Myth #4: I'll just put the application on cloud and it'll work
Whether the servers are in the cloud or a corporate data centre, integrating and deploying applications means working through good, solid disciplined IT processes. If everything is done systematically, with review points at key stages, there is a high chance of success. Sandboxes can be created in the cloud for multiple cycles of evaluation, including scaling up, running load tests, and using real people and real-life situations in a pilot. In any server environment, the application integration architecture and design can result in suboptimal performance, reliability, and security; it may be the result of a poorly configured operating system or application. So, yes, putting an application onto servers in the public cloud will work, but proper architecture, design and testing is needed. A corollary of this, is that, not every application is well-suited for a public cloud.
Myth #5: Software off the cloud needs maintenance but software on the cloud looks after itself
Buying infrastructure-as-a-service only means buying the use of servers; applications on those servers are still a corporate responsibility. Standard IT processes are required to maintain the health of the application. Software has to be monitored, and the data generated has to be managed. Without the proper governance, companies could easily lose track of what's where. The 'master user' facility in Instacompute allows consumption of 'project users' to be monitored so there are no bill shocks, for example. Backups and disaster recovery still need to be implemented, but they are typically much easier to do on the cloud.
Myth #6: Cloud is not secure
The major security risks are not unique risks for the cloud. Infrastructure-as-a-service includes server, storage, network, and firewall services at the platform level. The security risk is dominantly at the application layer, the same as on private premises. Backdoors to the data maybe opened through a poorly configured operating system or poorly managed applications with the wrong access configurations; neither come about as a result of being on the cloud. As public clouds are accessed over the Internet, the preferred approach is encrypted data in transit or in storage, which is equally important for web-facing data on a private network.
One cloud-related risk may be through distributed denial of service (DDOS) attacks, either directly, or indirectly. Public clouds have multiple tenants off the Internet. Just as someone might not be able to get to his flat because the neighbour has too many visitors clogging up the common hallway, a denial of service attack affecting another customer could slow things down for a cloud-based business. Such problems can be avoided by selecting the right cloud provider. Look for a vendor with the ability to deal with denial of service attacks so they no longer have an impact. A strong, diverse backbone network, the ability to identify such attacks, and the tools to mitigate them are a must.
Sign up for CIO Asia eNewsletters.