Fall not ye into the career-limiting traps of myth, fear, and excessive optimism.
Summary article by Fred Donovan in FierceITSecurity; original posted on Gartner.
Emphasis in red added by me.
Brian Wood, VP Marketing
Gartner says views that public cloud is insecure are wrong
Challenging the common perception that the public cloud is insecure, Gartner says that there have been “very few security breaches in the public cloud,” with most breaches involving on-premises environments.
“While cloud providers should have to demonstrate their capabilities, once they have done so there is no reason to believe their offerings cannot be secure,” says Gartner in its list of the most dangerous and misleading cloud myths released this week.
Related to the perception that public cloud is insecure, many enterprises are reluctant to move their mission-critical systems to the cloud. However, many others are using cloud for mission-critical systems and some are running their business completly in the cloud.
Gartner cautioned against the myths that something can’t be good unless it is cloud and that cloud should be used for everything.
“Clearly, there are some use cases where there is a great fit, however, not all applications and workloads benefit from the cloud. Unless there are cost savings, moving a legacy application that doesn’t change is not a good candidate,” argues Gartner.
In addition, there is a mistaken perception that virtualization equals cloud computing.
“Even if virtualization is used (and used well), the result is not cloud computing. This is most relevant in private cloud discussions where highly virtualized, automated environments are common and, in many cases, are exactly what is needed. Unfortunately, these are often erroneously described as ‘private cloud,'” says Gartner.
Gartner Highlights the Top 10 Cloud Myths
STAMFORD, Conn., October 28, 2014
Cloud computing is uniquely susceptible to the perils of myths due to the nature, confusion and hype surrounding it, according to Gartner, Inc. These myths slow things down, impede innovation and induce fear, thus distracting from real progress, innovation and outcomes.
“Cloud computing, by its very nature, is uniquely vulnerable to the risks of myths. It is all about capabilities delivered as a service, with a clear boundary between the provider of the service and the consumer,” said David Mitchell Smith, vice president and Gartner Fellow. “From a consumer perspective, ‘in the cloud’ means where the magic happens, where the implementation details are supposed to be hidden. So it should be no surprise that such an environment is rife with myths and misunderstandings.”
Even with a mostly agreed-on formal definition, multiple perspectives and agendas still conspire to mystify the subject ever more. Add the incessant hype and there can be a resultant confusion that permeates IT (and beyond) today. Gartner has highlighted some of the most dangerous and misleading cloud myths:
Myth 1: Cloud Is Always About Money
While prices are dropping, especially for infrastructure as a service (IaaS), not all cloud service pricing is coming down (for example, most software as a service [SaaS]). Assuming that the cloud always saves money can lead to career-limiting promises. Saving money may end up one of the benefits, but it should not be taken for granted.
Myth 2: You Have to Be Cloud to Be Good
This is the manifestation of rampant “cloud washing.” Some cloud washing is accidental and a result of legitimate confusion, but some is also based on a mistaken mantra (fed by hype) that something cannot be “good” unless it is cloud. IT organizations are also increasingly calling many things cloud as part of their efforts to gain funding and meet nebulous cloud demands and strategies. The resultant myth is that people are falling into the trap of believing that if something is good it has to be cloud.
Myth 3: Cloud Should Be Used for Everything
Related to Myth 2, this refers to the belief that the actual characteristics of the cloud are applicable to, or desirable for, everything. Clearly, there are some use cases where there is a great fit, however, not all applications and workloads benefit from the cloud. Unless there are cost savings, moving a legacy application that doesn’t change is not a good candidate.
Myth 4: “The CEO Said So” Is a Cloud Strategy
When asked about what their cloud strategy is, many companies don’t have one and the default is often (stated or not) that they are just doing what their CEO wants. This is not a cloud strategy. A cloud strategy begins by identifying business goals and mapping potential benefits of the cloud to them, while mitigating the potential drawbacks. Cloud should be thought of as a means to an end. The end must be specified first.
Myth 5: We Need One Cloud Strategy or Vendor
Cloud computing is not one thing and a cloud strategy has to be based on this reality. Cloud services are broad and span multiple levels (IaaS, SaaS), models (“lift and shift,” cloud native), scope (internal, external) and applications. A cloud strategy should be based on aligning business goals with potential benefits. Those goals and benefits are different in various use cases and should be the driving force for businesses, rather than any attempts to standardize on one offering or strategy.
Myth 6: Cloud Is Less Secure Than On-Premises Capabilities
Cloud computing is perceived as less secure. This is more of a trust issue than based on any reasonable analysis of actual security capabilities. To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments. While cloud providers should have to demonstrate their capabilities, once they have done so there is no reason to believe their offerings cannot be secure.
Myth 7: Cloud Is Not for Mission-Critical Use
Cloud computing is not all or nothing. It is being adopted in steps and in specific cases. Therefore, it is not surprising that early use cases are mainly not for mission-critical systems. However, many organizations have progressed beyond early use cases and experimentation and are utilizing the cloud for mission-critical workloads. There are also many enterprises (not just small startups any more) that are “born in the cloud” and run their business (clearly mission-critical) completely in the cloud.
Myth 8: Cloud = Data Center
Most cloud decisions are not (and should not be) about completely shutting down data centers and moving everything to the cloud. Nor should a cloud strategy be equated with a data center strategy. Neither should it be done in a vacuum — there should be data center space for things not in the cloud and, if things are moved out of the data center, there are implications. But they are not the same thing. In general, data center outsourcing, data center modernization and data center strategies are not synonymous with the cloud.
Myth 9: Migrating to the Cloud Means You Automatically Get All Cloud Characteristics
Don’t assume that “migrating to the cloud” means that the characteristics of the cloud are automatically inherited from lower levels (like IaaS). Cloud attributes are not transitive. Distinguish between applications hosted in the cloud from cloud services. There are “half steps” to the cloud that have some benefits (there is no need to buy hardware, for example) and these can be valuable. However, they do not provide the same outcomes.
Myth 10: Virtualization = Private Cloud
Virtualization is a commonly used enabling technology for cloud computing. However, it is not the only way to implement cloud computing. Not only is it not necessary, it is not sufficient either. Even if virtualization is used (and used well), the result is not cloud computing. This is most relevant in private cloud discussions where highly virtualized, automated environments are common and, in many cases, are exactly what is needed. Unfortunately, these are often erroneously described as “private cloud.”
More detailed analysis is available in the report “The Top 10 Cloud Myths.” The report is available on Gartner’s website athttp://www.gartner.com/document/2860422.