Like many of the trends in technology, I’ve been skeptical of the movement to the cloud. Quite a few people that I have discussed this with across the last five years have had concerns, and real challenges with latency, performance, and cost. The cloud hasn’t always been cheaper, with more than a few people having larger bills than expected.
Across the last couple years, the trend seems to be changing, which is certainly reflected in the growing revenue Azure, AWS, and other providers are reporting in their annual reports. More and more companies are finding the cloud valuable, and the cost to be acceptable. While the cost still might appear to be larger than on premises, the lack of commitment and the change from capital expenditures to operating costs seems to be worth the move.
Moving to the cloud, however, takes some work. Certainly your applications might need to change, but as compliance becomes a bigger concern for organizations, there is some good advice in this piece about secure cloud migrations. I think understanding your current security and how this can be improved or adapted to a cloud vendor’s architecture is important. Far too many people think about security after infrastructure is in place, which often results in poor security.
This is one place I think the cloud can be more secure. Since the vendors don’t want issues between their customers, and certainly try to avoid issues on their own networks, the cloud platforms inherently ask for more security as you provision and deploy systems. Certainly there are companies that just open up all networking to get systems to work, and I hope this is the minority. Anyone moving applications to the cloud should configure secure networking, and limit access between resources wherever possible. Just like we don’t want applications using “sa” to log in, we don’t want every machine able to access every other machine. We certainly don’t want every user or application able to connect to every other one.
I do think the cloud plays a part in the future of most organizations. Not all, but most, with any type of workload and application you may have. The performance continues to improve with new offerings, as well as the flexibility. The costs rise and fall, but the ability to scale up and down can make this option very attractive. DR is superior to what most of us can build on-premises, certainly in any short period of time, and there are sufficient security options that work very well for almost all of us. The challenge for most of us, and our organizations, is learning to implement them correctly.
Steve Jones
Listen to the podcast at Libsyn, Stitcher or iTunes.
Voice of the DBA 
This pretty much nails it, not just for security but everything data and cloud related: “The challenge for most of us, and our organizations, is learning to implement them correctly.” For the past year I’ve been working only with databases and services in the cloud (Azure mostly) and the tendency seems to be that when migrating to cloud the end result looks quite a lot like what you had in on-premise.
This is not necessarily a bad thing, as that can be a huge step for some organizations to have their data in the cloud in the first place. But if you’re looking to modernize your organizations data estate, it shouldn’t end in just running VMs in the cloud.
Coming back to security for a bit, that’s also one very attractive reason to consider cloud. Going beyond the network configurations, encryption, threat detection technologies, there’s also physical security involved. And this is what hyperscalers like Microsoft are really going above and beyond with (you can check some of that from here: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security).
LikeLike