Mythbusting: Cloud Service FUD

Summer 2018 has arrived and the outlook for cloud service providers has never been better; Q1 IaaS (Infrastructure-as-a-Service) revenue for the big five cloud service providers (AWS, Microsoft, Google, IBM, Oracle) topped $20 billion. Q1 IaaS cloud revenue has outgrown the global server market, even after a surge in server sales in Q4 of last year. Great Managed IT Service Providers (MSPs) have moved with the market, fully embracing change and launching cloud integration practices. But maybe your MSP is still telling you the cloud isn’t secure, and that the best decision for your business is to buy a new server? Your trusted advisor certainly knows your business better than I do, but if your company already has access to metro ethernet fibre, there is a strong possibility you’re being sold FUD (Fear, Uncertainty, & Doubt). Let’s talk about some of the biggest myths and the FUD keeping your business out of the cloud, so that you can have an honest conversation with your MSP about streamlining your IT budget and maximizing performance, security, and efficiency by moving workloads to the cloud.

MYTH #1 — COST

If your MSP claims Azure, AWS, GCP, or Oracle Cloud are more expensive than colocation or hardware for your office, have them prove it. It’s true that cloud service pricing can seem confusing or convoluted, but the big five vendors have already made TCO (Total Cost of Ownership) calculators and other helpful tools available. Bear in mind that if an advisor is recommending you evaluate cloud services by comparing the cost of new hardware against the cost of utility services using public Pay-as-you-Go cloud pricing, you have a problem. When was the last time you paid the sticker price for a new car? Ask your MSP for quotes from each vendor, and request committed spend discounted pricing for use as a high watermark. The best MSPs have the capability to provide cloud optimization services, detailed reporting on monthly cloud spend, and certifications with at least two or more cloud service vendors. These MSPs are leading conversations about #multicloud and these advisors are vendor agnostic. If your MSP doesn’t fit that description, you might have the wrong trusted advisor. Microsoft, Amazon, and Google are waging a price war and it is a direct benefit to your business. Each provider mentioned above has options for enterprise agreements, workload commit, and preemptible or spot rate discounts. For big data projects and analytics services, your business has the ability to arbitrage workloads between providers to achieve the highest possible cost efficiency. I guarantee your business already has a named account rep with each provider, so introduce yourself — they’re waiting to hear from you!

“… [Y]our business has the ability to arbitrage workloads between providers to achieve the highest possible cost efficiency.”

Best practices to reduce cost:

• Optimize workloads following lift-and-shift migrations, do not over-provision, and leverage auto-scaling services as much as possible.
• Take advantage of enterprise agreements to pre-negotiate cloud spends, and create a direct relationship with each vendor.
• Work with an MSP who specializes in cloud optimization services, or leverage cloud optimization platforms like Cloudyn or CloudCheckr for monthly spend reporting and cost savings insights.
• Lower cloud data egress fees to the lowest possible per gigabyte egress rate with direct connectivity services such as AWS Direct Connect, Azure ExpressRoute, and Google Cloud Interconnect.

MYTH #2 — VENDOR LOCK-IN

Vendor lock-in is a myth. Plain and simple. It is one of the biggest concerns we hear from customers evaluating cloud services for the first time or from customers with large committed annual spends with a single cloud vendor. Moving your workloads, data, and users between cloud service providers is seamless and can be done at any time with minimal cost. What’s more, Microsoft, Amazon, and Google have been growing their product catalogues at the speed of light. If your sales reps at these companies tell you their platform can do anything and everything that the competitors can, they’re right. Still, the legacy software specializations of these vendors are relevant, so don’t be afraid to leverage multiple providers and move your data and workloads to different vendors for each application. Microsoft Office 365 Exchange Online will always dominate the hosted Exchange service marketplace, Google’s Google Container Engine (GKE) rules the Kubernetes managed service market, and Amazon, as the first mover, has the deepest product and service catalogue. Of course Oracle Cloud and SAP Cloud have service platforms that offer unparalleled performance for their respective flagship products. Your business isn’t locked in to one vendor, and by leveraging that freedom of selection, your business can save money.

“Your business isn’t locked in to one vendor, and by leveraging that freedom of selection, your business can save money.”

Best practices to address fears of vendor lock-in:

• Meet quarterly with your cloud service provider sales rep to review monthly spends and keep up to date on changes to product catalogues, services, and pricing.
• Leverage each vendor for their respective flag ship products for best-in-class performance, product knowledge, and service.
• Legacy database and specialized workloads for mission critical business applications like ERP, Financial Analytics, and HR perform best in their native cloud environments (Oracle, SAP, and IBM).
• Migrate workloads to cloud products or services with a clear cross-platform migration path, and leverage POC (Proof of Concept) funding from vendors to test migration and routing of data and network traffic between providers.
• Leverage native multi-cloud direct connectivity services like Megaport Cloud Exchange, Beanfield Cloud Exchange, PacketFabric, or a data centre based service from Equinix or Cologix to create secure private routes between virtual cloud data centres and your office.

