It’s taken a number of years for many enterprises to trust the cloud to protect their business data in servers that are often far, far away. Progress has been made; twelve years after AWS introduced its Simple Storage Service (S3) cloud in 2006, cloud storage and production workloads now comprise just over half of all IT processing in the United States.
While that may sound impressive, enterprises still often lag in cloud adoption when compared to other groups, such as startups and cutting-edge verticals, such as financial services. The pace of adoption is expected to slow down as more sensitive data is left in on-premises data centers due to security precautions.
On-premises storage and data processing are designed specifically for enterprise users. Tasked with helping customers move to the cloud, new-gen digital-experience platform maker Liferay is at ground zero of the tension between business users–who want more control and agility in their applications–and enterprise IT, which is hesitant to give up system control. In this eWEEK Data Point article, Fernando Areias, Business Director at Liferay, shares the key points to consider in making the cloud more palatable to IT management.
Data Point 1: IaaS vs. PaaS
Before you do anything else, it’s critical to understand the requirements you’ll be facing and what offering makes the most sense for you. An infrastructure-as-a-service (IaaS) provider, such as Amazon Web Services, Google Compute Engine or Microsoft Azure, offers a “no frills” path to the cloud with the greatest control over infrastructure. IT will continue to manage operating systems and middleware, but network and compute capacity is outsourced to an external vendor. In contrast, a platform-as-a-service (PaaS) provider will manage runtime, middleware and operating systems, leaving only applications and data to be managed by IT. There is no “right” or “wrong” deployment model, but it’s critical to understand the differences in what each model provides.
Data Point 2: Application monitoring and management
Application performance management (APM) is a key area of concern for IT. Internal IT departments want to understand how business applications are being used. If there are performance or usability issues, customers and internal stakeholders can become frustrated, so IT teams need a way to understand CPU, memory usage and other items to perform diagnostics as needed. Without an understanding of how applications or performing and how to resolve potential issues, IT will never hand over the reins to a cloud provider. Standalone APM providers include AppDynamics and Dynatrace.
Data Point 3: High availability
Availability simply refers to when a service or application can be accessed by a user. While some internal business applications may have less stringent requirements, mission-critical customer-facing applications will require near continuous uptime. A hospital cannot simply stop offering services to patients and staff. As a result, availability will be a major area of concern for IT. Availability is typically explicitly agreed upon in a service level agreement (SLA) between a vendor and customer, with many cloud providers offering availability rates of 99.5 percent or higher.
Data Point 4: Identity and access management
Every enterprise has compliance requirements, but those touching personally identifiable information (PII) face extra scrutiny. Failing to safeguard information can be ruinous for a business, leading to reputational damage and legal repercussions. As a result, IT will want to ensure that administrators are easily able to assign and remove employees from teams and assign individual permissions unique to each project environment.
Data Point 5: Security
Related to, but broader than identity access and management, is the question of security. More than anything else, concerns about security are the No. 1 reason that more enterprise workloads aren’t already in the cloud. It is true that there are threats unique to the cloud. For example, a hacker could breach one area of a public cloud to access other projects, or even other companies, with co-hosted data. Fortunately, this is an area where there’s been considerable improvement, and many cloud providers today offer security arrangements that match anything delivered by their on premises cousins. One way in which such security bona fides are proven is through certifications. Assurance of SOC 2 or ISO27001 compliance will go a long way toward making IT comfortable with a cloud deployment.
Data Point 6: Backup and recovery
The unexpected inevitably happens, and no one knows that better than enterprise IT departments. Servers go down due to hardware issues, software problems or natural disasters, and critical information is lost. Cyberattacks breach security systems and corrupt files. Beyond ensuring a high degree of uptime, enterprise customers expect that vendors will have a plan in case of the inevitable. Reputable cloud vendors, therefore, have technology in place to restore data to a previous state from a backup in case of loss. Absent backup and recovery systems, no enterprise IT department will entrust workloads to the cloud, much less those of a critical nature. Fortunately, hundreds of vendors, from large providers such as Dell EMC to fast-growing players like Veeam, compete in the enterprise backup and recovery space, so many standalone solutions are available.
Data Point 7: Bring IT and the business together
It’s often forgotten, but moving to the cloud is not strictly a question of technology. It’s just as much, if not more so, a question of satisfying the needs of various stakeholders. More than anything else, the linchpin of a successful cloud strategy rests on having IT and business units on the same page regarding goals, timelines and costs. Unfortunately, this is one thing that no external vendor can do for you; it’s up to your business to define the metrics for success and what it will take to get there. But the rewards, in terms of increased scale, agility, frequently lower costs and a reduced need to manage internal infrastructure, can be well worth it.
If you have a suggestion for an eWEEK Data Point article, email cpreimesberger@eweek.com.