10 cloud computing myths debunked

1. On-premises is always cheaper

Customers who believe the cloud is always more expensive clearly haven't done a full total cost of ownership analysis, said Sean Feeney, cloud engineering practice director at Nerdery, an IT consultancy. They also likely have limited visibility and accountability of their own data center and application costs.

"This misconception is sometimes spread by business leaders who have gotten stuck in the cloud migration bubble and, with shortsighted financial targets or other internal pressures, attempted to change or reverse course midstream," Feeney said.

This myth can also account for some of hybrid cloud's popularity. If a company is midway through a migration to the public cloud, pushback from executives concerned about costs can stall the migration -- thus, a hybrid cloud strategy is born.

2. Cloud is always cheaper

On the other end of the cost spectrum is a misconception that cloud implementations are always less expensive than on-premises deployments, because there's no data center hardware investment and maintenance. This is similar to saying that renting a home is always cheaper than buying one. Sometimes, renting is less costly. But if the buyer plans to stay in a home a long time, owning is the better financial decision.

"A lot of people misunderstand cloud pricing. They assume that, because it's new and really popular, it must be cheap," said Mike Lloyd, CTO of RedSeal, a security risk scoring platform. Public cloud can be expensive when users buy a fixed amount of computing power for a long period of time, compared with a physical server on premises. The cloud is best for users who are uncertain about what they will need in the long term -- just like renting a home.

3. There is only one cloud

Another public cloud myth is the idea that there is only one cloud in existence, which would make infrastructure less secure. Public cloud providers, such as AWS, Microsoft and Google, offer many similar services, such as data storage and disaster recovery, but they have their own separate sets of cloud infrastructure resources that are completely isolated from each other. Each offering has different features in terms of management, application ecosystem and security.

4. The cloud will fix bad architecture

Another misconception is public cloud will magically fix poor application architecture.

For example, lifting and shifting a virtual machine into the cloud will not add resiliency on its own. But, with a little extra configuration and careful image management, even the most brittle legacy workloads can benefit from auto-recovery and autoscaling groups. Enterprises unlock the benefits of public cloud when they move up the stack with the meaningful use of PaaS, serverless and other native services.

5. Transformation is required for cloud benefits

On the other hand, many executives mistakenly believe they must completely transform all of their apps into a cloud-native model to realize any benefits, said Sean Roberts, general manager of public cloud center of excellence at Ensono, a managed IT service provider.

While companies can reap more benefits if they refactor their apps specifically for cloud, this approach greatly extends the time to value of public cloud, and customers have limited time and resources. Once customers migrate, they can start to realize benefits immediately, while executing their innovation plans.

6. Multi-cloud solves vendor lock-in and other management challenges

Many enterprises believe if they hedge deployments across multiple clouds, they avoid vendor lock-in to a primary cloud infrastructure provider, Roberts said. This belief is perpetuated by several third-party software vendors and consultancy firms.

On paper, it makes sense and is a common IT practice. Yet, once users start to deploy a multi-cloud strategy, they could face numerous challenges, such as security, compliance and cost management, that could offset the benefits of reduced vendor lock-in risks.

7. Containers always ease multi-cloud deployments

Containers and Kubernetes clusters can make it easier to migrate applications across clouds, and many executives believe these abstractions prepare the applications for multi-cloud scenarios.

"The harsh reality is that not every workload can or should be containerized," Feeney said.

The further away a legacy workload is from a 12-factor app, the less likely it could run in production in a container. Only consider multi-cloud in the context of SaaS or a poly-cloud strategy that separates workloads across cloud platforms, such as Google for machine learning, AWS for app deployment and Azure for .NET applications. Enterprises best realize the benefits of cloud when they go deep on a particular platform and use its native services.

8. Cloud is less secure than on-premises systems

Data breaches in the cloud get a lot of attention, but in general this public cloud security myth simply isn't true. AWS, Microsoft, Google and other major cloud providers are hyperfocused on security and regularly perform external auditing to ensure full compliance and certification for their infrastructure.

At the software level, providers apply security best practices and use a range of technologies, from firewalls and intrusion prevention to data loss prevention and rootkit detection based on machine learning. However, IT professionals must still set policies and configure applications properly.

"While the public cloud can be more secure, it's a shared responsibility," said Ashish Thusoo, co-founder and CEO of Qubole, a cloud data platform.

9. Cloud data is public

"Because the term public is used, many users have the false impression that the data that they store in the cloud is easy to get and is not private," said Engin Kirda, co-founder and chief architect at Lastline, a network security provider.

While it is true that data hosted for free is often analyzed and used for marketing purposes by companies such as Facebook or Gmail, pay-to-play public cloud providers have strong data protection and privacy guarantees as a part of their business models. It is in the provider's best interest to make the cloud as secure as possible.

10. Users lose control of their cloud data

While it's hard to debunk this public cloud myth, Erez Berkner, CEO of Lumigo, a serverless monitoring platform, believes none of the major cloud service providers would risk their reputation to spy on customers, as the implications could be harmful to their business. In fact, they've increased ways to see their activity -- Google's Access Transparency service, for example, enables enterprises to see the vendor's actions in their clouds.

The same goes for where data is stored in the cloud. Enterprise customers often fail to realize that various configurations make it possible to absolutely restrict where their data resides, which could alleviate some of the anxiety, Roberts said.