MYTH #3 — DOWNTIME

It’s true, cloud services aren’t immune to downtime. Outages happen and can carry serious consequences to businesses. NPR reported that an outage on Amazon Web Services in 2017 cost publicly traded companies $150 million. These high profile events can be misleading and perpetuate the myth that cloud services are less reliable than dedicated colocation or high availability managed services. The very best defence available for unplanned downtime is a solid multi-cloud strategy. By leveraging multiple service providers when implementing your cloud service based disaster recovery plan, you can achieve the lowest possible recovery time objectives (RTO) and recovery point objectives (RPO). The reality is your business cannot achieve comparable RTO and RPO benchmarks in a data centre on its own or with your managed service provider because you simply can’t match or outspend existing investments by Amazon, Microsoft, or Google. Take advantage of their investments and limitless scalability. 100.00% up-time is an achievable service level, but nearly impossible outside of the cloud.

“The reality is your business cannot achieve comparable RTO and RPO benchmarks in a data centre on its own or with your managed service provider because you simply can’t match or outspend existing investments by Amazon, Microsoft, or Google.”

Best practices for minimizing unplanned downtime in a cloud environment:

• Design mission critical services with disaster recovery and high availability architectures spanning multiple cloud providers, not just multi-availability zones or regions.
• Mirror data sets for mission critical workloads between cloud service providers in real time active-active deployment models.
• Unify DNS, identity management, and active directory deployments across cloud service providers as a single organization.
• Implement dedicated connectivity with AWS Direct Connect, Azure ExpressRoute, or Google Cloud Interconnect and leverage multi-cloud connectivity solutions to provide seamless connectivity between cloud vendors, your data, and your users.

MYTH #4 — SECURITY & PRIVACY

High-profile cloud security breaches of personal credit information, credit card data, and user login credentials are still fresh in the minds of the public. These events may have impacted you personally, but the response to these incidents is driving change and investment. Recently, governments around the world have introduced or enacted legislation requiring greater oversight and protection from service providers, and security protocols to provide users with more control over their sensitive information. Microsoft, Amazon, and Google have continued in 2018 to invest billions more in securing their cloud data centres, but most businesses are unaware of their own responsibilities and best practices for protecting their cloud workloads. What most people don’t understand is that their users are the biggest security threat to their organizations. The best way to protect sensitive data from bad actors is to limit access to applications and SaaS (Software-as-a-Service) services containing sensitive PHIPA information, financial data, personal credit information, user login credentials, and other confidential information to private line direct connectivity services. Private line connectivity can eliminate user vulnerability to phishing or man-in-the-middle attacks. SaaS products containing this sensitive data such as Workday, Peoplesoft, and Salesforce can be secured by limiting platform access to private line direct connections and forcing users outside of the office to access those services over an encrypted VPN connection to your primary network.

“The best way to protect sensitive data from bad actors is to limit access to applications and SaaS sites containing sensitive PHIPA information, financial data, personal credit information, user login credentials, and other confidential information to private line direct connectivity services.”

Best practices for minimizing security and privacy risks:

• Understand the shared responsibility model of your cloud provider.
• Implement multi-factor authentication***, identity management, and network layer security at every level of your deployment.
• Limit user access to applications, data, and services to least privilege, and educate your users to build the “human firewall” with products from Cofense or KnowBe4.
• Security harden VPC/VDC virtual networks, implement unified network architecture across your office and cloud virtual network, and centrally route all of your internet bound (0.0.0.0) network traffic (cloud and on-premise) through on-premise or data centre hosted security appliances with advanced NGFW DPI, SPI, and reporting features.
• Migrate cloud service connectivity to private line direct connectivity services and remove direct to cloud VPN access to VPC/VDC deployments from users.
• Limit access to SaaS and PaaS (Platform-as-a-Service) services with sensitive, financial, and/or personal health data to private connectivity from your office and branch locations exclusively.

CONCLUSIONS

Finding a trusted advisor who will be forthright and willing to work against their own self-interest on behalf of their customers is a challenge. Some business owners might say impossible. As we have discussed, the FUD holding your business back is either unfounded or exaggerated. The best way for your business to thrive is by embracing cloud services, a multi-cloud strategy, and becoming as capital efficient as possible. Find a provider who isn’t a box pusher, and isn’t afraid to enable digital transformation projects that free capital, provide better performance, security, and resiliency.

The best advisors know that their value to their customer can evolve and change with technology. During my time providing vCIO services to financial service and tech companies in Toronto, I took great pride in solving people’s problems first and worrying about my quota or commission second. I still hold myself to that principle in my new role at Beanfield and work hard to help companies unburden their organizations of server rooms and colocation facilities. vCIOs live and die by their professional track records and reputations, and people remember the moments when they demonstrate that they sit on the same side of the table as their clients. MSPs have a challenge ahead to prove that their business can evolve and support their customers as managed service revenue evaporates. The great MSPs will be great CSIPs (Cloud Service Integration Providers) and continue to deliver valuable services to your business.

The retail data centre is dead, the server room is dead. Long live the cloud!

About the Author:

Daniel Simmons is the Director of Cloud Strategy at Beanfield Metroconnect, a cloud product manager, cloud evangelist, and a solution architect for cloud and data centre services. He lives in Toronto with his partner and dog.