12/02/2021 | News release | Distributed by Public on 12/02/2021 10:42
For many years now, we have observed a steady rise in companies declaring "end-of-investment" in their on-premises environments in favor of more flexible cloud environs. These companies cite many reasons for why public cloud environments are appealing: scalability, a variety of consumption options that can yield cost savings, and improved agility, to name a few. However, whether an organization is migrating existing applications, building a scaled operation for new applications hosted in the public cloud, or both, the architectural approach taken can make or break the business case. Savvy companies are now proactively architecting in flexibility and choice of multiple platforms.
The Pitfalls of Going Fast at the Start of Your Cloud Journey
A common mistake many organizations make at the start of their public cloud journey is to over-prioritize speed, leveraging exclusively cloud-native services (services offered by cloud providers as part of their platforms). Whether as an explicit top-down declaration or implied as part of a "cloud-first" strategy, this approach misses important distinctions between applications, the data those applications generate or process, and the services that are used to secure and deliver the applications. Many organizations that take this "cloud-native first" approach inevitably encounter several costly consequences, including:
1. Diminished Security & Compliance
A 2021 report from 451 research found that 23% of companies cited security concerns and the lack of viable security measures as a major factor in their decision to shift in to reverse gear and move apps away from public cloud providers in the next 12 months. Many security teams, having comprehended and navigated the cloud provider's shared security responsibility model (whereby the cloud provider secures the cloud infrastructure, and the cloud tenant secures their own cloud network, apps and data), find they are not able to replicate the security controls and efficacy of their on-premises environment with only cloud-native security solutions in their arsenal.
Despite this, in pursuit of speed and simplicity, many organizations at the beginning of their cloud adoption journeys elect to forgo the advanced security and compliance solutions they've implemented on-premises in favor of public cloud-native services-ultimately to the detriment of their security and compliance posture.
2. Platform Lock-in
While most companies try to avoid vendor lock-in where possible, it is in some cases being justified as a trade-off to access the significant benefits cloud computing affords. The shortcomings of this trade-off are usually only realized when the need for expansion arises. Unsurprisingly, being tied to a single platform or set of tools makes it much more challenging to adopt another cloud ecosystem where the use of those same native services is not possible and domain knowledge is non-transferable. As an example, an organization operating a native Web Application Firewall (WAF) to protect their apps on AWS would be unable to move those apps to Azure and enforce the same protection using an Azure-native WAF due to disparities in the policy or signature semantics, configuration options, and feature sets. A more future-proof, adaptable, and ultimately cost-effective approach for such services that live in the grey zone between infrastructure and applications is to standardize on a few platform-agnostic capabilities (WAF for example) that span your on-prem and cloud environment(s).
3. Unanticipated, Surging Costs
Beyond the expected costs associated with initially migrating to the cloud (e.g., cloud infrastructure, data transmission, application refactoring), cloud costs frequently exceed planned spend as cloud dependence and usage escalates. According to Andreessen Horowitz, the estimated annual committed cloud spend for well-established, cloud-based companies can be equal to around 50% of their cost of revenue, with this figure exceeding 80% for some software companies.