In 1962, Professor and self-proclaimed Philosopher of Science Thomas Kuhn wrote his seminal work The Structure of Scientific Revolutions. In it, he argued that “science” is not the collective effort of neutral scientists who patiently test various axioms in pursuit of the truth and throw out anything proven to be untrue. Rather, Kuhn posited that mainstream science consists of a set of already-believed axioms upon which all other axioms are based – and that the initial axioms themselves are rarely, if ever, put to the test.
Kuhn referred to this as a “paradigm” and said that it was the unofficial tool by which the scientific mainstream deems something to be “unscientific”. Anyone who starts from a basic set of axioms outside the paradigm is considered unscientific, meaning they’re not given any serious consideration. The axioms of those outside the paradigm are simply ignored, regardless of whether or not they produce interesting results with predictive value.
This continues on for some time until the reigning paradigm begins to fail – the axioms on which it is based stop accurately answering questions and various quirks start to build up until, in a rush, the paradigm is overturned and replaced with something else – a phenomenon Kuhn referred to as a “paradigm shift”, which has now entered modern parlance referring to any major sea change taking place in the course of human opinion.
I agree with the spirit of Kuhn’s thesis. I think people are often prone to make deductions not on the basis of patiently-tested axioms, but more for reasons related to the following of a paradigm – whether that be as a true believer, for vanity reasons, or simply as the path of least resistance. And to make it all relevant… this has been as true in the course of cloud technology development as it is anywhere else.
Google executive Eric Schmidt is generally considered to have publicly coined the term “cloud computing” in 2006 at an industry conference (although other organizations may have used the term internally earlier than that). Prior to this, there was no good term to describe the use of cloud resources which the public would understand – so the idea simply sounded like hosting your resources somewhere that you couldn’t directly control and lay eyes on.
To a lot of folks, the whole idea sounded silly. When the industry term “cloud” first started to widely appear in the late 2000s, that sentiment was snidely packaged up as the rhetorical question, “Isn’t the cloud just someone else’s computer?”
Of course, none of these people seemed to stop and think about the question differently – like “Isn’t a hospital just someone else’s bed?” – but who cares about that? Snide questions are more memorable.
By the early 2010s, we saw a definite paradigm shift as the advantages offered by cloud technology started to become apparent. This quickly led to some extremists swinging to the complete opposite side. Suddenly, it was foolish to NOT move everything to cloud. “Servers onsite? Files on disks in your closet? Ha! Bumpkin! It’s all going cloud. Gotta go cloud!”
So what does that mean for your organization? Is it time for you to go cloud? Don’t just follow the paradigms – this is a question that needs some reasonable thinking over the basic facts. If you’re looking at the possibility of leveraging a cloud platform for a given segment of the business, let’s consider the following questions:
1. Is it technologically a good idea for our workflow?
Cloud technologies are incredible and come with tremendous benefits – but believe it or not, there are still cases where on-premise solutions can be a better choice for your business. Do you fequently access and modify large, complex files in the course of work? This is common for manufacturing/architecural/engineering firms – and a real limitation on existing cloud technologies, as it’ll almost always be much slower and prone to corruption on a cloud basis rather than if the actions are taking place on the same LAN as the file storage. That’s not to say the cloud has no use here, only that there is a legitimate tradeoff involved that could have real business implications.
Or what about large databases making thousands, maybe millions of writes/rewrites in a short period of time? Again, not impossible to base in-cloud – but you’ll almost always have a better experience in-house. Identify how your organization conducts business and determine the inherent technological constraints.
2. Is it cost-effective?
Cloud services are certainly a lot cheaper than they used to be – but in many cases, they still ain’t cheap. For example: the current average price for a Microsoft Exchange Server 2019 license runs about $750 for the Standard edition, which would be sufficient for the vast majority of small-to-mid size businesses. This is a one-time cost which can last at least 5 years if not more, considering Microsoft’s general software lifecycle. Meanwhile, licensing all users in your mid-size firm – let’s say roughly 30 users – will cost nearly as much on Office 365 running Microsoft 365 Business Premium licenses (which I consider to be the minium license any org should buy) in a single year alone.
But what do you get for investing in that? Cloud e-mail not dependent on a heated box sitting in your closet, cloud storage allowing you to access vital files securely from anywhere, and useful applications with cloud integration allowing you to collaborate with your team in a variety of unique manners from wherever you are. Economist Thomas Sowell has said this: “There are no solutions in life, only tradeoffs.” If the tradeoff of price for the functionality above is worth it, then congratulations – you’ve found value!
A simple cost/benefit analysis should be able to answer this question – and for a lot of organizations, I do think the cost-effectiveness is ultimately tremendous.
3. Can we leverage the cloud securely and within compliance?
The good news about the cloud is that it can allow resources to be accessed and utilized anywhere. The bad news about the cloud is… er, well, the same thing – “bad” from the perspective of potential malware, data loss, and compliance problems, anyway.
Don’t get me wrong – when done correctly, cloud systems can be extremely secure. As long as passwords are kept safe, multi-factor authentication is validating identity, access is kept to the principle of “least privilege”, and traffic is encrypted wherever possible, then cloud resources can be kept very secure and controlled. However, none of this can escape from the bottom line: if data is traveling about the world at-large and your company computers / networks are open to “public” cloud connections, then there is always SOME kind of risk which would not be present otherwise.
You might think that this is only a problem for the guarding of atomic secrets or the recipe for Coca Cola, but think again: a 2017 study conducted by Intel Security involving over 2,000 IT executives showed that 52% of respondents had tracked a malware infection back to a cloud system in their business processes – meaning that cloud systems security is a widespread and real issue.
And compliance? Remember: a cloud provider may promise to deliver services in line with compliance requirements, but it’ll be incumbent upon YOU to prove due diligence in the event of any security incidents regarding said cloud service. HIPAA and FINRA folks, take heed. You need to ask to see the cloud service provider’s compliance records – are they currently passing SOC or other relevant industry compliance audits? Look for these certifications on their website. If you don’t see them, ask for them. If they can’t provide, then you need to move on.
CONCLUSION
Should your business go cloud? Begin by answering the above questions. If you’re not sure how to get the answers, then partner with someone who can help you figure them out. Cloud technologies can unlock enormous potential within your organization, but think critically and don’t just follow the reigning paradigms.
Categories: The IT Philosopher, Tips
Austin Thomé - Cloud & DevOps Engineer 