Virtustream Blog

The Perils of DIY Public Cloud: A Cautionary Tale

in Security, µVM, Cloud


If you have been following cloud news lately, you will have surmised that for all its promise, cloud computing is ... hard. In recent weeks, several well-known enterprises have accidentally exposed private data from millions of customers.

It’s easy to assume that their hyper-scale cloud providers are to blame for these and other recent data breaches through some fault or security issue, but that is not true. In each case that I looked at, the necessary security controls and tools existed – these were not “hacks.” In reality, the fault lies either with the users themselves or with their partners. Somewhere in the configuration process, enabling these security controls was overlooked or they were turned off, and their data was left unprotected.

As these issues illustrate, leveraging a very complex, broadly-featured, internet-facing public cloud can create a great number of challenges for companies. Here are a few of the biggest challenges companies face when making the move to the public cloud on their own:

Every Mistake is Magnified

When it comes to configuring your company’s infrastructure, the stakes are always high. But when you’re doing it on a public cloud, the stakes are even higher.

There are two simple questions that every IT leader needs to ask when migrating to the cloud: Are the people responsible for migrating and managing my applications in the public cloud experts? Do I have the right people, strategy, and governance processes in place to be successful long term?

Let the recent string of security incidents be a perfect example: if you don’t know what you’re doing, and sometimes even when you partner, you can end up with unintended (and sometimes disastrous) consequences. Even more so when your servers are connected to the open internet. These types of issues are magnified when customer data is involved. Downtime issues and the like can have reputational impacts, which are bad enough. Add in customer data and the consequences become much bigger – regulatory, fiduciary, and legal impacts can easily follow. In cases such as these, using cloud services not exposed to the public internet, or a solution like hosted private cloud may present a more risk-managed solution.

No Clear Path Forward

It’s a common misconception that the primary driver of moving to the cloud is cost. The real driver is usually the flexibility and agility that it provides, which brings about many benefits, including lower costs. Done right, the cloud can help your company increase production levels while also increasing efficiency and savings. That being said, I don’t envy the CIO who has 10,000 physical servers and 50,000 virtual machines to consider for migration. He or she needs to find a platform that will best optimize organizational assets and help drive the business forward.

The general-purpose nature of public clouds makes this difficult. Beyond the core technical challenges, many companies also have to account for specific governance, risk and compliance (GRC) regulations in their industry. Building these systems requires meticulous planning and deep expertise. Without the right advisers, both the time-to-value ratio and the propensity for human error are high. Organizations need to determine if this will be a core competency for them. If so, they need to build out the right teams, processes, and governance models to support it. If not, it is crucial to find the right partner who can manage this for you. Sometimes the best solution starts with understanding that different applications have different requirements. Rather than trying to “force fit” everything into a general-purpose public cloud – which can easily lead to non-optimal outcomes – go with solutions that are purpose-built for the task at hand.

Hidden Costs Everywhere

Getting started with a public cloud provider may be as simple as entering your credit card information, but troubleshooting non-obvious issues and building non-optimized applications and solutions can result in extremely large hidden costs. The cost of learning as you go can be steep. In fact, this is such a big problem that there’s actually an entire industry dedicated to helping companies gain visibility around and control costs in the cloud – and it’s thriving.

Unused instances, data transfer charges, improperly configured instances and applications – there are many factors that can spike your public cloud infrastructure bill. If you are not completely on top of your game, running public cloud infrastructure yourself can lead to runaway costs in no time. Just ask customer data startup Segment, who wrote about its three-month quest to shave one million dollars off their out-of-control cloud bill – and this is just one of many companies struggling with this problem.

The bottom line is: don’t build and manage your infrastructure alone. As the world continues to digitally transform, we’re all finding that the cloud is not a panacea. It’s an extremely useful tool, but like all powerful tools, it’s also highly complex and demands expertise. There is no one-size-fits-all approach.

See how Virtustream can provide you with a clear migration path toward the cloud, and how our managed services offerings and µVM Technology can ensure your organization will achieve true economies of scale.