(originally posted on LinkedIn at: 4 Things Your Cloud Provider Isn&#39;t Telling You | Harrison Holland | LinkedIn)
It’s no secret that there are a lot of advantages to using the cloud. Because it offers capabilities that are scalable, reliable, and nimble, many businesses have saved money by transferring operations to the cloud. However, cloud service providers aren’t charities. Their goal is to sell you a service as profitably as possible, and that means they are not going to volunteer certain information that is relevant to your decision. In this post, we’ll outline a few facts that cloud providers know but aren’t eager to share. Once you know what they know, you’ll be able to make better decisions when planning your move to the cloud.
The first thing cloud providers don’t tell you is about portability. Because they must invest in expensive hardware and facilities, a cloud provider’s costs don’t decrease much when they lose a customer, but their profits do. No matter how easy their salesmen tell you it is to move operations on and off the cloud, these providers are very, very eager to keep customers from leaving, and they are under no legal obligation to make your move easier.
You can indeed have a painlessly portable cloud system IF you build it from the start with adaptive enablement in mind. You need to have access to every layer in the stack, and you need to virtualize every layer. Otherwise, you are building a system that can’t be moved without a near-total rebuild. Be extra cautious if you’ve contracted the cloud provider to build part of your system because they’ll be happy to make this mistake for you. You will be locked into their service and because building layers that aren’t virtualized is cheaper and easier (the first time) you’ll have a hard time proving they acted maliciously. (For more on adaptive enablement, check out this Q&A)
It can’t be stated enough. You are responsible for not falling into this trap. If you don’t design your system to be adaptively enabled, a move that could take a couple weeks might instead take six months. You’ll be paying all the additional costs associated with cloud flexibility without actually getting any flexibility.
The second fact that cloud providers don’t like to disclose is financial. Cloud providers, especially small ones, don’t want to tell you how their business is doing. They are caught in a Catch-22. If they can’t get new customers, they are unlikely to stay in business, but if they seem unlikely to stay in business, they can’t get new customers. If they are struggling, the last thing they want to do is make that known to potential or existing customers for fear of causing everyone to run for the exits.
But what’s best for them is not what’s best for you. Even in a best-case scenario where you can extricate your business successfully, migration and system down-time are very expensive. And such a clean break is rare. An ethical provider may give you a few weeks of lead-time to move your business off before they terminate service, but if you are deeply integrated, that may not be enough. An un-ethical provider may not even give you that courtesy. And even if you don’t have any technical integration (using a stand-alone software service, for instance) your team won’t have access to a tool they depend on until they can be trained to use a replacement. You should insist on seeing detailed financial forecasts from all potential cloud providers before you make your choice, and if they refuse to provide you with this information, you should assume the worst.
Cloud providers are also reluctant to discuss data storage. All things being equal, these providers prefer to put their facilities where they will cost the least, and sometimes that means they are placed in unsavory countries. The nationality of the data’s owner and the country in which it originated do not matter under international law. The only laws that apply are those of the country the data is passing through or being stored in. If your data is passing through a country without privacy protections, that country’s government is free to copy anything that is passing through. For example, if your CAD files are being stored in a country without data protections, that country might copy the files of your next-gen product and pass them on to one of your state-sponsored competitors. Medical records, criminal records, classified documents, financial information – these are just a few examples of files that could expose your business to litigation if compromised by foreign governments. Cloud providers also occasionally move your data.
Cloud providers want to get a good deal on their hosting facilities. Make sure it’s a good deal for you, too. Find out exactly where your data is being stored, and what privacy laws apply. Providers will also occasionally move your data. Sometimes they are closing or merging facilities, sometimes they are replacing the hardware your data is stored on, but you need to require your providers to inform you before they move your data.
The last factor you should consider before moving to the cloud isn’t so much a hidden danger as it is a hidden cost. SaaS and PaaS providers normally provide their users with comprehensive security measures, but for infrastructure, this is not the case. IaaS providers will give you a firewall and some level of protection against DDoS, but as any cyber security expert will tell you, that doesn’t protect you against most methods of attack. It’s the technological equivalent of a steel door in a paper wall. If you want even basic security measures, like intrusion detection software, you have to provide them yourself. In other words, just because Amazon is hosting your system does not mean you are as secure as Amazon. If you are purchasing IaaS, your provider won’t do security for you. You need to factor your security needs into your design and cost forecasting.
None of this is meant to suggest that the cloud should be avoided. For many businesses, it’s the perfect solution to their needs. However, like any buyer-seller relationship, this is a zero-sum game. Just like you, cloud providers are trying to secure the terms most favorable to their business, which means they won’t be forthcoming with certain information . By developing a deeper understanding of how these providers operate, you’re in a better position to ensure the needs of your business are being met and to avoid nasty surprises. Good luck!
TL:DR; Your cloud system isn’t portable or secure unless you design it to be. Make sure your provider isn’t going out of business or storing your data in the Kremlin.