I’m back with my second post myth busting common beliefs about the cloud. Part 1 discussed myths surrounding deployment and cost . Today’s post focuses on our final three cloud myths surrounding security, development and scalability.
3. Myth: The Cloud is less secure then traditional hosting Or Cloud providers will be responsible for all aspects of data security
All these points are simply false. Large cloud companies such as Amazon and Microsoft have huge financial resources at their disposable, and can, and do hire the best security experts in the world. Experts that are available 24×7. Few companies or hosting services can afford this level of staffing. The size of the major cloud providers and the resources available to them also enable them partner with third party best of breed security providers. Also, cloud services are built with security baked in rather then bolted on afterwards. Further the cloud is capable of offering cloud native solutions for identity verification and user Sign-Up, Sign-In, and resource Access Control. AWS Cognito is one example of a cloud-native strategy for managing user verification and access rights. The cloud also provides mechanism to automate security tasks not generally available in other environments.
It is true that organizations are still responsible for locking down their own software. And failure to pay attention to security best practices when building or managing security can lead to security issues. Building cloud native software is not a panacea for not following security best practices. Development and DevOps teams are still responsible for securing their code, data access and ensuring that best practices are followed concerning managing users.
4. Myth: Cloud software development is just like development in standard hosting environments or there is nothing special to learn about software development for the cloud
No and No again! As stated above the cloud can be used like an old-fashioned hosting service in the same way you can ignore object-oriented principles and write a procedural application with an object-oriented language. You can, but what purpose would this serve? The impact of cloud computing on application development is itself a complex topic deserving of its own blog entry. The cloud offers unique services that are transformational and highly impactful on how software is developed, deployed, and used. Cloud native software that fully integrates these services is not the same as software developed for other traditional environments. In future blog entries we will explore the impact of the cloud on how software development is performed.
5. Myth: Your application will auto-magically scale better in the cloud.
Ah, if only this were true. Treating the cloud as you would a hosting company means your software will have the same scaling obstacles as if it were classically hosted. Yes, the cloud vendors offer a myriad set of tools for scaling software and managing the associated costs. But software must be correctly architected to make use of these services. Several key architectural goals required to integrate auto-scaling services are statelessness, the ability to segment workloads automatically, a micro-service inspired division of labor and the ability of software to stop and start automatically when requested.
I hope these posts “cleared the air” for you on common misconceptions about the cloud deployment methodologies. Keep a look out for my next Cloud Coverage post in the next few weeks, where we’ll be discussing the pillars that make cloud computing possible.
Be sure to read my first Cloud Coverage post, The Value Of Cloud-Native Applications