financial results when making their decisions on the future of their IT operations.

"Hard is soft and soft is hard when considering major changes," Singam asserts when advising CFOs on the key factors for cloud computing decisions. Organizations must focus on so much more than the hard, short-term costs when identify the right opportunities for their organizational IT.

Coming in part two of this blog: CFOs and their IT directors must understand the importance of hard costs, but they should not forget their employees who will ultimately be impacted by these changes.

There is Only 1 Cloud-Computing Myth

The only cloud-computing myth is that there are cloud-computing myths.

Instead, there are many articles about cloud myths, an endless parade of strawman arguments put out by writers, analysts, and marketers that lectures us on why we're so stupid to believe the "myths" that cloud is inexpensive, is easy to deploy and maintain, that it automatically reduces costs, etc.

Anyone who's ever written a line of code or approved an enterprise IT contract knows there are no simple solutions and no universal solvents in their world. Never have been and never will be.

However, there are many powerful arguments in favor of enteprises migrating some of their apps and processes to the cloud, and there is a separate consumer-cloud industry that allowed me to listen to Igor Presnyakov rip through AC/DC's "All Night Long" and Dire Straits' "Sultans of Swing" on my Android phone last night.

I thank Google for the latter opportunity, even as the company remains as enigmatic as Mona Lisa about what's going on behind the scenes.

It's too bad Google is not one of our great sharers, because the enterprise IT shops of the world could no doubt learn a lot more about cloud computing from watching Google at work than it can from using Google Apps.

Find Your Own Cloud

But enough whining. Each organization needs to find its own cloud, and this should be a rigorous, perhaps time-consuming process. Discussion of particular cloud strategies and vendors should come at the end of this process. First, figure out what you want to do and why.

A nice cost analysis is helpful, of course, but my brain starts to seize up when the term "ROI" is put into play. At this point, it becomes a contest to game the system and produce an ROI forecast that will have a false advertising of direct impacts of the technology on the company's business. When used to justify technology, ROI and its sinister cousin, TCO, are the enemies of business success.

A nice thing about cloud is that the heated political and religious debates over Open Source have been (mostly) replaced by practical arguments over which specific product, framework, or architecture provides the best option for a particular initiative. If discussion of cloud should come at the end of the overall decision-making process, discussion of Open Source should come at the end of that discussion.

Don't try to transform the organization overnight. This will happen on its own as more and more cloud floats into the enterprise. And don't believe in the myth that there are cloud myths. There aren't; only more wondrous technology that needs to be examined carefully as you continue the eternal quest to keep things as unscrewed up as possible in your organization.   


© Sanjay Kumar 2018