Beware: 7 Sins of Cloud Computing
By Jake Gardner, Logicworks
Why seven? Why not?! While none of these problem areas align with the so-called deadly
sins, the reality is that each represents a real challenge that can arise in many organizations,
whether enterprises or SMBs, when it comes to implementing and maintaining a cloud
These are universal challenges. While each is not an ultimate, insurmountable hurdle to
adoption, thinking about how each of these is wrong, or at least misguided, is a smart way to
navigate toward successful cloud strategy and implementation.
1. Organizational ignorance: Cloud is a hot concept for many businesses. In the last year,
the emphasis on cloud computing as the go-to solution for infrastructure needs has propelled
it to the forefront of the IT discussion, with many believing it will eventually become the way
IT operates at a baseline.
However, the road to implementation is still fraught with difficulties and competing agendas
in many organizations. Similarly, given the boom in the space, the parallel growth of cloud
providers has lead many vendors to offer services that might not be best suited to a company’s
strategic and operational requirements, simply because the sale can be an easy one. With a
lack of internal understanding, or even a reticence by internal staff to provide a
comprehensive reasoning for cloud (for fear of losing their jobs), chief decision makers are
often not working with all the facts that could provide them with best reasons for or against
2. Belief in just the SLA: Service Level Agreements, or SLAs, are important to consider for
when something is going wrong. While such agreements do not guarantee that something
won’t go wrong, many organizations sign SLAs assuming uptime and business continuity are
assured. When things go down, with nothing more than a service credit and a cloud provider
scrambling to regain uptime to show for it, businesses can lose untold amounts of revenue and
get very little back for their trouble. Amazon famously dodges liability in its SLA.
Ultimately, an SLA doesn’t ensure uptime — building a redundant architecture does.
3. Role assumptions: When a business signs on to work with a particular cloud vendor, more
often than not, the divvying up of roles and responsibilities is left in an assumptive state.
Without clearly defining who has access to what, and what that can entail from a roles and
responsibilities and workflow standpoint, a lot can go wrong that could pus both the cloud
vendor and client in the wrong, damaging their business relationship, ultimately hurting the
Having clearly defined conditions, such as determining whether root access is a necessity for
a client, has strong claims toward ensuring that the business relationship is valuable for both
the client and the cloud vendor.
4. Accepting guarantees of compliance: Often cloud providers guarantee compliance as part
of their offering. This is well and good, unless of course compliance is only achieved in the
loosest sense. If a business is dealing with any customer or proprietary data, or personally
identifiable information of any sort, it needs compliance, and to know how that is achieved.
Many providers will claim to be compliant, but without knowing how that works at a
technical or a policy and protocols level, it’s hard to feel safe. A business looking at any cloud
vendor should always ask how the different levels of compliance are matched with security,
how logs are kept and managed, and which organization performs the audit (this can actually
tell you something about the caliber of compliance being sold).
5. Unregulated usage: Cloud is great for businesses when used in smart and cohesive ways.
However, for many larger companies, hurdles to gaining access to IT resources may create
autonomous decision-making for cloud adoption, group by group, since the ability to purchase
and provision resources through the public cloud (often Amazon Web Services) can be
This can, however, lead to a lack of unification where the IT strategy is concerned, with
disparate groups all maintaining their own clouds without any oversight or guidance. What if
there is sensitive information being put on a multi-tenant environment? That can create major
compliance issues, and therefore legal problems. Cost can similarly spin out of control,
because while consuming public cloud resources is relatively cheap, without knowing how
much is being consumed at cost, it’s hard to judge whether the tool is beneficial for a
business’ bottom line.
6. Thinking outsourcing removes risk or liability: There are many reasons to outsource a
business’ infrastructure to a cloud provider. There are cost benefits, management benefits, and
flexibility benefits. However, just because a cloud provider is running a company’s cloud
does not remove it from owning a major portion of the risk associated with the arrangement.
SLAs, MSAs, and contracts help ensure that roles and responsibilities are clearly defined.
But what if something goes down? What if customer data is breached? A business still has to
deal with the ramifications of such events for its own customers and lost revenues. Yes, they
can be mad at the cloud provider, and that relationship can suffer, but that makes little
difference to how the company’s customers feel about their pain. In the end, risk is never
alleviated. In fact, it can only be planned for up to a point. Ensuring a Highly Available (HA)
cloud is a good step, as is maintaining constant communication with a cloud vendor.
Ultimately, taking anything for granted is the biggest sin!
7. Failing to understand failure: The cloud fails. Amazon has many well-publicized failures
from the past year alone. In the end, such failures will only impact businesses that have not
built failure into how they think about the cloud.
Designing an architecture to withstand the loss of an Availability Zone (AZ), the crashing of a
cluster, or even the loss of a data center (as with Hurricane Sandy) is all part of how a
company should be thinking about the cloud. To not do so seriously jeopardizes a business’
cloud and increases its liability in terms of lost revenue and damage to the brand should
something go down.
The reality of designing for failure with proper security, HA, and disaster recovery often ups
the cost of cloud. But compared to the potential for lost revenue, is that price too much?
Jake Gardner, Content Marketing Manager at Logicworks, is lead blogger on