Business Cloud Technology Security

Ten Myths of Cloud Computing

Cloud computing is still vulnerable to myths – suspicions, inaccuracies, and outright misperceptions, however, it relies to a great degree on trust of the provider of services, particularly software, platforms, and infrastructure, in an age of intense awareness of security concerns. At a time when much attention is focused on controlling access to your organization’s data and implementing good security policies, it seems counterintuitive to permit such a strong separation between provider and consumer of this particular service. Consumers have little idea of how the cloud actually works, and are to a great extent at the mercy of their service providers to make things happen.

For IT and business stakeholders assessing the cloud as a solution to their growing amount of data and ever-increasing need for information resources, cloud solutions are very attractive. Storage and services can be scaled as needed, application hosting with all its updates and maintenance can be handled by a service provider, and internal IT resources can be deployed to business-aligned goals. However, without having insight into how the magic happens, the cloud can easily become the subject of suspicions and misunderstandings. We’ll look at ten of the most common myths of cloud computing – and the truth behind the myth.

Myths of Cloud Computing

1. It is always cheaper to run in the cloud.

The Myth: This myth is pervasive in part because people fail to distinguish between “cheaper” and “more cost-efficient.”

The Truth: The cloud can be cheaper, but the reality is that when you look at total costs, you could very well end up paying more. Chances are you are paying more because you are getting more. Being in the cloud allows a greater degree of agility and scalability; it provides access to security, storage, applications, and other benefits supplied by your cloud provider.

It is possible that moving to the cloud will save you money, but it should not be your organization’s primary goal. The decision should be driven by benefits available through cloud computing – benefits that are not free. You might save money if, for instance, you have variable workloads and variable demands. A cloud service provider (CSP) can enable you to switch servers off during times of low demand, and to spin up more virtual machines at high-demand times, charging you only for the computing power you use. However, if your servers are up all the time, all day, every day of the week and every day of the year, you can probably spend less on a dedicated facility.

Some cloud offerings are becoming cheaper, but many are not, especially Software-as-a-Service (SaaS). Depending on what you need from your cloud provider, you might save money, but it can’t be assumed, and if that becomes the driver for migrating to the cloud, there are likely to be a lot of disappointed stakeholders. Work with your cloud provider to be cost-efficient, but don’t focus on “cheap.”

2. All of your IT operations have to be in the cloud if you want to compete effectively now

The Myth: It is in the interest of the cloud industry to promote its wares and services, and promotion means creating brand memes. One meme is that the only way to be competitive these days is to move your operations to the cloud. As a result, many organizations believe the cloud is the modern answer to all IT problems, and because of the hype, other organizations feel pressure to move absolutely everything in their IT operations to the cloud.

Adding to this myth, according to Forbes Magazine, some vendors engage in a practice called “cloud washing,” which is when services are advertised as being cloud services but are really just outsourced to a vendor that also happens to provide cloud services. Because of the hype surrounding cloud operations, IT departments tend to accept this designation, or at least not investigate too closely, because presenting an initiative as being cloud-based tends to get more funding for it and make it appear as though the organization is moving toward an ill-defined cloud adoption strategy.

The final issue contributing to this myth is that the cloud itself has become a buzzword in the IT industry, and upper management has learned enough to know that the cloud can offer many benefits, but may be a little fuzzy on what they are. Nevertheless, cloud integration ends up on the organization’s roadmap, and IT departments are forced to find ways to achieve a goal that might not be very well-defined.

The Truth: Most businesses can benefit from cloud capabilities, from huge multi-national corporations to small entrepreneurial ventures. Benefits can include streamlining processes, infrastructure that can scale to demand, faster response time for products and reputation, and much more. However, each business has tasks that are best performed in the cloud, and other tasks that are best kept within a physical IT center, and which tasks greatly depend on the organization and its business. While CSPs can offer great benefits in platforms-as-a-service and software-as-a-service, moving an older, legacy application which is still useful may be more cost and trouble than it’s worth.

The cloud can provide your business with a great deal of flexibility and options, but still might not be right for every IT task. Businesses can benefit from a hybrid arrangement in which some operations are sustained in-house, and others are migrated to the cloud. IT departments should make it their business to understand the true benefits and pitfalls of migrating to the cloud and be able to explain to upper management what tasks are best suited for migration, which is least suited, and why. All stakeholders should be aware that the cloud is simply a means to an end that may offer benefits and not an end in itself.

3. All of your cloud operations should be handled by one vendor

The Myth: It’s tempting to rely on the institutional wisdom that says to use one vendor for everything. Vendor consolidation has benefits for some things: the vendor knows your business and its people, your requirements, and your processes, and by bringing a lot of business to a single vendor, you can hope to capitalize on economies of scale.

The Truth: Cloud computing covers many areas and finding a vendor who performs all of the needed tasks adequately can complicate instead of simplifying. CSP offerings include many tasks and many models, extending to infrastructure (IaaS), applications (SaaS), and platforms (PaaS). Given the fact that cloud usage should be aligned with business requirements, and is not solely focused on IT goals, it is advisable to find the best vendor for each task you migrate to the cloud. It often does make sense to consolidate similar and related tasks with a vendor, but when creating your cloud strategy, understand the diversity of your organization’s requirements, and don’t be afraid to branch out a little.

4. The cloud is not secure

The Myth: Cloud computing is less secure. Private clouds are bad, and public clouds are worse.

The Truth: There are, in fact, many myths surrounding the security of cloud computing, but the bottom line is that there have been relatively few – though high-profile – cloud breaches, but even fewer of those have been due to cloud security. There have been PoS system security holes, and attacks on third-party systems to gain credentials, but the cases where the fault lay in the cloud technology itself are rare. It’s much like worrying about airplane crashes while assuming your car is safe.

