Even as many proponents became gradually convinced of the technology’s benefits, some pockets of resistance remain – largely fueled by misconceptions and misunderstandings.
For the benefit of cloud proponents and skeptics alike, I’d like to take a look at cloud myths – both past and present.
In a nutshell
A great source for studying the evolution of cloud myths is Gartner’s 2014 analysis of the top 10 cloud myths, and then comparing them to their updated list, published in 2020. One of the most important observations is that cloud myths keep evolving (and will most likely continue to do so over time). And while this is particularly interesting, so is that the first five myths from 2014 remained unchanged, suggesting that educating the market will continue to take time and effort.
Here’s what did not change:
- Myth 1: Cloud is always about money
- Myth 2: You have to be cloud to be good
- Myth 3: Cloud should be used for everything
- Myth 4: “The CEO said so” is a cloud strategy
- Myth 5: We need one cloud strategy or vendor
Let’s now look at what did change:
By 2014, these were Myths 6-10:
- Myth 6: Cloud is less secure than on-premises capabilities
- Myth 7: Cloud is not for mission-critical use
- Myth 8: Cloud = data center
- Myth 9: Migrating to the cloud means you automatically get all cloud characteristics
- Myth 10: Virtualization = private cloud
By 2020, these evolved to:
- Myth 6: Cloud is always more secure than on-premises capabilities
- Myth 7: Multi-cloud will prevent lock-in
- Myth 8: Once I have moved to the cloud, I am done
- Myth 9: Enterprises are moving back from public cloud
- Myth 10: We have a cloud (implementation/adoption/migration) strategy
As we can see, cloud myths are not set in stone, and arguably, with education and persistence, they can be dispelled, even though they may be replaced by new ones.
What can we learn from myth evolution?
The most significant shift from Gartner’s 2014 analysis is Myth 6: from “Cloud is less secure…” to “cloud is always more secure”. In truth, cloud is neither less secure nor always more secure. But the security of the cloud has improved significantly, most notably due to the pace of implementing security updates. One manifestation of the improved security of the cloud is the relatively new enablement of cyber security insurance programs (see for example here).
Still, the past years have proved that security in the cloud remains extremely dependent on how well it is implemented – or more correctly, how poorly it is implemented. We can see this in how the costs of security breaches have risen, and how fatal mistakes such as not implementing multi-factor authentication have become notorious for the damage they’ve caused.
Where do cloud myths go from here?
- Firstly, to ensure a successful cloud strategy, we need to educate organizations that for the time being at least, when well implemented, a multi-cloud strategy can reduce vendor lock in, but cannot prevent it (for latest on Communication Service Providers' evolution to multi cloud, read the recent Gartner report [account required]).
- We also need to reeducate those who believe that cloud deployment represents the end of the cloud journey (it’s just the beginning). And while the ROI of migrating back from public cloud to on-premise might have rare justification, the message needs to be that this is the exception rather than the rule.
- Finally, those contemplating initial steps in their cloud journey need to do so in knowledge that a single implementation/adoption/migration strategy could never work, given the complexity and multitude of the technologies and stakeholders involved in any cloud journey.