Cloud vs on-premises vs hybrid – which is best?
Service technology solutions can be deployed in several different ways. But which is right for you and which offers the security you require?
At a high level, there are usually three different options for service technology delivery, either locally hosted, or private or public cloud or a mix thereof. Here we explore the basic principles of each option and look at the security considerations.
Generally speaking, on-premises solutions are physically located at an organisation’s office site or in a hosting location of their choice. The application in use and all the data associated with it is stored on a server or a private cloud in this location. This enables the organisation choosing to deploy in this way to fully control their own security and access to the data and application. This also means, however, that the company is responsible for maintaining the hardware the application is being delivered from and maintaining security and access to that server location.
Cloud or SaaS (Software as a Service) solutions are hosted and delivered via an off-site cloud system, typically accessed via a desktop or mobile browser. All data and configuration is held in the cloud and does not reside on the client site. Updates to the application, along with all security and availability, are usually the responsibility of the vendor who is delivering the service with no upkeep of physical servers to be considered. Cloud solutions are usually also subscription-based and involve a monthly or annual fee for use. Vendors provide cloud services via backbone providers such as Amazon Web Services or Rackspace, and often offer 99 percent plus uptime guarantees and the ability to load balance in region for optimal speed and performance delivery.
A hybrid cloud solution is one where an organisation uses a mix of on-premises private cloud and public cloud services. It can offer flexibility as it allows workloads to shift between the two when capacity and costs change. Sensitive workloads and data can be hosted in the private cloud, with less critical workloads hosted in a public cloud. If a company has regulatory requirements for data handling and storage, then this can be provided in the private cloud. Or perhaps an organisation could host its e-commerce site within a private cloud and their corporate site within the public cloud. Public cloud services such as Microsoft Azure or Amazon Web Services provide scalability, giving an organisation the ability to pay only for the resources it consumes. The important thing is to have the technology in place to allow the two clouds to connect and interact.
Which deployment option is most secure?
There really is no simple response to this question, as it greatly depends on the security of the application you are using and how access to the app is maintained and secured ̶ no matter which option you choose. It could be argued that on-premises solutions are the least secure, as they are entirely reliant on the security of your own infrastructure and your IT team’s ability to keep everything patched and up to date. Maintaining the application, and the operating system of the server it resides on, becomes the sole responsibility of your organisation. You also need to consider your network security and how users will access the server application.
While cloud SaaS offers a cost-effective solution to many of the on-premises software issues, it is vital to remember that not all cloud SaaS is equal. Check how the vendor application is delivered and that it supports a high level of security such as TLS encryption. It is also important to learn about how the cloud service will be delivered and by which service provider. This will affect both the security and the speed of your chosen service.
Hybrid cloud can be seen as the best of both worlds, offering both robust security and scalability. It is, however, a more complex and therefore expensive alternative to cloud SaaS. It is also, due in most part to the ability to provide cloud bursting, a solution that will appeal to a smaller group of organisations that could truly benefit from such technology.
Which deployment method is the best for you?
As has been demonstrated in this brief overview, which delivery method is best for you will depend on your use case scenario, the sensitivity of your data and the size of the budget you have at your disposal. With increasing threat levels to data security, it is vital that you fully explore what is involved in each of the delivery options offered by vendors. Look at the way in which they deliver cloud and also how secure it is, as not all services are created equal. Also remember to factor in hardware and staff costs if you are considering on-premises options. Having all the facts at your disposal will ensure that the decision you make is the right one for you and your business.
If you would like to learn more about ITSM and IT security, please day.