Businesses continue to flock to the cloud, eager to weed out huge capital expenditures in data centers – but should we demand more from cloud providers?
It is no secret that cloud service providers are prime targets for hackers, and they can also make mistakes that trigger security breaches and data theft.
In 2020, disgruntled Amazon employees released a number of email addresses to third-party Amazon customers. In 2021, Microsoft warned thousands of Azure cloud computing customers about a vulnerability that had left their data completely exposed for the past two years.
Stop the violations!
Many cloud service providers include a disclaimer in their contracts for any data loss that customers may experience. If you’re a small or medium-sized business, you don’t have much leverage to renegotiate these standard provisions, so you’re left in a position where you trust your cloud provider and hope your data won’t be exposed.
It wasn’t long ago that a public cloud provider shared with me that cloud service platforms are notorious for shortening their security and governance practices. So where does that leave their customers?
One step cloud users can take is to ensure that their liability insurance covers a data breach incident on the cloud. Another step is to conduct a thorough review of the cloud provider’s safeguards on security and governance before entering into any contract. The third step is to take a more active role in managing and enforcing your own security and governance on your IT assets in the cloud.
All of these steps help protect cloud users from cloud security breaches that may occur in the future.
The mission of cloud providers is to improve their security and governance practices so that customers feel more comfortable.
Help me figure out what to pay for
The complexity of cloud pricing models can make IT managers long for the days of the on-premises data center with its fixed, estimated, and amortized costs.
Jonathan Shanks, CEO and co-founder of the Kubernetes Appvia delivery platform, discusses a cloud scenario in which four separate cloud platforms have been involved, each with its own pricing structure.
“Let’s look at AWS Lambda as an example,” Shanks said. Imagine you have a web application that uses CloudFront CDN [content delivery network]. When the user interacts with the application, it fires an HTTP request through an API gateway that calls the Lambda function that takes data and stores it in DynamoDB.
The requirement here seems quite straightforward. However, you are now consuming four AWS cloud services: CloudFront CDN for caching, API Gateway for routing HTTP requests, Lambda for execution and request handling, and DynamoDB for storing data based on that user request. Each has its own pricing structure, with some free tiers mixed in.”
Needless to say, it’s hard to decipher the bill and understand what you’re really paying for—a major reason why a third of companies exceed their cloud budgets by 40%.
Cloud service providers should simplify billing so that customers know what they are paying for and can make informed decisions at budget time.
“The process of managing a cloud budget as is wastes a lot of time and resources,” Shanks said. “It’s full of frustrations and inefficiencies that damage morale and the running of teams.”
How can I manage my private resources?
Many organizations offload resources to the cloud and then allow cloud service providers to manage those resources. When companies make these decisions, they have no guarantee that the cloud provider will manage their resources with the same best practices and security/governance guidelines that the companies themselves would use if they managed these resources internally.
“I don’t know why companies are complaining about this,” a spokesperson for the cloud service provider told me this year. “If our customers look at all the ways and tools we give them in the cloud to manage their security and governance and take advantage of those tools, that won’t be a problem.”
The spokesperson is right. There is no single major cloud platform that does not offer a large number of security and governance tools that customers can use.
The problem is that many cloud customers are not familiar with these tools.
Cloud providers can help by discussing the security and governance tools available to customers at the time of contracts being entered into or renewed.
What if I change the clouds?
Hybrid computing, featuring a combination of on-premises and multi-cloud IT, is here to stay. Within this resilient environment, it will be necessary for companies to move from cloud to cloud and in some cases, terminate cloud services.
The challenge companies face here is the same as the one they faced whenever computer “brands” changed: vendor lockout.
Businesses can help themselves by constantly backing up the data they host on the cloud, so they have a current copy of the data not residing in the cloud; Or by making sure that there are multiple copies of the same data on multiple clouds. For this strategy to work, data must be kept in a standard data format that most clouds understand.
As for cloud service providers, it is in their best interest to coexist with other cloud platforms, because their customers will certainly do so.