10/25/15, 8:08 PMTech Time: Un-clouding the Cloud

Page 1 of 4http://www.cues.org/article/view/id/Tech-time-unclouding-the-cloud?print=1

Tech Time: Un-clouding the Cloud

March 2014 – Vol: 37 No. 3by Ronald Redmer

Key things decision-makers need to understand before making a move

March 26, 2014

Credit Union Management’s Web-only “Tech Time” column runs the fourthWednesday of the month.

With interest andparticipation in cloud-basedvirtual systems on the rise,credit unions that have notmoved their ITinfrastructure, e-mail andpublic-facing systems tothe cloud are likely givingthe idea some serious thought.

Unfortunately, while many people have a basic understanding of how cloudcomputing works, appreciating the subtleties can mean the difference between asuccessful cloud transition and an expensive headache. Even amongexperienced IT professionals, misconceptions are common.

Correcting these misunderstandings and grasping the basic principles thatinfluence the way different companies operate in the cloud are important for anybusiness. For credit unions and other financial institutions, where the stakes are(sometimes literally) higher due to the amount of personally identifiableinformation they manage for customers, solid understanding is essential.

Price

When it comes to working in the cloud, operating within a set budget is obviouslya priority. One of the complexities about moving to the cloud is that, while youfrequently only pay for what you consume, it can be very difficult to predict your

10/25/15, 8:08 PMTech Time: Un-clouding the Cloud

Page 2 of 4http://www.cues.org/article/view/id/Tech-time-unclouding-the-cloud?print=1

level of consumption.

Storage needs—how much data storage you will require—are fairlystraightforward, and there is also some correlation between how much“compute”—or server resources—you use in your current on-site system andhow much you will use in the cloud.

When it comes to pricing, many cloud providers take a significant loss on thestorage and compute components of their services—they are essentially lossleaders for the third and most lucrative portion of cloud computing: thebandwidth charges (how much data you are moving in and out of the network). Itis incredibly difficult to predict, and the price structure tends to take advantage ofthat.

Think carefully about how accurately you can predict your bandwidthconsumption, and be wary of cheap storage with cost-per-access fees that canadd up quickly. Think critically about how often your users—both employees andcredit union members alike—will access documents on file systems and recordsdatabases. Quite a few companies are getting burned as a result ofmiscalculation within the pricing structure. Although difficult to measure, having anetwork architect or administrator monitor bandwidth utilization, as well as howoften users are accessing information on the cloud, can help businessesdevelop a utilization profile and better predict its bandwidth consumption andinformation access.

Performance

Performance, or the amount of time it takes to access information stored on thecloud, is also difficult to predict, because performance is, logically enough, notguaranteed. It is also tough to predict performance parameters and to translatewhat they mean in the real world.

Another frustrating issue: evaluating what performance is “worth.” Until youexperience not having performance, you are not going to know what it is worth.How much value is there in your ability to access a document in seconds asopposed to minutes, or to retrieve a database record in milliseconds instead oftens of seconds? Credit unions are more likely to need that guaranteedthroughput—the last thing any credit union wants is a service representativewaiting for data.

Together, performance and bandwidth can drive the price of moving to the cloud

10/25/15, 8:08 PMTech Time: Un-clouding the Cloud

Page 3 of 4http://www.cues.org/article/view/id/Tech-time-unclouding-the-cloud?print=1

up dramatically—they are cost considerations that can be “multipliers.” Typically,the better the performance and bandwidth, the more it will cost credit unions.Keep in mind, these are costs that are currently buried in your on-siteinfrastructure, and there may not be correlation between your existing technicalarchitecture and your needs in the cloud.

Private vs. Public

The difference between a private, hybrid and public cloud—through a well-known provider like Amazon, Google or Microsoft—boils down to fit and service.Those brands are innovative and successful, their public clouds such as GoogleCloud Platform and Microsoft’s Azure are well designed and their data centersfeature some of the best security in the world, but their service is structuredaround one common platform—with little by way of customization. Aprivate/hybrid cloud vendor, on the other hand, has both the vested interest andthe ability to keep client information secure. Private and private/public vendorsare far more likely to design a customized model for your systems, processes,storage and access needs in a way that maximizes security. The flip side, ofcourse, is that using a private vendor also can be significantly more expensive.

Security

Moving to the cloud requires evaluating the level of risk a credit union is willingto assume—balancing accessibility and security. The cloud itself does not makeyour organization secure. Even the best cloud providers and data centers thatmeet the highest standards for security and compliance do not ensure that youwill automatically be able to implement your system in the cloud in a secure andcompliant manner. The missing piece of the compliance puzzle lies within thefinancial institution: Your people have to understand how to implement acompliant system in the cloud.

Part of the problem is that many IT professionals have gotten very good atsecuring an on-premises network. They understand that the primary points ofvulnerability are the machines and the network, and they are adept atimplementing security measures like firewalls, intrusion detection andprevention, and antivirus software. Securing a cloud-based system is verydifferent, however. Think of it like the difference between securing your family athome, and keeping them safe on a road trip. The security perimeter is verydifferent in the cloud, and there are not many IT professionals who trulyunderstand how to define and defend that perimeter.

10/25/15, 8:08 PMTech Time: Un-clouding the Cloud

Page 4 of 4http://www.cues.org/article/view/id/Tech-time-unclouding-the-cloud?print=1

In addition to information security, business continuity and disaster recovery aremajor compliance considerations. Do not assume cloud storage ensures that allyour data is backed up and recoverable. Ask about how protections areestablished and maintained (including where the data centers are located), whatbackup mechanisms are in place (including how quickly you can be up andrunning after an outage), and what the price tag will be for maintaining thosestandards.

Ronald Redmer serves as chief operating officer and chief technology officer ofassure360, a Farmington Hills, Mich.-based provider of private cloud and hostingsolutions, software-as-a-service offerings, and information security andcompliance consulting with two geographically dispersed data centers.