According to ESG research, 75% of organizations are currently using a public cloud service, while another 19% have plans or interest in doing so. Furthermore, 56% of all public cloud-based workloads are considered IT production workloads while the remaining 44% are classified as non-production workloads (i.e. test, development, staging, etc.).
This trend has lots of traditional IT vendors somewhat worried, as well they should be. Nevertheless, some IT veterans believe that there are limitations to this movement. Yes, pedestrian workloads may move to the public cloud over the next few years but business-critical applications, key network-based business processes, and sensitive data should (and will) remain firmly planted in enterprise data centers now and forever.
Poppycock I say. While this seems to be a logical, albeit self-serving perspective, this thesis doesn’t appear to hold water.
To be clear, enterprise organizations understand the risks of placing critical workloads and sensitive data in the public cloud and some are more risk-averse than others, but these seem to be short-term process rather than long-term philosophical barriers.
Public Cloud Reality Check
Now this may change over time but like other IT initiatives, public cloud computing is all about business risk and reward. In a recent survey, ESG asked 303 IT and cybersecurity professionals why their organizations decided to move workloads to the public cloud. The research indicates that:
- 50% of organizations want to align their IT strategies with technology innovation. In other words, cloud computing is more innovative and strategic than traditional data center alternatives. It’s where the cool kids hang out and that matters in our industry.
- 47% of organizations want to lower operating costs and...
- 42% of organizations want to lower capital costs. Hmm, doing more with less is a pretty basic business goal regardless of what you are doing.
- 41% of organizations want to align IT strategy with their increasing use of Agile development. This is an important point — software developers are driving cloud adoption just as they did in the past with mobile devices and Windows PCs when dinosaurs ruled the earth. If developers go cloud, CIOs who put up roadblocks are fighting against the industry.
- 41% of organizations want to reduce their number of physical data centers. Once again it’s all about efficiency, efficiency, efficiency.
Now I live in the cybersecurity world, so I understand the logic of keeping full control of your most sensitive IT assets but that’s not what’s happening. As a result of the business objectives and benefits described in the list above, CISOs aren’t able to block cloud proliferation. Rather, smart cybersecurity executives understand that the cloud computing ship has sailed and are busy figuring out ways to mitigate risk, monitor cloud-based activity, and modify/enforce cloud computing policies accordingly. It’s all about secure cloud enablement rather than workload classification or traditional IT bigotry.
I recently chaired a cybersecurity panel discussion at an event in Texas. One participant, Shawn Wiora, is CIO and CISO of Creative Solutions in HealthCare, a Texas-based operator of eldercare facilities. Shawn’s highly-regulated firm in the conservative health care industry uses public cloud infrastructure for 100% of its IT needs (across 43 different cloud providers). Shawn’s message to the audience was simple, “if I can embrace public cloud computing, manage risk, and comply with HIPAA/HITECH, so can you.”
Public Cloud vs On Premises SMB Security
It is also noteworthy that for a lot of small enterprise and mid-market organizations, public cloud computing may actually be more secure than the traditional do-it-yourself model. After all, a company running 15 supermarkets in the greater Boston area won’t be able to match data center technical and process chops with the folks running AWS, Azure, the Google cloud, or IBM SoftLayer.
I get it that large organizations have layers of legacy IT infrastructure that won’t be moving to the cloud anytime soon. Nonetheless, I would argue that this is a function of resources, priorities, and business justifications rather than technology.