While cloud computing is helping enterprises drive business agility, efficiency and innovation, the technology isn’t devoid of drawbacks. Downtime, along with security and privacy risks, top the disadvantages of cloud computing list, according to Andrew Larkin, director of learning and head of content at Cloud Academy Inc.
In this Q&A, Larkin sheds light on the top cloud misconceptions, including the belief that cloud services are secure by default. He also highlights best practices that CIOs can adopt to address the disadvantages of cloud computing, such as implementing multifactor authentication to protect cloud services and ensuring their team is equipped with the proper skills to mitigate common cloud security risks.
Editor’s note: The following transcript has been edited for clarity and length.
What are some of the top cloud computing misconceptions?
Andrew Larkin: A common misconception is that cloud services are secure by default. In most situations, the responsibility for cloud security is shared between the provider and customer. Cloud providers go to extraordinary lengths to ensure the security of the cloud. However, cloud services are generally provided in a shared security model. With a shared security model, it is the customer’s responsibility to secure and maintain services run in the cloud. The relative security of cloud services depends on the expertise and skills of the people who set up and operate those services.
Another common misconception is that cloud is just about infrastructure and cheaper storage. Cloud providers offer a range of services and, when used together, they can enable a business to work smarter, faster and with greater agility. Cloud services are increasingly where companies are able to differentiate their offerings and where they are using new technologies like artificial intelligence and machine learning to drive innovation.
What are the key risks and disadvantages of cloud computing?
Larkin: Downtime is often cited as one of the biggest disadvantages of cloud computing. Because cloud computing systems are internet-based, service outages are always an unfortunate possibility and can occur for any reason.
Security and privacy is another. Any discussion involving data must address security and privacy, especially when it comes to managing sensitive data. Public cloud providers are expected to manage and safeguard the underlying hardware infrastructure, the security of the cloud. However, customers are expected to manage the security in the cloud. This includes everything within the realm of user access management, and it’s up to the customer to ensure the business operates those services securely.
What best practices should CIOs adopt to address these disadvantages of cloud computing?
Larkin: There are several best practices to minimize planned downtime in a cloud environment:
- Design your cloud services with disaster recovery and high availability in mind. Take advantage of the multiple availability zones that your cloud vendor offers for multiregion deployments to ensure continuity.
- Define and implement a disaster recovery plan in line with your business objectives to provide the lowest possible recovery time and recovery point objectives.
- Consider implementing dedicated connectivity services to reduce the risk of interruption from the public internet. These include AWS Direct Connect, Azure ExpressRoute, Google Cloud’s Dedicated Interconnect or Partner Interconnect.
There are also best practices to minimize security and privacy risks:
- Have a clear understanding of your responsibilities and those of your provider by getting familiar with the provider’s shared responsibility model.
- Implement granular access control for each resource and service, and limit access to least privilege.
- Implement multifactor authentication for all accounts that access sensitive data or systems.
- Ensure your team has solid security skills. It is one of the best ways to mitigate your security risks in the cloud. Invest the time in making all teams aware of the security implications of the cloud; make sure that your security teams stay up to date with the latest releases from your provider(s).
Stay tuned for part two of the interview where Larkin talks about cloud migration mistakes to avoid.