I have found over the years that there is a lot of bad information floating around concerning information technology. Some much, in fact, that it can be difficult for small and medium business owners to know what they should do to address the issues they have.
With that in mind I bring you Gnopes (it’s like Snopes only from Gnosys…). Gnopes will be a monthly post that addresses just this sort of thing. We start off the series with possible the most confusing thing of all….”the cloud”
What is the “cloud”?
Let’s establish some parameters. “The Cloud” is a pretty broad term and it comes in many shapes, sizes and arrangements. One example is cloud hosts like Azure, Amazon or RackSpace… these companies provide services for you to host data, applications, workstations, etc. in a distributed environment, usually for a monthly rate. [what is a distributed environment?] Your applications and data are not on servers living in your IT room and, as a result, you have less control over them. The cloud is aging and with age (I am told) comes maturity, and some issues are becoming clearer.
Five Cloud Facts Checked:
1. Getting there is Half the Fun
Some cloud-based services are easy to adopt. Setting up a Gmail account is pretty straight forward? Actual business applications tend to be more involved. Get ready for a lot of work if you are going to be migrating applications from in-house to the cloud. Applications have to configured, data moved to the new servers, user access set up and testing. This can be quite the headache.
With migration being such a chore, it’s important to be sure that you choose your cloud host(s) wisely. You don’t want to have to migrate to another if the first one isn’t getting the job done. It can be difficult to change hosts as some provider’s include policies over data ownership. There can also be problems with format software set up. And you have deal recreating user access all over again.
Even setting up new application services presents its own challenges. General your IT department or MSP will need to set up all the bits and gubbins that support the applications like fast enough LAN and wireless access to give end users adequate performance.
Gnopes rates this as partially true.
2. The Cloud is Not a Safe Place for Data
When the cloud was emerging, many IT professional, myself included, were of the opinion that applications and data so far away from the data center would be more vulnerable.
Today a strong case can be made for just the opposite. Large cloud service hosts have huge and distributed resources. Their business model means that they need to insure their cloud services are well defended from attack and fault tolerant to the nth degree. Cloud service host are generally using the top shelf security tools that are used by highly trained IT security engineers…this is probably not true of your server room…
This is not to say that you can just throw a dart at a board and pick a host. Your IT department or MSP must do their due diligence and select providers that have a solid track record for security and uptime and also meet any specific needs that the organization may have, like HIPAA compliance. The local network also needs to be secure. Strong password policies and identity management solutions are key.
Gnopes rates this as FALSE
3. The Cloud Saves Money
In many cases, the cloud is less costly. Hosts maintain large server farms which allows them to keep their costs down based simply on economy of scale.
Note that I said, “in many cases.” With in-house computing the costs are fixed, clear, and fully amortized. Let’s face it, servers are a solid capital expense on the books and that can be attractive to some companies.
A cloud host sets a price but this cost may change over time. Often you pay for access per user or by processing requirements or your storage needs were greater than it seemed or have increased over time.
It’s a good idea to lay out costs side by side and compare to make sure you are really saving money…again, your IT department or MSP should be able to assist.
Gnopes finds this claim to be partly true.
4. You Can’t Do Anything Cool in the Cloud
There is no magic formula to increase the performance of your cloud applications. What sort of application are you hosting? How fast is your internet connection? How fast is your local network? All of these things need to be considered.
Applications that have a lot of user interaction will be faster on a local machine. Word processing is a fine example because of the constant keyboard input. High speed RAM and solid state drives push the desktop system way out in front of the hosted. This is not to say that you can’t do it. Strap a big enough engine to a bank vault and you can make it fly but you are probably not going to want to travel that way. The same is true of bandwidth. Give your cloud application a big enough pipe and it will get the job done but the cost and sustainability of that model will leave a lot to be desired.
Take Google Apps, for instance. It has far fewer features than Microsoft Office. Office 365 does offer streaming of its full feature set from the cloud while still offering an offline option. This set of options makes it very attractive for a wide variety of business models. The client-side apps provide huge benefits to performance as compared to a hosted solutions. Add to that the ability to be productive without an internet connection and you can see the benefits of non-cloud applications.
3-D modeling will still need a beefy workstation often requiring high-end graphics processing that just cannot be delivered effectively from a cloud host. Though some high end interactive applications are available only by means of a cloud. Adobe Creative Cloud, for example…but even here, the software will generally be downloaded and run locally with only licensing and update services being done solely cloud-side.
The same is true of engineering applications like SolidWorks or other 3D rendering applications. While there are components of the software hosted in the vendor’s cloud, it is designed to work with a workstation based client,
Gnopes is calling this one true.
5. It’s Just a Web App…What Could It Hurt?
There are a plethora of services and applications available via cloud host. They seem harmless enough but they frequently install Shadow or Stealth apps. These apps are a threat to the network for both security and data loss because they frequently track activity and sometimes provide backdoor access to the “infected” machine.
A few of the better known Shadow apps include DropBox and Google Apps as well as gangs of social media-type apps like SnapChat. DropBox and Google Apps provide shared cloud storage and thus they are vulnerable to data leakage because with one password crack or a bit of social engineering and, voila, a hacker has full access to all of your data.
Another concern is the potential for being accessed by methods like remote code execution (RCE) which will allow someone to run malicious software on your PCs and servers via the app. Some of the more common RCE exploitation goals are elevation of privilege, denial of service, and SQL Injection.
HP conducted a survey that found about 69% of apps had been hit with an SQL injection attack and another 42% were victims of cross-site scripting attacks.
Gnopse calls this one False.
When considering the cloud, it’s probably best to be very deliberate about it. Discuss it with your IT team or MSP. If you don’t have either of these, please give us a call. We will happily guide you through the pitfalls of the cloud world.