When transitioning from on-premise to cloud, having a full understanding of associated costs is crucial to avoid budget issues and make the transition cost effective.
One of the most often overlooked costs is security, which some consider covered by the cloud provider. While most cloud providers offer some forms of security, it usually only covers certain areas of the cloud, and even then may not be comprehensive enough to protect against attacks.
According to a study by data management company Veritas, 99 percent of organizations surveyed assume that cloud service providers are responsible for protecting some of their assets in the cloud. This assumption has led to over-budgeting and data loss, with 53 percent of organizations losing data due to the lack of in-built security solutions.
Data and recovery was the most common area of additional costs for organizations using a public cloud service provider, with 40 percent of respondents spending more than originally intended to protect against ransomware and other cyberattacks.
Ransomware is by far the most common type of cyberattack, with 89 percent of organizations having experienced one on their cloud environments. These types of attacks are one that every organization should expect, and proper governance and security measures need to be in place to prevent data loss or costs associated with getting data back from attackers.
For most organizations, this means investing in security solutions which protect every part of their cloud network, including application management, network configuration, and encryption of data. Organizations also need to have smart data policies and governance, to avoid password hacks and phishing emails.
Most cloud service providers have a shared responsibility model for security, in which they take responsibility of infrastructure built on the platform and ensure that it runs at a reliable rate. For everything else, the organization needs to take responsibility for managing it.