In Part 1 and Part 2 of Cloud Wars: Friendly Fire, we covered some of the challenges cloud advocates and early adopters are experiencing within their own organization as well as some of the reasons that they may be receiving pushback. In this third and final segment of the series, we'll cover some additional challenges and offer some potential strategies to work around or work with your IT department that might help you move ahead in your adoption of cloud computing.
"Can you wait six months? We're building a private cloud."
More and more frequently we are hearing from our user community that their IT organizations are building or evolving their existing datacenters into what are commonly known as private clouds. These private clouds are generally based on VMware technology so they are pretty efficient and augmented by the addition of tools like vCloud Director which adds self-service and tools like VMware Chargeback to help make the cost more transparent. While we do believe this is a great step in the right direction, it often takes time and there are numerous examples of failed and delayed private cloud implementations. Simply stated, change like this isn't easy and still ends up conflicting with other critical IT priorities. In all likelihood IT will get their private cloud up and running internally so your best approach is to make sure that anything you place into the public cloud is fully compatible with the technology they are using to build the private cloud. A very common technology for both public and private cloud environments is VMware vSphere. It is essentially a cloud operating system. So any applications you run in the public cloud, as long as you work with a VMware vCloud Provider, will work if and when you need to move them back into your private cloud once IT has it up and running. (a link to a directory of VMware vCloud providers is at the bottom of this post)
"Security, security, security."
If all of the previous attempts to slow you down in your cloud journey are not effective, someone in the organization will ultimately throw down the security gauntlet and take a stance that the cloud is less secure than the existing IT datacenter. I've seen two effective approaches to resolving this. The first of course would be to only run workloads in the public cloud that fit within the level of security capability that IT has today. So if your IT department is SAS-70 Type II, PCI compliant or HIPAA compliant then you should choose a vCloud service provider that meets or exceeds those criteria. The other approach, that takes a bit longer but is a better strategic play is to work with IT to break down exactly what the level of security needs to be in detail. This allows you to determine a checklist of security capabilities you can use to evaluate cloud computing providers as well as pick which additional managed services you might need or be interested in–assuming that they provide them. The list would address things like the regulatory compliance standards mentioned above but also more specific items like firewall, intrusion prevention, data encryption and logging levels.
A more interesting but less common approach would be to look at the cloud as a hybrid solution. We have seen some business units control the workload and application itself, but use their IT department as their managed service provider for security services. That way if your organization has a firewall vendor preference for Checkpoint, they can simply extend their existing management to include the Checkpoint firewall you have in your cloud environment.
If you're interested in digging further into cloud security, we recently released a new whitepaper with VMware titled "Security in the Hybrid Cloud: Putting Rumors to Rest." You can download it and other cloud whitepapers here.
So in conclusion, hopefully our real life experiences working with business units and IT organizations to figure out how to fit our enterprise cloud into their existing world will help you with your own cloud journey.
As promised, here is a link to a directory of vCloud Providers from VMware.
So, I'm curious… what do you think are the greatest barriers to cloud adoption?