Cloud computing is a whole different IT model than on premises. Even if you have a software defined data center (SDDC), you will run into challenges with cloud computing. Here are just a few of the big challenges that you may run into with cloud computing.
One of the strategies we learned when provisioning servers in the data center was to over provision. You needed the server to be able to handle all anticipated workloads and traffic. It takes time and effort to add capacity in a data center and if you have an issue, the damage is already done.
Things are very different in the cloud. You can scale up quickly to provide additional capacity for unexpected or expected increases in workloads and traffic. The architectural rabbit hole is deep when scaling server capacity. They range from microservices to containers to load balanced servers.
“Lift and Shift” migrations are the primary culprit of over provisioning. Generally speaking, you will not see much in the way of cost savings. To see the most benefit of cloud computing, you need to spend the time to modernize your applications. Implement strategies to make your software scalable or better yet go serverless. The best solution is to make your application independently scalable, so that one logical component scales independently of the others.
Securing Cloud Systems Like On-Premises Systems
The cloud is not your data center. You don’t have the same type of control over ingress, egress, and security. Most data centers have firewalls and other security measures already in place. You don’t have control over the physical environment in the cloud. There are alternative methods of securing cloud environments that you will need to learn.
For example, AWS has security groups, which control ingress and egress for various services. Virtual Private Clouds offer network isolation and control ingress and egress. VPN connections can be used to securely and privately reach your cloud resources without traversing the public internet.
The conclusion is that you will need to learn new ways of securing your resources in the cloud than you do on premises. You may be able to use similar methods by putting security software on cloud servers, but this has it’s own tradeoffs, cost and maintenance for example.
Managing Cloud Resources (Sprawl)
Any organization that has more than a few people creating resources in the cloud will eventually run into challenges with managing cloud resources. For example, it is very easy to create a server, use it for testing, then forget to shut it down. No one else wants to shut down the server because they don’t know what it does or if it is important. Costs can easily spiral out of control.
The solution is to use one of the many cost management service providers, built in resource management, tagging, or rolling your own solution (using something like Lambda functions). This is an easy way to identify resources that haven’t been used, have low utilization, or don’t have the appropriate tag information associated.
When allocating servers in a data center, there is usually some kind of requisition process. It’s easy to identify and keep track of who ordered what and where the cost should be allocated within the organization. Of course, you could maintain the same requisition process as you did with your data center, but this takes away one of the key benefits to cloud computing, agility.
The solution is to come up with a system to allocate costs for resources based on the resource themselves. This usually means a rigid tagging requirement. This can be enforced using cloud governance, something like SCPs and/or Config rules in AWS. Many of the cost management services can handle tag based cost allocation also.
A different and valid way to approach this is by creating separate accounts for each cost center. Tools like AWS organizations let you consolidate billing but easily see how much each account spends. Tools like Control Tower let you more efficiently and securely manage multiple accounts.
Security and Compliance
Outside of the data center, security and compliance can be challenging. You may find that you have less control over enforcing security and compliance policies. There are tools in the cloud to handle policy enforcement. Preventive and detective guardrails are the starting point. With these, you can limit either how resources can be created or check to see if resources have been created in compliance with policies.
Compliance with standards like HIPAA, SOX, and GPDR will generally require a different thought process to implement. With the cloud, there is a differentiation between the hardware and physical data center security and with the software and VM security. AWS uses a shared responsibility model. This clearly lays out which items AWS is responsible for and which the customer is responsible for. Some services may not be eligible for certain standards, check with your cloud provider for specifics.
By no means is this a comprehensive list of challenges with cloud computing that you may run into when moving from a data center. This list is just to get you thinking about some of the changes you may run into. We do offer comprehensive consulting on planning for moving to the cloud, our cloud adoption framework consulting (we did not create the cloud adoption framework, AWS did). Please reach out if you have any questions or feedback on our list.