Even if You Think You’re Avoiding the Cloud, You’re Probably Using It

At the 2015 RSA Conference in San Francisco, I asked random attendees about advice they had received about the cloud. Many cheekily responded, “I’m not on the cloud.” And then just for me, they pointed out that their phones are on the cloud and they probably use some webmail service, such as Gmail.

Even if you don’t want to be on the cloud, you’re probably on it. It’s almost impossible to avoid it. Still, with the cloud’s pervasiveness, there are still people and companies who are not moving to the cloud. Much of it comes down to control and capabilities.

At the RSA Conference, I asked Steve Herrod (@herrod), managing director of General Catalyst and former CTO of VMware, what was preventing people from moving to the cloud?

“People who are afraid their data will be seen by someone else or, more logically—in a regulated industry—are companies that don’t feel they can pass their audits or the compliance certifications they would have to go through around where the data has been and who has touched it,” said Herrod.

To mitigate, companies need to demand more visibility from their cloud providers.

People want to know if break-ins have happened, and if they have, they want to do whatever risk mitigation they can, said Herrod. Plus, there’s a concern over who has access to data and at what time. And they want to know this with respect to encryption. Even if the data has been encrypted, who has had access to the keys to open it?

As for those companies that are quickly moving into the cloud, Herrod said the use of the public cloud is directly correlated to how young a company is. Older companies that have more old apps and are in a regulated industry are not so quick to jump.

“The fastest moving companies that are fully cloud from the start are just formed startups. The other extreme is a 20 to 40 year old company with a plethora of applications in place and they’re in healthcare, government, financial services – somewhat regulated,” said Herrod.

As for how to determine how you should make the move to the cloud, Herrod suggests you look at your suite of applications and determine what needs to live where. There may be some programs that are very entrenched and haven’t changed in years. Those may be fine to continue to live on a mainframe. There may be other applications that are developing quickly, and may benefit hugely from a move to the cloud.

You simply create buckets for all these application types and then you’ll have a broad overview of how you should take your next steps towards where and what should go to the cloud.