Challenges and obstacles to the mass implementation of cloud technologies, and ways to address them

Trust and Security

Using subscription-based services and cloud resources in daily life is quite convenient, particularly if one remembers to timely deactivate services that are no longer needed. However, we all understand that in such circumstances, we delegate some responsibility to the service provider. Therefore, trust and security (of user data and intellectual property) become arguably some of the most critical aspects. At a personal level, such issues can be addressed less formally or based on a provider's rating. 

Although, not everything might be as clear-cut as it seems. For instance, when using car sharing services, can we be certain a car's airbag system was replaced as per regulations after an accident, if there were any? Are there any specific requirements for car sharing services regarding the disposal or restoration of cars after an accident? On another note, businesses starting to utilize cloud technologies require a comprehensive analysis of both cloud providers and relevant legislation and regulations.

The issues of trust and responsibility delineation are gradually being resolved through the implementation of security standards (PCI DSS, 152-FZ, GOST R 57580, ISO 27001/27701/27017/27018) and conducting audits to verify compliance with said standards.

However, we understand that these measures are designed to reduce or redistribute risks, not to completely eradicate them. Therefore, each organization decides for itself if it's ready to completely or partially transition to the cloud or use a private cloud (which is slightly different, although the functionality and usage model of Western vendors' private clouds closely resemble public clouds or make the process of building hybrid infrastructure easier).

When utilizing cloud servces, it is advisable to incorporate this segment of the infrastructure into your organization's comprehensive security processes. This includes establishing a Landing Zone with network segmentation, Site2Site VPN, configuring routing rules, prohibitions and permissions; using NGFW (Next-Generation Firewall) and SEIM (Security Event and Incident Management) if necessary; mandatory use of SSO for cloud management and audit log inclusion; and regular system updates, particularly for those with external network access.

As for the issue of trust, it is evident that faith in foreign cloud providers has been compromised — the risks are enormous. This process has also inevitably brought into question the trust in the subscription model itself. 

Some clients reduce the risk of an unexpected subscription halt or loss of data control by storing backup copies (or replicas) of their most crucial data locally or in another cloud, enabling subsequent restoration in an infrastructure independent from the cloud provider. These scenarios are implemented for both IaaS, which is to be expected, and PaaS services.

Rising prices

According to Bezos Law (proposed by AppZero CEO Greg O'Connor), the cost per unit of computing resources should decrease by 50% approximately every three years. This is confirmed by global practice, but in Russia, prices have actually increased at some point. This is due to the heavy reliance on foreign data center components: everyone was anticipating a decrease in resource costs, but it turns out that prices can also grow. 

There are concerns that migrating to the cloud could be equally, if not more, costly in certain timeframes, such as over a period of three years. However, the situation isn't as straightforward as it seems. Even if your 'old' hardware might have been cheaper compared to current prices, it is becoming outdated. It is unlikely that you will find equipment cheaper than what cloud providers offer due to the difference in scale and, consequently, discounts..

Various calculations like TCO compare both the cost of owning hardware such as servers and storage and indirect expenses. However, making these calculations with a small margin of error can be quite challenging.

Let me illustrate with a real-life example. You could either use a tire service or change your car's tires yourself. The former might be more expensive but the quality will be better and you'll be saving valuable time. In IT terms, this equates to reducing time to market and increasing flexibility..

When implementing cloud technologies, it is recommended to conduct a preliminary cost-effectiveness assessment and identify the main advantages you expect from the cloud. If cost savings are your only goal, things might get complicated. However, if you're looking for flexibility, faster time to market, increased resilience, and so on, then it's a justified move.

Staff shortage

A shortage of skilled personnel can pose another hurdle to transitioning to the cloud. A holistic approach can help overcome this issue quicker. This includes special and higher education programs, in-house employee training, and affordable high-quality courses. Cloud providers themselves offer free, high-quality online programs covering new technologies. It is worth mentioning Yandex, one of the first companies to offer training courses for both beginners and experienced professionals. The range of topics is extensive and includes DevOps, DevSecOps, GitOps, data platforms, and information security.

Internet

Underdeveloped broadband Internet infrastructure also acts as a limiting factor. On one hand, speed and coverage indicators for both B2C and B2B segments in Russia are fairly impressive. However, some cloud migration projects still require an analysis of the network component between the main and branch offices and the cloud platform.

Practice shows that even with a "common" 100Mbps bandwidth, end users occasionally notice that the infrastructure is now cloud-based rather than local. Often, the solution involves good QoS (Quality of Service) configuration at the network level and other services (for instance, if there is DFS file replication between the cloud and ground, it should definitely be restricted during work hours), using dedicated network connections between local infrastructure and the cloud (Interconnect\Direct Connect), and alternative traffic routing (for example, interaction in some local subsidiary offices is still configured through the central location; when the infrastructure is local or even located in a foreign cloud, this may not be noticeable. When switching to Russian clouds, we suggest altering the scheme to minimize "unnecessary" traffic routes).

Russian solutions

In recent years, Russian providers have demonstrated rapid growth in both their client base and the variety of services they offer. However, they are undergoing a phase of establishment and growth that their foreign competitors completed a decade ago. Some crucial services are either unavailable or in the Preview stage, complicating cloud migration particularly for more traditional infrastructures. Some of the absent solutions are compensated by marketplace offerings, but even there the choices aren't always extensive and often result in extra costs.

We are likely to witness the evolution of cloud solutions and enhancement of their features, including in the field of hybrid infrastructures. For instance, VK Cloud is currently striving to grow in this direction: they offer both public and private cloud services (Private Cloud by VK).

conclusion

System integrators' solution portfolio includes both cloud migration services and IT infrastructure assessments to determine the readiness for cloud migration. As the saying goes, 'Viam supervadet vadens' (The road will be mastered by the one walking). Thus, with the collective efforts of all market participants, the path to cloud-based solutions for business and IT may gradually become less daunting.