Cloud computing arrived as an option a long time ago.
The ‘Year of the Cloud’ was declared as early as 2015. But as of 2019, only 20% of workloads had migrated to the cloud.
The COVID-19 quarantine forced many organizations to send workers home and adopt the cloud as a resource.
Will cloud computing become the default? What type of cloud environments are best? What IT and security issues do these trends predict?
As with many issues during these turbulent times, the answers are neither clear nor universal. Let’s explore some options and how they might apply to different organizations.
In the first quarter of 2020, enterprise adoption of cloud services rose 50% and the overall use of cloud collaboration tools increased as much as 600%.
Some organizations limit cloud adoption to specific applications such as email (Gmail, Office 365, etc.), video conferencing (Zoom, WebEx, etc.), or shared documents (OneDrive, Google Docs, etc.). For others, the adoption is more comprehensive.
Tech giants often stress the benefits of cloud computing, but many non-tech enterprises decided to push towards the cloud well before the arrival of the coronavirus. Capital One Finance Corp. announced a commitment to use AWS in 2018 and Anheuser Busch InBev discussed plans to use Azure in 2019.
As with many large enterprises, Capital One and Anheuser Busch used the cloud to consolidate and standardize databases that had been spread out over various applications, geographic locations, internal divisions, and acquired subsidiaries.
Estimates from July 2019 predicted that, by 2022, 75% of all databases will be deployed or migrated to a cloud platform. In fact, Forrester Wave notes the rise of DataBase-as-a-Service (DBaaS) to help enterprises navigate from on-premises databases.
New companies sometimes create cloud-native infrastructure and applications, but most companies must navigate how to transform traditional resources to the cloud – or even if such a transformation is viable. Legacy software may not be possible to be moved because they are written with hard-coded ISP addresses, specific hardware, or specific OS requirements.
However, for those who can move, the advantages can be significant. Cloud deployments offer huge advantages in flexibility, scalability, geographical access, and computing power.
A New Cloud Normal?
Organizations big and small have been forced to make changes to their cloud strategies because of the Covid-19 quarantine.
How many of these changes will be permanent?
Forrester reports huge growth for cloud providers in the first three months of 2020. AWS grew 34%, Azure grew 59%, and Google Cloud grew 52%.
Meanwhile, this month, Square, Twitter, Google, and Apple announced that their staff has the option to work from home after the quarantine ends – perhaps even permanently. How many non-tech companies are considering this option?
Truly, it is not possible for all organizations to adopt remote work permanently for all employees. However, each organization just went through several months of proving what could be done within their organization.
For those who were able to work well remotely, they must now consider if they need so much office space. As the economy struggles to rebound, many companies will be eying their monthly rent payments as a potential source of savings.
Any permanent shift to remote work will force IT departments to convert hastily deployed remote computing resources into permanent infrastructure. However, while organizations are moving to the cloud, can IT and security keep up?
Not So Easy
In 2019, many articles cautioned about taking a slow approach to adopting the cloud.
Recommendations stressed that cloud adoption required extensive pre-planning in order to compensate for hidden difficulties.
Pundits stressed that IT departments should make a dedicated team to plan and execute a cloud transformation. However, that team must obtain buy-in from multiple other stakeholders in the business to avoid a situation where some departments might implement their own independent cloud solutions that fit their specific needs.
Beyond buy-in, IT teams needed to be wary of optimizing for cloud performance over business needs or simply replicating existing infrastructure. Instead, they must design processes to take advantage of cloud options with a focus on addressing the core business needs.
We were also warned that aps written for internal use cannot simply be launched on the cloud. Some may need to be completely rewritten by the dev team which can take a lot of time and effort. Containers and virtual machines might permit direct implementation, but only by increasing the complexity for the IT team to implement it.
Similarly, the skills and mentality for operating on the cloud are different from operating internal resources. Some skills are so different, they will be obvious right away, but other subtle differences may not be recognized until mistakes are made in configuration or security.
All good advice, but the sudden transition to using remote resources during the COVID-19 quarantine bypassed the slow and careful approach in the interests of expediency. Next comes the headaches of going back and undoing the dangerous shortcuts.
Most perimeter-oriented security fails to extend to cloud resources.
Private and hybrid-cloud resources can offset these issues to some degree, but only at the cost of increasing complexity.
No matter how the cloud resources are implemented, proper planning requires subsequent penetration tests to ensure that the cloud configurations are correct and that the security is comprehensive. Unfortunately, the last three months provided little time to perform thorough testing.
Meanwhile, the huge growth in cloud adoption has been followed by a huge 630% growth in cloud attacks. Many IT and security managers are scrambling to compensate for the legacy security stacks that simply don’t expand well to cloud and remote users.
Completing a rushed cloud transition will be doubly difficult for our IT and security staff. First we need to conduct a full audit of each cloud resources in use and locate the instances where IT was not involved in establishing the resource. Then, we must check network connections, permissions, and security for everything and check against our company policies and applicable regulations. Of course, these corrections also need to be completed before any attackers find that one part that was done wrong!
The cloud can bring enormous advantages.
But, if it is not done right, it can be a nightmare. Should your IT or security team be struggling to catch up or if your organization would like to transform any capabilities to the cloud, we can help.
Ideal Integrations can offer a variety of options for cloud implementations and explain how different aspects work best for your specific business applications.
We can help with the planning and the implementation of the networks and permission levels for those cloud resources for optimized security and compliance.
Once the cloud resources are launched, our Blue Bastion team can perform penetration testing to ensure those cloud resources have been properly implemented. Call us today for an extra hand or to consult with our experts!