Having said this, security must not be taken for granted, and your CSP should be working with you to engineer the most secure presence possible. To some extent, the risks to an organization are comparable to those of traditional IT, but at least in the cloud, you share that responsibility for security with your CSP, an entity whose main responsibilities include providing you with a basic layer of security, and the tools for you to close the loop.

Part of your responsibility, of course, is to find a CSP that has full security measures in place, both around the virtual perimeter and the physical space.

As far as the perception of public clouds being especially insecure, realize that in multitenant systems, each customer is prevented from accessing another customer’s data with an extra layer of security, called logical content isolation. This provides protection from other users of the cloud as well as from anyone breaching the perimeter of the cloud, so even in public clouds; your base level of security is well established.

5. Cloud security is in the hands of your CSP

The Myth: Your cloud provider will take care of all your security needs.

The Truth: This is a dangerous myth – you are always ultimately responsible for your own security. Your CSP’s best security efforts are useless without your organization having a strong security policy. And of course, part of that policy should be due diligence to ensure that your cloud provider’s security is airtight as well.

6. The technology is not mature.

The Myth: This myth leads to claims that cloud computing should not be used for mission-critical projects. The reasoning goes that the technology is young and early use cases focused on small-scale projects.

The Truth: This was once true; cloud computing was in its infancy in the early part of this century. In August 2006, Amazon introduced Elastic Compute Cloud, and Microsoft announced Azure in October 2008, though it wasn’t released until February 2010. More than six years later, the technology is no longer in development; it is the de facto standard for big data computing, and CSPs now have years of experience to offer.

In the early days of cloud computing, naturally adoptions started with non-mission-critical projects, but the fact that someone could reasonably make that claim in 2011 does not make it a truth after so much time. At this point, there are many organizations that began in the cloud and continue to run their entire businesses there.

7. The cloud costs jobs.

The Myth: Using cloud infrastructure and services is another way of outsourcing jobs.

The Truth: Any new technology is greeted with this suspicion, but new technologies make, not take jobs. Robert Cohen, a senior fellow at the Economic Strategy Institute, says that 25 million jobs will be created that will be dedicated to “virtualized infrastructure” – that is, what we know as the cloud.

8. Moving to the cloud means that we will lose control.

The Myth: Once we start moving to the cloud, all our operations will essentially be out of our hands.

The Truth: Although it is possible to automate many things in the cloud, the governance of your data will remain your own. Your CSP can help you create a good security plan, and they will have resources to ensure that their operation is safe; they can help you develop a business application or merely give you the platform on which to develop it. Your organization retains control over its own data, and as much control over applications as you wish, freeing your IT team to work more closely with business stakeholders to ensure that data policies are in support of business objectives, rather than having IT departments that are, of necessity, dedicated to maintaining themselves.

9. Moving old applications into the cloud is more hassle than it is worth

The Myth: There is a huge amount of work required to move into the cloud, and some of our applications don’t fit well with the technology.

The Truth: Best practice does require some data cleaning and revisiting existing architectures, but that can also be seen as an opportunity to clean up old mistakes – we know a lot more now than when our file systems were set up 20 years ago, and migrated, more or less intact, from system to system as we’ve upgraded through the years. Even if it turns out you can move much of what you have wholesale, do you really want to?

You may find you have old applications that can’t and shouldn’t be migrated. Ultimately, of course, the decision will be yours, worked out as seamlessly as possible with your CSP, as to what gets moved and what gets rebuilt. Here is another reason to choose a trusted and experienced CSP, and do your due diligence ahead of time – the provider can help make the migration process as pain-free as possible, with as little downtime as possible.

10. The cloud gives you unlimited resources.

The Myth: Because you are in the cloud, using virtual machines in a scalable architecture, it may seem as though the cloud virtual servers give unlimited memory and processing power.

The Truth: Consuming more resources than you need, it can be counted on to be bad practice, and you will pay in performance and sometimes, depending on your price model, in larger-than-expected expenditures.

In a virtualized environment, the system shifts the workload between its physical machines that make up the virtual servers as workload requires. So just as in a physical environment, you can run up against processor, memory, and throughput limitations, challenging the system to accommodate them. If you have defined limits when you first set up your cloud strategy with your CSP, you will pay in performance, but if you engaged with a CSP on a metered basis, then you will pay in cost.


It’s likely that your business can benefit from some aspect of cloud computing and its shared resources. It may help you expand the services you have, or ease the excessive workload of maintaining an application that has to be accessible ’round the clock and perhaps around the world. Educating yourself about the cloud will help you evaluate if you can benefit and how, without being misled by the lack of knowledge, or claims that were true 10 years ago and keep getting passed around. By providing scalability the cloud provides an innovation-friendly platform, and it provides an environment of security that you can trust and build on, so don’t let these myths stop you from benefiting where you can from its technology.

About the author


Gunjan Tripathi

Gunjan Tripathi is a digital marketing executive at Cheap SSL Shop. He writes about information security related articles.


Click here to post a comment
  • I agree with some of these. I offer cloud services and one thing I often come across is people who just think that anything in the cloud is automatically insecure. Hopefully over time people will start to trust these technologies more and more.

  • The myth about all this cloud stuff is, most people distrust the whole concept of “the Cloud”
    They believe it is just a common platform meaning it is insecure.
    Users still need a lot of clarifications on many aspects of the cloud to feel secure, especially how data is handled.

  • Many years ago, it was said that mainframes & COBOL was dead and that we’d be working in paperless offices – the fact is, that none of these have come about.