Prior to the COVID-19 pandemic, the vast majority of organizations only ever used on-premises technology. It isn’t surprising then that the use of cloud technologies presents a new set of challenges that needs to be understood and managed. So, in the third part of our series on cloud services, we look at some of the major challenges the implementation of cloud services may pose - and offer ways to overcome them.
Cloud anxieties and the end of the on-prem era?
“Who hosts the application?” is a commonly asked question in the IT industry. Organizations or IT application providers used to have their own infrastructure teams to do so, but as the market dries out, it is getting harder to find or pay for such experts. In fact, a wave of outsourcing began a decade ago. Also, many tools have been created to automate the hosting of applications and, consequently, to reduce the need for human interference. Cloud technology appears as the logical next step to further increase efficiency. But is it a magic wand?
A challenge of integration?
We have yet to gain a complete understanding of cloud technology, a recent KPMG survey suggests, describing integration to existing architecture as the main challenge for industry experts in relation to cloud technology. In fact, this has always been one of the main challenges. But what tends to be overlooked is that in the case of cloud technology, application providers – or their integrators – have to adapt to every customer’s own architecture logic or IT policies. However, by using cloud technology and providing subscription services, application providers can tangibly reduce such custom overhead services, while offering more compelling prices for their customers.
Furthermore, as we have discussed in a previous article on cloud technology, cloud migration cannot be a 1:1 copy of the existing on-prem infrastructure, as the cloud can offer a significant cost reduction compared to hosted or on-prem infrastructures if usage, back-up and historical data access are properly configured.
How much control?
Many organizations have already outsourced their data centers or servers to external providers. Still, the loss of control over the so-called physical infrastructure is one of the major concerns over the more widespread use of cloud infrastructure.
With external cloud services, the responsibility for both usage policy and infrastructure lies with the cloud service provider, similarly to hosted server or data center services. How significant the shift in responsibility is depends on the cloud service models used, but it tends to lead to the adoption of an entirely different approach to security monitoring and logging. The reason is that organizations need to monitor and analyze information about their applications, services, data and users - indeed, they have to learn new features and functionalities instead of relying on the familiar on-premise monitoring and logging functions.
Wherever you store your data, it is your own data and the right to control access to it remains an absolutely essential feature. There are also enhanced features to control and, if necessary, to back up your most critical data in offline infrastructure.
On-demand service: hindrance or opportunity?
Compared to on-prem or server park services, cloud providers make it very easy to deliver new services. The so-called platform as a service (PaaS), like AWS or Microsoft Azure, provides the tools needed for application development, which enables service providers a more efficient continuous release (by reducing DevOps, back-up effort as well as costs), but also makes it possible for end-user customers to do custom development. For example, cloud on-demand self-service allows an organization’s employees to enable additional services (e.g. additional memory, CPU, storage etc.) - through a management portal without IT’s involvement.
Such self-service tools may be perceived as a vulnerability. Fortunately, there are several integrated solutions in cloud services that can address this by implementing appropriate identity and access management policies, or through encryption or tokenization, which render content unintelligible to both the provider and other parties trying to access it.
APIfication of IT: how to deal with security?
In addition to managing your cloud service through a management portal, the use of application programming interfaces (APIs) today plays a major role in cloud services. This so-called “APIfication” has become mainstream in the IT industries, regardless of which infrastructure type we are looking at.
When adopting a cloud solution, you are provided with a set of APIs that you can use to manage and interact with cloud services. Even though these APIs help you to provision, manage, coordinate and monitor devices and users, they may contain the same software vulnerabilities as APIs for an operating system, library, etc. There are concerns that, unlike on-premise computing management APIs, cloud service APIs are more dangerous because they are accessible over the internet and more widely exposed to potential threats as a result.
In actual fact, standard API frameworks that are securely designed and focus on authentication, access control and activity monitoring help you avoid both accidental and malicious data exposure. Cloud infrastructure operators are keen to offer higher IT security standards than data center operators. No wonder that even the US Department of Defense is confident in using cloud services.
Data deletion: is my data really gone?
Concerns related to data deletion arise because customers have reduced visibility into the physical location of the data stored in the cloud, as well as fewer options for verifying that any data is securely deleted in the cloud. System as a service (SaaS) providers actually guarantee immediate deletion from application and storage layers, depending on how the storage of the data has been configured and on the timing of ongoing deletion cycles in the relevant storage layers and data centers. However, when looking at a broader picture of cloud operation, we find that most cloud providers typically complete the cryptographic deletion from active systems within about two months of the deletion request.
Customer data is removed from cloud providers' long-term backup systems, which nevertheless preserve snapshots of cloud systems for up to six months to guard against natural disasters and catastrophic events. However, without the cryptographic keys, the application logic, settings etc. that tell you where the data was originally located and deleted, recovery is almost impossible.
The advantages of cloud computing can’t be understated and overlooked. However, it is essential that the challenges we described above are addressed and resolved. Indeed, before you adopt a cloud solution, you must carefully examine each provider’s compliance policies and what measures it can take to mitigate the risks and vulnerabilities that might occur, not least to avoid incurring costs.
Incidentally, costs will be the focus of the next article in our series.
