 |
 |
 |
|
08.11.09 Cloud Computing Worst Practices And How To Avoid Them  By Mike KavisIt is no surprise that many IT organizations are struggling to implement enterprise solutions in the cloud. After all, we have seen IT struggle for decades with many "new" initiatives like SOA, ERP implementations, Enterprise Architecture, etc. The following list captures what I call cloud computing worst practices. Many of these items on the list are the same mistakes that IT has been making for decades while others are specific to cloud computing. Top 10 Worst Practices in the Cloud 1. No business justification - This is the age old problem where IT has a hammer (cloud computing) and sees every business problem as a nail. The reasons for using cloud computing should be directly related to business goals. After all, the reason IT exists is to support the business. I have seen many IT shops take on cloud computing for technology's sake. Start with the problem, not the solution. 2. Unrealistic expectations - Like SOA and other hyped technologies, cloud computing is not a silver bullet. In fact, if you don't architect it correctly you will likely expose your company to more risks, outages, and costs than your currently functioning on-premise solutions. Don't underestimate the impact of organization change. Many people, especially system administrators, security personnel, and people who like the status quo may fight it tooth and nail. This is just another page out of the SOA playbook. People can kill any good technical solution. 3. Jumping in too soon - It is easy to get started in the cloud. Simply sign up with a credit card and you can start living large in the cloud. That's great for R&D, off loading adhoc processing, or just experimenting, but if you are planning on building enterprise ready production solutions in the cloud you had better do your homework first. I have seen IT shops put corporate data in the cloud without understanding the ramifications. My recommendation is to spend some time at the Cloud Security Alliance website and download the CSA Guide. Read it front to cover and understand what needs to be addressed. Then decide if cloud computing is a fit for your organization's culture. 4. No focus on architecture - Classic IT here. When will we learn? To deploy enterprise solutions in the cloud, off-premise solutions must be architected differently than on-premise solutions. Let's learn our lesson from all of the SOA failures and focus on architecture. You don't buy security, compliance, failover, performance, resilency….you build it!
5. Moving legacy to the cloud - This might be the biggest mistake of them all. Most legacy applications were never intended to be exposed outside the corporate firewall. I have seen companies spend stupid money trying to retrofit existing systems that work fine and make them "cloud enabled", all in the name of saving money. The end result is often a more expensive system with more security issues, less stability, and more complexity. Unless your legacy system is based on a service oriented architecture, the cloud is better served for new applications, not legacy. 6. Depending on the cloud vendor for security - Some companies see the cloud as an opportunity to outsource security. Nothing could be further from the truth. Running systems outside your firewall requires more security from your application development teams than ever before. No longer can companies deliver applications with little to no application security and hide behind a corporate firewall. Now companies must actually deliver secure software and many don't have the talent and know how to meet the challenge. 7. Not addressing the risks - If you downloaded and read the CSA Guide, you will notice that there are a lot of risks when deploying in the cloud. That doesn't mean that the cloud is bad, but if don't address the risks, your solution will be beyond bad. You must address issues like data ownership, consumer privacy, PCI compliance, country specific regulations, and much more. Ignore these risks and you could expose your company to security breaches, outages, and failed audits. As the old saying goes, "You can pay me now or pay me later". Continue reading this article. About the Author: Mike Kavis is a veteran Chief Architect with over 23 years of IT experience including distributed computing, SOA, BPM, data warehouse, business intelligence, and enterprise architecture. Read Mike's blog at Enterprise Initiatives. |
||||||||
|
| ||
|
-- ITProNews is an iEntry,
Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 ©2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
